Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Downloaded software with virus

Started by steve6540 , Sep 05 2018 02:06 PM

  • Please log in to reply

#1
steve6540
Posted 05 September 2018 - 02:06 PM

steve6540

    New Member

  • Member
  • Pip
  • 5 posts

Hi,

I downloaded some software and tried to install it (the only time I did not really scrutinise the source). Suddenly, the install "fails" and I'm presented with a windows firewall window asking me to authorise "Google Chrome".

 

That's when I knew I dun [bleep]ed up.

I denied the permission and immediately tried taking stock of what type of damage was done. Looking into where Google Chrome was installed, I noticed "googlecrewe.exe" and deleted it with SuperAntiSpyware's Superdelete tool. I then disconnected my ethernet cable (just in case, lol). I checked the other .exe file's properties and it had been renamed (previous name was jargon with numbers). I started looking through my ProgramFiles (x86) folder and found odd names of folders (riggers, orthopedics, cuckolding, dethroned being some of the names). Within them they held one or two .exe files (Millisecond, extruded and faiths. I did my best to go through them and delete them. The programs (when running) make this the "click" sound that you hear as you go through file explorer but 4-5 times per second. Multiple instances of the program can be open at the same time. Meanwhile Sophos, MWB and SuperAntiSpyware report nothing wrong, before or after the deletions.

I noticed that even after I deleted some of these .exe files, they reappeared (especially the file in AppData). I then went to Task Scheduler and found that there were 10+ tasks relating to these files. I deleted them. 

The program has since not come back even after a restart. I don't know what to do next. 

 

Attached are my log files

Thank you in advance!

 

P.S. S:/ was a hard drive that I replaced recently

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.09.2018 03
Ran by STEVEN_DESKTOP (administrator) on STEVEN-DESK (05-09-2018 15:38:38)
Running from E:\~tools for windows
Loaded Profiles: STEVEN_DESKTOP (Available Profiles: STEVEN_DESKTOP & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.22\AsusFanControlService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Chris Pietschmann (hxxp://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Dropbox, Inc.) C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Dropbox, Inc.) C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Dropbox, Inc.) C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\Dropbox.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
() C:\Program Files (x86)\Everything\Everything.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\STEVEN_DESKTOP\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Retailing] => "C:\Program Files (x86)\Dethroned\Millisecond.exe" okzadwokzadwokzadwokzad.okzadzokzadnokzadgokzad.okzadpokzadwokzad/okzadde2zj0zj1zokzadj8zj0sz9szokzad0de5dezjhtokzadmlLohSt3HXokzad6Y7IR7Cv5Cokzadd1
HKLM\...\Run: [Istiklal] => "C:\Program Files (x86)\riggers\Faiths.exe" okzadwokzadwokzadwokzad.okzadzokzadnokzadgokzad.okzadpokzadwokzad/okzadde2zj0zj1zokzadj8zj0sz9szokzad0de5dezjhtokzadmlLohSt3HXokzad6Y7IR7Cv5Cokzadd1
HKLM\...\Run: [Pasta] => "C:\Program Files (x86)\Cuckolding\Millisecond.exe" okzadwokzadwokzadwokzad.okzadzokzadnokzadgokzad.okzadpokzadwokzad/okzadde2zj0zj1zokzadj8zj0sz9szokzad0de5dezjhtokzadmlLohSt3HXokzad6Y7IR7Cv5Cokzadd1
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2018-01-15] (Razer Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1516096 2018-03-23] (Sophos Limited)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2017-04-22] (QFX Software Corporation)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [1666664 2017-06-06] ()
HKLM-x32\...\Run: [Lempira] => "C:\Program Files (x86)\Dethroned\Millisecond.exe" okzadwokzadwokzadwokzad.okzadzokzadnokzadgokzad.okzadpokzadwokzad/okzadde2zj0zj1zokzadj8zj0sz9szokzad0de5dezjhtokzadmlLohSt3HXokzad6Y7IR7Cv5Cokzadd1
HKLM-x32\...\Run: [Inflammatory] => "C:\Program Files (x86)\riggers\Faiths.exe" okzadwokzadwokzadwokzad.okzadzokzadnokzadgokzad.okzadpokzadwokzad/okzadde2zj0zj1zokzadj8zj0sz9szokzad0de5dezjhtokzadmlLohSt3HXokzad6Y7IR7Cv5Cokzadd1
HKLM-x32\...\Run: [Cultivable] => "C:\Program Files (x86)\Cuckolding\Millisecond.exe" okzadwokzadwokzadwokzad.okzadzokzadnokzadgokzad.okzadpokzadwokzad/okzadde2zj0zj1zokzadj8zj0sz9szokzad0de5dezjhtokzadmlLohSt3HXokzad6Y7IR7Cv5Cokzadd1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Run: [Dropbox Update] => C:\Users\STEVEN_DESKTOP\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Run: [Violeta] => "C:\Program Files (x86)\Dethroned\Millisecond.exe" okzadwokzadwokzadwokzad.okzadzokzadnokzadgokzad.okzadpokzadwokzad/okzadde2zj0zj1zokzadj8zj0sz9szokzad0de5dezjhtokzadmlLohSt3HXokzad6Y7IR7Cv5Cokzadd1
HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Run: [Convey] => "C:\Program Files (x86)\riggers\Faiths.exe" okzadwokzadwokzadwokzad.okzadzokzadnokzadgokzad.okzadpokzadwokzad/okzadde2zj0zj1zokzadj8zj0sz9szokzad0de5dezjhtokzadmlLohSt3HXokzad6Y7IR7Cv5Cokzadd1
HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Run: [Oriole] => "C:\Program Files (x86)\Cuckolding\Millisecond.exe" okzadwokzadwokzadwokzad.okzadzokzadnokzadgokzad.okzadpokzadwokzad/okzadde2zj0zj1zokzadj8zj0sz9szokzad0de5dezjhtokzadmlLohSt3HXokzad6Y7IR7Cv5Cokzadd1
HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Run: [Cormac] => "C:\Program Files (x86)\Dethroned\Millisecond.exe" okzadwokzadwokzadwokzad.okzadzokzadnokzadgokzad.okzadpokzadwokzad/okzadde2zj0zj1zokzadj8zj0sz9szokzad0de5dezjhtokzadmlLohSt3HXokzad6Y7IR7Cv5Cokzadd1
HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Run: [Beards] => "C:\Program Files (x86)\riggers\Faiths.exe" okzadwokzadwokzadwokzad.okzadzokzadnokzadgokzad.okzadpokzadwokzad/okzadde2zj0zj1zokzadj8zj0sz9szokzad0de5dezjhtokzadmlLohSt3HXokzad6Y7IR7Cv5Cokzadd1
HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Run: [Formally] => "C:\Program Files (x86)\Cuckolding\Millisecond.exe" okzadwokzadwokzadwokzad.okzadzokzadnokzadgokzad.okzadpokzadwokzad/okzadde2zj0zj1zokzadj8zj0sz9szokzad0de5dezjhtokzadmlLohSt3HXokzad6Y7IR7Cv5Cokzadd1
HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Run: [extruded] => "C:\Program Files (x86)\orthopedics\extruded.exe" okzadwokzadwokzadwokzad.okzadzokzadnokzadgokzad.okzadpokzadwokzad/okzadde2zj0zj1zokzadj8zj0sz9szokzad0de5dezjhtokzadmlLohSt3HXokzad6Y7IR7Cv5Cokzadd1
HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Run: [meretricious] => "C:\Program Files (x86)\Dethroned\Millisecond.exe" okzadwokzadwokzadwokzad.okzadzokzadnokzadgokzad.okzadpokzadwokzad/okzadde2zj0zj1zokzadj8zj0sz9szokzad0de5dezjhtokzadmlLohSt3HXokzad6Y7IR7Cv5Cokzadd1
HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8898480 2018-07-02] (SUPERAntiSpyware)
HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-05-01] (Autodesk, Inc.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [235928 2018-03-06] (Sophos Limited)
AppInit_DLLs: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [235928 2018-03-06] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [207864 2018-03-06] (Sophos Limited)
AppInit_DLLs-x32:  C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [207864 2018-03-06] (Sophos Limited)
AppInit_DLLs-x32: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [207864 2018-03-06] (Sophos Limited)
Startup: C:\Users\STEVEN_DESKTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-08-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\STEVEN_DESKTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\preening.lnk [2018-09-05]
ShortcutTarget: preening.lnk -> C:\Program Files (x86)\Dethroned\Millisecond.exe (No File)
Startup: C:\Users\STEVEN_DESKTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\preeningpreening.lnk [2018-09-05]
ShortcutTarget: preeningpreening.lnk -> C:\Program Files (x86)\riggers\Faiths.exe (No File)
BootExecute: autocheck autochk *  
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 10 S:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll => No File
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141424 2018-03-06] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141424 2018-03-06] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141424 2018-03-06] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141424 2018-03-06] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141424 2018-03-06] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141424 2018-03-06] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141424 2018-03-06] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141424 2018-03-06] (Sophos Limited)
Winsock: Catalog9 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141424 2018-03-06] (Sophos Limited)
Winsock: Catalog5-x64 10 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [201656 2018-03-06] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [201656 2018-03-06] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [201656 2018-03-06] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [201656 2018-03-06] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [201656 2018-03-06] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [201656 2018-03-06] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [201656 2018-03-06] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [201656 2018-03-06] (Sophos Limited)
Winsock: Catalog9-x64 22 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [201656 2018-03-06] (Sophos Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 207.164.234.193
Tcpip\..\Interfaces\{48CB0285-BFE5-4067-9D75-42E5539AB9E2}: [DhcpNameServer] 192.168.2.1 207.164.234.193
Tcpip\..\Interfaces\{5D1A70F4-0C00-43B8-91E9-9E14161478CC}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8BF79CA2-F933-4D43-9C61-6AF7113E2846}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-08-24] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-08-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-08-03] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-21] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-08-03] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2018-08-03] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2018-08-03] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-08-03] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-08-03] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-08-03] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-08-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\STEVEN_DESKTOP\AppData\Roaming\Mozilla\firefox\Profiles\9t54i18a.default [2018-09-05]
FF Homepage: Mozilla\firefox\Profiles\9t54i18a.default -> about:home
FF Extension: (Dictionary) - C:\Users\STEVEN_DESKTOP\AppData\Roaming\Mozilla\firefox\Profiles\9t54i18a.default\Extensions\[email protected] [2016-05-03] [Legacy]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\STEVEN_DESKTOP\AppData\Roaming\Mozilla\firefox\Profiles\9t54i18a.default\Extensions\[email protected] [2018-08-16]
FF Extension: (Tree Style Tab) - C:\Users\STEVEN_DESKTOP\AppData\Roaming\Mozilla\firefox\Profiles\9t54i18a.default\Extensions\[email protected] [2018-08-16]
FF Extension: (LeechBlock) - C:\Users\STEVEN_DESKTOP\AppData\Roaming\Mozilla\firefox\Profiles\9t54i18a.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2017-06-26] [Legacy]
FF Extension: (Flash and Video Download) - C:\Users\STEVEN_DESKTOP\AppData\Roaming\Mozilla\firefox\Profiles\9t54i18a.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-08-16]
FF Extension: (Adblock Plus) - C:\Users\STEVEN_DESKTOP\AppData\Roaming\Mozilla\firefox\Profiles\9t54i18a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-08-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-15] ()
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-08-03] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [1999-12-31] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-08-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-08-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> S:\Program Files (x86)\VLC\npvlc.dll [No File]
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.0.2.5203600\npmathplugin.dll [2014-12-02] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1752262018-2004630284-3030787665-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1752262018-2004630284-3030787665-1000: @talk.google.com/O1DPlugin -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1752262018-2004630284-3030787665-1000: @tools.google.com/Google Update;version=3 -> C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1752262018-2004630284-3030787665-1000: @tools.google.com/Google Update;version=9 -> C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\STEVEN_DESKTOP\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\STEVEN_DESKTOP\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: Default -> "hxxps://www.imp.polymtl.ca/login.php","hxxps://mail.google.com/mail/u/0/#inbox"
CHR Profile: C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default [2018-09-05]
CHR Extension: (Stand Up! Timer) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aamiggfhbebkpbknadfkelphhmkhmdcf [2017-10-29]
CHR Extension: (Google Drive) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (RescueTime for Chrome and Chrome OS) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdakmnplckeopfghnlpocafcepegjeap [2018-07-30]
CHR Extension: (Block & Focus) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpbedhdekgkhigjgmlcbmcjoeaebbfm [2018-08-21]
CHR Extension: (Tampermonkey) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-26]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2018-08-20]
CHR Extension: (timeStats) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejifodhjoeeenihgfpjijjmpomaphmah [2018-03-28]
CHR Extension: (Facebook™ Chat Privacy) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpgaanechfneiboempkfjghninbibjn [2017-08-15]
CHR Extension: (The Camelizer) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2018-06-22]
CHR Extension: (AdBlock) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-30]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2017-07-31]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-08-23]
CHR Extension: (Wave Accounting) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2017-07-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-09-14]
CHR Extension: (Rain Alarm) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaikaglpfemjncbioflellmppndgmok [2017-11-02]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-07-24]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-08-22]
CHR Extension: (FreshStart - Cross Browser Session Manager) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2014-03-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-29]
CHR Extension: (TunnelBear VPN) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-08-20]
CHR Extension: (Gmail) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-03]
CHR Profile: C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-09-01]
CHR Profile: C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-01]
CHR HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [596360 2014-06-21] (Autodesk Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-07-27] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2016-08-04] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-10-12] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.22\AsusFanControlService.exe [399744 2016-08-04] (ASUSTeK Computer Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522912 2018-08-07] (Microsoft Corporation)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4616216 2016-01-20] (Binary Fortress Software)
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1666664 2017-06-06] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 1999-12-31] (Intel Corporation)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-10] ()
S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [86544 2017-04-22] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [236384 2018-03-06] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2018-03-06] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [773080 2018-03-23] (Sophos Limited)
R2 sophossps; C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe [2499872 2016-08-30] (Sophos Limited)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3620968 2018-03-06] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2121216 2018-03-06] (Sophos Limited)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-28] (Reason Software Company Inc.)
R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (hxxp://pietschsoft.com)) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 GlassWire; "S:\Program Files (x86)\Glasswire\GWCtlSrv.exe" [X]
S2 HiPatchService; S:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
S2 mxssvr; "S:\Program Files (x86)\National Instruments\MAX\nimxs.exe" [X]
S2 NIApplicationWebServer; "S:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [X]
S2 NIDomainService; "S:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe" [X]
S3 NILM License Manager; "S:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [X]
S2 nimDNSResponder; "S:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe" [X]
S2 NINetworkDiscovery; "S:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe" [X]
S2 NiSvcLoc; S:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe -s [X]
S2 NISystemWebServer; "S:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe" -system [X]
S2 NITaggerService; "S:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe" [X]
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
S2 Siemens PLM License Server; S:\Program Files (x86)\Siemens\PLMLicenseServer\lmgrd.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-10-12] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-10-12] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ASUSstpt; C:\Windows\System32\DRIVERS\ASUSstpt.sys [27392 2013-03-28] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\DRIVERS\ASUSumsc.sys [151808 2013-03-28] (MCCI Corporation)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2017-06-19] (Windows ® Win 7 DDK provider)
S3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2017-06-19] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-07] (Disc Soft Ltd)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-01-12] (Glarysoft Ltd)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (SecureMix LLC)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-10-01] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [233248 2017-02-19] (QFX Software Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-09-05] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 1999-12-31] (Intel Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [165360 2014-07-21] (Windows ® Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 1999-12-31] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [377560 1999-12-31] (Realsil Semiconductor Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [43256 2017-07-18] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137208 2017-07-16] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [204328 2017-10-11] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [45840 2017-10-11] (Sophos Limited)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2016-09-21] (The OpenVPN Project)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-07-22] (Cisco Systems, Inc.)
S3 catchme; \??\C:\C0mb0F1x\catchme.sys [X]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys DCA5495CA17AEB2F4FD8AC60812C3999
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\acsock64.sys AAA8E68E685DB1B68747E3DF68F96368
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC
C:\Windows\system32\drivers\agp440.sys 466BF4170DC41BB939F1F9AB8F97F8F5
C:\Windows\System32\DRIVERS\AiCharger.sys 16F6F6B7903B913AB41AB848C8BB5658
C:\Windows\SysWow64\drivers\AiChargerPlus.sys 4BFB41025FA1C37205EDEEFDE36F7771
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys 4089A96C781A2565D0BFB917A7DB5C9A
C:\Windows\system32\drivers\amdppm.sys 684B0DF6D6D119B5EE4B36101DFB0121
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\lgandbus64.sys 48CD7E6520D47D62EAB0E6CE3EC30C65
C:\Windows\System32\DRIVERS\lganddiag64.sys 08CBACC00D15DCDBBAAE1A7C8F231C61
C:\Windows\System32\DRIVERS\lgandgps64.sys CEA9A4CD6B3A83428CE8501240833668
C:\Windows\System32\DRIVERS\lgandmodem64.sys E2B5663E547FA5E756B253EFA8EC8286
C:\Windows\system32\drivers\appid.sys 285091CFD308A8952D027BAF0CDAF36E
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AsIO.sys 798DE15F187C1F013095BBBEB6FB6197
C:\Windows\System32\DRIVERS\asmthub3.sys 10920CCB66203D7EF48F024B1B35AE6F
C:\Windows\System32\DRIVERS\asmtxhci.sys C479BFAF73CF726E01AA0A487B268A5E
C:\Windows\SysWow64\drivers\AsUpIO.sys 1392B92179B07B672720763D9B1028A5
C:\Windows\SysWow64\drivers\ASUSFILTER.sys A5E4CDB420540095D1293C874B5F89AA
C:\Windows\System32\DRIVERS\ASUSstpt.sys E2E6EE5795AA7E9851BF57186B303E88
C:\Windows\System32\DRIVERS\ASUSumsc.sys 698BB5F9FD5270539D2500B54F42459D
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys FA196131665C0517EF5516EE64C2CB4D
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\DRIVERS\BrSerIb.sys 63A00CDBEB300522C49EC7CA77324060
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrUsbSIb.sys BBCFD6C6EF66449F55AF1BFDB08C9B12
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 5A8951D195AFEF979C4AB02A129EBC37
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys B5D7A0638CA817BA7D8A4DFD3499BA2A
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9DE8D00626F01DBD1879A6655D7A752D
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys 80BC9D418607974E4940EBC42F69BC8D
C:\Windows\System32\Drivers\dfsc.sys 63705A08981F7EDD376241D6E0A9C2AC
C:\Windows\System32\drivers\dfx11_1x64.sys 51D50A9A72C18E4629891BF381D123BA
C:\Windows\System32\drivers\dfx12x64.sys C87A8C8454AD2900F852376BE9E80603
C:\Windows\System32\DRIVERS\ssudbus.sys F617617E9484F1575E15C7FC6CB46523
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 33F90B202E9DD9B7D489EB59310FDC34
C:\Windows\System32\drivers\dxgkrnl.sys 5CEF80AE869336376F550ECAE91E424A
C:\Windows\System32\DRIVERS\e1c62x64.sys 23B6F8081F5C7AF1343810641EE0DD58
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys 9002EED07FD7FCFF6B8C5C06B454AC19
C:\Windows\System32\DRIVERS\vrtaucbl.sys 7DB2445BEE09A367C70149F2B2889117
C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324
C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys DC591A7A196E99EFB5A48D708CB989FD
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\GUBootStartup.sys C06C3D6C5A0805B314E3E940632C97CB
C:\Windows\System32\DRIVERS\gwdrv.sys 3CF2C2F026B06D3F6B9A402DD50D5C9B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys 90D91013D16A15B22A4B4EB6D4140A5B
C:\Windows\system32\drivers\hitmanpro37.sys D8B279B390DCF00AA20FB599EB37AD5F
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 93C367EA831FB39DEE3BA96539A187FB
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStorA.sys 25555186E4FBDF0E30A5DBFC9B9A73F9
C:\Windows\System32\DRIVERS\iaStorF.sys 10E79E366FA255318F5D1D0ED07F947D
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\ICCWDT.sys C1010ADD3DDAE1196ED21057AF7B2AAE
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 7641FFE251E30993D037C2A6613CED59
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys 9D2FF76E43148281EEBED03E6C092522
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys 905E9D664F38B93B53FA05422165F5B5
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iusb3hcs.sys EB56D7AC688BCB1171812EF6CBB32193
C:\Windows\System32\DRIVERS\iusb3hub.sys 3DD76F45DA45CEDCDFC7BF7AB93E6216
C:\Windows\System32\DRIVERS\iusb3xhc.sys B0342584DAB73797F584CADD41EEC6BD
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\keyscrambler.sys B1264F1A93F18CDE125FB18339CD6E87
C:\Windows\System32\Drivers\ksecdd.sys AA4DAC439EFF380F3C7BF7BDFB5776E9
C:\Windows\System32\Drivers\ksecpkg.sys AA69C35B718ACC7902169801BCE9EE3F
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 5416CEB2916BBE635288C4D1075B045E
C:\Windows\System32\DRIVERS\lvrs64.sys A401CFF74982D8DF851F20307C806073
C:\Windows\System32\DRIVERS\lvuvc64.sys 13384CB5F5813E65F31078D6ABFAAF38
C:\Windows\System32\Drivers\mbamswissarmy.sys 351BF8F77B0A15A7B5A2AE098C52A387
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys EB1D78140D6634C32A46AB1006105EDC
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MijXfilt.sys C030F9E822A057C1A7A9BB4EA3E8877E
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 072D8646E23ECF8A3F5F0157017B4DB6
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 94FE5C648F51D093630AE1CD33284C23
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys 47A475B386FC0EDE0545C5764D6E08D2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 710B3E5EC2C6E3412FB592406C738CE0
C:\Windows\System32\DRIVERS\mrxsmb20.sys 8A6BD69F08E872674CA0C83CEEF4AEFB
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys 6FE3DBEEA730A857CA3DF603B7DEADA2
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys 94275393BB85D1E2B74BFEFEC386B4A0
C:\Windows\system32\drivers\mssmbios.sys 1FC0BF25FFCB9F751BCBC6C6AC577078
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys 9FB2A095B1166CB3C9A06651863B3452
C:\Windows\System32\drivers\ndis.sys CBE5C2A3353A367734989E335D6AF194
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisrd.sys 270B10B8BD822DD4673781E0A1935DFB
C:\Windows\System32\DRIVERS\ndistapi.sys 3F217F77899654833B650ED6A1372BE4
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys E46AF308E96F7730F59B0F250A884CD6
C:\Windows\System32\DRIVERS\netbios.sys 2E19EB10185992AB08BC3688AACA4CE2
C:\Windows\System32\DRIVERS\netbt.sys 734837208CAFD6E0959A7A0333C95C9D
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys DE7FCC77F4A503AF4CA6A47D49B3713D
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys BE313E566EEA2A4B7F9AAC9782A567D4
C:\Windows\System32\Drivers\Ntfs.sys 8422AFBD1C2D30FFC913309D7F1A366D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 4938CCA6E12A7FDA5324FFF0DF5DB8EC
C:\Windows\System32\DRIVERS\nvlddmkm.sys 7C28BA74B766F3470128107DA764F711
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 4942EC595A4A10F94BB060CB2DFE83BD
C:\Windows\System32\drivers\nvvad64v.sys F489CE4A8456F9EB0F0C5532E2FD7549
C:\Windows\System32\DRIVERS\nvvhci.sys 0E624D8E9B6BFDA269FB1C4456E5DEBE
C:\Windows\system32\drivers\nv_agp.sys 7425A6B64F5D37D0565F2581B886E5E3
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys 481DADB90C1D4E9F19328079C7A9E63D
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys 1CE012CE1A25BD9B131FE884749CB67B
C:\Windows\System32\DRIVERS\pacer.sys 4CE827A5433451551E99C2C1D20E4A43
C:\Windows\system32\drivers\psmounterex.sys D4EB14FDE03002DE63800E378450262F
C:\Windows\System32\Drivers\PSVolAcc.sys 436E1F795F0495B2715116A4EC176803
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys FB45727105E27756B3252572A138FA19
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 4D3B50366F453BF1D17CB3DD72A024FF
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys F4287A980C0AA41DE3073F053E5EA73C
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\RMCAST.sys 5BD6B1EC997FF3DD779D62E05D2079A8
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RTL8192su.sys B3F36B4B3F192EA87DDC119F3A0B3E45
C:\Windows\System32\Drivers\RtsUer.sys 5A5B35947C6D58232011E4FE0BDD1846
C:\Windows\System32\DRIVERS\rzdaendpt.sys C780531A3929B27933DF647F7FAD227C
C:\Windows\system32\drivers\rzpmgrk.sys 93CAAF677105116CA82C97AE849EB783
C:\Windows\system32\drivers\rzpnk.sys D4A299C595D35264B5CFD12490A138DC
C:\Windows\System32\DRIVERS\rzudd.sys E7E36EA112048AC5AC8AA15B6EC35109
C:\Windows\System32\DRIVERS\rzvkeyboard.sys 6988F8A7C8ACF1B9642428CC896DA646
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\System32\DRIVERS\savonaccess.sys 290B7711E005F1361E011568C939CC81
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SophosBootDriver.sys 2A09CD9F47480CE84C8B9C31F6A06057
C:\Windows\SysWow64\speedfan.sys 0FFE35F0B0CD5A324BBE22F02569AE3B
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 1145EC013B72D4E6C60497707BB1A4B6
C:\Windows\System32\DRIVERS\srv2.sys 2D8FFA3B636368130F909E0CD935B555
C:\Windows\System32\DRIVERS\srvnet.sys 4B1C343E11065819F687EAC68A5E13F3
C:\Windows\System32\DRIVERS\ssudmdm.sys 475031E4C054C11828A9AE3288C3B327
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys 10DCD3BDFA785E1482EC02304A7E9B96
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\DRIVERS\tap-tb-0901.sys 5B4A09AB34D0205C616C4D247AD29F57
C:\Windows\System32\drivers\tcpip.sys 34BF33A8E67353FE0F7135DC9EA6686B
C:\Windows\System32\DRIVERS\tcpip.sys 34BF33A8E67353FE0F7135DC9EA6686B
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 4DD986720F7CB7A8A5D1226793097B9A
C:\Windows\system32\drivers\termdd.sys AC24D7A7D9EEDE11E2926F9001BEAFB5
C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9
C:\Windows\System32\DRIVERS\tssecsrv.sys 2CF58216424757ED29605B4F18EC443C
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys B70E26A57F35ECA5199E6D6B9592A67C
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\system32\drivers\usbccgp.sys E6DFE1F33B1250A6E26EA6F6CE10B09C
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 234F9E56606CE5D1549DE7D4CCA4DE0C
C:\Windows\system32\drivers\usbhub.sys 0A33C9EC6822B24E26687F1EC6346922
C:\Windows\system32\drivers\usbohci.sys 9C456BFD0FF50CB5B7ECDA7B7529F63B
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys 3C1D50EBDC6F531C0AA905D71956E106
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\vcsvad.sys 3A4B01C2BDB07DFEF29B0B369487503A
C:\Windows\System32\drivers\vdrvroot.sys 7BDCE021786C3DCCFD2C22EBF643EE36
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys 8EDE91FBAC7BF7605323C517C717A253
C:\Windows\System32\drivers\volmgrx.sys 85C5468BC395819AE2A0C747334BA14C
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\System32\DRIVERS\vpnva64-6.sys 0F42C39016F82F345C0F2DB2D5B90EB4
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys DC4CB3626E7423B9D83CF1B4857FDF15
C:\Windows\System32\DRIVERS\wanarp.sys DC4CB3626E7423B9D83CF1B4857FDF15
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys 43471A750D4F3918AC92F5131AE252D3
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 9176C0822FAA649E45121875BE32F5D2

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-05 14:55 - 2018-09-05 15:38 - 000000000 ____D C:\FRST
2018-09-05 14:18 - 2018-09-05 14:18 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-09-05 14:18 - 2018-09-05 14:18 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-05 14:18 - 2018-09-05 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-05 14:18 - 2018-09-05 14:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-05 14:18 - 2018-09-05 14:18 - 000000000 ____D C:\Program Files\Malwarebytes
2018-09-05 14:18 - 2018-06-19 14:09 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-09-05 13:38 - 2018-09-05 14:26 - 000004476 _____ C:\Users\STEVEN_DESKTOP\Desktop\Rkill.txt
2018-09-05 13:28 - 2018-09-05 13:37 - 000000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d9e9253f-662b-41b0-b98b-843d4fd4e249.job
2018-09-05 13:28 - 2018-09-05 13:37 - 000000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b43940ce-84ed-41fc-b4e8-98a75112eb43.job
2018-09-05 13:28 - 2018-09-05 13:28 - 000003626 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task b43940ce-84ed-41fc-b4e8-98a75112eb43
2018-09-05 13:28 - 2018-09-05 13:28 - 000003552 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d9e9253f-662b-41b0-b98b-843d4fd4e249
2018-09-05 13:27 - 2018-09-05 13:27 - 000001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-09-05 13:27 - 2018-09-05 13:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-09-05 13:25 - 2018-09-05 13:25 - 000002294 _____ C:\Users\STEVEN_DESKTOP\Desktop\JRT.txt
2018-09-05 13:11 - 2018-09-05 14:30 - 000000000 ____D C:\SUPERDelete
2018-09-05 13:08 - 2018-09-05 13:08 - 000000012 _____ C:\Windows\b71432440
2018-09-02 17:03 - 2018-09-05 10:04 - 000000000 ____D C:\Users\STEVEN_DESKTOP\AppData\LocalLow\uTorrent
2018-08-31 14:01 - 2018-08-31 14:01 - 000000000 ____D C:\Users\STEVEN_DESKTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-08-24 08:31 - 2018-08-24 08:31 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-08-16 11:50 - 2018-08-16 11:50 - 038972744 _____ (Mozilla) C:\Users\STEVEN_DESKTOP\Downloads\Firefox Setup 60.0.2.exe
2018-08-16 04:15 - 2018-08-16 04:15 - 000000000 ____D C:\Windows\rescache
2018-08-15 10:08 - 2018-08-03 11:55 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-08-15 10:08 - 2018-08-03 11:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2018-08-15 10:08 - 2018-08-01 23:20 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-08-15 10:08 - 2018-08-01 23:18 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-08-15 10:08 - 2018-08-01 23:07 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-08-15 10:08 - 2018-08-01 23:06 - 000156256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-08-15 10:08 - 2018-08-01 23:05 - 005553760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-08-15 10:08 - 2018-08-01 23:02 - 001665320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-08-15 10:08 - 2018-08-01 23:00 - 000633080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-08-15 10:08 - 2018-08-01 22:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-08-15 10:08 - 2018-08-01 22:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-08-15 10:08 - 2018-08-01 22:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-08-15 10:08 - 2018-08-01 22:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-08-15 10:08 - 2018-08-01 22:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-08-15 10:08 - 2018-08-01 22:58 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-08-15 10:08 - 2018-08-01 22:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-08-15 10:08 - 2018-08-01 22:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-08-15 10:08 - 2018-08-01 22:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-08-15 10:08 - 2018-08-01 22:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-08-15 10:08 - 2018-08-01 22:45 - 003959984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-08-15 10:08 - 2018-08-01 22:43 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-08-15 10:08 - 2018-08-01 22:42 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-08-15 10:08 - 2018-08-01 22:42 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-08-15 10:08 - 2018-08-01 22:42 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-08-15 10:08 - 2018-08-01 22:42 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-08-15 10:08 - 2018-08-01 22:42 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-08-15 10:08 - 2018-08-01 22:42 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-08-15 10:08 - 2018-08-01 22:41 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-08-15 10:08 - 2018-08-01 22:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-08-15 10:08 - 2018-08-01 22:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-08-15 10:08 - 2018-08-01 22:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-08-15 10:08 - 2018-08-01 22:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-08-15 10:08 - 2018-08-01 22:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-08-15 10:08 - 2018-08-01 22:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-08-15 10:08 - 2018-08-01 22:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-08-15 10:08 - 2018-08-01 22:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-08-15 10:08 - 2018-08-01 22:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-08-15 10:08 - 2018-08-01 22:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:26 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-08-15 10:08 - 2018-08-01 22:26 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-08-15 10:08 - 2018-08-01 22:26 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-08-15 10:08 - 2018-08-01 22:25 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-08-15 10:08 - 2018-08-01 22:22 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-08-15 10:08 - 2018-08-01 22:21 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-08-15 10:08 - 2018-08-01 22:21 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-08-15 10:08 - 2018-08-01 22:17 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-08-15 10:08 - 2018-08-01 22:17 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-08-15 10:08 - 2018-08-01 22:17 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-08-15 10:08 - 2018-08-01 22:16 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-08-15 10:08 - 2018-08-01 22:16 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-08-15 10:08 - 2018-08-01 22:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-08-15 10:08 - 2018-08-01 22:16 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-08-15 10:08 - 2018-08-01 22:16 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-08-15 10:08 - 2018-08-01 22:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-08-15 10:08 - 2018-08-01 22:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-08-15 10:08 - 2018-08-01 22:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-08-15 10:08 - 2018-08-01 22:11 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-08-15 10:08 - 2018-08-01 22:11 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-08-15 10:08 - 2018-08-01 22:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-08-15 10:08 - 2018-08-01 22:10 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-08-15 10:08 - 2018-08-01 22:10 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-08-15 10:08 - 2018-08-01 22:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-08-15 10:08 - 2018-07-19 19:53 - 000396936 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-08-15 10:08 - 2018-07-19 18:58 - 000350272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-08-15 10:08 - 2018-07-19 02:15 - 025745408 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-08-15 10:08 - 2018-07-19 00:48 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-08-15 10:08 - 2018-07-19 00:47 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-08-15 10:08 - 2018-07-19 00:35 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-08-15 10:08 - 2018-07-19 00:34 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-08-15 10:08 - 2018-07-19 00:33 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-08-15 10:08 - 2018-07-19 00:33 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-08-15 10:08 - 2018-07-19 00:33 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-08-15 10:08 - 2018-07-19 00:32 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-08-15 10:08 - 2018-07-19 00:30 - 005778432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-08-15 10:08 - 2018-07-19 00:26 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-08-15 10:08 - 2018-07-19 00:25 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-08-15 10:08 - 2018-07-19 00:23 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-08-15 10:08 - 2018-07-19 00:22 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-08-15 10:08 - 2018-07-19 00:22 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-08-15 10:08 - 2018-07-19 00:22 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-08-15 10:08 - 2018-07-19 00:22 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-08-15 10:08 - 2018-07-19 00:21 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-08-15 10:08 - 2018-07-19 00:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-08-15 10:08 - 2018-07-19 00:14 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-08-15 10:08 - 2018-07-19 00:11 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-08-15 10:08 - 2018-07-19 00:05 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-08-15 10:08 - 2018-07-19 00:05 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-08-15 10:08 - 2018-07-19 00:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-08-15 10:08 - 2018-07-19 00:04 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-08-15 10:08 - 2018-07-19 00:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-08-15 10:08 - 2018-07-19 00:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-08-15 10:08 - 2018-07-19 00:03 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-08-15 10:08 - 2018-07-19 00:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-08-15 10:08 - 2018-07-19 00:01 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-08-15 10:08 - 2018-07-19 00:00 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-08-15 10:08 - 2018-07-19 00:00 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-08-15 10:08 - 2018-07-18 23:58 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-08-15 10:08 - 2018-07-18 23:58 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-08-15 10:08 - 2018-07-18 23:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-08-15 10:08 - 2018-07-18 23:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-08-15 10:08 - 2018-07-18 23:56 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-08-15 10:08 - 2018-07-18 23:55 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-08-15 10:08 - 2018-07-18 23:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-08-15 10:08 - 2018-07-18 23:54 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-08-15 10:08 - 2018-07-18 23:47 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-08-15 10:08 - 2018-07-18 23:46 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-08-15 10:08 - 2018-07-18 23:46 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-08-15 10:08 - 2018-07-18 23:45 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-08-15 10:08 - 2018-07-18 23:45 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-08-15 10:08 - 2018-07-18 23:43 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-08-15 10:08 - 2018-07-18 23:43 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-08-15 10:08 - 2018-07-18 23:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-08-15 10:08 - 2018-07-18 23:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-08-15 10:08 - 2018-07-18 23:41 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-08-15 10:08 - 2018-07-18 23:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-08-15 10:08 - 2018-07-18 23:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-08-15 10:08 - 2018-07-18 23:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-08-15 10:08 - 2018-07-18 23:35 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-08-15 10:08 - 2018-07-18 23:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-08-15 10:08 - 2018-07-18 23:31 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-08-15 10:08 - 2018-07-18 23:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-08-15 10:08 - 2018-07-18 23:28 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-08-15 10:08 - 2018-07-18 23:28 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-08-15 10:08 - 2018-07-18 23:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-08-15 10:08 - 2018-07-18 23:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-08-15 10:08 - 2018-07-18 23:20 - 001554944 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-08-15 10:08 - 2018-07-18 23:09 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-08-15 10:08 - 2018-07-18 23:09 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-08-15 10:08 - 2018-07-18 23:06 - 001329152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-08-15 10:08 - 2018-07-18 23:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-08-15 10:08 - 2018-07-13 15:19 - 001894080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-08-15 10:08 - 2018-07-13 15:19 - 000377024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-08-15 10:08 - 2018-07-13 15:19 - 000287936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-08-15 10:08 - 2018-07-08 12:08 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-08-15 10:08 - 2018-07-08 12:02 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-08-15 10:08 - 2018-07-08 12:02 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-08-15 10:08 - 2018-07-08 12:02 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-08-15 10:08 - 2018-07-08 12:01 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-08-15 10:08 - 2018-07-08 12:01 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-08-15 10:08 - 2018-07-08 11:47 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-08-15 10:08 - 2018-07-08 11:42 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-08-15 10:08 - 2018-07-08 11:42 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-08-15 10:08 - 2018-07-08 11:41 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-08-15 10:08 - 2018-07-08 11:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-08-15 10:08 - 2018-07-08 11:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-08-15 10:08 - 2018-07-07 11:24 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-08-15 10:08 - 2018-07-06 12:09 - 000947904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-08-15 10:08 - 2018-07-06 12:03 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-08-15 10:08 - 2018-07-06 12:03 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-08-15 10:08 - 2018-07-06 11:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2018-08-15 10:08 - 2018-07-06 11:48 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2018-08-15 10:08 - 2018-06-29 11:55 - 000695808 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2018-08-15 10:08 - 2018-06-29 11:55 - 000137728 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2018-08-15 10:08 - 2018-06-29 11:55 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2018-08-15 10:08 - 2018-06-29 11:55 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2018-08-15 10:08 - 2018-06-29 11:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2018-08-15 10:08 - 2018-06-29 11:14 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2018-08-15 10:08 - 2018-06-29 11:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2018-08-15 10:08 - 2018-06-27 12:01 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-08-15 10:08 - 2018-06-27 11:55 - 003246592 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-08-15 10:08 - 2018-06-27 11:55 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-08-15 10:08 - 2018-06-27 11:55 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-08-15 10:08 - 2018-06-27 11:55 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-08-15 10:08 - 2018-06-27 11:54 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-08-15 10:08 - 2018-06-27 11:54 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-08-15 10:08 - 2018-06-27 11:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-08-15 10:08 - 2018-06-27 11:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-08-15 10:08 - 2018-06-27 11:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2018-08-15 10:08 - 2018-06-27 11:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2018-08-15 10:08 - 2018-06-27 11:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-08-15 10:08 - 2018-06-27 11:21 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-08-15 10:08 - 2018-06-27 11:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2018-08-15 10:08 - 2018-06-20 23:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-08-15 10:08 - 2018-06-20 23:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-08-04 11:41 - 2018-08-04 11:41 - 000000000 ____D C:\Users\STEVEN_DESKTOP\AppData\Roaming\BleachBit
2018-08-04 11:40 - 2018-08-04 11:40 - 000000000 ____D C:\Users\STEVEN_DESKTOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BleachBit
2018-08-03 09:32 - 2018-08-03 09:32 - 000002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-02 17:44 - 2018-06-13 12:23 - 000140992 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-08-02 17:44 - 2018-06-13 12:20 - 014185984 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-08-02 17:44 - 2018-06-13 12:19 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-08-02 17:44 - 2018-06-13 12:18 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-08-02 17:44 - 2018-06-13 11:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-08-02 17:44 - 2018-06-13 11:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-08-02 17:44 - 2018-06-08 12:21 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-08-02 17:44 - 2018-06-08 12:20 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-08-02 17:44 - 2018-06-08 12:20 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-08-02 17:44 - 2018-06-08 12:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-08-02 17:44 - 2018-06-08 12:19 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-08-02 17:44 - 2018-06-08 12:19 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-08-02 17:44 - 2018-06-08 12:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-08-02 17:44 - 2018-06-08 11:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-08-02 17:44 - 2018-06-08 11:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-08-02 17:44 - 2018-06-08 11:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-08-02 17:44 - 2018-06-08 11:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2018-08-02 17:44 - 2018-06-08 11:44 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-08-02 17:44 - 2018-06-08 11:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-08-02 17:44 - 2018-06-08 11:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2018-08-02 17:44 - 2018-06-08 09:05 - 002860032 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-08-02 17:44 - 2018-06-08 09:05 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-08-02 17:44 - 2018-06-08 09:05 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-08-02 17:44 - 2018-06-08 09:05 - 000612352 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-08-02 17:44 - 2018-06-08 09:05 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-08-02 17:44 - 2018-06-08 09:05 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-08-02 17:44 - 2018-06-08 09:05 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-08-02 17:44 - 2018-06-08 09:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-08-02 17:44 - 2018-06-07 12:20 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-08-02 17:44 - 2018-06-07 12:19 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-08-02 17:44 - 2018-06-07 12:19 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-08-02 17:44 - 2018-06-07 12:19 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-08-02 17:44 - 2018-06-07 11:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-08-02 17:44 - 2018-06-07 11:49 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-08-02 17:44 - 2018-06-07 11:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-08-02 17:44 - 2018-05-02 11:32 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-08-02 17:44 - 2018-05-02 11:32 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-08-02 17:44 - 2018-05-02 11:32 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-08-02 17:44 - 2018-05-02 11:32 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-08-02 17:44 - 2018-05-02 11:32 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-08-02 17:44 - 2018-05-02 11:32 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-08-02 17:44 - 2018-05-02 11:32 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2018-08-02 17:44 - 2018-04-26 09:05 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000019288 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-08-02 17:44 - 2018-04-26 09:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-08-02 17:44 - 2018-04-25 12:02 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-08-02 17:44 - 2018-04-25 11:18 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-06-30 15:30 - 2018-06-30 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2018-06-30 15:30 - 2018-06-30 15:30 - 000000000 ____D C:\Program Files\Recuva
2018-06-28 16:00 - 2018-06-28 16:00 - 000641696 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2018-06-28 16:00 - 2018-06-28 16:00 - 000389296 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2018-06-28 16:00 - 2018-06-28 16:00 - 000331432 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2018-06-28 16:00 - 2018-06-28 16:00 - 000087728 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2018-06-28 15:50 - 2018-06-28 15:50 - 000440128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2018-06-28 15:50 - 2018-06-28 15:50 - 000263856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2018-06-28 15:50 - 2018-06-28 15:50 - 000242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2018-06-28 15:50 - 2018-06-28 15:50 - 000083792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2018-06-25 00:30 - 2018-06-25 00:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2018-06-25 00:30 - 2018-06-25 00:30 - 000000000 ____D C:\Program Files (x86)\HD Tune
2018-06-18 19:32 - 2018-06-18 19:32 - 000000000 ____D C:\Users\STEVEN_DESKTOP\jagexcache
2018-06-12 19:37 - 2018-05-28 20:04 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-06-12 19:37 - 2018-05-15 00:16 - 001681088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-06-12 19:37 - 2018-05-14 23:44 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-06-12 19:37 - 2018-05-14 23:44 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-06-12 19:37 - 2018-05-14 23:44 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-06-12 19:37 - 2018-05-14 23:44 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2018-06-12 19:37 - 2018-05-14 23:24 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2018-06-12 19:37 - 2018-05-14 23:23 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2018-06-12 19:37 - 2018-05-14 23:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-06-12 19:37 - 2018-05-14 23:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2018-06-12 19:37 - 2018-05-14 23:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-06-12 19:37 - 2018-05-14 23:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2018-06-12 19:37 - 2018-05-14 23:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2018-06-12 19:37 - 2018-05-14 23:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2018-06-12 19:37 - 2018-05-14 21:20 - 000467856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-06-12 19:37 - 2018-05-14 21:20 - 000459632 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-06-12 19:37 - 2018-05-11 22:07 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-06-12 19:37 - 2018-05-11 22:07 - 000033152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-06-12 19:37 - 2018-05-11 22:07 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-06-12 19:37 - 2018-05-11 17:19 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-06-12 19:37 - 2018-05-11 17:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-06-12 19:37 - 2018-05-10 20:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-06-12 19:37 - 2018-05-10 20:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-06-10 20:18 - 2018-06-10 20:18 - 000099384 _____ C:\Users\STEVEN_DESKTOP\AppData\Roaming\inst.exe
2018-06-07 16:54 - 2018-06-10 20:02 - 000000000 ____D C:\Users\STEVEN_DESKTOP\AppData\Roaming\Factorio

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-05 15:08 - 2015-06-12 21:51 - 000000954 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1752262018-2004630284-3030787665-1000UA.job
2018-09-05 14:53 - 2013-04-07 00:24 - 000000000 ____D C:\ProgramData\NVIDIA
2018-09-05 14:51 - 2017-11-18 00:41 - 000000000 ____D C:\Users\STEVEN_DESKTOP\AppData\Local\Everything
2018-09-05 14:51 - 2017-11-16 02:05 - 000000000 ____D C:\Users\STEVEN_DESKTOP\AppData\Roaming\Everything
2018-09-05 14:26 - 2009-07-14 00:45 - 000023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-05 14:26 - 2009-07-14 00:45 - 000023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-05 14:24 - 2013-11-10 16:43 - 000612342 _____ C:\Windows\system32\perfh008.dat
2018-09-05 14:24 - 2013-11-10 16:43 - 000115848 _____ C:\Windows\system32\perfc008.dat
2018-09-05 14:24 - 2009-07-14 01:13 - 001493702 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-05 14:24 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-09-05 14:18 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-05 13:40 - 2014-05-06 20:53 - 000000000 ____D C:\Qoobox
2018-09-05 13:37 - 2014-02-18 13:51 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-09-05 12:19 - 2013-04-08 12:43 - 000000000 ____D C:\Users\STEVEN_DESKTOP\AppData\Roaming\uTorrent
2018-09-05 10:25 - 2017-11-18 17:58 - 000000000 ____D C:\Users\STEVEN_DESKTOP\AppData\LocalLow\Mozilla
2018-09-02 20:08 - 2015-06-12 21:51 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1752262018-2004630284-3030787665-1000Core.job
2018-08-31 14:01 - 2013-04-07 01:07 - 000000000 ____D C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox
2018-08-29 03:01 - 2013-04-07 00:47 - 001454710 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-08-24 08:32 - 2016-01-24 16:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-24 08:31 - 2013-07-31 23:51 - 000000000 ____D C:\Program Files\Microsoft Office
2018-08-24 08:31 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-08-24 08:17 - 2017-11-18 17:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-08-24 08:17 - 2013-09-02 14:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-16 20:03 - 2015-06-12 21:51 - 000003942 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1752262018-2004630284-3030787665-1000UA
2018-08-16 20:03 - 2015-06-12 21:51 - 000003546 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1752262018-2004630284-3030787665-1000Core
2018-08-16 11:44 - 2013-05-09 21:31 - 000000000 ____D C:\Users\STEVEN_DESKTOP\AppData\Roaming\Mozilla
2018-08-16 03:23 - 2009-07-14 00:45 - 005139616 _____ C:\Windows\system32\FNTCACHE.DAT
2018-08-16 03:06 - 2013-07-17 03:00 - 000000000 ____D C:\Windows\system32\MRT
2018-08-16 03:03 - 2013-04-09 09:27 - 137343192 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-08-16 03:01 - 2015-11-04 22:45 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-09 18:46 - 2009-07-14 01:08 - 000032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-08-08 18:20 - 2013-04-06 23:26 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2005-12-08 22:51 - 2005-12-08 22:51 - 000000060 ____R () C:\Program Files (x86)\BRINST.INI
2015-03-23 19:45 - 2016-03-27 18:45 - 000000132 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-27 01:11 - 2014-02-02 13:56 - 000000629 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\All CPU MeterV3_Settings.ini
2016-01-17 20:11 - 2016-01-17 21:24 - 000026689 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Comma Separated Values.ADR
2014-02-02 13:57 - 2014-02-02 13:57 - 000001000 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Currency Meter_Settings.ini
2013-07-25 01:20 - 2013-08-31 11:11 - 000000376 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Digital Clock_Settings.ini
2013-09-06 16:21 - 2013-09-06 16:21 - 000000004 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Digital Clock_Usage.ini
2013-07-25 01:29 - 2013-07-27 09:54 - 000000841 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Drives Meter_Settings.ini
2013-07-26 20:15 - 2013-07-27 09:55 - 000000311 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Earthquakes Meter_Settings.ini
2013-07-26 20:14 - 2013-07-27 09:53 - 000000296 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\GPU MeterV2_Settings.ini
2018-06-10 20:18 - 2018-06-10 20:18 - 000099384 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\inst.exe
2013-07-27 01:12 - 2014-02-03 18:38 - 000001316 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Network Meter_Settings.ini
2013-08-01 00:59 - 2014-03-29 15:05 - 000000026 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Network Meter_Usage.ini
2014-12-26 19:47 - 2018-06-10 20:18 - 000007859 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\pcouffin.cat
2014-12-26 19:47 - 2018-06-10 20:18 - 000001167 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\pcouffin.inf
2014-12-26 19:47 - 2018-06-10 20:18 - 000000055 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\pcouffin.log
2014-12-26 19:47 - 2018-06-10 20:18 - 000082816 _____ (VSO Software) C:\Users\STEVEN_DESKTOP\AppData\Roaming\pcouffin.sys
2014-06-10 11:57 - 2014-06-10 11:57 - 000001181 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\trace_FilterInstaller.1.txt
2014-06-10 11:57 - 2014-06-10 12:11 - 000000919 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\trace_FilterInstaller.txt
2014-06-10 11:57 - 2014-06-10 12:11 - 000000000 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-07-26 20:15 - 2014-03-11 15:28 - 000000372 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Weather Meter_Settings.ini
2013-07-08 19:35 - 2017-10-13 18:14 - 000001456 _____ () C:\Users\STEVEN_DESKTOP\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-03-15 18:26 - 2014-03-15 18:26 - 000005632 _____ () C:\Users\STEVEN_DESKTOP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-21 20:01 - 2017-10-21 20:01 - 000041383 _____ () C:\Users\STEVEN_DESKTOP\AppData\Local\Perfmon.PerfmonCfg
2016-01-23 01:33 - 2016-01-23 01:33 - 000000883 _____ () C:\Users\STEVEN_DESKTOP\AppData\Local\recently-used.xbel
2013-07-19 23:31 - 2015-08-03 11:49 - 000007654 _____ () C:\Users\STEVEN_DESKTOP\AppData\Local\Resmon.ResmonCfg
2017-01-26 17:42 - 2016-11-23 09:37 - 000000570 _____ () C:\Users\STEVEN_DESKTOP\AppData\Local\TroubleshooterConfig.json
2015-03-16 23:19 - 2015-03-16 23:19 - 000000000 _____ () C:\Users\STEVEN_DESKTOP\AppData\Local\{09930AA0-7111-4D19-B80D-0DC0C391EA75}
2015-04-06 23:19 - 2015-04-06 23:19 - 000000000 _____ () C:\Users\STEVEN_DESKTOP\AppData\Local\{09AD10A8-5556-4CC9-8B5B-6EEE68A4174E}
2015-04-19 23:19 - 2015-04-19 23:19 - 000000000 _____ () C:\Users\STEVEN_DESKTOP\AppData\Local\{0D017820-937C-4131-8F5D-65C84F5A0C9D}
2015-03-21 23:19 - 2015-03-21 23:19 - 000000000 _____ () C:\Users\STEVEN_DESKTOP\AppData\Local\{8BC50C80-7BA2-4866-B7C6-7AF37DE8E90B}
2015-02-09 00:19 - 2015-02-09 00:19 - 000000000 _____ () C:\Users\STEVEN_DESKTOP\AppData\Local\{B1E862EE-48CA-4B52-AF01-63E083B1B566}

Some files in TEMP:
====================
2018-09-05 14:16 - 2018-08-03 04:01 - 000858912 _____ (Malwarebytes) C:\Users\STEVEN_DESKTOP\AppData\Local\Temp\mb-clean.exe
2018-09-05 14:16 - 2018-08-04 11:32 - 078657976 _____ (Malwarebytes                                                ) C:\Users\STEVEN_DESKTOP\AppData\Local\Temp\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6183.exe
2018-09-05 14:52 - 2018-09-05 14:52 - 001458856 _____ (Sysinternals - www.sysinternals.com) C:\Users\STEVEN_DESKTOP\AppData\Local\Temp\procexp64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {ec8cbeb5-9eeb-11e2-8f23-fc178328ad01}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {ec8cbeb7-9eeb-11e2-8f23-fc178328ad01}
recoveryenabled         Yes
testsigning             No
osdevice                partition=C:
systemroot              \Windows
resumeobject            {ec8cbeb5-9eeb-11e2-8f23-fc178328ad01}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {ec8cbeb7-9eeb-11e2-8f23-fc178328ad01}
device                  ramdisk=[C:]\Recovery\ec8cbeb7-9eeb-11e2-8f23-fc178328ad01\Winre.wim,{ec8cbeb8-9eeb-11e2-8f23-fc178328ad01}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\ec8cbeb7-9eeb-11e2-8f23-fc178328ad01\Winre.wim,{ec8cbeb8-9eeb-11e2-8f23-fc178328ad01}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {ec8cbeb5-9eeb-11e2-8f23-fc178328ad01}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {ec8cbeb8-9eeb-11e2-8f23-fc178328ad01}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\ec8cbeb7-9eeb-11e2-8f23-fc178328ad01\boot.sdi


LastRegBack: 2018-09-02 18:05

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.09.2018 03
Ran by STEVEN_DESKTOP (05-09-2018 15:38:56)
Running from E:\~tools for windows
Windows 7 Ultimate Service Pack 1 (X64) (2013-04-07 03:01:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1752262018-2004630284-3030787665-500 - Administrator - Disabled)
Guest (S-1-5-21-1752262018-2004630284-3030787665-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1752262018-2004630284-3030787665-1008 - Limited - Enabled)
SophosSAUSTEVEN-DES0 (S-1-5-21-1752262018-2004630284-3030787665-1010 - Limited - Enabled)
STEVEN_DESKTOP (S-1-5-21-1752262018-2004630284-3030787665-1000 - Administrator - Enabled) => C:\Users\STEVEN_DESKTOP

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Enabled - Up to date) {FFADE7EA-DC92-4602-D6B2-626CD3450A0F}
AS: Sophos Anti-Virus (Enabled - Up to date) {44CC060E-FAA8-498C-EC02-591EA8C240B2}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\uTorrent) (Version: 3.5.4.44520 - BitTorrent Inc.)
1.1 (HKLM-x32\...\{18F1594D-AEFC-4F91-8F19-37351F5A1770}_is1) (Version: 1.0 - Afreet Software, Inc.)
4nec2 full version 5.8.16 (HKLM-x32\...\4nec2_is1) (Version:  - [email protected] (Use "4nec2 modeller" as the subject))
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Akamai NetSession Interface (HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Allway Sync version 14.0.1 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.53 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AutoCAD 2015 - English (HKLM\...\{5783F2D7-E001-0000-0102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 - English (HKLM\...\{5783F2D7-E001-0409-2102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - English (HKLM\...\{5783F2D7-E001-0409-1102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.1.2.1000 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.155.0 - Autodesk)
Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Download Manager (HKLM-x32\...\{C897D9EC-13C6-4A22-ABF7-33F2126A7DB6}) (Version: 3.0.8.0 - Autodesk, Inc.)
Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk ReCap (HKLM\...\{31ABA3F2-0000-1033-0102-111D43815377}) (Version: 1.3.1.39 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
AV Voice Changer Software DIAMOND 7.0 (HKLM-x32\...\AV Voice Changer Software DIAMOND 7.0) (Version: 7.0.29 - Avnex Ltd.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
AwesomiumSetup (HKLM-x32\...\{19EF99D1-7EE6-4B5E-ABEE-0B3825F703B0}) (Version: 1.00.0000 - SIX Networks GmbH)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BleachBit (HKLM-x32\...\BleachBit) (Version: 2.0 - BleachBit)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
calibre 64bit (HKLM\...\{2B73426A-9499-4875-BAE9-8DD729009399}) (Version: 1.47.0 - Kovid Goyal)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.10010 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{C37C8243-90EC-42A9-85C6-43105A32B926}) (Version: 3.1.10010 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cities: Skylines Green Cities (HKLM\...\Y2l0aWVzc2t5bGluZXM_is1) (Version: 1 - )
ContextEdit (PC Magazine) (HKLM-x32\...\ContextEdit_is1) (Version: 1.2 - Ziff Davis Media, Inc.)
Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID HWMonitor 1.27 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CrystalDiskMark 3.0.3b (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.3b - Crystal Dew World)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
CyberLink PowerDirector 11 (HKLM\...\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2110 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2110 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DataStudio (HKLM-x32\...\{C1C47F92-0C96-408D-8E18-323F745E8A08}) (Version: 1.9.8.10 - PASCO scientific) Hidden
DataStudio (HKLM-x32\...\InstallShield_{C1C47F92-0C96-408D-8E18-323F745E8A08}) (Version: 1.9.8.10 - PASCO scientific)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Democracy 3 (HKLM-x32\...\GOGPACKDEMOCRACY3_is1) (Version: 2.6.0.11 - GOG.com)
Desktop-Reminder 2 (HKLM-x32\...\{288487BA-D8C5-4C81-BD89-C7E49DD48E18}) (Version: 2.105 - Polenter - Software Solutions) Hidden
Desktop-Reminder 2 (HKLM-x32\...\Desktop-Reminder 2) (Version: 2.105 - Polenter - Software Solutions)
DisplayFusion 7.3.4 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.3.4.0 - Binary Fortress Software)
DjVu Solo 3.1 (HKLM-x32\...\DjVu Solo 3.1) (Version:  - )
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Dropbox (HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Dropbox) (Version: 57.3.86 - Dropbox, Inc.)
Duplicate & Same Files Searcher 4.3 (HKLM\...\DuplicateSameFilesSearcher4_is1) (Version:  - Yury Malich)
Duplicate Cleaner Pro 4.0.4 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 4.0.4 - DigitalVolcano Software Ltd)
DVDFab 9.1.2.5 (22/01/2014) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Everything 1.4.1.877 (x86) (HKLM-x32\...\Everything) (Version: 1.4.1.877 (x86) - David Carpenter)
EVGA PrecisionX 16 (HKLM-x32\...\{DF31774D-B479-47D9-82F4-6ED733A7A341}) (Version: 5.2.4 - EVGA Corporation)
f.lux (HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Flux) (Version:  - )
FAHClient (HKLM-x32\...\FAHClient) (Version: 7.4.4 - Stanford University)
FileBot (HKLM\...\{5A7319F0-DD49-4716-B0DD-8FCD0111BA31}) (Version: 4.7.8 - Reinhard Pointner)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.)
Geekbench 4 (HKLM-x32\...\Geekbench 4) (Version:  - Primate Labs Inc.)
GitHub (HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\5f7eb300e2ea4ebf) (Version: 1.3.3.1 - GitHub, Inc.)
Glary Utilities 5.42 (HKLM-x32\...\Glary Utilities 5) (Version: 5.42.0.62 - Glarysoft Ltd)
GlassFish Server Open Source Edition 4.0 (HKLM\...\nbi-glassfish-mod-4.0.0.89.0) (Version:  - )
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.73 - SecureMix LLC)
GMapTool 0.8.143 (HKLM-x32\...\{1873789F-59D5-4002-8A2F-60A827B78F98}_is1) (Version:  - AP)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Earth (HKLM-x32\...\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}) (Version: 4.0.2722 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Icecream PDF Split and Merge version 2.04 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 2.04 - Icecream Apps)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
inSSIDer 3 (HKLM-x32\...\{5BB0D82A-4EED-477B-858E-1D5B01560BF5}) (Version: 3.0.5.80 - MetaGeek, LLC)
Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Network Connections 19.5.303.0 (HKLM\...\PROSetDX) (Version: 19.5.303.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 141 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java SE Development Kit 8 Update 121 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180121}) (Version: 8.0.1210.13 - Oracle Corporation)
JPEG to PDF (HKLM-x32\...\{7A2B6DE3-9303-46E8-9274-0112618AA7FD}_is1) (Version:  - jpegtopdf.com)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.11.0.3 - QFX Software Corporation)
K-Lite Mega Codec Pack 10.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Kodi (HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Kodi) (Version:  - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
M4A Player 1.0.1 (HKLM-x32\...\M4A Player_is1) (Version:  - vsevensoft.com)
Macrium Reflect Free Edition (HKLM\...\{49B022E5-A7FA-4CC0-83CF-1A0BEF029321}) (Version: 5.3.7109 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Maple 16 (HKLM\...\Maple 16) (Version:  - Maplesoft)
Maple 16 (HKLM-x32\...\Maple 16) (Version: 16.0.0.0 - Maplesoft)
Math Kernel Libraries (64-bit) (HKLM\...\{112D8201-03A2-43B2-861B-EB3FCB855547}) (Version: 13.0.13 - National Instruments) Hidden
Math Kernel Libraries (64-bit) (HKLM\...\{56B02DF2-C570-43E0-A16A-C6A1CE4AD7FB}) (Version: 1.0.31.0 - National Instruments) Hidden
Math Kernel Libraries (HKLM-x32\...\{9BA528A0-F33B-4162-993A-538CF56A005E}) (Version: 1.0.31.0 - National Instruments) Hidden
Math Kernel Libraries (HKLM-x32\...\{E71784F9-5B67-4052-A5FC-55C038396936}) (Version: 13.0.13 - National Instruments) Hidden
MATLAB R2016a (HKLM\...\Matlab R2016a) (Version: 9.0 - MathWorks)
Microsoft .NET Framework 4.7.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9126.2275 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.9 - 3r1c)
MMSSTV version 1.13A (HKLM-x32\...\{F71E3066-5D8E-4E58-9B72-43D4365127D3}_is1) (Version: 1.13A - JE3HHT,  Makoto Mori)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 61.0.2.6793 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.8 (x86 en-US)) (Version: 17.0.8 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.10 (HKLM-x32\...\{63243F5C-E941-4461-A4B0-2689A9A3BF13}) (Version: 1.2.10 - Thorvald Natvig)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version:  - National Instruments)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
Network Stumbler 0.4.0 (remove only) (HKLM-x32\...\Network Stumbler) (Version:  - )
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
NI .NET Framework 4.0 (HKLM-x32\...\{5CC95D76-A798-4722-AE76-E494D9664907}) (Version: 4.01.49152 - National Instruments) Hidden
NI ActiveX Container (64-bit) (HKLM\...\{63B6ADAB-AB1B-4542-911D-C15FFBD5E1BE}) (Version: 13.0.4 - National Instruments) Hidden
NI ActiveX Container (HKLM-x32\...\{53606225-A1A8-4A74-BA4B-00206F38DB60}) (Version: 13.0.4 - National Instruments) Hidden
NI Assistant Framework (HKLM-x32\...\{4823D63E-2F23-462E-A124-483EB0220C76}) (Version: 9.0.143 - National Instruments) Hidden
NI Assistant Framework 64-bit (HKLM\...\{4E1321FD-9B77-44A0-A8F8-856815928A9C}) (Version: 9.0.143 - National Instruments) Hidden
NI Assistant Framework LabVIEW 2013 Support (HKLM-x32\...\{438C89DD-4603-4324-8F36-BAD073F88B58}) (Version: 9.0.107 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 2013 (HKLM-x32\...\{1A535E17-6E6D-4CC7-AEE8-433103B599D6}) (Version: 9.0.107 - National Instruments) Hidden
NI Authentication 13.0.0 (64-bit) (HKLM\...\{2BF63B6D-6B44-46D5-8F2C-5BFBC78D9593}) (Version: 13.0.326 - National Instruments) Hidden
NI Authentication 13.0.0 (HKLM-x32\...\{6CB3DA3D-C753-423D-AB3B-670C5C2FE6C4}) (Version: 13.0.326 - National Instruments) Hidden
NI CodeSignAPI (HKLM-x32\...\{E1D60C68-016C-4951-8C1F-52E24DFE7836}) (Version: 2.70.346 - National Instruments) Hidden
NI Curl 13.0.0 (64-bit) (HKLM\...\{E957A395-E199-4B35-B06A-FF7CBA66B953}) (Version: 13.0.324 - National Instruments) Hidden
NI Curl 13.0.0 (HKLM-x32\...\{2DD33997-3C3E-4517-9D98-0CC5802D6D53}) (Version: 13.0.324 - National Instruments) Hidden
NI Customer Experience Improvement Program (HKLM-x32\...\{B42BB38A-9B97-4494-A42C-A0FD79B94E7A}) (Version: 2.0.77 - National Instruments) Hidden
NI DataSocket 5.1 (64-bit) (HKLM\...\{3EE48061-4008-4429-854D-90EC62074C5D}) (Version: 5.1.227 - National Instruments) Hidden
NI DataSocket 5.1 (HKLM-x32\...\{88098056-C07B-4264-A824-C90D5BF3935E}) (Version: 5.1.227 - National Instruments) Hidden
NI Distributed System Manager 2013 (HKLM-x32\...\{FEA545A1-9CAA-415E-81D8-49951ED44F22}) (Version: 13.0.338 - National Instruments) Hidden
NI Error Reporting 2013 (HKLM-x32\...\{DF549FB9-B94F-4B8D-B007-39281EDB9A52}) (Version: 13.0.324 - National Instruments) Hidden
NI Error Reporting Interface Installer 5.5 (HKLM-x32\...\{843AA365-C682-4540-9E7C-9B9A10C6A539}) (Version: 5.50.49152 - National Instruments) Hidden
NI Error Reporting Interface Installer 5.5 for Windows 64-bit (HKLM\...\{817746FE-367D-4BA3-9ABF-D2214D0E5E33}) (Version: 5.50.49152 - National Instruments) Hidden
NI EulaDepot (HKLM-x32\...\{97401357-96F5-45D0-8CC3-2031EE48B8C0}) (Version: 3.20.351 - National Instruments) Hidden
NI Example Finder 13.0 (HKLM-x32\...\{4A1BCB81-2F91-451D-BEC6-59FAB0ADB8F0}) (Version: 13.0.324 - National Instruments) Hidden
NI GMP Windows 32-bit Installer 13.0.0 (HKLM-x32\...\{0AF8A008-7141-40DD-BB99-10B7F0C4769A}) (Version: 13.0.45.0 - National Instruments) Hidden
NI GMP Windows 64-bit Installer 13.0.0 (HKLM\...\{00D12A70-7B79-4A14-80B5-F12626237DE7}) (Version: 13.0.45.0 - National Instruments) Hidden
NI Help Assistant 2.0 (64bit) (HKLM\...\{DDAAADDD-C57E-4731-A29C-133191587488}) (Version: 2.0.3 - National Instruments) Hidden
NI Help Assistant 2.0 (HKLM-x32\...\{C9A0D47F-9A68-4917-868C-79E384E4DEE6}) (Version: 2.0.3 - National Instruments) Hidden
NI Instrument IO Assistant for LabVIEW 2013 32-bit (HKLM-x32\...\{5AFBEB79-C105-4A13-9136-7830FB0616E4}) (Version: 1.0.14.0 - National Instruments) Hidden
NI LabVIEW 2011 Real-Time NBFifo (HKLM-x32\...\{7C6869BF-6CBE-4CB0-8869-2743B419343C}) (Version: 11.0.250.0 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (HKLM-x32\...\{B4A772D4-ED42-4484-8C0E-663A52D07A2F}) (Version: 12.0.219.0 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (HKLM-x32\...\{EEDB0927-3BD8-4349-856E-425A146CC680}) (Version: 13.0.336 - National Instruments) Hidden
NI LabVIEW 2012 Run-Time Engine Web Server (HKLM-x32\...\{3C717C2C-A9F4-4236-A539-89592B0652A7}) (Version: 12.5.198.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 Run-Time Engine Non-English Support. (HKLM-x32\...\{06897ACD-84E1-4F9E-8848-3E3BF27D2D99}) (Version: 12.1.52.0 - National Instruments) Hidden
NI LabVIEW 2013 (32-bit) (HKLM-x32\...\{194AD9A6-9C1E-4ACA-9F7A-570AC992661C}) (Version: 13.0.350 - National Instruments) Hidden
NI LabVIEW 2013 (32-bit) (HKLM-x32\...\{26954A89-6E26-4EC1-AB7A-0EFEFF992A40}) (Version: 13.0.397 - National Instruments) Hidden
NI LabVIEW 2013 (32-bit) (HKLM-x32\...\{29B1DD55-ECCC-492C-8732-FC5586E10D5F}) (Version: 13.0.350 - National Instruments) Hidden
NI LabVIEW 2013 (32-bit) (HKLM-x32\...\{34CA058D-7653-4DBC-9468-53AF99D38EDB}) (Version: 13.0.350 - National Instruments) Hidden
NI LabVIEW 2013 (32-bit) (HKLM-x32\...\{6856F054-3AD1-46CD-9CD8-DB00923361E9}) (Version: 13.0.350 - National Instruments) Hidden
NI LabVIEW 2013 (32-bit) (HKLM-x32\...\{6A3BC178-8B3D-4D87-BDB1-7CAB9842CC27}) (Version: 13.0.350 - National Instruments) Hidden
NI LabVIEW 2013 (32-bit) (HKLM-x32\...\{8CE6A8CC-8E00-4A0B-A2E7-45513D422764}) (Version: 13.0.350 - National Instruments) Hidden
NI LabVIEW 2013 (32-bit) (HKLM-x32\...\{D7373824-7279-4D63-B2A7-B8A4D4FF2DFD}) (Version: 13.0.350 - National Instruments) Hidden
NI LabVIEW 2013 (32-bit) (HKLM-x32\...\{F0974FCB-5970-4D07-81B9-E1D74A58F2F9}) (Version: 13.0.350 - National Instruments) Hidden
NI LabVIEW 2013 Deployable License (HKLM-x32\...\{87287A3C-0D30-42CE-867A-C595BE8C1721}) (Version: 13.0.303 - National Instruments) Hidden
NI LabVIEW 2013 Deployment Framework (HKLM-x32\...\{EE372D3C-8CDE-4141-8DE9-05A0734B63E4}) (Version: 13.0.330 - National Instruments) Hidden
NI LabVIEW 2013 f1 (HKLM-x32\...\{6EDBCD86-56DC-44C2-A32F-4EBA9FC9CF5F}) (Version: 13.0.328 - National Instruments) Hidden
NI LabVIEW 2013 Help (HKLM-x32\...\{8BA0BD14-21A8-4A16-9B4B-38E314FB0F53}) (Version: 13.0.338 - National Instruments) Hidden
NI LabVIEW 2013 Help File (HKLM-x32\...\{B0D9DFEE-6678-4EFA-909E-CDFAC1A967FB}) (Version: 13.0.299 - National Instruments) Hidden
NI LabVIEW 2013 License (HKLM-x32\...\{FFB33CD3-1CE4-401B-BA96-3F6CDBA31F6B}) (Version: 13.0.342 - National Instruments) Hidden
NI LabVIEW 2013 Manuals (HKLM-x32\...\{E6E01748-A5BE-4840-977A-BC4174002079}) (Version: 13.0.326 - National Instruments) Hidden
NI LabVIEW 2013 MeasAppChm File (HKLM-x32\...\{C66AFA34-E93D-4B4E-8944-F29988D915F3}) (Version: 13.0.299 - National Instruments) Hidden
NI LabVIEW 2013 Real-Time Error Dialog (HKLM-x32\...\{EA289B2D-80CE-486A-935D-FC3F088AB5C7}) (Version: 13.0.123 - National Instruments) Hidden
NI LabVIEW 2013 Run-Time Engine Non-English Support. (HKLM-x32\...\{9BA381D6-F63D-4C03-BE13-940F39068E01}) (Version: 13.0.329 - National Instruments) Hidden
NI LabVIEW 2013 Run-Time Engine Web Server (HKLM-x32\...\{ADC16943-45BD-4E47-89CD-A9CA790DE09C}) (Version: 13.0.321 - National Instruments) Hidden
NI LabVIEW 2013 Scripting Code Generator (HKLM-x32\...\{841CC81E-6023-4795-BB9E-7A8EE31BB0BD}) (Version: 9.0.172 - National Instruments) Hidden
NI LabVIEW 2013 Search (HKLM-x32\...\{22E5FA11-6167-4DC5-89E2-27641105B780}) (Version: 13.0.16 - National Instruments) Hidden
NI LabVIEW 2013 Simulation (HKLM-x32\...\{5C26D671-05A5-4788-B75B-161EBC91EFE4}) (Version: 13.0.327 - National Instruments) Hidden
NI LabVIEW 2013 Variable Web Service (HKLM-x32\...\{5E0425D0-A514-49F4-92CF-E639FE757A66}) (Version: 13.0.326 - National Instruments) Hidden
NI LabVIEW 2013 Web Server (HKLM-x32\...\{2F228DD5-DAF1-4D91-A419-D751FD2495CB}) (Version: 13.0.327 - National Instruments) Hidden
NI LabVIEW Broker (64 bit) (HKLM\...\{B9254715-D10D-4B4B-B002-54CBA61E6F64}) (Version: 6.8.10.0 - National Instruments) Hidden
NI LabVIEW Broker (HKLM-x32\...\{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}) (Version: 6.8.10.0 - National Instruments) Hidden
NI LabVIEW C Interface (HKLM-x32\...\{DEC25D81-2317-47F6-8B26-D54A939DA1EE}) (Version: 1.0.1 - National Instruments) Hidden
NI LabVIEW Compare Utility 13.0.0 (HKLM-x32\...\{01DAFF66-E9ED-4D91-9EBC-C3732FBBF078}) (Version: 13.0.340 - National Instruments) Hidden
NI LabVIEW MAX XML (HKLM-x32\...\{416B50BB-64CE-46C5-81A6-7F842CC35CDC}) (Version: 9.0.6.0 - National Instruments) Hidden
NI LabVIEW Merge Utility 13.0.0 (HKLM-x32\...\{D9254C4B-CB25-4348-8EBC-CD2670EDA0AA}) (Version: 13.0.339 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2011 SP1 (HKLM-x32\...\{1D78A81A-58D9-46F7-BFF6-ADF7247803F9}) (Version: 11.0.448.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2012 SP1 f3 (HKLM-x32\...\{5157CC53-EB17-4E69-A5C9-73E5695198B1}) (Version: 12.1.58.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2013 (HKLM-x32\...\{C0446EC0-D69F-44C3-B3AD-E04EA7FAE72B}) (Version: 13.0.332 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2011 (HKLM-x32\...\{6B9F789C-1D28-44D5-BCCE-7CCDBFB14B79}) (Version: 11.0.449.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2012 SP1 (HKLM-x32\...\{3750BCB6-B4E7-4678-817D-732F1CD84EF5}) (Version: 12.1.58.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2013 (HKLM-x32\...\{2931F00C-6417-4BFE-B3C5-26D90ABE8189}) (Version: 13.0.332 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (HKLM-x32\...\{BCC373FE-227D-46D9-827F-05BA296E2602}) (Version: 11.0.375.0 - National Instruments) Hidden
NI LabVIEW Web Services Runtime (HKLM-x32\...\{362294F9-C171-42B9-8436-4E8EE3467E3B}) (Version: 13.0.314 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (HKLM\...\{DABB1D70-482A-4B92-8B24-052AD650A2B0}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (HKLM-x32\...\{94AEBDCC-159F-4CBB-ABDE-B16483D2CF6C}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Code Generator (HKLM-x32\...\{5AEBB67E-812E-43BC-B029-CD83DBA7CE30}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (HKLM-x32\...\{2B1D39F8-477A-4B40-B062-F5E0C4D42B9B}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (HKLM-x32\...\{74DBB98D-B4A7-4DD9-9E13-C51FDB1105D0}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (HKLM\...\{0C2486A3-EF0D-4C6C-9947-C63D6E8C6E4C}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (HKLM-x32\...\{7FB07065-F547-448A-A1C3-1F2EF5EB834F}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (HKLM\...\{176468CE-41AB-4A9A-AC38-45A146D39688}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (HKLM\...\{25DECAB0-6580-4B9C-8174-5AC6C9E2D823}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (HKLM-x32\...\{A06A7065-FCA1-4D3C-BE65-2837ACCB135D}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2012 LabVIEW DLL Builder (HKLM-x32\...\{295D9649-5DFF-43EA-AE50-B749E84BB2C6}) (Version: 12.0.0422 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (HKLM-x32\...\{41F6CA61-82CB-4615-9A97-252C5D58FA4B}) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (HKLM-x32\...\{075CA8A9-25A1-4EA7-885C-8A92AED7DB3A}) (Version: 10.0.1434 - National Instruments) Hidden
NI Launcher (HKLM-x32\...\{3E60279A-618E-4670-81CC-777B8E60991E}) (Version: 3.20.351 - National Instruments) Hidden
NI License Manager (HKLM-x32\...\{A8490B70-08B4-40F8-84FE-CCE239901EA1}) (Version: 3.7.53 - National Instruments) Hidden
NI Logos 5.5 (64-bit) (HKLM\...\{B2149E16-A01C-458E-A6E5-B9DC96EAD1AA}) (Version: 5.5.293 - National Instruments) Hidden
NI Logos 5.5 (HKLM-x32\...\{CA533BA0-E6F9-4349-B0EC-ABDEB0481E77}) (Version: 5.5.293 - National Instruments) Hidden
NI Logos LabVIEW 2013 Support (HKLM-x32\...\{BBFA3804-4238-4CBF-A579-5D5A072378AE}) (Version: 13.0.327 - National Instruments) Hidden
NI Logos XT Support (HKLM-x32\...\{A05EFB3F-19E2-4F9E-8380-BE095CCF0BE4}) (Version: 5.5.294 - National Instruments) Hidden
NI Logos64 XT Support (HKLM\...\{A3154334-4692-449E-8836-3CCD28D0B1D7}) (Version: 5.5.294 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (HKLM\...\{58A9B4F6-2E67-464A-9F71-95F6D7159702}) (Version: 1.0.10.0 - National Instruments) Hidden
NI Math Kernel Libraries (HKLM-x32\...\{231D0E11-0313-49FD-95CE-1D0264C7F1F5}) (Version: 1.0.10.0 - National Instruments) Hidden
NI MAX Remote Configuration 64-bit Installer 5.5 (HKLM\...\{4768A660-5962-491F-8B1D-9A3FA35819A6}) (Version: 5.50.49152 - National Instruments) Hidden
NI MAX Remote Configuration Installer 5.5 (HKLM-x32\...\{5A073702-D6E0-4D28-B43B-4C4D5DFB752D}) (Version: 5.50.49152 - National Instruments) Hidden
NI MAX Support for 64 Bit Windows (HKLM\...\{C7D66BE3-9A63-47A0-A422-D772F1216F43}) (Version: 5.50.49152 - National Instruments) Hidden
NI MDF Support (HKLM-x32\...\{4E45B56F-95B5-4A1D-B5CC-B410FF1726AE}) (Version: 3.20.351 - National Instruments) Hidden
NI mDNS Responder 2.2 for Windows 64-bit (HKLM\...\{3A6898F6-9B23-40DE-9B2D-617DBDEFDBF9}) (Version: 2.20.49152 - National Instruments) Hidden
NI mDNS Responder 2.2.0 (HKLM-x32\...\{1F7F5330-D1C5-49D8-85A3-75E29C2434FE}) (Version: 2.20.49152 - National Instruments) Hidden
NI Measurement & Automation Explorer 5.5.0 (HKLM-x32\...\{6A996EAF-F118-4C11-AD14-8029547085CB}) (Version: 5.50.49152 - National Instruments) Hidden
NI Measurement Studio ComponentWorks 3D Graph (HKLM-x32\...\{F278392D-547E-4E67-AD1C-2576C2852B50}) (Version: 8.6.10603 - National Instruments) Hidden
NI Measurement Studio ComponentWorks UI (HKLM-x32\...\{2C77FBC4-79E2-4D25-86FB-CF7AAE02425E}) (Version: 8.6.10603 - National Instruments) Hidden
NI Measurement Studio Recipe Processor (HKLM-x32\...\{4159DD60-49C1-4323-A1A5-FB060CBA35C5}) (Version: 8.0.0101 - National Instruments) Hidden
NI MetaSuite Installer (HKLM-x32\...\{1610AE87-4FD0-4087-BE80-039C968E5C1A}) (Version: 3.20.351 - National Instruments) Hidden
NI MXS 5.5.0 (HKLM-x32\...\{DB974CAC-E29F-4F36-9343-6B589DF80593}) (Version: 5.50.49152 - National Instruments) Hidden
NI MXS 5.5.0 for 64 Bit Windows (HKLM\...\{2C222477-A505-4ACF-A5F2-1E026DBA288D}) (Version: 5.50.49152 - National Instruments) Hidden
NI Network Discovery 5.5 (HKLM-x32\...\{FC89B79E-AE5F-495F-A2B5-4469E5E2E284}) (Version: 5.50.49152 - National Instruments) Hidden
NI Network Discovery 5.5 for Windows 64-bit (HKLM\...\{B847F6E6-0C6C-4FE8-8BF2-E864F3520DC2}) (Version: 5.50.49152 - National Instruments) Hidden
NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (HKLM-x32\...\{38300A40-AB90-444D-A823-17EB95A5C731}) (Version: 11.0.302.0 - National Instruments) Hidden
NI OPC Support (HKLM-x32\...\{B34624AE-C43F-416E-B22A-F3B561EB9760}) (Version: 13.0.296 - National Instruments) Hidden
NI OPCEnum Shared (HKLM-x32\...\{1179FFB4-726B-4200-BF02-0387C86C429B}) (Version: 5.5.2018 - National Instruments) Hidden
NI Portable Configuration 5.5.0 (HKLM-x32\...\{646550E5-F469-410B-9721-01E3DCAFA7D2}) (Version: 5.50.49152 - National Instruments) Hidden
NI Portable Configuration for 64 Bit Windows 5.5.0 (HKLM\...\{91D415DC-5C6C-4512-902A-EEB48545A299}) (Version: 5.50.49152 - National Instruments) Hidden
NI Registration Wizard (HKLM-x32\...\{37CBF405-7780-4D61-BA64-048229E7CAEE}) (Version: 1.3.97.0 - National Instruments) Hidden
NI Remote Provider for MAX 5.5.0 (HKLM-x32\...\{4EDA6809-BAD6-416D-AACD-1EC39BF6DD41}) (Version: 5.50.49152 - National Instruments) Hidden
NI Remote PXI Provider for MAX 5.5.0 (HKLM-x32\...\{D426844E-2735-4881-BD41-29F7530FA06C}) (Version: 5.50.49152 - National Instruments) Hidden
NI Search Shared (HKLM-x32\...\{C89DD7B9-9ACA-4B8F-9B72-37CE3AEBDD46}) (Version: 13.0.13 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (HKLM\...\{4A78D9E6-D349-4CCA-9295-45B12BE5BC6C}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (HKLM-x32\...\{20124E21-206B-485F-838F-14BB88161045}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Service Locator 13.0 (HKLM-x32\...\{23180501-7886-47B6-AB6E-5ABFB1848012}) (Version: 13.0.303 - National Instruments) Hidden
NI SLCP 2.0 (HKLM-x32\...\{3FAE02C9-923D-4096-AE28-04E6FCE67094}) (Version: 2.0.27 - National Instruments) Hidden
NI Software Provider for MAX 5.5.0 (HKLM-x32\...\{A6025DDF-67EF-4B5D-8365-907295F5D469}) (Version: 5.50.49152 - National Instruments) Hidden
NI SSL LabVIEW 2013 Support (HKLM-x32\...\{AFF8EE12-DE6F-45DD-BFE6-AC78B0D7D01D}) (Version: 13.0.328 - National Instruments) Hidden
NI SSL LabVIEW RTE 2012 SP1 Support (HKLM-x32\...\{DFEB5AEC-611E-466F-A072-956751A66880}) (Version: 12.5.8.0 - National Instruments) Hidden
NI SSL LabVIEW RTE 2013 Support (HKLM-x32\...\{BF324FB5-4C39-4FDC-B023-19AEFFAE116A}) (Version: 13.0.317 - National Instruments) Hidden
NI SSL Support (64-bit) (HKLM\...\{A6E0DCE3-A917-4234-B401-6D630E869FB3}) (Version: 13.0.319 - National Instruments) Hidden
NI SSL Support (HKLM-x32\...\{87392509-BFBD-4780-9170-E0106DB472DF}) (Version: 13.0.324 - National Instruments) Hidden
NI System API .NET 5.5.0 (HKLM-x32\...\{556653E7-A474-4D05-AA00-D555DF8609C6}) (Version: 5.50.157 - National Instruments) Hidden
NI System API Client for WIF 5.5.0 (HKLM-x32\...\{9B51048C-8467-4C02-967E-0145E31BDE3C}) (Version: 5.50.419 - National Instruments) Hidden
NI System API Web-Service 32-bit 5.5.0 (HKLM-x32\...\{0E5A6C9B-E5F6-4BBD-8942-FC9BFC287F68}) (Version: 5.50.405 - National Instruments) Hidden
NI System API Windows 32-bit 5.5.0 (HKLM-x32\...\{A8779088-85BA-4CC0-8205-1C7AF40FCDBD}) (Version: 5.50.589 - National Instruments) Hidden
NI System API Windows 64-bit 5.5.0 (HKLM\...\{6662C75A-9A77-4959-9853-F4A2AF15C4B8}) (Version: 5.50.588 - National Instruments) Hidden
NI System Configuration 5.5.0 LabVIEW Support (HKLM-x32\...\{C202C5C6-AA4B-49D6-A373-554A3568382E}) (Version: 5.50.186 - National Instruments) Hidden
NI System Configuration LV2013 Support 5.5.0 (HKLM-x32\...\{7428E02E-9DE5-4454-951B-C68A88ABEEA4}) (Version: 5.50.178 - National Instruments) Hidden
NI System Configuration Runtime 5.5.0 (HKLM-x32\...\{FCBEDF17-375A-4963-B6BC-B8DD66036D2F}) (Version: 5.50.226 - National Instruments) Hidden
NI System Configuration Runtime 5.5.0 for Windows 64-bit (HKLM\...\{E24A808C-68AE-4204-A6B5-55656CBE7AF1}) (Version: 5.50.226 - National Instruments) Hidden
NI System State Publisher (64-bit) (HKLM\...\{68319FE7-1E06-4156-BC00-8D24828B5084}) (Version: 13.0.299 - National Instruments) Hidden
NI System State Publisher (HKLM-x32\...\{AE20D525-5D10-475F-9115-963DB67D49DF}) (Version: 13.0.304 - National Instruments) Hidden
NI System Web Server 13.0 (HKLM-x32\...\{FC59A893-A510-411A-A71C-60A06D2C9BF2}) (Version: 13.0.330 - National Instruments) Hidden
NI System Web Server Base 13.0.0 (64-bit) (HKLM\...\{A0133B57-1D4B-4D89-A0EF-1453ECECA58A}) (Version: 13.0.323 - National Instruments) Hidden
NI System Web Server Base 13.0.0 (HKLM-x32\...\{69D447B3-1B3F-42A9-9605-A8533BE06D17}) (Version: 13.0.323 - National Instruments) Hidden
NI TDM Excel Add-In 3.5 (HKLM-x32\...\{FC3DE99A-2D6A-428D-ADA5-6A86717E6129}) (Version: 3.5.9 - National Instruments) Hidden
NI TDM Excel Add-In 3.5 64-bit (HKLM\...\{BC7E190B-47EB-4B84-817B-E52120108C0E}) (Version: 3.5.9 - National Instruments) Hidden
NI TDM Streaming 2.5 (64-bit) (HKLM\...\{3ABCF186-64DE-439C-8B66-CC31B8513D8C}) (Version: 2.5.36 - National Instruments) Hidden
NI TDM Streaming 2.5 (HKLM-x32\...\{27367777-A95D-4014-B73B-18D4838E54A4}) (Version: 2.5.36 - National Instruments) Hidden
NI Trace Engine (64-bit) (HKLM\...\{DA83B4AC-EC3C-4F13-A867-CB0C24A8E1D5}) (Version: 13.0.324 - National Instruments) Hidden
NI Trace Engine (HKLM-x32\...\{63495F25-850C-4127-8BA6-1DFD5144723C}) (Version: 13.0.324 - National Instruments) Hidden
NI Uninstaller (HKLM-x32\...\{4416E546-A113-4B37-9FA5-C5165EEF36E0}) (Version: 3.20.351 - National Instruments) Hidden
NI Update Service 2.3 (64-bit) (HKLM\...\{FCA2E817-8584-43EF-ABCA-05514305F0C6}) (Version: 2.30.53 - National Instruments) Hidden
NI Update Service 2.3 (HKLM-x32\...\{8FBAA717-6C1C-4BA1-B446-AA5118BA6401}) (Version: 2.30.65 - National Instruments) Hidden
NI USI 2.0.1 (HKLM-x32\...\{FE82D7AF-0A22-40E8-B7A5-9D7615296BA6}) (Version: 2.0.15249 - National Instruments) Hidden
NI USI 2.0.1 64-Bit (HKLM\...\{0D8CE7D9-884A-4DF1-B459-E910CF34EE5C}) (Version: 2.0.15249 - National Instruments) Hidden
NI Variable Engine (64-bit) (HKLM\...\{75534D54-E901-4C68-B523-C4A9884AED61}) (Version: 2.7.297 - National Instruments) Hidden
NI Variable Engine 2.6.0 (HKLM-x32\...\{639C20B2-5F6C-4139-96EA-A206EEA6F995}) (Version: 2.7.297 - National Instruments) Hidden
NI Variable Engine LabVIEW 2013 Support (HKLM-x32\...\{324CEE33-A570-4B63-AF5D-E6BF7B79DF87}) (Version: 13.0.327 - National Instruments) Hidden
NI VC2005MSMs x64 (HKLM\...\{E3E3E625-8F74-44CE-A6D2-C31CB43DA23D}) (Version: 8.05.0 - National Instruments) Hidden
NI VC2005MSMs x86 (HKLM-x32\...\{4B877FC6-F44C-4B39-B0B6-CE15ADC63997}) (Version: 8.05.0 - National Instruments) Hidden
NI VC2008MSMs x64 (HKLM\...\{07E00E94-7A78-40FA-9BEF-71C190E98041}) (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (HKLM-x32\...\{E84997A1-4D6F-4C0B-B60D-F85B360D2666}) (Version: 9.0.401 - National Instruments) Hidden
NI VC2010SP1MSMs x64 (HKLM\...\{AFC5A844-CA3A-4566-89E7-3E24E6AFF9A3}) (Version: 10.0.100 - National Instruments) Hidden
NI VC2010SP1MSMs x86 (HKLM-x32\...\{F2273FA7-117C-43D7-BD59-00B025535442}) (Version: 10.0.100 - National Instruments) Hidden
NI VIPM Helper 2013 (HKLM-x32\...\{BC2E5499-009B-4F1D-B978-8C0B2B1EC6BF}) (Version: 13.0.339 - National Instruments) Hidden
NI Web Application Server 13.0 (64-bit) (HKLM\...\{62126BD1-8107-48A1-9889-FA16F064893C}) (Version: 13.0.319 - National Instruments) Hidden
NI Web Application Server 13.0 (HKLM-x32\...\{4845B7A3-DDC3-44F9-A7DB-C50C94017129}) (Version: 13.0.324 - National Instruments) Hidden
NI Web Pipeline 3.3 (64-bit) (HKLM\...\{F7F361A8-65E2-4A1B-9111-DA87B692AAD8}) (Version: 3.30.24 - National Instruments) Hidden
NI Web Pipeline 3.3 (HKLM-x32\...\{55D08CCF-C60F-4A4B-A78E-0E9430B45B42}) (Version: 3.30.24 - National Instruments) Hidden
NI Web-Based Configuration and Monitoring 2013 (HKLM-x32\...\{2DD64FD3-64E6-4198-9E3B-41686C4048CA}) (Version: 13.0.306 - National Instruments) Hidden
NI Xalan Delay Load 1.10.2 (HKLM-x32\...\{2CB15350-C073-4A5B-A706-59E1F69DE11C}) (Version: 1.10.72.0 - National Instruments) Hidden
NI Xalan Delay Load 1.10.2 64-bit (HKLM\...\{B9293F41-3CB1-4E86-9523-010F8ACB782D}) (Version: 1.10.73.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 (HKLM-x32\...\{E6068691-1FBC-4EF0-87E8-609CDB32038A}) (Version: 2.7.180.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 64-bit (HKLM\...\{50B2D9D8-87B6-49EE-BC5C-874119FD6B7B}) (Version: 2.7.190.0 - National Instruments) Hidden
NI-DAQmx/LabVIEW shared documentation 9.7.5 (HKLM-x32\...\{55D00097-F9A4-4979-863C-E5345629D505}) (Version: 9.75.49152 - National Instruments) Hidden
NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.7.5 (HKLM\...\{CC95B8ED-58F6-4D0A-B040-75C9EA073ED1}) (Version: 9.75.49152 - National Instruments) Hidden
NI-Mesa (HKLM\...\{7716F0A8-AFEF-4C22-9A10-4D5BDCD6471D}) (Version: 12.0.7.0 - National Instruments) Hidden
NI-Mesa (HKLM-x32\...\{3AA5FCD0-8215-4604-920C-BC87CE1D843B}) (Version: 12.0.7.0 - National Instruments) Hidden
NI-RPC 4.4.0f0 (HKLM-x32\...\{9125CF98-08A9-41AA-96B9-A7A7A255E3DC}) (Version: 4.40.49152 - National Instruments) Hidden
NI-RPC 4.4.0f0 for 64 Bit Windows (HKLM\...\{B1153914-2CA8-4FFE-855E-FAC61EFD9C0D}) (Version: 4.40.49152 - National Instruments) Hidden
NI-RPC 4.4.0f0 for Phar Lap ETS (HKLM-x32\...\{9CF01499-669E-472A-89E3-54CC30C4FDBB}) (Version: 4.40.49152 - National Instruments) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OCCT 4.4.1 (HKLM-x32\...\OCCT) (Version: 4.4.1 - Ocbase.com)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2275 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2275 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9126.2275 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenTTD 1.7.0 (HKLM-x32\...\OpenTTD) (Version: 1.7.0 - OpenTTD)
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.4.0.10 - GOG.com)
Pasco USB Driver (HKLM-x32\...\PascoUSBDriver) (Version:  - )
PascoCommonFiles (HKLM-x32\...\PascoCommonFiles) (Version: 1.1.13 - )
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.5.1 - pdfforge GmbH)
PerformanceTest v7.0 (64-bit) (HKLM\...\PerformanceTest 7_is1) (Version: 7.0 - Passmark Software)
PerformanceTest v7.0 (HKLM-x32\...\PerformanceTest 7_is1) (Version: 7.0 - Passmark Software)
PerformanceTest v9.0 (HKLM\...\PerformanceTest 9_is1) (Version: 9.0.1020.0 - Passmark Software)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.9 - Portforward, LLC)
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.2.0000 - ETS)
Python 3.6.1 (32-bit) (HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\{1babc3bc-6a32-44f7-bf4d-60eec36c9ad1}) (Version: 3.6.1150.0 - Python Software Foundation)
Python 3.6.1 Add to Path (32-bit) (HKLM-x32\...\{ED8BD450-5015-4CB3-95B5-2D93F23E111B}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Core Interpreter (32-bit) (HKLM-x32\...\{E63E60CA-437B-4894-8395-81F2F66483B0}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Development Libraries (32-bit) (HKLM-x32\...\{3029D656-0C32-4AC9-84FB-A15056F356CC}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Documentation (32-bit) (HKLM-x32\...\{D1198C40-C6F5-4FFB-B98C-79BF1FE706C1}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (32-bit) (HKLM-x32\...\{A7036382-80F1-4FC1-B244-D31AA50337F4}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 pip Bootstrap (32-bit) (HKLM-x32\...\{899F7F28-F6D3-4E5B-8FBE-F7929036172A}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (32-bit) (HKLM-x32\...\{3BCCB89B-CD98-4F78-8436-78847FABFD68}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (32-bit) (HKLM-x32\...\{F6ED0771-FE83-4A1C-BE65-A06CB65B46D5}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (32-bit) (HKLM-x32\...\{F44EF183-905E-48BB-998E-53FC99B36FE3}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Utility Scripts (32-bit) (HKLM-x32\...\{2AA7DAB3-6778-42A7-9F33-22615234540E}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{323AC113-C6CE-4F99-842F-4936332D055A}) (Version: 3.6.5923.0 - Python Software Foundation)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.5 r1842 - )
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.18.115 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.70 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7464 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Reset NI Config 5.5.0 (HKLM-x32\...\{32D5858D-5BCE-407A-93CD-897E867ABA51}) (Version: 5.50.227 - National Instruments) Hidden
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
RNX-N180UBE 11n USB Wireless LAN Driver (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}) (Version: 1.00.0175 - Rosewill Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Sharepod 4.0.0.3 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Siemens NX 10.0 (HKLM\...\{11B4AD15-AE98-4618-B90A-562EC6875DC3}) (Version: 10.0.0.24 - Siemens)
Siemens PLM License Server (HKLM\...\Siemens PLM License Server) (Version: 6.4.2.1 - Siemens Product Lifecycle Management Software Inc.)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{6654537D-935E-41C0-A18A-C55C2BF77B7E}) (Version: 10.8.1.316 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54}) (Version: 5.11.206 - Sophos Limited)
Sophos System Protection (HKLM-x32\...\{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}) (Version: 1.3.1 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.20 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Spotify) (Version: 1.0.68.407.g6864aaaf - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.12 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellarium 0.11.4 (HKLM-x32\...\Stellarium_is1) (Version: 0.11.4 - Stellarium team)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1260 - SUPERAntiSpyware.com)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Texmaker (HKLM-x32\...\Texmaker) (Version:  - )
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
VI Package Manager 2013 (HKLM-x32\...\{0A84E377-C315-48EC-A99A-C5F5F8432FCF}) (Version: 13.0.1879 - JKI)
VI Package Manager 2013 (HKLM-x32\...\{9645A76D-DEF7-4783-B710-AF611CAA23D9}) (Version: 13.0.0 - National Instruments) Hidden
Virtual Audio Cable 4.9 (HKLM\...\Virtual Audio Cable 4.9) (Version:  - )
Virtual Router v1.0 (HKLM-x32\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
Vistumbler (HKLM-x32\...\Vistumbler) (Version: v10 - Vistumbler.net)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.45 - VSO Software)
VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.36 - VSO Software)
WIF Core Dependencies Windows 5.5.0 (HKLM-x32\...\{4C280606-F07F-4BF4-80D1-CBEEC51A866C}) (Version: 5.50.155 - National Instruments) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - PASCO Scientific (WinUSB) Pasco Interface  (08/14/2008 1.0.0.0) (HKLM\...\AD4AD0F184940E4712E96652A58ADDC47894E622) (Version: 08/14/2008 1.0.0.0 - PASCO Scientific)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
Wireshark 2.4.1 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.1 - The Wireshark developer community, hxxps://www.wireshark.org)
Wolfram Extras 10.0 (5203600) (HKLM\...\A-WIN-Extras 10.0.2 5203600_is1) (Version: 10.0.2 - Wolfram Research, Inc.)
Wolfram Mathematica 10 (M-WIN-L 10.0.2 5206639) (HKLM\...\M-WIN-L 10.0.2 5206639_is1) (Version: 10.0.2 - Wolfram Research, Inc.)
Xml Viewer (HKLM-x32\...\{F58E04CD-6E76-43C8-AAF1-482225C2910E}) (Version: 3 - MindFusion Limited)
YouTube Downloader App 3.00 (HKLM-x32\...\YouTube Downloader App) (Version: 3.00 - Regensoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{42ED960B-3C77-4008-A81E-C655146B1FD5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll [2018-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll [2018-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll [2018-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll [2018-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll [2018-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll [2018-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll [2018-08-31] (Dropbox, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2014-02-07] (Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_05.dll [2012-06-18] ()
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG)
ContextMenuHandlers1-x32: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2014-04-09] (Piriform Ltd)
ContextMenuHandlers1-x32: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2013-11-26] (Stardock)
ContextMenuHandlers1-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers1-x32-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => S:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll -> No File
ContextMenuHandlers1-x32-x32: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ContextMenuHandlers1-x32-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-11-30] (Apple Inc.)
ContextMenuHandlers1-x32-x32: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2014-07-21] (Paramount Software UK Ltd)
ContextMenuHandlers1-x32-x32: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2018-03-06] (Sophos Limited)
ContextMenuHandlers1-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing, S.L.)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2014-07-21] (Paramount Software UK Ltd)
ContextMenuHandlers2: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2018-03-06] (Sophos Limited)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2013-11-26] (Stardock)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2018-03-06] (Sophos Limited)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing, S.L.)
ContextMenuHandlers5: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2013-11-26] (Stardock)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-04-08] (NVIDIA Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2014-04-09] (Piriform Ltd)
ContextMenuHandlers6: [FencesShellExt] -> {1984DD45-52CF-49cd-AB77-18F378FEA264} => C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2013-11-26] (Stardock)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2018-03-06] (Sophos Limited)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-10-29] (WinZip Computing, S.L.)
ContextMenuHandlers1_S-1-5-21-1752262018-2004630284-3030787665-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll [2018-08-31] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1752262018-2004630284-3030787665-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll [2018-08-31] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1752262018-2004630284-3030787665-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.0.dll [2018-08-31] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09AF6F51-D3B7-47C4-83F3-84E9BF6B14D4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752262018-2004630284-3030787665-1000Core => C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-15] (Google Inc.)
Task: {0B93F043-0CFF-4C91-98BB-42F4C0428B1A} - System32\Tasks\JKIUpdateTask => C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe [2013-05-23] (JKI)
Task: {0BDC0F0D-3EB2-4DCE-8171-02971CE1F96B} - System32\Tasks\SUPERAntiSpyware Scheduled Task d9e9253f-662b-41b0-b98b-843d4fd4e249 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {1E6ED709-3088-49E3-BA21-4EA4F68AE5D0} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe [2014-10-23] (EVGA Corp.)
Task: {33838BDA-83CC-47DE-A990-81D138CCC7E5} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {3582B291-EB73-4B8B-85AB-F4AAAB8082EC} - System32\Tasks\NIUpdateServiceCheckTask => S:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
Task: {37976759-20D5-4718-97F3-8B3E5141E928} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {38E80B20-255D-4D74-9EBA-3E463D7BBBEE} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
Task: {3D1B0B3F-7877-4389-800E-2B2051BFBE1F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {414444DF-A2BD-40BC-B76A-23629CA69DFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-15] (Adobe Systems Incorporated)
Task: {5B3D035F-4870-455E-8254-BBC7A234F58D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {63C272BA-DD27-4697-9060-A2679FDCE963} - System32\Tasks\{A6F8FFAA-A35F-4C7C-A39B-CBDF63515417} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.0.103&LastError=12040
Task: {6A3F7CD3-EE36-4040-A962-25D6FCC3CC10} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-07] (Microsoft Corporation)
Task: {6E20A960-9492-424F-B864-4CCE7AB7C3C3} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => S:\Program Files (x86)\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe
Task: {741AB126-BC11-4EDA-BE07-3A66AB91BCB5} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-01-04] (Glarysoft Ltd)
Task: {773745D4-D52F-4256-ADC8-837E6FFC324F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {78CDBF8A-7A26-4C98-B2FA-39E06BE9B95E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {7A6ABF73-358B-46EE-A448-CE82B2D4976D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-08-24] (Microsoft Corporation)
Task: {7D44C291-7C8A-4BA3-BA0B-C2DACE0C6991} - System32\Tasks\MSIAfterburner => S:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {803AF43D-E9C7-4C56-8D39-58FC4C4D3BFE} - System32\Tasks\{4573263F-15EE-43A1-A892-6ECBCAC430E6} => C:\Windows\system32\pcalua.exe -a S:\Users\STEVEN_DESKTOP\Downloads\Chrome\Mobiless.exe -d S:\Users\STEVEN_DESKTOP\Downloads\Chrome
Task: {83225A43-85EC-4230-A30B-423A55CC3461} - System32\Tasks\RTSS => S:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
Task: {850DD5E8-7918-4ABE-96F0-D21A7150C747} - System32\Tasks\{EDE10845-491B-4165-9F16-086037ECEE7A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2" -c /register
Task: {853A078F-9073-498F-81D5-2514CD510442} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1752262018-2004630284-3030787665-1000Core => C:\Users\STEVEN_DESKTOP\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {8BB07919-3D04-4E0B-B0A6-F66D24593FBF} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => S:\Program Files (x86)\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
Task: {93F1BC75-DFD3-4EC6-AFC1-2CD97D7ECF30} - System32\Tasks\SUPERAntiSpyware Scheduled Task b43940ce-84ed-41fc-b4e8-98a75112eb43 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {9D719A20-65D5-44D6-856E-A0E607A31B7F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A1F700C6-8212-44E4-A9EA-5C47638C1CE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A2FF50C1-17E7-450F-BAE1-2DE6EA910893} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {A7797FEB-FD31-44AC-BFEC-0333C6D077D5} - System32\Tasks\{BB39BF98-B1AE-4C91-A9B7-C707CAB35584} => C:\Windows\system32\pcalua.exe -a "S:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "S:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2" -c /register
Task: {A8D35D1F-D26B-4EC0-B000-05DE3F735606} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work => C:\Windows\system32\WorkFoldersSystemTray.exe [2015-09-04] (Microsoft Corporation)
Task: {AEA6FAAB-7A3A-45EE-AEDB-4E74117C6748} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752262018-2004630284-3030787665-1000UA => C:\Users\STEVEN_DESKTOP\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-15] (Google Inc.)
Task: {B026EB68-6E73-4977-B092-8A8E0245FEB8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-08-24] (Microsoft Corporation)
Task: {B3B8B66F-28EF-448B-8BDC-2C43EA992E77} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-08-24] (Microsoft Corporation)
Task: {B99CC638-D8D9-41EE-9A10-5E6B350A4685} - System32\Tasks\PCMeter\Startup => S:\Users\STEVEN_DESKTOP\Downloads\Chrome\PCMeter\PCMeterV0.3.exe
Task: {BB1F4F93-CD42-415D-8EE5-C3E229EDD80E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {C3838A5F-4A0D-4EC7-9F40-D156F6658521} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {DD319708-A14F-43A9-8347-8F096ECA0B76} - System32\Tasks\{F4F60C81-14E5-40AA-AB3A-80CD7E3340AF} => C:\Windows\system32\pcalua.exe -a C:\Users\STEVEN_DESKTOP\Downloads\setup_en.exe -d C:\Users\STEVEN_DESKTOP\Downloads
Task: {E557CBE9-DF7E-47A2-8780-4EBF557332DC} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
Task: {E8E66363-DF6A-4771-9C6A-4643FE5A03CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EC1A8D82-BDB7-4E78-8F16-C94D07B1D442} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-07] (Microsoft Corporation)
Task: {EDB49EBF-F578-4724-A55A-3AA335A3E91E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-24] (Microsoft Corporation)
Task: {F222FCCB-3452-480D-B71F-79933C711422} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-01-04] (Glarysoft Ltd)
Task: {F47B5E36-86AD-4717-A7C4-1DBF47475CA9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-24] (Microsoft Corporation)
Task: {F5AA4E26-B311-4216-97D7-3D589D88F277} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1752262018-2004630284-3030787665-1000UA => C:\Users\STEVEN_DESKTOP\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1752262018-2004630284-3030787665-1000Core.job => C:\Users\STEVEN_DESKTOP\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1752262018-2004630284-3030787665-1000UA.job => C:\Users\STEVEN_DESKTOP\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b43940ce-84ed-41fc-b4e8-98a75112eb43.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d9e9253f-662b-41b0-b98b-843d4fd4e249.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-04-18 19:31 - 2016-01-22 17:57 - 000089008 _____ () C:\Windows\System32\cpwmon64.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 001337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-16 02:05 - 2017-06-06 21:42 - 001666664 _____ () C:\Program Files (x86)\Everything\Everything.exe
2016-11-05 11:43 - 2017-05-03 16:21 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-01-10 14:40 - 2014-01-10 14:49 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-07-19 18:09 - 2017-07-19 18:09 - 000189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-04-09 09:12 - 2012-09-11 23:14 - 000390672 _____ () C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
2018-09-05 14:18 - 2018-06-18 13:32 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2012-06-01 05:42 - 2013-07-27 15:21 - 000920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2016-05-06 15:46 - 2018-08-03 09:37 - 008936112 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-07-28 22:45 - 2017-07-28 22:45 - 000298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-07-22 11:54 - 2015-07-22 11:54 - 000063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-09-02 21:10 - 2014-06-21 02:19 - 000047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-09-02 21:10 - 2014-06-21 02:19 - 000104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2013-04-06 23:10 - 2018-09-05 14:20 - 000030720 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-04-06 23:10 - 2010-06-28 22:58 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-04-27 15:51 - 1999-12-31 20:00 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-11-05 11:43 - 2017-05-03 16:21 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-08-31 14:01 - 2018-08-31 04:29 - 001113928 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-08-31 14:01 - 2018-08-31 04:29 - 002247496 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-05-26 14:05 - 2018-08-31 04:33 - 000023888 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\tornado.speedups.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:31 - 000025456 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-01-25 20:47 - 2018-08-31 04:28 - 000142824 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\_cffi_backend.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:31 - 001958760 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:31 - 000025960 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:29 - 000117272 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\pywintypes35.dll
2018-05-26 14:05 - 2018-08-31 04:28 - 000109024 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32api.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:31 - 000083784 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\fastpath.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:29 - 000418776 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\pythoncom35.dll
2018-05-26 14:05 - 2018-08-31 04:28 - 000027616 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32event.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:28 - 000049128 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32process.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:31 - 000074584 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:28 - 000131552 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32file.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:31 - 000025944 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:28 - 000026600 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32clipboard.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:28 - 000182752 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32gui.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:28 - 000027616 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32pipe.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:28 - 000119272 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32security.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:33 - 000401240 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32com.shell.shell.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:28 - 000028640 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd
2018-01-25 20:47 - 2018-08-31 04:34 - 000034664 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:28 - 000023520 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\mmapfile.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:28 - 000053736 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32service.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:28 - 000065504 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32evtlog.cp35-win32.pyd
2018-01-25 20:47 - 2018-08-31 04:34 - 000059744 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:33 - 000068968 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-01-25 20:47 - 2018-08-31 04:34 - 000028520 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:31 - 000027488 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:28 - 000032736 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32ts.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:32 - 000156504 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:33 - 000092488 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\sip.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:31 - 001779024 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:32 - 000519504 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:32 - 000052056 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:31 - 001929552 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:32 - 003822416 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:32 - 000044888 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:32 - 000131016 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:32 - 000218456 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:32 - 000205656 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:28 - 000061408 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32print.cp35-win32.pyd
2018-01-25 20:47 - 2018-08-31 04:34 - 000051552 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-05-26 14:05 - 2018-08-31 04:28 - 000027624 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\win32profile.cp35-win32.pyd
2018-07-30 16:12 - 2018-08-31 04:34 - 000033632 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\winreindex.compiled._winreindex.cp35-win32.pyd
2018-01-25 20:47 - 2018-08-31 04:34 - 000028008 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-01-25 20:47 - 2018-08-31 04:34 - 000025960 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-01-25 20:47 - 2018-08-31 04:34 - 000025448 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-01-25 20:47 - 2018-08-31 04:34 - 000025960 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:31 - 000031600 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-01-25 20:47 - 2018-08-31 04:28 - 000494048 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\winxpgui.cp35-win32.pyd
2018-01-25 20:47 - 2018-08-31 04:34 - 000029040 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:31 - 000029024 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:29 - 000036312 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\librsync.dll
2018-05-26 14:05 - 2018-08-31 04:34 - 000025960 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:31 - 000441672 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-05-26 14:05 - 2018-08-31 04:33 - 000035680 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:31 - 000025920 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-08-31 14:01 - 2018-08-31 04:31 - 001590200 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-01-25 20:47 - 2018-08-31 04:34 - 000029544 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:32 - 000529352 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:32 - 000354128 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.cp35-win32.pyd
2018-08-31 14:01 - 2018-08-31 04:32 - 000037200 _____ () C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.cp35-win32.pyd
2017-01-16 07:40 - 2017-01-16 07:40 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-05-06 15:47 - 2018-08-03 09:38 - 008935600 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-09-14 08:03 - 2017-04-13 13:58 - 050656768 _____ () C:\Users\STEVEN_DESKTOP\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2017-09-14 08:03 - 2017-04-13 13:58 - 001874944 _____ () C:\Users\STEVEN_DESKTOP\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2017-09-14 08:03 - 2017-04-13 13:58 - 000075264 _____ () C:\Users\STEVEN_DESKTOP\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4FC01C57 [134]
AlternateDataStreams: C:\Users\Guest\Desktop\let1.png:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Guest\Desktop\let1.png:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Guest\Desktop\let1.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7877 more sites.

IE trusted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\sharepoint.com -> hxxps://liveconcordia-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\...\123simsen.com -> www.123simsen.com

There are 7877 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2018-09-05 14:18 - 000454997 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 15639 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1752262018-2004630284-3030787665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\STEVEN_DESKTOP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^STEVEN_DESKTOP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dropbox Update => "C:\Users\STEVEN_DESKTOP\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Fences => "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
MSCONFIG\startupreg: uTorrent => "C:\Users\STEVEN_DESKTOP\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{56474FAE-BD84-46B3-A2A6-679E3D4CD5DF}C:\users\steven_desktop\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\steven_desktop\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A018F622-271D-47F3-830F-6412AFB7BDCA}C:\users\steven_desktop\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\steven_desktop\appdata\local\akamai\netsession_win.exe
FirewallRules: [{8A4E1232-0AB1-4797-907C-4342940C4F32}] => (Allow) C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0D73B1FE-AF2F-4880-82E3-F25FEF388CC8}] => (Allow) C:\Users\STEVEN_DESKTOP\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{C69E1C50-B965-432D-A6A1-747FA2918BD9}C:\users\steven_desktop\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\steven_desktop\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5EE84A24-F835-4F2C-8FD4-D32D7A5D8C56}C:\users\steven_desktop\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\steven_desktop\appdata\local\akamai\netsession_win.exe
FirewallRules: [{EC37F366-D3B4-47A9-9BB3-C272688F6CAD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{7C39B5A9-89BC-4062-8E91-C2380F630D07}C:\users\steven_desktop\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\steven_desktop\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{E5632386-52FF-4062-8F11-04AF7FB04D06}C:\users\steven_desktop\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\steven_desktop\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2EFEE655-5507-4ACD-B695-63A36565195C}] => (Allow) LPort=2869
FirewallRules: [{39B23E6F-6C17-4A32-9C78-75BB9A678BDD}] => (Allow) LPort=1900
FirewallRules: [{9794E7D4-9CD9-4EF7-B734-4021BD519EB9}] => (Allow) LPort=2869
FirewallRules: [{11DED567-7BD0-412D-9DD5-4842322F3CCF}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{A37DD618-BEE3-4309-B904-08AE10691863}S:\users\steven_desktop\downloads\chrome\withsix-play (2).exe] => (Allow) S:\users\steven_desktop\downloads\chrome\withsix-play (2).exe
FirewallRules: [UDP Query User{458465BF-4975-42D7-9FB5-3D64BA407637}S:\users\steven_desktop\downloads\chrome\withsix-play (2).exe] => (Allow) S:\users\steven_desktop\downloads\chrome\withsix-play (2).exe
FirewallRules: [{CD7BB369-82FF-49B0-B388-6B019A7DCDA3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3D1FF415-5DE8-47D4-805D-86C56DB63848}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{450D32B6-0F15-453E-922F-511746E07916}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9F45296C-A3B6-4CDC-B5DC-133F9E4049CD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7A49319E-7890-4525-B224-508BFFADDEBB}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{EB134A57-E153-4BE5-B752-4A3D718E2D15}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{943EB021-82E8-4B4E-9CD3-5BA20F7D7462}] => (Allow) C:\Users\STEVEN_DESKTOP\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EEACB26E-7BCF-4546-8067-D34D17ED05EC}] => (Allow) C:\Users\STEVEN_DESKTOP\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{0F502B2D-DE55-4657-AA33-E4E2B65E9F0B}C:\program files\maple 16\jre\bin\maple.exe] => (Allow) C:\program files\maple 16\jre\bin\maple.exe
FirewallRules: [UDP Query User{A1763CDA-09A8-4FDB-9608-A790C167100E}C:\program files\maple 16\jre\bin\maple.exe] => (Allow) C:\program files\maple 16\jre\bin\maple.exe
FirewallRules: [{5B2BAC43-2BDE-4AF8-8891-5DCBBBA7549D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6A58F151-4804-4082-AF9B-E4D50A6FF1A2}] => (Allow) LPort=2869
FirewallRules: [{352DC7E2-E1F1-4A87-BD63-0B67292A1458}] => (Allow) LPort=1900
FirewallRules: [{C14948FC-5894-4FCD-B85E-AD3E8260B545}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B85AB951-8FCC-4DC5-9BB3-54CFCEC7C500}] => (Allow) LPort=2869
FirewallRules: [{C79E72D0-FF8D-4F3C-9CD5-7FA7FD1D8E01}] => (Allow) LPort=1900
FirewallRules: [{032A11D0-55D5-4775-B33B-1FEA8268AFAD}] => (Allow) LPort=2869
FirewallRules: [{93A59F50-FD79-4A28-8621-495E90F31500}] => (Allow) LPort=1900
FirewallRules: [{79E87044-3092-4420-B456-BF039006499F}] => (Block) C:\Program Files (x86)\AV Vcs 7.0 DIAMOND\VcsCore.exe
FirewallRules: [{7D476C2C-A440-4DC8-AC8A-DD4C5B1FE931}] => (Allow) C:\Users\STEVEN_DESKTOP\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{48207E46-0A1F-4E55-AFEA-ECDE083C2AE0}] => (Allow) C:\Users\STEVEN_DESKTOP\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{014F1749-5FAB-41A0-B791-0E36B5B71DFF}] => (Allow) LPort=50248
FirewallRules: [{D84DAF15-6635-46E1-A733-B9DA9FAA3136}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{7B8E4721-38FA-48AA-8E3D-357CB9EE3179}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{9AEBC8A7-A715-441B-87A8-E08736122505}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe
FirewallRules: [UDP Query User{8B03FA9E-38B4-47A2-8DF5-4CF37090FA9F}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe
FirewallRules: [TCP Query User{DF4EBB2E-BE75-4B9B-8FF6-8B94E9E4E9CB}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe
FirewallRules: [UDP Query User{B0F8B9E4-17B3-4133-833C-1ACC2A3EFAE1}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe
FirewallRules: [TCP Query User{FB5E967B-262E-41A9-8560-3D5968B4A46B}C:\users\steven_desktop\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\steven_desktop\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [UDP Query User{6876C31C-0CF2-482B-A42A-A47540B5DA9D}C:\users\steven_desktop\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\steven_desktop\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [{A89D11CB-D61F-402C-A2ED-8B36BDD9EF87}] => (Allow) S:\Program Files (x86)\Wolfram\Mathematica.exe
FirewallRules: [{150D9A7E-E9AB-4603-B9FC-A7B02BC81EEF}] => (Allow) S:\Program Files (x86)\Wolfram\Mathematica.exe
FirewallRules: [{2F55F0D4-0E33-4C45-A81B-EB5446EE8290}] => (Allow) S:\Program Files (x86)\Wolfram\MathKernel.exe
FirewallRules: [{D3EA2453-456F-4302-8069-0F516C2FCA79}] => (Allow) S:\Program Files (x86)\Wolfram\MathKernel.exe
FirewallRules: [{69475FF0-57C3-4AF8-8181-6B5AD6606717}] => (Allow) S:\Program Files (x86)\Wolfram\math.exe
FirewallRules: [{3851D13D-14DE-4C4B-A035-89571334E887}] => (Allow) S:\Program Files (x86)\Wolfram\math.exe
FirewallRules: [TCP Query User{DBE45A18-5CE1-4E98-8595-6F8E850C40BF}S:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) S:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{A4959677-2798-469F-B45E-B2FF1C5C2720}S:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) S:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{44361242-9098-44AD-A891-103087FAA047}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A7FF03B9-3DCB-44F6-A92D-5366E88DEC01}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BEE33D29-425B-43B6-84AB-AEC098ECBA73}] => (Allow) S:\Program Files (x86)\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{B542C162-F93D-4B8A-9D37-27CF4AF8836B}] => (Allow) S:\Program Files (x86)\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{4E59F75D-CAEA-4B7C-9500-C9547E609864}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{587DE3A2-83D2-4913-88C5-41EBB7BF32AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A7AB63E4-E7C9-41E7-B529-727D6008B6C9}S:\users\steven_desktop\downloads\chrome\eclipse\eclipse.exe] => (Allow) S:\users\steven_desktop\downloads\chrome\eclipse\eclipse.exe
FirewallRules: [UDP Query User{CBF81F04-D58E-4A8A-996D-5521C32B15B5}S:\users\steven_desktop\downloads\chrome\eclipse\eclipse.exe] => (Allow) S:\users\steven_desktop\downloads\chrome\eclipse\eclipse.exe
FirewallRules: [{9B5FD011-69B7-4FCA-81F9-5EBA3F2EE1BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{31400D34-3628-4CD5-A090-4216137C2D24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C64DA9ED-5D7D-4F6E-8410-3905009682EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F4FB7B3A-5606-4C8A-B7E1-D4FC14F55D7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FF18805B-EE95-4DAB-A066-55EEE38AE011}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4D43C1E2-FE02-43C3-8960-21AD659F65E4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{53043FA6-8369-4320-9AF2-CCF95FB9821D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{14ED2237-3B21-4FD8-B4CE-692D5198FFFC}] => (Allow) S:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{106A1154-DA8F-4199-995A-88C0D8652D3A}] => (Allow) S:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{489759F3-5AA5-4CCF-BAFD-191604EF114C}S:\program files (x86)\siemens\nx 10.0\ugii\ugraf.exe] => (Allow) S:\program files (x86)\siemens\nx 10.0\ugii\ugraf.exe
FirewallRules: [UDP Query User{00F19DDC-EB97-4B0E-AE54-669F2872BF4F}S:\program files (x86)\siemens\nx 10.0\ugii\ugraf.exe] => (Allow) S:\program files (x86)\siemens\nx 10.0\ugii\ugraf.exe
FirewallRules: [{F85513EC-F1F0-4038-A9B3-6AE03FA3230E}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{EEE14D26-20D8-4F05-B416-AAFAB1CF9299}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [TCP Query User{A4681A5F-BFC9-44E9-A279-627343279EC3}S:\program files (x86)\matlab\r2016a\bin\win64\matlab.exe] => (Allow) S:\program files (x86)\matlab\r2016a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{DF7C4A72-44EF-43C0-95D7-F9C727E16410}S:\program files (x86)\matlab\r2016a\bin\win64\matlab.exe] => (Allow) S:\program files (x86)\matlab\r2016a\bin\win64\matlab.exe
FirewallRules: [{D8A68FB9-60DB-4E6E-9499-E9E8F64D1FBA}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{670FC363-7118-446C-95A9-9387600BD886}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{DE8A0D3A-44EB-41A9-853D-C3C79487DDA1}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{D1C22F68-CF9C-4474-B163-73C363F9AA7F}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{EF85E773-AB96-4262-A604-25B8D0672688}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{3A8E4E28-7811-45F3-8B97-DB6765068BC7}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{2E35F144-EF49-4546-AA2D-6765F1656930}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{1FACA33A-ADBB-4865-A67D-473A0967367E}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{B5B4AE31-CDAA-44C0-ABB3-5183CBF1DDF0}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{F3E4C5A8-2F9D-477C-8F80-E12B018A790B}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{D7F20637-1152-47D9-92E1-2C6C091342D5}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{2247A07F-3C82-427A-A05E-B2D8ECCE5212}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{963CB2DD-86B9-4036-9678-B744C061298E}] => (Allow) S:\Program Files (x86)\Glasswire\GWCtlSrv.exe
FirewallRules: [{771157C5-0232-491D-BD99-3894AAF3CABE}] => (Allow) S:\Program Files (x86)\Glasswire\GWCtlSrv.exe
FirewallRules: [{948D203C-6419-4080-96D2-CA055CD51F55}] => (Allow) S:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{858F358A-329E-483D-B581-9BBCB1876876}] => (Allow) S:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0E109AA6-A009-4263-85B3-BE2E2998A752}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1C983F86-7087-49A9-ADB7-FEAA7A0AB02B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3F793812-833F-4DEA-B774-629684440048}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6BC495C5-6EB1-4EE7-9538-D7E6F47DAAB0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A9C2A7E2-75FE-4C61-8B15-6FCD44513AE3}] => (Allow) S:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
FirewallRules: [{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}] => (Allow) S:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{22EC3136-CADE-4416-9D77-F40268D55AD2}] => (Allow) S:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{C229CA86-D1D2-4089-A45B-2E31E803BAF1}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{4F08CF52-B016-4A68-944C-1304C9C0BE35}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
FirewallRules: [{CD4A55A3-AC69-4910-B11D-11764353D2A1}] => (Allow) S:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
FirewallRules: [{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}] => (Allow) S:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
FirewallRules: [{8A3BB187-468E-4D84-9792-02A814D0A23C}] => (Allow) S:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
FirewallRules: [{DF58609B-7294-4D7B-8E9A-A4EABA727F0B}] => (Allow) S:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
FirewallRules: [{721E6C45-FC91-4D1B-9F52-607EDD1DB1BA}] => (Allow) C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe
FirewallRules: [{3899F71E-7C1D-4C99-A24E-7F74E0A795CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D57DF6CB-2B1A-4AD7-80A3-2307B3124BFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{430FD721-1F11-49AC-B5D6-849735B6D299}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{03733429-F076-4A64-A234-9A576CA270C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{20A9A0C0-4C20-4601-B9A8-EC8CFA1DC200}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{2D5DC29B-1248-49F8-85F1-F0F740FAE45C}E:\laptop backup 05.03.17\data folder\games\aoe\aoe\empires.exe] => (Block) E:\laptop backup 05.03.17\data folder\games\aoe\aoe\empires.exe
FirewallRules: [UDP Query User{1121B3DE-C7B8-446F-AD3A-CB664C658148}E:\laptop backup 05.03.17\data folder\games\aoe\aoe\empires.exe] => (Block) E:\laptop backup 05.03.17\data folder\games\aoe\aoe\empires.exe
FirewallRules: [TCP Query User{40588A3B-EC28-4D50-AF5B-E525024A4537}S:\program files (x86)\kodi\kodi.exe] => (Allow) S:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{9B89F066-E77C-429F-835B-F6A1F90AF6AB}S:\program files (x86)\kodi\kodi.exe] => (Allow) S:\program files (x86)\kodi\kodi.exe
FirewallRules: [{47F98854-B127-4606-AAB4-D65971F0BD37}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{01935EF1-F7A3-4D88-8E36-CFA05C2CBCF2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{FC6CB055-80E2-469D-B004-DF72D76FBE3B}S:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) S:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{6CE9B595-847F-49F6-8E54-AF0A5B9D974D}S:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) S:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{62815547-DF96-48EC-B362-7A0A4F9B4A6F}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{8305B82B-E0AD-4B0E-8272-8700FDC39369}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{D2B2DE52-820D-46FD-B1A3-583BA18F9E1D}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6FF694AD-45CB-4A09-985B-EF5D38B1F725}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{1A4ED605-27F4-4DAA-AD91-647EE4EF1111}C:\users\steven_desktop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steven_desktop\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A5826C90-E6C7-4E25-8FB0-161E13477158}C:\users\steven_desktop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steven_desktop\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6DF22A79-AA12-490C-AA88-237495C2E470}C:\users\steven_desktop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steven_desktop\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{78F66D3C-3FE3-4FE8-BD58-9AE467A54FD0}C:\users\steven_desktop\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steven_desktop\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D15C203D-9284-4DFC-955F-A62FCE45FF1A}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{0DEE0F9B-B218-4BCA-8891-472DCBF62D6B}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{FD9BF2DF-B5EC-49A0-9E91-B92295B88F52}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{3A3239B7-FCA9-4EA1-BFA8-6BC829C95EA5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{986DF414-B6E8-4295-BDCA-5653D0280F99}] => (Allow) C:\Program Files (x86)\Dethroned\Millisecond.exe
FirewallRules: [{530CF72C-34B9-44E4-94AB-8A4248F6AC7C}] => (Allow) C:\Program Files (x86)\Cuckolding\Millisecond.exe
FirewallRules: [{E2EC9539-BC46-4206-846F-38B62B155989}] => (Allow) C:\Program Files (x86)\riggers\Faiths.exe
FirewallRules: [{2E8B4988-26DF-45C3-A91B-EFBE19F60C62}] => (Allow) C:\Program Files (x86)\Cuckolding\Faiths.exe
FirewallRules: [TCP Query User{1C4B87ED-EFA1-4AE1-997A-6FF011C54D9C}C:\program files (x86)\google\chrome\application\chromecrewe.exe] => (Block) C:\program files (x86)\google\chrome\application\chromecrewe.exe
FirewallRules: [UDP Query User{FC605F88-8621-487F-894B-F8A027F8E304}C:\program files (x86)\google\chrome\application\chromecrewe.exe] => (Block) C:\program files (x86)\google\chrome\application\chromecrewe.exe

==================== Restore Points =========================

05-09-2018 13:23:56 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Atheros AR9485 Wireless Network Adapter
Description: Atheros AR9485 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2018 02:20:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/05/2018 01:39:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/05/2018 01:24:08 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 000000000000014C,0x00530194,0000000000000000,0,000000000036D2D0,4096,[0]).


Operation:
   Query Shadow Copies

Error: (09/05/2018 10:12:23 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/05/2018 10:03:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/03/2018 12:50:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/02/2018 07:32:44 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/02/2018 05:04:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (09/05/2018 02:34:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} did not register with DCOM within the required timeout.

Error: (09/05/2018 02:26:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BrSplService service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/05/2018 02:18:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Siemens PLM License Server service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/05/2018 02:18:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NI Service Locator service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/05/2018 02:18:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GlassWire Control Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/05/2018 02:12:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} did not register with DCOM within the required timeout.

Error: (09/05/2018 01:38:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BrSplService service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/05/2018 01:37:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Siemens PLM License Server service failed to start due to the following error:
The system cannot find the file specified.


Windows Defender:
===================================
Date: 2018-03-28 15:34:10.573
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{4FE8D347-6D09-40E2-A74F-A143FCE8B05B}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2017-11-20 10:07:03.319
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{E1C8029F-E3ED-4ACD-9031-551FBEA987B7}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2017-08-09 03:20:15.048
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{B52E7DC1-86AE-4C31-9151-3F182D637C94}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-01-20 10:17:28.168
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft....threatid=224714
Name:SoftwareBundler:Win32/Dartsmound
ID:224714
Severity:High
Category:Software Bundler
Path Found:file:C:\Program Files (x86)\SpringFiles\uninstall.dat;file:C:\Program Files (x86)\SpringFiles\Uninstall.exe;file:C:\Program Files (x86)\SpringFiles\Updater.exe;folder:C:\Program Files (x86)\SpringFiles\
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2016-01-19 03:41:11.523
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft....threatid=224714
Name:SoftwareBundler:Win32/Dartsmound
ID:224714
Severity:High
Category:Software Bundler
Path Found:file:C:\Program Files (x86)\SpringFiles\uninstall.dat;file:C:\Program Files (x86)\SpringFiles\Uninstall.exe;file:C:\Program Files (x86)\SpringFiles\Updater.exe;folder:C:\Program Files (x86)\SpringFiles\
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2017-11-15 19:23:24.043
Description:
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3

Date: 2017-06-06 10:57:21.394
Description:
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3

Date: 2017-06-04 03:01:00.033
Description:
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3

Date: 2016-01-05 17:00:11.227
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:1.213.1503.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:
Previous Engine Version:1.1.12400.0
Error code:0x80070070
Error description:There is not enough space on the disk.

Date: 2015-08-28 14:38:10.603
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:1.205.415.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:
Previous Engine Version:1.1.12002.0
Error code:0x80070070
Error description:There is not enough space on the disk.

CodeIntegrity:
===================================

Date: 2018-03-28 14:46:00.993
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\C0mb0F1x\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-28 14:46:00.931
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\C0mb0F1x\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-28 14:28:36.094
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-28 14:28:36.048
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-28 14:28:36.001
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-28 14:28:35.938
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-20 13:10:23.939
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-20 13:10:23.857
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 24%
Total physical RAM: 16328.27 MB
Available physical RAM: 12389.79 MB
Total Virtual: 32654.69 MB
Available Virtual: 28852.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:112.8 GB) (Free:14.97 GB) NTFS
Drive e: (LINUX~CLEAN) (Removable) (Total:14.91 GB) (Free:8.81 GB) FAT32
Drive z: (Data Disk) (Fixed) (Total:1863.01 GB) (Free:1823.61 GB) NTFS

\\?\Volume{7782040d-9eca-11e2-a5ec-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 0CD2C1AC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 59670629)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: 31CF038D)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)

==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 05 September 2018 - 03:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   16.01KB   142 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0

#3
steve6540
Posted 05 September 2018 - 05:24 PM

steve6540

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi,

First off - thank you. 

I used your fixlist and the results are attached.

If you don't mind, I have a few questions:
1) Would you advise a clean install of Google Chrome? Should I go ahead and use the uninstaller or delete the folder using the SuperDelete tool?
2) In the future, should I use the FRST tool instead of trying to delete each directory? Is the SuperDelete tool effective in the way that I used it?
3) Should I keep my ethernet cable unplugged? 

Thanks again.  

Attached Files


Edited by steve6540, 05 September 2018 - 05:29 PM.

  • 0

#4
RKinner
Posted 05 September 2018 - 07:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Can you post the log from the fixlist?  I had FRST submit some of the bad files to Virustotal to see what sort of virus we are dealing with and the log has that info.  Also I need to make sure that everything worked.

 

I don't see any need to reinstall Chrome tho you might want to look at some of the extensions that were added recently and reducing the number of extensions would be a good idea.  Each one slows Chrome down a bit.  (Check the FRST log - it has dates for all extensions.)  I personally prefer Ublock Origin as an adblocker and you shouldn't have two.

 

I assume this SuperDelete is part of SAS.  I am not a fan of SAS so yes use FRST to remove files and folders.

 

I would connect up the Internet.  Let's try aswmbr and see if it finds anything that FRST doesn't see:

 


Download aswMBR.exe  to your desktop.
The link is a direct download so the page won't change.

Right click the aswMBR.exe and select Run As Administrator to run it
Wait until the AV Scan shows up at the bottom left.
Change AV Scan: from Quick Scan to  C:\
Click the "Scan" button to start scan
If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply

If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

 


  • 0

#5
steve6540
Posted 06 September 2018 - 07:24 AM

steve6540

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi,

Here are the files. 

Attached Files


  • 0

#6
RKinner
Posted 06 September 2018 - 09:24 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Aswmbr did not find any rootkits or anything else to worry about.  The files I wanted to send to Virustotal were already gone so no new info there.

 

Let's see how it is running and if there are any other problems:

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


  • 0

#7
steve6540
Posted 06 September 2018 - 09:55 AM

steve6540

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Process Explorer:
 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 97.94 0 K 24 K 0
procexp64.exe 1.02 47,556 K 71,632 K 8384 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 0.31 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.16 31,832 K 62,096 K 1544 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
uTorrent.exe 0.09 42,824 K 58,532 K 8432 µTorrent BitTorrent Inc. (Verified) BitTorrent Inc
winamp.exe 0.08 42,960 K 56,692 K 5224 Winamp Nullsoft, Inc. (Verified) Nullsoft Inc.
csrss.exe 0.06 8,944 K 34,332 K 664 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.05 88,568 K 234,976 K 1596 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
System 0.04 168 K 2,156 K 4
SavService.exe 0.04 294,312 K 307,276 K 1316 Performs virus scanning and disinfection functions Sophos Limited (Verified) Sophos Limited
nvcontainer.exe 0.02 11,532 K 38,692 K 3296 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
RazerIngameEngine.exe 0.02 5,728 K 11,116 K 6964 RazerIngameEngine Razer, Inc. (Verified) Razer USA Ltd.
SASCore64.exe 0.02 13,560 K 20,088 K 2136 Core Service SUPERAntiSpyware.com (Verified) SUPERAntiSpyware.com
chrome.exe 0.02 192,892 K 298,760 K 10464 Google Chrome Google Inc. (Verified) Google Inc
lktsrv.exe 0.02 4,888 K 8,736 K 5148 lktsrv National Instruments Corporation (Verified) National Instruments Corporation
SUPERAntiSpyware.exe 0.01 148,596 K 44,152 K 5924 SUPERAntiSpyware Application SUPERAntiSpyware (Verified) Support.com
unchecky_bg.exe 0.01 2,304 K 8,644 K 4180 Unchecky Background Process Reason Software Company Inc. (Verified) Reason Software Company Inc.
RzStats.Manager.exe 0.01 53,800 K 63,396 K 8856 RzStats.Manager (Verified) Razer USA Ltd.
NVIDIA Web Helper.exe 0.01 29,228 K 29,164 K 5928 NVIDIA Web Helper Service Node.js (Verified) NVIDIA Corporation
swi_service.exe 0.01 45,932 K 26,000 K 4752 Sophos Web Intelligence Sophos Limited (Verified) Sophos Limited
lsass.exe 0.01 9,236 K 31,768 K 736 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
Dropbox.exe 0.01 159,444 K 177,488 K 2744 Dropbox Dropbox, Inc. (Verified) Dropbox
nvcontainer.exe < 0.01 29,108 K 42,368 K 4504 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
svchost.exe < 0.01 44,400 K 67,240 K 1068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 15,648 K 18,792 K 1208 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 22,396 K 25,248 K 1876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 108,312 K 152,048 K 9360 Google Chrome Google Inc. (Verified) Google Inc
AppleMobileDeviceService.exe < 0.01 5,708 K 51,408 K 2716 MobileDeviceService Apple Inc. (Verified) Apple Inc.
RzSynapse.exe < 0.01 84,220 K 96,752 K 2736 Razer Synapse Razer Inc. (Verified) Razer USA Ltd.
utorrentie.exe < 0.01 35,740 K 53,132 K 2536 WebHelper BitTorrent Inc. (Verified) BitTorrent Inc
services.exe < 0.01 10,504 K 15,120 K 712 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
TeamViewer_Service.exe < 0.01 6,136 K 22,752 K 4856 TeamViewer 12 TeamViewer GmbH (Verified) TeamViewer GmbH
ssp.exe < 0.01 7,176 K 14,288 K 4604 Sophos System Protection Service Executable Sophos Limited (Verified) Sophos Limited
svchost.exe < 0.01 8,664 K 13,136 K 992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
rzcefrenderprocess.exe < 0.01 28,612 K 19,060 K 9156 Razer Chromium Render Process Razer, Inc. (Verified) Razer USA Ltd.
wmpnetwk.exe < 0.01 20,156 K 45,712 K 6864 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
lkcitdl.exe < 0.01 5,068 K 9,348 K 4568 Part of Logos National Instruments, Inc. (Verified) National Instruments Corporation
PnkBstrA.exe < 0.01 1,860 K 5,380 K 4108 (Verified) Even Balance
utorrentie.exe < 0.01 20,716 K 34,616 K 7240 WebHelper BitTorrent Inc. (Verified) BitTorrent Inc
svchost.exe < 0.01 17,804 K 21,800 K 7540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 53,972 K 53,456 K 6032 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 7,568 K 9,964 K 4652 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
ALMon.exe < 0.01 3,564 K 1,088 K 2756 Sophos Endpoint Security and Control Sophos Limited (Verified) Sophos Limited
Dropbox.exe < 0.01 5,192 K 14,964 K 3004 Dropbox Dropbox, Inc. (Verified) Dropbox
svchost.exe < 0.01 18,372 K 29,588 K 1044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 10,216 K 17,272 K 7088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
MSOIDSVC.EXE < 0.01 10,264 K 20,024 K 4064 Microsoft® Microsoft Online Services ID Service Microsoft Corp. (Verified) Microsoft Corporation
OfficeClickToRun.exe < 0.01 43,816 K 77,716 K 2576 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 7,004 K 13,416 K 884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lkads.exe < 0.01 4,404 K 8,628 K 3992 lkads National Instruments Corporation (Verified) National Instruments Corporation
VirtualRouterService.exe < 0.01 38,124 K 100,820 K 5000 VirtualRouterService Chris Pietschmann (http://pietschsoft.com) (No signature was present in the subject) Chris Pietschmann (http://pietschsoft.com)
KeyScrambler.exe < 0.01 3,416 K 12,584 K 6392 KeyScrambler QFX Software Corporation (Verified) QFX Software Corporation
GameScannerService.exe < 0.01 26,552 K 35,824 K 4136 GameScannerService (Verified) Razer USA Ltd.
WLIDSVC.EXE < 0.01 10,272 K 21,200 K 4520 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
utorrentie.exe < 0.01 48,352 K 68,992 K 3440 WebHelper BitTorrent Inc. (Verified) BitTorrent Inc
DisplayFusionService.exe < 0.01 39,036 K 71,884 K 3156 DisplayFusion Service Binary Fortress Software (Verified) Binary Fortress Software Ltd.
csrss.exe < 0.01 2,944 K 5,844 K 588 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 16,032 K 30,792 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 3,032 K 7,824 K 5556 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 12,360 K 20,716 K 5428 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 4,292 K 9,268 K 5508 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 2,588 K 5,240 K 5140 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 4,804 K 10,132 K 800 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 3,096 K 6,652 K 652 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
vpnagent.exe 7,104 K 17,920 K 1852 VPN Agent Service Cisco Systems, Inc. (Verified) Cisco Systems
unchecky_svc.exe 3,768 K 8,412 K 4932 Unchecky Service Reason Software Company Inc. (Verified) Reason Software Company Inc.
TrustedInstaller.exe 406,964 K 415,100 K 6684 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 16,560 K 21,216 K 1456 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 27,432 K 29,544 K 548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,608 K 9,544 K 1256 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,140 K 8,328 K 6360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,752 K 6,416 K 5832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,344 K 8,024 K 4020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,016 K 10,012 K 1176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 11,328 K 20,428 K 1300 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 760 K 1,544 K 364 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SAVAdminService.exe 4,108 K 5,728 K 4412 Sophos Administrator Service Sophos Limited (Verified) Sophos Limited
RichVideo64.exe 2,936 K 7,132 K 4360 RichVideo Module (Verified) CyberLink
ReflectService.exe 3,128 K 10,552 K 4324 Reflect Service - Enables mounting of images Paramount Software UK Ltd (Verified) Paramount Software UK Ltd
procexp.exe 2,784 K 8,280 K 984 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
NvTelemetryContainer.exe 7,284 K 13,532 K 2260 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
NVDisplay.Container.exe 2,664 K 7,028 K 2604 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
MSOIDSVCM.EXE 2,708 K 5,804 K 2212 Microsoft® Microsoft Online Services ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
mDNSResponder.exe 4,544 K 8,760 K 2376 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsm.exe 3,192 K 5,536 K 744 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
LMS.exe 4,148 K 11,132 K 4512 Intel® Local Management Service Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
KeyScrambler.exe 4,092 K 11,080 K 6616 KeyScrambler QFX Software Corporation (Verified) QFX Software Corporation
Jhi_service.exe 2,224 K 6,236 K 2640 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Intel® Management Engine Firmware
IPROSetMonitor.exe 3,156 K 8,212 K 3956 Intel® PROSet Monitoring Service Intel Corporation (Verified) Intel Corporation
IAStorDataMgrSvc.exe 37,512 K 45,172 K 2128 IAStorDataSvc Intel Corporation (Verified) Intel Corporation - Intel® Rapid Storage Technology
HeciServer.exe 3,048 K 7,880 K 3920 Intel® Capability Licensing Service Interface Intel® Corporation (No signature was present in the subject) Intel® Corporation
GoogleCrashHandler64.exe 2,548 K 1,752 K 3588 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler.exe 1,800 K 1,612 K 3556 Google Crash Handler Google Inc. (Verified) Google Inc
Everything.exe 1,832 K 6,824 K 3880 Everything (Verified) David Carpenter
Everything.exe 40,184 K 46,984 K 6432 Everything (Verified) David Carpenter
DropboxUpdate.exe 3,052 K 3,368 K 2204 Dropbox Update Dropbox, Inc. (Verified) Dropbox
Dropbox.exe 2,564 K 11,688 K 2944 Dropbox Dropbox, Inc. (Verified) Dropbox
Dropbox.exe 2,468 K 11,324 K 2956 Dropbox Dropbox, Inc. (Verified) Dropbox
dllhost.exe 4,052 K 10,408 K 9588 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
Connect.Service.ContentService.exe 28,148 K 38,820 K 976 AutoCAD component Autodesk, Inc. (Verified) Autodesk
conhost.exe 2,580 K 5,696 K 844 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 28,784 K 43,716 K 9544 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 57,780 K 71,104 K 988 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 44,696 K 58,900 K 10104 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 34,044 K 48,540 K 1540 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 15,708 K 21,956 K 11216 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 131,712 K 144,188 K 2112 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 37,372 K 53,776 K 8496 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 93,440 K 108,752 K 4564 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 61,496 K 79,244 K 7976 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 22,828 K 32,792 K 10556 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4,020 K 8,024 K 7300 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4,368 K 8,688 K 2396 Google Chrome Google Inc. (Verified) Google Inc
BRSS01A.EXE 1,092 K 4,108 K 1368 brss01a.exe brother Industries Ltd (No signature was present in the subject) brother Industries Ltd
audiodg.exe 18,936 K 19,448 K 1936 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atkexComSvc.exe 7,772 K 11,568 K 6932 (Verified) ASUSTeK Computer Inc.
AsusFanControlService.exe 1,540 K 5,524 K 3044 ASUS Motherboard Fan Control Service ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
AsSysCtrlService.exe 1,248 K 4,104 K 2912 AsSysCtr Application ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
armsvc.exe 1,400 K 4,636 K 2680 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
ALsvc.exe 4,632 K 2,272 K 4572 Sophos AutoUpdate Service. Sophos Limited (Verified) Sophos Limited
AdAppMgrSvc.exe 3,716 K 10,140 K 2176 Autodesk Application Manager Autodesk Inc. (Verified) Autodesk
aaHMSvc.exe 3,120 K 6,796 K 2840 ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
 
Process: System Idle Process Pid: 0
 
Type Name
 
CMD:

 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       364 N/A                                         
csrss.exe                      588 N/A                                         
wininit.exe                    652 N/A                                         
csrss.exe                      664 N/A                                         
services.exe                   712 N/A                                         
lsass.exe                      736 KeyIso, SamSs                               
lsm.exe                        744 N/A                                         
winlogon.exe                   800 N/A                                         
svchost.exe                    884 DcomLaunch, PlugPlay, Power                 
svchost.exe                    992 RpcEptMapper, RpcSs                         
svchost.exe                    548 AudioSrv, Dhcp, eventlog,                   
                                   HomeGroupProvider, lmhosts, wscsvc          
svchost.exe                   1008 AudioEndpointBuilder, CscService, hidserv,  
                                   HomeGroupListener, Netman, PcaSvc, TrkWks,  
                                   UxSms, Wlansvc, WPDBusEnum, wudfsvc         
svchost.exe                   1044 EventSystem, fdPHost, FontCache, netprofm,  
                                   nsi, SstpSvc, WdiServiceHost                
svchost.exe                   1068 Appinfo, BITS, Browser, EapHost, IKEEXT,    
                                   iphlpsvc, LanmanServer, MMCSS, ProfSvc,     
                                   RasMan, Schedule, seclogon, SENS,           
                                   ShellHWDetection, Themes, Winmgmt, wuauserv 
svchost.exe                   1176 gpsvc                                       
SavService.exe                1316 SAVService                                  
dwm.exe                       1544 N/A                                         
explorer.exe                  1596 N/A                                         
vpnagent.exe                  1852 vpnagent                                    
svchost.exe                   1876 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc, TapiSrv                             
taskhost.exe                  1208 N/A                                         
spoolsv.exe                   1300 Spooler                                     
BRSS01A.EXE                   1368 N/A                                         
svchost.exe                   1456 BFE, DPS, MpsSvc                            
SASCore64.exe                 2136 !SASCORE                                    
AdAppMgrSvc.exe               2176 AdAppMgrSvc                                 
DropboxUpdate.exe             2204 N/A                                         
armsvc.exe                    2680 AdobeARMservice                             
AppleMobileDeviceService.     2716 Apple Mobile Device Service                 
RzSynapse.exe                 2736 N/A                                         
Dropbox.exe                   2744 N/A                                         
ALMon.exe                     2756 N/A                                         
aaHMSvc.exe                   2840 asHmComSvc                                  
AsSysCtrlService.exe          2912 AsSysCtrlService                            
Dropbox.exe                   2944 N/A                                         
Dropbox.exe                   2956 N/A                                         
Dropbox.exe                   3004 N/A                                         
AsusFanControlService.exe     3044 AsusFanControlService                       
Connect.Service.ContentSe      976 Autodesk Content Service                    
mDNSResponder.exe             2376 Bonjour Service                             
OfficeClickToRun.exe          2576 ClickToRunSvc                               
svchost.exe                   1256 DiagTrack                                   
DisplayFusionService.exe      3156 DisplayFusionService                        
GoogleCrashHandler.exe        3556 N/A                                         
GoogleCrashHandler64.exe      3588 N/A                                         
Everything.exe                3880 Everything                                  
HeciServer.exe                3920 Intel® Capability Licensing Service Interf
                                   ace                                         
IPROSetMonitor.exe            3956 Intel® PROSet Monitoring Service          
lkads.exe                     3992 lkClassAds                                  
svchost.exe                   4020 LPDSVC                                      
MSOIDSVC.EXE                  4064 msoidsvc                                    
nvcontainer.exe               3296 NvContainerLocalSystem                      
NVDisplay.Container.exe       2604 NVDisplay.ContainerLocalSystem              
MSOIDSVCM.EXE                 2212 N/A                                         
NvTelemetryContainer.exe      2260 NvTelemetryContainer                        
PnkBstrA.exe                  4108 PnkBstrA                                    
GameScannerService.exe        4136 Razer Game Scanner Service                  
ReflectService.exe            4324 ReflectService.exe                          
RichVideo64.exe               4360 RichVideo64                                 
SAVAdminService.exe           4412 SAVAdminService                             
nvcontainer.exe               4504 N/A                                         
ALsvc.exe                     4572 Sophos AutoUpdate Service                   
ssp.exe                       4604 sophossps                                   
svchost.exe                   4652 stisvc                                      
swi_service.exe               4752 swi_service                                 
TeamViewer_Service.exe        4856 TeamViewer                                  
unchecky_svc.exe              4932 Unchecky                                    
VirtualRouterService.exe      5000 Virtual Router                              
unchecky_bg.exe               4180 N/A                                         
WLIDSVC.EXE                   4520 wlidsvc                                     
lkcitdl.exe                   4568 LkCitadelServer                             
WLIDSVCM.EXE                  5140 N/A                                         
lktsrv.exe                    5148 lkTimeSync                                  
WmiPrvSE.exe                  5428 N/A                                         
SearchIndexer.exe             6032 WSearch                                     
svchost.exe                   5832 bthserv                                     
svchost.exe                   6360 PolicyAgent                                 
KeyScrambler.exe              6392 N/A                                         
Everything.exe                6432 N/A                                         
KeyScrambler.exe              6616 N/A                                         
TrustedInstaller.exe          6684 TrustedInstaller                            
wmpnetwk.exe                  6864 WMPNetworkSvc                               
svchost.exe                   7088 FDResPub, SSDPSRV, upnphost                 
svchost.exe                   7540 p2pimsvc, p2psvc, PNRPsvc                   
RzStats.Manager.exe           8856 N/A                                         
RazerIngameEngine.exe         6964 N/A                                         
rzcefrenderprocess.exe        9156 N/A                                         
dllhost.exe                   9588 N/A                                         
NVIDIA Web Helper.exe         5928 N/A                                         
conhost.exe                    844 N/A                                         
atkexComSvc.exe               6932 asComSvc                                    
IAStorDataMgrSvc.exe          2128 IAStorDataMgrSvc                            
Jhi_service.exe               2640 jhi_service                                 
LMS.exe                       4512 LMS                                         
SUPERAntiSpyware.exe          5924 N/A                                         
winamp.exe                    5224 N/A                                         
chrome.exe                   10464 N/A                                         
chrome.exe                    7300 N/A                                         
chrome.exe                    2396 N/A                                         
chrome.exe                    2112 N/A                                         
chrome.exe                    7976 N/A                                         
chrome.exe                     988 N/A                                         
chrome.exe                    4564 N/A                                         
chrome.exe                   10104 N/A                                         
chrome.exe                   10556 N/A                                         
chrome.exe                    9360 N/A                                         
chrome.exe                    1540 N/A                                         
uTorrent.exe                  8432 N/A                                         
utorrentie.exe                3440 N/A                                         
utorrentie.exe                2536 N/A                                         
utorrentie.exe                7240 N/A                                         
audiodg.exe                   1936 N/A                                         
chrome.exe                    9544 N/A                                         
chrome.exe                    8496 N/A                                         
chrome.exe                   11216 N/A                                         
WUDFHost.exe                  5556 N/A                                         
WmiPrvSE.exe                  5508 N/A                                         
procexp.exe                    984 N/A                                         
procexp64.exe                 8384 N/A                                         
SearchProtocolHost.exe        6172 N/A                                         
SearchFilterHost.exe         10776 N/A                                         
cmd.exe                      10908 N/A                                         
conhost.exe                   8656 N/A                                         
tasklist.exe                  1200 N/A                                         
 

 

Attached Files


  • 0

#8
RKinner
Posted 06 September 2018 - 10:33 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

OK.  Looks very good.  Process Explorer doesn't show anything hogging the CPU and your Interrupts are really low.  No suspicious entries.

 

Speccy says the temps are good and the hard drives are OK.  You might want to get the  Crucial Storage Executive
Optimization & update utility from http://www.crucial.c...rt-ssd-firmwareand let it optimize your SSD once in a while.  I am not a fan of Seagate drives but yours appears to be OK for now.  (They tend to die without warning). 

 

I think we can clean up unless you see have more problems:

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..

If you use Facebook you need FB Purity: http://www.fbpurity.com/

To prevent a relatively new phishing attack:  In Firefox, type:

https://www.xn--80ak6aa92e.com/

If the URL changes to https://www.apple.cominstead of the correct value
type:
about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.


 "network.standard-url.punycode-host" Leave this one at default of False.
Close and restart firefox.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent
http://www.majorgeek...ptoprevent.html

The free version. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/This allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!


Ron


  • 0

#9
steve6540
Posted 06 September 2018 - 11:19 AM

steve6540

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Thank you Ron! I really appreciate your help. Thanks again!


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP