Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

rundll32.exe running hundreds of times

Started by Steevo789 , Oct 30 2018 04:47 PM

  • Please log in to reply

#1
Steevo789
Posted 30 October 2018 - 04:47 PM

Steevo789

    New Member

  • Member
  • Pip
  • 1 posts

Having trouble with this. Process list made it up to over 800 and froze the PC.
Machine will run in Safe Mode without issue.
Will not run in Safe Mode with Networking.

Tried to to a System Restore but for some reason it's been turned off.

Have run FRST and attach logs.

Have also run Malwarebytes, Security Essentials scan, and Malwarebytes Anti-Rootkit. No malware found.

FRST logs attached.

All help appreciated greatly.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by Andrew (administrator) on ADVENT (30-10-2018 22:32:39)
Running from E:\
Loaded Profiles: Andrew & Graham & Judith &  (Available Profiles: Andrew & Graham & Judith)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Malwarebytes Corp.) E:\mbar-1.10.3.1001.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes Corporation) C:\Users\Andrew\Desktop\mbar\mbar.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-08-23] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3784512 2018-10-24] (Dropbox, Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [3955344 2018-10-30] (Webroot)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278568 2018-02-02] (Carbonite, Inc.)
Winlogon\Notify\igfxcui: c:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [9798824 2018-02-11] (Hagel Technologies Ltd.)
HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-10-01] (Apple Inc.)
HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-01] (Apple Inc.)
HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\Run: [Dashlane] => C:\Users\Andrew\AppData\Roaming\Dashlane\Dashlane.exe [389712 2018-10-09] (Dashlane, Inc.)
HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\Run: [DashlanePlugin] => C:\Users\Andrew\AppData\Roaming\Dashlane\DashlanePlugin.exe [404560 2018-10-09] (Dashlane, Inc.)
HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-10-01] (Apple Inc.)
HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-10-01] (Apple Inc.)
HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\MountPoints2: {4469056f-dffc-11e6-8953-90fba6f00023} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\KitSetup.exe
HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [9798824 2018-02-11] (Hagel Technologies Ltd.)
HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-10-01] (Apple Inc.)
HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-01] (Apple Inc.)
HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dashlane] => C:\Users\Andrew\AppData\Roaming\Dashlane\Dashlane.exe [389712 2018-10-09] (Dashlane, Inc.)
HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DashlanePlugin] => C:\Users\Andrew\AppData\Roaming\Dashlane\DashlanePlugin.exe [404560 2018-10-09] (Dashlane, Inc.)
HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-10-01] (Apple Inc.)
HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-10-01] (Apple Inc.)
HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4469056f-dffc-11e6-8953-90fba6f00023} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\KitSetup.exe
HKU\S-1-5-21-3760358469-823990481-214114430-1003\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKU\S-1-5-21-3760358469-823990481-214114430-1003\...\Run: [ROC_JAN2013_TB] => "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe"  /PROMPT /CMPID=JAN2013_TB
HKU\S-1-5-21-3760358469-823990481-214114430-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKU\S-1-5-21-3760358469-823990481-214114430-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ROC_JAN2013_TB] => "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe"  /PROMPT /CMPID=JAN2013_TB
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-03-14]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
BootExecute: autocheck autochk * SmartDefragBootTime.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 c:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 c:\windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{32AE8CA6-606B-4C5B-9436-EC9A2DC6B0D4}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5AAE80AA-BD01-42EE-A455-123BCF6760D3}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{5F75363D-0DAF-413E-B366-9DBD463CC014}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B3CB0D82-A93E-4A8B-972B-D20AF0D83907}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{EDD0928A-1A9D-4885-9C9D-FA72A3611902}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3760358469-823990481-214114430-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-3760358469-823990481-214114430-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKLM-x32 - (No Name) - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - No File
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3760358469-823990481-214114430-1001 -> URL hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
SearchScopes: HKU\S-1-5-21-3760358469-823990481-214114430-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> URL hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=uk
SearchScopes: HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3760358469-823990481-214114430-1003 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3760358469-823990481-214114430-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2018-02-13] (Webroot)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-10-08] (RealPlayer)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Andrew\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2018-10-09] (Dashlane, Inc.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-06-29] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2018-02-13] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {FE69C007-C452-4d3e-86D2-1730DF8BC871} -  No File
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Andrew\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2018-10-09] (Dashlane, Inc.)
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-06-29] ()
Toolbar: HKU\S-1-5-21-3760358469-823990481-214114430-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3760358469-823990481-214114430-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3760358469-823990481-214114430-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {644F656A-013E-4198-BE03-1D7A4F6AB550} hxxps://www.promapserver.co.uk/controls/latest/promap.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

FireFox:
========
FF DefaultProfile: qhx3hctq.default
FF DefaultProfile: [email protected]
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\qhx3hctq.default [2017-12-19]
FF user.js: detected! => C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\qhx3hctq.default\user.js [2013-05-01]
FF Homepage: Mozilla\Firefox\Profiles\qhx3hctq.default -> www.google.co.uk/
FF Session Restore: Mozilla\Firefox\Profiles\qhx3hctq.default -> is enabled.
FF Extension: (British English Dictionary (Updated)) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\qhx3hctq.default\Extensions\[email protected] [2015-01-06] [Legacy] [not signed]
FF Extension: (The Camelizer) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\qhx3hctq.default\Extensions\[email protected] [2017-07-03]
FF Extension: (Dashlane) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\qhx3hctq.default\Extensions\[email protected] [2017-11-23]
FF Extension: (Facebook™ Seen Blocker) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\qhx3hctq.default\Extensions\[email protected] [2017-01-28]
FF Extension: (Honey) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\qhx3hctq.default\Extensions\[email protected] [2017-11-30]
FF Extension: (Cashback Notifier - TopCashback.co.uk) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\qhx3hctq.default\Extensions\[email protected] [2017-08-26] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\qhx3hctq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF SearchPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\qhx3hctq.default\searchplugins\search.xml [2015-02-07]
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\2lnzza2v.Andrew [2017-11-29]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2017-05-23] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FF_WEBEX
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FF_WEBEX [2018-02-13]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-08] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-10] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-04-18] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-24] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-08] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-08] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @xstandard.com/XStandard -> C:\Program Files (x86)\XStandard\Bin\NPXStandard.dll [2007-07-19] (Belus Technology Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default [2018-10-30]
CHR Extension: (Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-06]
CHR Extension: (Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-06]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-06]
CHR Extension: (IBM Security Rapport) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-08-07]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-25]
CHR Extension: (Adblock Plus) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-12]
CHR Extension: (Foxit PDF Creator) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2017-11-27]
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (Unseen - Chat Privacy) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\egmlbimojingfmchokcniklnhnecdecf [2018-10-18]
CHR Extension: (eReaderIQ Integrator) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\epjfabiijflnfmjjhanhddglfhokheae [2018-05-09]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2018-10-28]
CHR Extension: (Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (The Camelizer) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2018-07-03]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2017-01-03]
CHR Extension: (Unseen for Facebook) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiomcgpfgkeefipihnplhadgdoollmap [2018-09-16]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2018-05-09]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2018-09-12]
CHR Extension: (Synology Browser Notification) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpgebblcakogfmdkegcjadjpgfdonifa [2018-06-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2018-06-20]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-08]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-28]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-05-23]
CHR HKU\S-1-5-21-3760358469-823990481-214114430-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-05-23]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hidjnkeodmholilgafgdlgmgggbhnigl] - C:\Users\Andrew\AppData\Roaming\SimilarSites\similarsites.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-10-08]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1135600 2016-12-15] ()
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-16] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-10-24] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd)
S4 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [121344 2017-04-13] (Dassault Systèmes) [File not signed]
S2 DUMeterSvc; C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [5836968 2018-02-11] (Hagel Technologies Ltd.)
S4 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1658944 2017-06-29] (Foxit Software Inc.)
S4 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [221880 2018-03-05] (Prosoftnet)
S4 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-10-19] (Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
S4 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-24] (NVIDIA Corporation)
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-03-01] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [3955344 2018-10-30] (Webroot)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare)
S4 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 6717169B; C:\Windows\system32\drivers\6717169B.sys [255928 2018-10-30] (Malwarebytes)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-01-30] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-01-30] (Disc Soft Ltd)
S3 DUMeterDrv; C:\Program Files (x86)\DU Meter\DUMETR64.SYS [31312 2018-02-11] (Hagel Technologies Ltd.)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [339808 2017-03-18] (Acronis International GmbH)
S3 fwlanusb6_860; C:\Windows\System32\DRIVERS\fwlanusb6_860.sys [2274336 2015-07-20] (AVM GmbH)
S3 FXDrv32; C:\Program Files (x86)\FOXCONN\FOX LiveUpdate\FXDrv64.sys [32024 2005-12-08] (Your Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-03-13] ()
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [192952 2018-10-30] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-10-30] (Malwarebytes)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-24] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-11-24] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2014-04-08] (Realtek Semiconductor Corporation )
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2013-02-09] ()
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1049432 2017-03-18] (Acronis International GmbH)
S2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [202592 2017-03-18] (Acronis International GmbH)
S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [581464 2017-03-18] (Acronis International GmbH)
R3 usbehci; C:\Windows\SysWOW64\drivers\usbehci.sys [25216 2003-07-04] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\Windows\SysWOW64\drivers\usbuhci.sys [19328 2003-07-04] (Microsoft Corporation) [File not signed]
S2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [301408 2017-03-18] (Acronis International GmbH)
S3 WG111T; C:\Windows\System32\DRIVERS\WG111Tvx.sys [1037312 2007-06-01] (Atheros Communications, Inc.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [144784 2018-07-12] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [68384 2018-01-25] (Webroot)
S3 cpuz137; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-30 22:32 - 2018-10-30 22:32 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\6717169B.sys
2018-10-30 22:32 - 2018-10-30 22:32 - 000000000 ____D C:\FRST
2018-10-30 22:31 - 2018-10-30 22:32 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-10-30 22:31 - 2018-10-30 22:31 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-10-30 22:31 - 2018-10-30 22:31 - 000000000 ____D C:\Users\Andrew\Desktop\mbar
2018-10-30 22:16 - 2018-10-30 22:16 - 000000000 ____D C:\ProgramData\AVAST Software
2018-10-30 21:38 - 2018-10-30 21:38 - 000000000 ____D C:\Users\Andrew\AppData\Local\mbam
2018-10-30 21:37 - 2018-10-30 22:04 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-30 21:37 - 2018-10-30 21:37 - 000001874 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-30 21:37 - 2018-10-30 21:37 - 000000000 ____D C:\Users\Andrew\AppData\Local\mbamtray
2018-10-30 21:37 - 2018-10-30 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-30 21:37 - 2018-10-30 21:37 - 000000000 ____D C:\Program Files\Malwarebytes
2018-10-30 21:37 - 2018-10-18 09:44 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-10-30 19:51 - 2018-10-30 22:32 - 000569766 _____ C:\Windows\ntbtlog.txt
2018-10-26 21:55 - 2018-10-26 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-10-26 16:32 - 2018-10-26 16:32 - 000008228 _____ C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2018-10-26 16:32 - 2018-10-26 16:32 - 000002139 _____ C:\Users\Public\Desktop\Carbonite.lnk
2018-10-26 16:32 - 2018-10-26 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2018-10-26 16:31 - 2018-10-26 16:31 - 000000000 ____D C:\ProgramData\Carbonite
2018-10-26 16:31 - 2018-10-26 16:31 - 000000000 ____D C:\Program Files\Carbonite
2018-10-26 16:31 - 2018-10-26 16:31 - 000000000 ____D C:\Program Files (x86)\Carbonite
2018-10-25 15:42 - 2018-10-25 15:42 - 000002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-10-25 15:42 - 2018-10-25 15:42 - 000002171 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-10-25 14:05 - 2018-10-25 14:05 - 000000000 ____D C:\Users\Andrew\AppData\Local\.bomgartemp-27d84d097fa122004a0f4acd1db9fbe6-shl-0-cs-0
2018-10-24 11:53 - 2018-10-24 11:53 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-10-24 11:53 - 2018-10-24 11:53 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-10-24 11:53 - 2018-10-24 11:53 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-10-24 11:53 - 2018-10-24 11:53 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-10-18 18:29 - 2018-10-18 18:29 - 000004472 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-10-18 18:29 - 2018-10-18 18:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-10-17 11:19 - 2018-10-17 11:19 - 000222342 _____ C:\Users\Andrew\Downloads\Planning Drawings.pdf
2018-10-17 10:15 - 2018-10-17 10:15 - 000001014 _____ C:\Users\Andrew\Desktop\LibreCAD.lnk
2018-10-17 10:15 - 2018-10-17 10:15 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LibreCAD
2018-10-17 10:15 - 2018-10-17 10:15 - 000000000 ____D C:\Users\Andrew\AppData\Local\LibreCAD
2018-10-17 10:14 - 2018-10-17 10:15 - 000000000 ____D C:\Program Files (x86)\LibreCAD
2018-10-13 08:38 - 2018-10-13 08:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-10-12 07:38 - 2018-10-12 07:38 - 000068527 _____ C:\Users\Andrew\Downloads\SkyBill_2018-09-27.pdf
2018-10-11 13:44 - 2018-10-11 13:44 - 000151044 _____ C:\Users\Andrew\Downloads\MyVodafoneBill_2018-10-09.pdf
2018-10-11 08:07 - 2018-10-11 08:07 - 000080107 _____ C:\Users\Andrew\Downloads\Invoice-38997034.pdf
2018-10-11 08:01 - 2018-10-11 08:01 - 000118183 _____ C:\Users\Andrew\Downloads\Order-38997034-Docs-091016.pdf
2018-10-09 22:43 - 2018-09-18 05:52 - 025735168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-10-09 22:42 - 2018-09-19 08:08 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2018-10-09 22:42 - 2018-09-18 19:08 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-10-09 22:42 - 2018-09-18 18:10 - 000348976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-10-09 22:42 - 2018-09-18 05:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-10-09 22:42 - 2018-09-18 05:38 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-10-09 22:42 - 2018-09-18 05:27 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-10-09 22:42 - 2018-09-18 05:26 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-10-09 22:42 - 2018-09-18 05:25 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-10-09 22:42 - 2018-09-18 05:25 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-10-09 22:42 - 2018-09-18 05:25 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-10-09 22:42 - 2018-09-18 05:25 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-10-09 22:42 - 2018-09-18 05:19 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-10-09 22:42 - 2018-09-18 05:18 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-10-09 22:42 - 2018-09-18 05:16 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-10-09 22:42 - 2018-09-18 05:15 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-10-09 22:42 - 2018-09-18 05:15 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-10-09 22:42 - 2018-09-18 05:14 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-10-09 22:42 - 2018-09-18 05:14 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-10-09 22:42 - 2018-09-18 05:14 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-10-09 22:42 - 2018-09-18 05:09 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-10-09 22:42 - 2018-09-18 05:06 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-10-09 22:42 - 2018-09-18 05:01 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-10-09 22:42 - 2018-09-18 05:00 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-10-09 22:42 - 2018-09-18 05:00 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-10-09 22:42 - 2018-09-18 04:57 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-10-09 22:42 - 2018-09-18 04:57 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-10-09 22:42 - 2018-09-18 04:55 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-10-09 22:42 - 2018-09-18 04:53 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-10-09 22:42 - 2018-09-18 04:45 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-10-09 22:42 - 2018-09-18 04:43 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-10-09 22:42 - 2018-09-18 04:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-10-09 22:42 - 2018-09-18 04:41 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-10-09 22:42 - 2018-09-18 04:41 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-10-09 22:42 - 2018-09-18 04:39 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-10-09 22:42 - 2018-09-18 04:35 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-10-09 22:42 - 2018-09-18 04:33 - 020278784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-10-09 22:42 - 2018-09-18 04:31 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-10-09 22:42 - 2018-09-18 04:23 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-10-09 22:42 - 2018-09-18 04:21 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-10-09 22:42 - 2018-09-18 04:21 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-10-09 22:42 - 2018-09-18 04:20 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-10-09 22:42 - 2018-09-18 04:20 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-10-09 22:42 - 2018-09-18 04:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-10-09 22:42 - 2018-09-18 04:18 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-10-09 22:42 - 2018-09-18 04:15 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-10-09 22:42 - 2018-09-18 04:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-10-09 22:42 - 2018-09-18 04:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-10-09 22:42 - 2018-09-18 04:13 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-10-09 22:42 - 2018-09-18 04:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-10-09 22:42 - 2018-09-18 04:12 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-10-09 22:42 - 2018-09-18 04:10 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-10-09 22:42 - 2018-09-18 04:06 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-10-09 22:42 - 2018-09-18 04:03 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-10-09 22:42 - 2018-09-18 04:02 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-10-09 22:42 - 2018-09-18 04:02 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-10-09 22:42 - 2018-09-18 04:00 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-10-09 22:42 - 2018-09-18 03:59 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-10-09 22:42 - 2018-09-18 03:58 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-10-09 22:42 - 2018-09-18 03:57 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-10-09 22:42 - 2018-09-18 03:57 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-10-09 22:42 - 2018-09-18 03:53 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-10-09 22:42 - 2018-09-18 03:52 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-10-09 22:42 - 2018-09-18 03:51 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-10-09 22:42 - 2018-09-18 03:50 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-10-09 22:42 - 2018-09-18 03:50 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-10-09 22:42 - 2018-09-18 03:37 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-10-09 22:42 - 2018-09-18 03:34 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-10-09 22:42 - 2018-09-18 03:31 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-10-09 22:42 - 2018-09-11 18:28 - 003227136 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-10-09 22:42 - 2018-09-11 18:23 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-10-09 22:42 - 2018-09-11 18:22 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-10-09 22:42 - 2018-09-09 01:02 - 005552328 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-10-09 22:42 - 2018-09-09 01:02 - 001680072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-10-09 22:42 - 2018-09-09 01:02 - 000986824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-10-09 22:42 - 2018-09-09 01:02 - 000708296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-10-09 22:42 - 2018-09-09 01:02 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-10-09 22:42 - 2018-09-09 01:02 - 000265416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-10-09 22:42 - 2018-09-09 01:02 - 000262344 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-10-09 22:42 - 2018-09-09 01:02 - 000154824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-10-09 22:42 - 2018-09-09 01:02 - 000095432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-10-09 22:42 - 2018-09-09 01:01 - 001664320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 002851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-10-09 22:42 - 2018-09-09 00:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-10-09 22:42 - 2018-09-09 00:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-10-09 22:42 - 2018-09-09 00:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-10-09 22:42 - 2018-09-09 00:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-10-09 22:42 - 2018-09-09 00:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-10-09 22:42 - 2018-09-09 00:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-10-09 22:42 - 2018-09-09 00:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-10-09 22:42 - 2018-09-09 00:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-10-09 22:42 - 2018-09-09 00:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:46 - 004054216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-10-09 22:42 - 2018-09-09 00:46 - 003959496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-10-09 22:42 - 2018-09-09 00:46 - 001314072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-10-09 22:42 - 2018-09-09 00:44 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2018-10-09 22:42 - 2018-09-09 00:44 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-10-09 22:42 - 2018-09-09 00:44 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-10-09 22:42 - 2018-09-09 00:44 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-10-09 22:42 - 2018-09-09 00:44 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-10-09 22:42 - 2018-09-09 00:44 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-10-09 22:42 - 2018-09-09 00:44 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-10-09 22:42 - 2018-09-09 00:44 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-10-09 22:42 - 2018-09-09 00:44 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-10-09 22:42 - 2018-09-09 00:44 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-10-09 22:42 - 2018-09-09 00:44 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-10-09 22:42 - 2018-09-09 00:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-10-09 22:42 - 2018-09-09 00:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-10-09 22:42 - 2018-09-09 00:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-10-09 22:42 - 2018-09-09 00:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-10-09 22:42 - 2018-09-09 00:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-10-09 22:42 - 2018-09-09 00:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-10-09 22:42 - 2018-09-09 00:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-10-09 22:42 - 2018-09-09 00:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-10-09 22:42 - 2018-09-09 00:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-10-09 22:42 - 2018-09-09 00:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-10-09 22:42 - 2018-09-09 00:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:25 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-10-09 22:42 - 2018-09-09 00:25 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-10-09 22:42 - 2018-09-09 00:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-10-09 22:42 - 2018-09-09 00:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-10-09 22:42 - 2018-09-09 00:21 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-10-09 22:42 - 2018-09-09 00:21 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-10-09 22:42 - 2018-09-09 00:20 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-10-09 22:42 - 2018-09-09 00:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-10-09 22:42 - 2018-09-09 00:16 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-10-09 22:42 - 2018-09-09 00:15 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-10-09 22:42 - 2018-09-09 00:15 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-10-09 22:42 - 2018-09-09 00:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-10-09 22:42 - 2018-09-09 00:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-10-09 22:42 - 2018-09-09 00:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-10-09 22:42 - 2018-09-09 00:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-10-09 22:42 - 2018-09-09 00:13 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-10-09 22:42 - 2018-09-09 00:13 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-10-09 22:42 - 2018-09-09 00:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-10-09 22:42 - 2018-09-09 00:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-10-09 22:42 - 2018-09-09 00:12 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-10-09 22:42 - 2018-09-09 00:12 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:12 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-10-09 22:42 - 2018-09-09 00:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-10-09 22:42 - 2018-08-28 06:24 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-10-09 22:42 - 2018-08-28 06:24 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-10-09 22:42 - 2018-08-28 06:24 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-10-09 22:42 - 2018-08-28 06:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-10-09 22:42 - 2018-08-28 06:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-10-09 22:42 - 2018-08-28 06:09 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2018-10-09 22:42 - 2018-08-28 06:09 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-10-09 22:42 - 2018-08-28 05:52 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2018-10-09 22:42 - 2018-08-28 05:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-10-09 22:42 - 2018-08-28 05:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-10-04 12:46 - 2018-10-04 12:46 - 000483570 _____ C:\Users\Andrew\Downloads\vigon_field_sheet (2).pdf
2018-10-04 12:46 - 2018-10-04 12:46 - 000253832 _____ C:\Users\Andrew\Downloads\liberator_gb_ra10a_84964492b (1).pdf
2018-10-04 12:26 - 2018-10-04 12:27 - 000483570 _____ C:\Users\Andrew\Downloads\vigon_field_sheet (1).pdf
2018-10-04 12:23 - 2018-10-04 12:23 - 000483570 _____ C:\Users\Andrew\Downloads\vigon_field_sheet.pdf
2018-10-02 17:08 - 2018-10-02 17:08 - 000000000 ____D C:\Users\Andrew\AppData\Local\.bomgartemp-5d9b400b7f578a16f78c0c6da9c10c2e-shl-0-cs-0

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-30 22:32 - 2017-03-14 15:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-30 22:08 - 2009-07-14 05:13 - 000801002 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-30 22:08 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
2018-10-30 22:00 - 2017-01-02 10:13 - 000000000 ___RD C:\Users\Andrew\iCloudDrive
2018-10-30 21:59 - 2017-03-16 15:21 - 000180600 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2018-10-30 21:59 - 2017-03-16 15:21 - 000112112 _____ (Webroot) C:\Windows\system32\WRusr.dll
2018-10-30 21:59 - 2015-12-16 20:06 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-10-30 21:59 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-30 21:51 - 2017-03-16 15:21 - 000000000 ____D C:\ProgramData\WRData
2018-10-30 21:25 - 2012-11-18 21:04 - 000118128 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2018-10-30 21:25 - 2009-07-14 04:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-10-30 21:23 - 2015-12-16 20:06 - 000000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-10-30 21:16 - 2017-03-19 00:02 - 380027689 _____ C:\Windows\MEMORY.DMP
2018-10-30 21:16 - 2015-08-05 07:15 - 000000000 ____D C:\Windows\Minidump
2018-10-30 19:40 - 2009-07-14 04:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-30 19:40 - 2009-07-14 04:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-30 19:29 - 2015-12-30 00:08 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Dashlane
2018-10-30 19:06 - 2015-12-02 15:30 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-10-30 17:14 - 2015-06-09 13:21 - 000026828 _____ C:\Windows\BRRBCOM.INI
2018-10-29 22:34 - 2011-05-08 19:02 - 000003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A4BEAEE2-1E1F-4C7C-B072-4803EA9B8E72}
2018-10-28 00:31 - 2010-09-01 15:08 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-10-27 12:26 - 2016-06-25 14:00 - 000000000 ____D C:\Users\Andrew\Desktop\Cropping Stuff
2018-10-26 21:55 - 2015-12-16 20:06 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-10-26 00:42 - 2010-09-01 15:15 - 000002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-25 18:16 - 2017-04-26 09:43 - 000000000 ____D C:\Users\Andrew\AppData\Local\Foxit Reader
2018-10-25 18:16 - 2016-10-10 11:29 - 000000000 ____D C:\Users\Andrew\AppData\Local\CrashDumps
2018-10-25 15:41 - 2010-09-01 15:15 - 000000000 ____D C:\Program Files\Google
2018-10-25 14:14 - 2016-06-25 15:07 - 000000000 ____D C:\ProgramData\CarboniteSendLog
2018-10-25 10:14 - 2015-12-30 00:08 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2018-10-24 04:48 - 2015-06-23 13:58 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-21 10:46 - 2017-03-22 13:53 - 000000000 ____D C:\ProgramData\Foxit Software
2018-10-19 08:26 - 2011-05-12 00:20 - 000007603 _____ C:\Users\Andrew\AppData\Local\Resmon.ResmonCfg
2018-10-19 05:55 - 2017-07-20 16:42 - 000003170 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3760358469-823990481-214114430-1001
2018-10-19 05:55 - 2016-12-30 17:33 - 000000000 ___RD C:\Users\Andrew\OneDrive
2018-10-19 05:55 - 2014-02-22 09:38 - 000002128 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-10-18 18:31 - 2014-08-23 10:04 - 000000000 ____D C:\Users\Andrew\AppData\Local\Adobe
2018-10-18 18:29 - 2012-08-26 15:22 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-10-18 18:29 - 2012-08-26 15:22 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-18 18:29 - 2012-08-26 15:22 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-10-18 18:29 - 2011-08-30 21:20 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-17 14:43 - 2016-01-13 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-17 14:43 - 2015-10-10 10:50 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-17 14:40 - 2016-10-27 14:20 - 000098680 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-10-15 21:48 - 2011-04-25 09:52 - 000559880 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-10-15 08:48 - 2015-08-21 09:44 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\ControlCenter4
2018-10-11 12:36 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\rescache
2018-10-11 09:45 - 2009-07-14 05:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-10-11 09:42 - 2009-07-14 04:45 - 000445176 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-10 11:40 - 2013-07-14 15:24 - 000000000 ____D C:\Windows\system32\MRT
2018-10-10 11:33 - 2011-05-09 07:21 - 136745976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-10 03:47 - 2018-03-13 15:47 - 000004460 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier

==================== Files in the root of some directories =======

2012-08-14 17:10 - 2012-08-14 17:10 - 000027520 _____ () C:\Users\Andrew\AppData\Local\dt.dat
2016-10-28 12:13 - 2016-11-30 22:54 - 001307648 _____ () C:\Users\Andrew\AppData\Local\file__0.localstorage
2013-02-18 11:10 - 2013-02-18 11:10 - 000000094 _____ () C:\Users\Andrew\AppData\Local\fusioncache.dat
2011-05-12 00:20 - 2018-10-19 08:26 - 000007603 _____ () C:\Users\Andrew\AppData\Local\Resmon.ResmonCfg
2014-05-06 15:57 - 2014-01-06 18:01 - 000010240 _____ () C:\Users\Andrew\AppData\Local\Z@!-36b305ec-c460-4501-9c3c-c98545a47328.tmp
2014-05-06 15:57 - 2014-01-06 18:01 - 000009216 _____ () C:\Users\Andrew\AppData\Local\Z@S!-3a546f1d-8690-4cc1-9eb0-f1babd045f02.tmp

ZeroAccess:
C:\Users\Andrew\AppData\Local\{5d24b8b3-e2fb-9875-421e-d59ea10e1b24}
C:\Users\Andrew\AppData\Local\{5d24b8b3-e2fb-9875-421e-d59ea10e1b24}\L\00000004.@
C:\Users\Andrew\AppData\Local\{5d24b8b3-e2fb-9875-421e-d59ea10e1b24}\L\1afb2d56

Some files in TEMP:
====================
2017-05-07 13:54 - 2018-07-17 03:39 - 004417088 _____ (Foxit Corporation) C:\Users\Andrew\AppData\Local\Temp\FoxitUpdater.exe
2017-04-19 16:40 - 2017-04-19 16:40 - 000739904 _____ (Oracle Corporation) C:\Users\Andrew\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-07-24 15:51 - 2017-07-24 15:51 - 000739904 _____ (Oracle Corporation) C:\Users\Andrew\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-10-19 10:07 - 2017-10-19 10:07 - 001856576 _____ (Oracle Corporation) C:\Users\Andrew\AppData\Local\Temp\jre-8u151-windows-au.exe
2018-01-17 10:53 - 2018-01-17 10:53 - 001864256 _____ (Oracle Corporation) C:\Users\Andrew\AppData\Local\Temp\jre-8u161-windows-au.exe
2018-04-19 16:23 - 2018-04-19 16:23 - 001884616 _____ (Oracle Corporation) C:\Users\Andrew\AppData\Local\Temp\jre-8u171-windows-au.exe
2018-07-23 21:09 - 2018-07-23 21:09 - 001906040 _____ (Oracle Corporation) C:\Users\Andrew\AppData\Local\Temp\jre-8u181-windows-au.exe
2018-10-17 14:37 - 2018-10-17 14:37 - 001892728 _____ (Oracle Corporation) C:\Users\Andrew\AppData\Local\Temp\jre-8u191-windows-au.exe
2018-03-09 13:48 - 2018-03-09 13:51 - 046670848 _____ (Paramount Software UK Ltd) C:\Users\Andrew\AppData\Local\Temp\reflectPatch.exe
2018-04-30 17:36 - 2018-04-30 17:36 - 003688336 _____ (Webroot) C:\Users\Andrew\AppData\Local\Temp\WRupdate1649137128.exe
2017-03-16 15:20 - 2017-03-16 15:20 - 000992056 _____ (Webroot) C:\Users\Andrew\AppData\Local\Temp\wsainstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-24 23:06

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Andrew (30-10-2018 22:33:26)
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) (2011-04-25 09:47:32)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3760358469-823990481-214114430-500 - Administrator - Disabled)
Andrew (S-1-5-21-3760358469-823990481-214114430-1001 - Administrator - Enabled) => C:\Users\Andrew
ASPNET (S-1-5-21-3760358469-823990481-214114430-1006 - Limited - Enabled)
Graham & Judith (S-1-5-21-3760358469-823990481-214114430-1003 - Limited - Enabled) => C:\Users\Graham & Judith
Guest (S-1-5-21-3760358469-823990481-214114430-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3760358469-823990481-214114430-1013 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Acronis True Image WD Edition (HKLM-x32\...\{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9}) (Version: 19.0.33 - Acronis)
adbLink version 3.00 (HKLM-x32\...\{05CF1DD3-4A94-4219-B176-BB1796680A6C}_is1) (Version: 3.00 - jocala.com)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{52B66F1A-E977-41EE-8359-3C4040BE72F5}) (Version: 12.2.8.198 - Adobe Systems, Inc)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.09 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
avstreamtools_ia64fre (HKLM-x32\...\{B875D436-48A7-42CE-A105-23A7F65B9A60}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
avstreamtools_x64fre (HKLM-x32\...\{BD33DB46-D5EE-4529-8854-7161F4A87720}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
avstreamtools_x86fre (HKLM-x32\...\{62BEC6D1-0287-4272-BFC4-C7C1A422B718}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
BBC iPlayer Desktop (HKLM-x32\...\{D6A0DD73-6EF2-9A8D-6F60-4F338F922B37}) (Version: 3.2.15 - British Broadcasting Corp.) Hidden
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)
biometrictools_x64fre (HKLM-x32\...\{DC0B9B4B-3198-4F0F-8A2D-1235ED539D53}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
biometrictools_x86fre (HKLM-x32\...\{5B86F724-E2A0-47B6-805A-88D873175EFB}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\{D7E3588F-25E6-4A93-8B1C-596F7951CA38}) (Version: 0.10.7.5601 - BlueStack Systems, Inc.)
bluetoothtools_ia64fre (HKLM-x32\...\{E6E836AB-EC50-48EA-9208-374A982F28F2}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
bluetoothtools_x64fre (HKLM-x32\...\{4FBF748A-AF57-487E-8A74-A32710938A7C}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
bluetoothtools_x86fre (HKLM-x32\...\{AB99CA8E-0BA0-4AE7-A9AF-26D97D70A570}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5625DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Carbonite (HKLM-x32\...\{ADD4D4D2-4489-43A7-A141-7EDF2C5FB68E}) (Version: 6.3.3 build 7602 (Feb-02-2018) - Carbonite)
chkinftool_x86fre (HKLM-x32\...\{5008655B-381C-4C45-BF2F-E1998DDED2C5}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
Cumulus 1.9.2 (HKLM-x32\...\Cumulus_is1) (Version:  - Sandaysoft)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd)
Dashlane (HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\Dashlane) (Version: 6.1841.0.13779 - Dashlane, Inc.)
Dashlane (HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dashlane) (Version: 6.1841.0.13779 - Dashlane, Inc.)
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
Desktop Icon Position Saver (64-bit) (HKLM-x32\...\dips64) (Version:  - )
dfx_ia64fre (HKLM-x32\...\{7ED7AA72-49BE-40FB-89C4-F1DBAAC16F01}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
dfx_x64fre (HKLM-x32\...\{984E6987-6A7E-4F2D-AF7F-68BBB3BD68AD}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
dfx_x86fre (HKLM-x32\...\{86DE5D5D-7F44-4D9E-803C-4298732C16A3}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
DraftSight 2017 SP2 x64 (HKLM\...\{31B5F01A-A89F-494F-9826-125F837FEBCD}) (Version: 17.2.0040 - Dassault Systemes)
Dropbox (HKLM-x32\...\Dropbox) (Version: 60.4.107 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
drvtools_ia64fre (HKLM-x32\...\{725943A7-97C3-4E7D-841E-7E6FBAABF64B}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
drvtools_x64fre (HKLM-x32\...\{B086FEC7-E6B5-4E03-B7DC-60D5D0787174}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
drvtools_x86fre (HKLM-x32\...\{8BF161B5-1065-4457-8C7C-76366914033A}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
DU Meter (HKLM-x32\...\DUMeter3_is1) (Version: 7.30 - Hagel Technologies Ltd.)
EasyWeather (HKLM-x32\...\{CE1B03BC-3C99-4580-A2AC-A41DB9B83378}) (Version:  - 1.0)
Farm Matters (HKLM-x32\...\{09043EDA-3C3E-461B-8DCF-CEE56460686C}) (Version: 1.0.0.0 - Farm Matters Ltd) Hidden
Farm Matters (HKLM-x32\...\{137576fc-2ffb-4f64-b740-6a6d4e5270a3}) (Version: 1.0.0.0 - Farm Matters Ltd)
Farm Works Office (HKLM-x32\...\{3C2DB562-4712-408A-902A-12AD563FAA87}) (Version: 2013.0.0526 - Trimble Navigation) Hidden
Farm Works Office (HKLM-x32\...\{49CCCF2A-00E9-4B24-8B20-2774349C34C8}) (Version: 2012.03.0515 - Trimble Navigation) Hidden
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
FOX LiveUpdate (HKLM-x32\...\{7EC9E7A1-A576-43C8-9CBB-31BD5625EBCA}) (Version: 1.0.7.5 - )
Foxit PhantomPDF (HKLM-x32\...\{5C7A8240-5C8D-11E7-9D29-000C29C1951D}) (Version: 8.3.1.21155 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.3.0.10826 - Foxit Software Inc.)
FrostWire 6.4.0 (HKLM-x32\...\FrostWire 6) (Version: 6.4.0.207 - FrostWire LLC)
FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com)
FWAgDataFodd (HKLM-x32\...\{E5500E58-7E34-43B2-84D4-4FB443057951}) (Version: 1.0.30 - Farm Works Software)
FWLsbFOD (HKLM-x32\...\{37C6F31A-4ED1-4DFD-ADC0-31F02D77CE80}) (Version: 1.0.4 - Farm Works Software)
FWVygFOD (HKLM-x32\...\{C7DB057D-B781-43DD-A905-5096DB9156F8}) (Version: 1.0.101 - Farm Works Software)
generaltools_ia64fre (HKLM-x32\...\{315A928B-2B99-4E22-A066-14CD901F9C0B}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
generaltools_x64fre (HKLM-x32\...\{9E6C6A09-A71E-45A4-8DBE-68C64DFC451B}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
generaltools_x86fre (HKLM-x32\...\{D058CD28-634C-4EF1-A47D-669FD6BE0C55}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{29C6B346-C29C-40CE-89EB-DF7C149E0EB9}) (Version: 7.7.0.27 - Apple Inc.)
IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
imagingtools_ia64fre (HKLM-x32\...\{4C9C47E8-C79E-4A3B-BD87-5088916F67BC}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
imagingtools_x64fre (HKLM-x32\...\{ACAF97EB-7C5B-4C13-84E2-656FD8F2AE08}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
imagingtools_x86fre (HKLM-x32\...\{197AB90B-2CE8-4098-B8DC-A8C7ACBBEAD9}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel® Driver Update Utility 2.2.0.5 (HKLM-x32\...\{C4FB3CF4-C845-4746-A9F5-476908266433}) (Version: 2.2.0.1 - Intel) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iTunes (HKLM\...\{7DDA6271-F51E-4BE5-AAE9-5A8A4612FA43}) (Version: 12.9.0.167 - Apple Inc.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
LibreCAD (HKLM-x32\...\LibreCAD) (Version: 2.1.3 - LibreCAD Team)
Macrium Reflect Free Edition (HKLM\...\{0B4A0234-4C18-45E3-BF42-29F838C53460}) (Version: 6.3.1852 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MediaInfo 0.7.67 (HKLM\...\MediaInfo) (Version: 0.7.67 - MediaArea.net)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Driver Kit 7.1.0.7600 (HKLM-x32\...\KitSetup Registration {B4285279-1846-49B4-B8FD-B9EAF0FF17DA}:{68656B6B-555E-5459-5E5D-6363635E5F61}) (Version: 7.1.0.7600 - Microsoft Corporation)
modemtools (HKLM-x32\...\{E6847FF6-C825-4739-814D-8758A9B30A9A}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{B944FA21-81AF-4A77-8328-CE4F4CC51033}) (Version: 8.10.21 - Nero AG)
NETGEAR WG111T Smart Wizard Wireless Utility (HKLM-x32\...\{51123D42-6B9C-4B93-900C-29F9EC5963C9}) (Version:  - )
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Office (HKLM-x32\...\{0B1D6943-B40D-4C1A-81B5-8038AC7DA5E4}) (Version: 2013.0.0526 - )
OpenGL Extensions Viewer 3.0 (HKLM-x32\...\GLVIEW3) (Version: 408 - )
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PLM Viewer (HKLM-x32\...\{F340779F-EFD5-47B0-BC94-605A9E3A3621}) (Version: 2012.00.0000 - )
pnptools_ia64fre (HKLM-x32\...\{DC6B7F7C-20F7-4D40-9735-957752CE5F53}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
pnptools_x64fre (HKLM-x32\...\{198C0A8A-5E8D-4CF5-BE66-9D0E1FFBC217}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
pnptools_x86fre (HKLM-x32\...\{670CAF31-78EA-4A8B-9F8D-32EC018B1345}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
powermanagement_ia64fre (HKLM-x32\...\{1E8FC55E-F212-4B80-A0F7-A0D178C2FE4A}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
powermanagement_x64fre (HKLM-x32\...\{B4665EAE-6733-4978-8757-629C7D8DD6A5}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
powermanagement_x86fre (HKLM-x32\...\{9936A6C2-0C21-49D8-8AB1-92384259D214}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
printtools_ia64fre (HKLM-x32\...\{38AD20B9-0433-45D5-86D6-C76BAE151892}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
printtools_x64fre (HKLM-x32\...\{3A2F0C18-0F0B-44BF-80F0-CB4204565573}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
printtools_x86fre (HKLM-x32\...\{B533A27C-3B5D-42AB-B397-A817F154CC22}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (HKLM\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1205.18 - Trusteer) Hidden
RDSFodd (HKLM-x32\...\{DB1A58F6-C9D9-4F64-B88C-357B843B3933}) (Version: 1.00.0000 - )
readme (HKLM-x32\...\{5193B1FC-FC33-4CBA-9B9F-85F3D8F7CD87}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RouterStats-Lite v10.0 (HKLM-x32\...\RouterStats-Lite_is1) (Version:  - vwlowen.co.uk)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
sdv (HKLM-x32\...\{D721152B-35EB-44F3-AB58-D0AE8882813F}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
setuptools_ia64fre (HKLM-x32\...\{B2B60AF9-E82A-453D-AB79-B4103614FF7E}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
setuptools_x64fre (HKLM-x32\...\{17349339-D8E7-4394-805E-E2346C19BA82}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
setuptools_x86fre (HKLM-x32\...\{8AFD8D85-FF4D-4DA7-B1A0-14C6A1BA1F59}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Sonic Foundry ACID 4.0 (HKLM-x32\...\{2A38B5AA-EA84-4F87-9937-2FB23982243A}) (Version: 4.0.215 - Sonic Foundry)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.95388 - TeamViewer)
toolindex (HKLM-x32\...\{3B31D97A-7CF4-4ED2-8593-535AE7C0FB92}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
tracingtool_ia64fre (HKLM-x32\...\{3C9E736F-8436-41D2-87F3-1468A59CA866}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
tracingtool_x64fre (HKLM-x32\...\{37E0996B-CD8D-46C9-A801-9EE67276DF9A}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
tracingtool_x86fre (HKLM-x32\...\{4077C73A-C623-40B9-8D0A-B9D501AF3046}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
wdftools_ia64fre (HKLM-x32\...\{091DDD71-FA98-4FF6-8E6F-07C9D09E29B8}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
wdftools_x64fre (HKLM-x32\...\{F5F16DEF-5F74-46C8-95E3-AC2FEB04A9DD}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
wdftools_x86fre (HKLM-x32\...\{502A382B-6A1F-41C3-A370-A085182EEA91}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.24.28 - Webroot)
WiFi Sensor Software (HKLM-x32\...\{EF49368B-13B1-4F5B-B453-83C725D31F82}) (Version: 1.30.13 - Corintech Ltd)
Windows Driver Package - STMicroelectronics (usbser) Ports  (04/25/2010 1.3.1) (HKLM\...\1628ECA16EA833D7F30DD35215E306FAD333DF83) (Version: 04/25/2010 1.3.1 - STMicroelectronics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
wpdtools_ia64fre (HKLM-x32\...\{FCFE5318-77F7-4661-A526-418C431A48B5}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
wpdtools_x64fre (HKLM-x32\...\{E761E173-81A4-4C12-A28D-322952C4F31B}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
wpdtools_x86fre (HKLM-x32\...\{85701256-4CFE-4144-A831-4D03DB2C830A}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
wsdtool_ia64fre (HKLM-x32\...\{EDE33D47-848D-4BAE-8399-01D4457D8F64}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
wsdtool_x64fre (HKLM-x32\...\{EE1E82F8-E538-4B5A-952B-6252DEFA5D06}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
wsdtool_x86fre (HKLM-x32\...\{AEDC22CF-1590-4095-8053-4B724A5BA7A8}) (Version: 1.1.6001.0 - Microsoft Corporation) Hidden
XStandard (HKLM-x32\...\XStandard) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-3760358469-823990481-214114430-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [          0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2018-02-28] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [          0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2018-02-28] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [          0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2018-02-28] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2007-09-24] (Nero AG)
ContextMenuHandlers1-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (Foxit Software Inc.)
ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Inc.)
ContextMenuHandlers1-x32: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2018-02-28] ()
ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-10-01] (Apple Inc.)
ContextMenuHandlers1-x32: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers1-x32-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2015-11-11] (Acronis)
ContextMenuHandlers1-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers1-x32-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers1-x32-x32-x32: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2018-10-30] (Webroot)
ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2018-02-28] ()
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2018-02-02] (Carbonite, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2018-02-28] ()
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-24] (NVIDIA Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (Foxit Software Inc.)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2015-11-11] (Acronis)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers6-x32-x32: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2018-10-30] (Webroot)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AA432BE-F5C5-4625-842B-4B2BB5E69EEE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-24] (NVIDIA Corporation)
Task: {1D4C3433-4767-41C7-BA6E-4648211F849C} - System32\Tasks\{A79C5D64-043E-46C0-B059-2CC0FE99F1FA} => C:\Program Files (x86)\Oovee\Spin Tires\SpinTires.exe
Task: {31F1B826-044D-4AD0-92AC-FC774724C2F7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3760358469-823990481-214114430-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {333AB718-3113-4291-A8AE-0FEF56429CD6} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-24] (NVIDIA Corporation)
Task: {39DF4ABD-55DC-4151-8AB4-5DA34B68393B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-24] (NVIDIA Corporation)
Task: {48B11D44-EFAD-4F3C-8A74-F61756E58217} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-18] (Adobe Systems Incorporated)
Task: {4AC68027-4183-4581-B5AB-30BFADEEF348} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {4E6E1B5F-BC87-4BCB-A3AF-F7627021D730} - System32\Tasks\{F06C0361-797C-4346-A656-9DB575ABE67C} => C:\Windows\system32\pcalua.exe -a C:\Users\Andrew\AppData\Local\Temp\jre-8u73-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {53968ECD-8955-4EC3-A4CC-DD287F5E7A45} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-24] (NVIDIA Corporation)
Task: {6808D32E-C13F-4621-8FF0-0C526BB4F564} - System32\Tasks\{232BFB52-7830-4C08-9BE0-A03C75F69264} => C:\Windows\system32\pcalua.exe -a C:\Users\Andrew\Downloads\xs2.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {7937907E-19AC-48E4-8AF0-DBAA3EA7CB6E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-24] (NVIDIA Corporation)
Task: {7A94E2DD-16CF-4CB6-BB36-1FD66E64623E} - System32\Tasks\IHUninstallTrackingTASK => CMD /C DEL C:\Users\Andrew\AppData\Local\Temp\IHU63B3.tmp.exe <==== ATTENTION
Task: {83CA4643-7E06-4489-8FD2-4937E59DD705} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_pepper.exe [2018-10-18] (Adobe Systems Incorporated)
Task: {89A674BD-3F3A-4668-9C68-887AB382748D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-16] (Dropbox, Inc.)
Task: {94FA2E20-5470-4B94-852D-CAE9543B79FB} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2017-06-23] (Samsung Electronics Co. Ltd.)
Task: {9A16B82B-B372-4862-9724-618ECF80F20F} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {A3EEA9DD-0A22-4EF8-90CB-53055CD53D90} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {ABF0FBB0-BC3A-41FC-B34C-C2801CDE24D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {B0E21637-C8E0-43C9-951A-66EF4C691294} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {B24995A2-DFB9-43C7-8AC4-5C4B2D4F64ED} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3760358469-823990481-214114430-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {BB06F43B-BD47-444C-88D2-5B1BDE0C6026} - System32\Tasks\{C2877C34-F693-4BEA-A336-6A97A8C0483B} => C:\Windows\system32\pcalua.exe -a C:\Users\Andrew\Downloads\jxpiinstall(6).exe -d C:\Users\Andrew\Downloads
Task: {BB0BA087-4DC1-4CCC-AFE1-5270616121B4} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => Powershell -noexit -command "&{$carbProgramDataPath = $env:ProgramData + '\Carbonite\Carbonite Backup\';$upgradeExe = 'CarboniteUpgrade.exe';$upgradeFullPath =  $carbProgramDataPath + $upgradeExe;$logFile = 'CarboniteUpgrade.log';$logFileFullPath = $carbProgramDataPath + $logFile;$psversion = [string]$psversio (the data entry has 1818 more characters).
Task: {C5B0D112-AC2C-4ACE-AAF4-5D1310B6498E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-24] (NVIDIA Corporation)
Task: {CB30593C-CD32-41C6-AA91-90EE08A21784} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3760358469-823990481-214114430-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {D4827E4D-2E8D-4493-99B7-3EBC8C4D25FB} - System32\Tasks\{0E70104C-864E-4F6E-BD76-C4FF4C42B913} => C:\Windows\system32\pcalua.exe -a C:\Users\Andrew\Downloads\xs2(1).exe -d C:\Users\Andrew\Downloads
Task: {DB4FCC44-DEFF-4659-A992-35C960D0D4A8} - System32\Tasks\{1EA6171D-F1A1-40C6-B5A8-55EC3861C461} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\Setup.exe" -c -uninst
Task: {EE3AD8E3-D9FF-401A-9654-9D14DB90F338} - System32\Tasks\{B690E6F4-299D-4F2D-A6DF-072F6C3F5746} => C:\Windows\system32\pcalua.exe -a C:\Users\Andrew\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {F2FD5416-CD26-4CF3-A8A9-63AB98D95792} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F438FF87-6074-4C79-A0B6-C9502220660A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-16] (Dropbox, Inc.)
Task: {F5C9DC02-3360-443E-9C7F-18DB2B134165} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3760358469-823990481-214114430-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {F77A00EB-310E-4358-861C-4F66EBC4C13E} - System32\Tasks\{BF6BA024-23DB-444C-87CC-E5B2510881EA} => C:\Windows\system32\pcalua.exe -a C:\Users\Andrew\Desktop\EasySetupAssistant\EasySetupAssistant\EasySetupAssistant.exe -d C:\Users\Andrew\Desktop\EasySetupAssistant\EasySetupAssistant
Task: {FEE320CD-C349-426E-ABEE-2844B86A59BB} - System32\Tasks\{8DF506BD-D381-4D73-B7DE-EB8E6D7A0814} => C:\Program Files (x86)\Oovee\Spin Tires\SpinTires.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\realtech VR\OpenGL Extensions Viewer 3.0\OpenGL Extensions Viewer 3.0 Home Page.lnk -> hxxp://www.realtech-vr.com/glview
Shortcut: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\realtech VR\OpenGL Extensions Viewer 3.0\realtech VR Home Page.lnk -> hxxp://www.realtech-vr.com
Shortcut: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.4.0-SafeMode.lnk -> C:\Program Files (x86)\FrostWire 6\frostwire.bat ()

==================== Loaded Modules (Whitelisted) ==============

2018-10-30 21:37 - 2018-10-18 09:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [127]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\6717169B => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\6717169B => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\carbonite.com -> hxxps://carbonite.com
IE trusted site: HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\landmarkinfo.co.uk -> hxxp://landmarkinfo.co.uk
IE trusted site: HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\landmarkinfo.co.uk -> hxxps://landmarkinfo.co.uk
IE trusted site: HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\promap.co.uk -> hxxp://promap.co.uk
IE trusted site: HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\promap.co.uk -> hxxps://promap.co.uk
IE trusted site: HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\promapserver.co.uk -> hxxp://promapserver.co.uk
IE trusted site: HKU\S-1-5-21-3760358469-823990481-214114430-1001\...\promapserver.co.uk -> hxxps://promapserver.co.uk
IE trusted site: HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\carbonite.com -> hxxps://carbonite.com
IE trusted site: HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\landmarkinfo.co.uk -> hxxp://landmarkinfo.co.uk
IE trusted site: HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\landmarkinfo.co.uk -> hxxps://landmarkinfo.co.uk
IE trusted site: HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\promap.co.uk -> hxxp://promap.co.uk
IE trusted site: HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\promap.co.uk -> hxxps://promap.co.uk
IE trusted site: HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\promapserver.co.uk -> hxxp://promapserver.co.uk
IE trusted site: HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\promapserver.co.uk -> hxxps://promapserver.co.uk

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-08-04 13:46 - 2013-09-03 16:19 - 000000833 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3760358469-823990481-214114430-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3760358469-823990481-214114430-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3760358469-823990481-214114430-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Graham & Judith\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3760358469-823990481-214114430-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Graham & Judith\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: DraftSight API Service => 2
MSCONFIG\Services: FoxitPhantomService => 3
MSCONFIG\Services: FoxitReaderService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MacriumService => 2
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NVIDIA Wireless Controller Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: syncagentsrv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk => C:\Windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk => C:\Windows\pss\Ralink Wireless Utility.lnk.CommonStartup
MSCONFIG\startupreg: 0D865EB59544CFDA288CC5DB03E94EA2F31D1196._service_run => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: adm_tray.exe => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Andrew\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: BrHelp => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
MSCONFIG\startupreg: CalibrizeResume => C:\Program Files (x86)\Calibrize\CalibrizeResume.exe
MSCONFIG\startupreg: CGFLoader => C:\Program Files (x86)\Calibrize\CalibrizeLoader.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: FonePaw iPhone Data RecoveryAppService => C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IDrive Background process => "C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe" min
MSCONFIG\startupreg: IDrive Tray => "C:\Program Files (x86)\IDriveWindows\id_tray.exe" min
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MimBoot => C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NetLimiter => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
MSCONFIG\startupreg: OneDrive => "C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: Prime95 => C:\Users\Andrew\AppData\Local\Temp\Rar$EX53.496\prime95.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Recovery Backup Wizard => C:\Program Files (x86)\TTG\Reminder\Reminder.exe
MSCONFIG\startupreg: Reminder => C:\Program Files (x86)\TTG\Reminder\Reminder.exe
MSCONFIG\startupreg: Remote Mouse => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
MSCONFIG\startupreg: SAOB Monitor => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvid\CheckUpdate.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Andrew\AppData\Roaming\Yontoo\YontooDesktop.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1336186A-0E0C-46D2-92D5-33905E7E4B44}] => (Allow) svchost.exe
FirewallRules: [{90074316-D964-4BA8-AEBA-22729F4D19AF}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{A722A33C-2BBD-4988-A43C-9B141E2D340C}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{54D12E6F-E2ED-4E7D-9CDD-0335DCB89DD9}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [TCP Query User{D3A0264F-C58A-4A21-9627-D14C0F983FA2}D:\easysetupassistant\td-w8960n\fscommand\easysetupassistant.exe] => (Allow) D:\easysetupassistant\td-w8960n\fscommand\easysetupassistant.exe
FirewallRules: [UDP Query User{AB21AD3D-106D-47A3-B7CD-DB12D2E22EF3}D:\easysetupassistant\td-w8960n\fscommand\easysetupassistant.exe] => (Allow) D:\easysetupassistant\td-w8960n\fscommand\easysetupassistant.exe
FirewallRules: [TCP Query User{BCE8DD5C-DBB6-4492-B82D-A3FB998A1E50}D:\easysetupassistant\td-w8960n\fscommand\easysetupassistant.exe] => (Allow) D:\easysetupassistant\td-w8960n\fscommand\easysetupassistant.exe
FirewallRules: [UDP Query User{DBFD093E-E3BC-4DAC-AA7E-A4346AD1997E}D:\easysetupassistant\td-w8960n\fscommand\easysetupassistant.exe] => (Allow) D:\easysetupassistant\td-w8960n\fscommand\easysetupassistant.exe
FirewallRules: [{10A303DD-26ED-48B3-9C31-1632531B6E8C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
FirewallRules: [{49D5CD8E-997A-4451-AF3F-F5BC417FC850}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
FirewallRules: [{6DCB4FA9-215E-422D-A469-0166AAF3E58F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
FirewallRules: [{6AC7B1BE-CB3C-4003-8207-DEEB7D5380FD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
FirewallRules: [{3BE996EB-FBB4-44A3-ACB4-893009C28F82}] => (Allow) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
FirewallRules: [{BDE44700-0301-4E55-ABE2-7A09AF032805}] => (Allow) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
FirewallRules: [{D6DE042C-792D-4FBD-A169-D66E69CA8E3A}] => (Allow) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
FirewallRules: [{4A102D7E-076C-43F6-BD2C-F79E154603DB}] => (Allow) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
FirewallRules: [{5316F48C-4387-426A-9E8E-5E1C3A5C9002}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe
FirewallRules: [{7E5A19E2-5D5C-4BDD-9F33-331B59B2BA58}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe
FirewallRules: [{36628E01-BA30-42D2-8170-B887D91CDFA5}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe
FirewallRules: [{2F4E4B39-240B-467F-BA2E-5C313CF98051}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe
FirewallRules: [{36A7615C-9989-4097-868F-8C659AC88421}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
FirewallRules: [{A1D0F526-8F6F-42BB-8052-51F740E76BDB}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
FirewallRules: [{A292A209-02EA-4FEA-8C1E-418601EEFE85}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
FirewallRules: [{20F56CF3-21D6-40F4-A31A-F05704940725}] => (Allow) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
FirewallRules: [{D32674F7-045C-4AFB-960D-875B32294E65}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0E0DB146-9595-41F0-BC0A-484C88A80ECE}] => (Allow) LPort=2869
FirewallRules: [{D5A42570-723A-4E3A-A37F-5AA54C932DD6}] => (Allow) LPort=1900
FirewallRules: [{1E24CABF-C1AB-4533-B041-615FF40A78CE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{E07306D1-7A35-4056-A4CD-0B7E8B4F766A}C:\program files (x86)\wifi sensor software\wifi sensor software.exe] => (Allow) C:\program files (x86)\wifi sensor software\wifi sensor software.exe
FirewallRules: [UDP Query User{E373A280-4E28-4F91-B020-39A0124E7DDD}C:\program files (x86)\wifi sensor software\wifi sensor software.exe] => (Allow) C:\program files (x86)\wifi sensor software\wifi sensor software.exe
FirewallRules: [{171A6654-0710-40DD-A46D-EFAA95FF1BF0}] => (Allow) C:\Program Files (x86)\Brother\Brmfl14e\FAXRX.EXE
FirewallRules: [{EAFE456F-D83D-4FE1-975E-914391FEF064}] => (Allow) LPort=54925
FirewallRules: [{B1579024-5CBA-48EF-BBCF-09245C5AC3E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1D896D1D-4AF5-4792-8A22-365C819CE12A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F0F1EE4A-2A68-41EF-AC93-C747CB8EA7C7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8E15562D-B703-4EE5-8CCB-45A9A911BBF0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E1B563D0-8426-44A9-9317-6A66D10486FB}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{EFD70B01-F8E0-46DE-B011-56D7BFB78E58}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{630789A7-D4CB-40C5-83C6-A0B9858978BF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D5F8992A-7B35-44D2-A5E2-752DB098841D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{E57E65E2-452C-414D-A7CF-8005088B6440}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{BC92B825-2E55-427D-B01B-874DC35A4EAE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{78DE46F0-1716-4CB0-AD26-A1891D69FCC3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6C43099D-C11B-4997-AE18-A243FBB3386C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9F8A6E0D-7182-49FA-B78A-E090059DF3F5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{3ABED400-60A6-4FB2-87B3-40AC25FF95C7}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{0FC35E9C-4D74-40D4-A7EC-18EEEEA39E98}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F064FF45-1F22-4A5E-871A-653B6E69ABE5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5DD90035-5A4F-4FAA-BE7A-DDD945B318FC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{F4D9BFA6-EB5F-4C07-BBBF-B064B4945FAD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{9BA49B09-E283-4C64-ACD0-A2EE50474D33}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{7D8F6516-7263-4530-8A1A-10BC4EEE71E2}C:\program files (x86)\idrivewindows\id_win.exe] => (Allow) C:\program files (x86)\idrivewindows\id_win.exe
FirewallRules: [UDP Query User{9825BD94-762F-4355-9DD0-392128AF43FF}C:\program files (x86)\idrivewindows\id_win.exe] => (Allow) C:\program files (x86)\idrivewindows\id_win.exe
FirewallRules: [{FB1F4C60-10E1-4450-A6EF-D4243ED97ACA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DAE0F511-CF4A-4C42-BF22-62CDB75FE752}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0BB7227A-4FD1-4386-BCAC-CF59E6694F69}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DFF9FA0F-F1AD-4916-8A5C-EC60F5FF4E10}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E4F2D892-0725-4024-9B7C-EF380272C6A4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BB491CBE-EDED-4575-86B6-19BC4C3E17E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1A8C662B-AD11-44DF-8684-A46AF411243F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Acronis Snapshots Manager
Description: Acronis Snapshots Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: snapman
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2018 10:00:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.2.9200.16398, time stamp: 0x5033992e
Faulting module name: ntdll.dll, version: 6.1.7601.24260, time stamp: 0x5b9470be
Exception code: 0xc0000374
Fault offset: 0x00000000000bf302
Faulting process id: 0xb34
Faulting application start time: 0x01d4709bd213f387
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 4315d09f-dc8f-11e8-8410-90fba6f00023

Error: (10/30/2018 09:53:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.2.9200.16398, time stamp: 0x5033992e
Faulting module name: ntdll.dll, version: 6.1.7601.24260, time stamp: 0x5b9470be
Exception code: 0xc0000374
Fault offset: 0x00000000000bf302
Faulting process id: 0xef0
Faulting application start time: 0x01d4709aae30b05e
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 3493d0b8-dc8e-11e8-a850-90fba6f00023

Error: (10/30/2018 09:25:13 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Advent)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (10/30/2018 09:25:13 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Advent)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (10/30/2018 09:25:13 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Advent)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

 DETAIL - The process cannot access the file because it is being used by another process.

Error: (10/30/2018 09:25:13 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The process cannot access the file because it is being used by another process.
 for C:\Users\Andrew\ntuser.dat

Error: (10/30/2018 07:45:34 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (10/30/2018 07:31:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.2.9200.16398, time stamp: 0x5033992e
Faulting module name: ntdll.dll, version: 6.1.7601.24260, time stamp: 0x5b9470be
Exception code: 0xc0000374
Fault offset: 0x00000000000bf302
Faulting process id: 0xd50
Faulting application start time: 0x01d47086d8fdcd7a
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 59a7e958-dc7a-11e8-bae2-90fba6f00023


System errors:
=============
Error: (10/30/2018 10:31:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/30/2018 10:31:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/30/2018 10:25:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/30/2018 10:21:14 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (10/30/2018 10:21:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/30/2018 10:15:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/30/2018 10:15:46 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (10/30/2018 10:15:46 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}


CodeIntegrity:
===================================

Date: 2015-08-22 23:12:04.959
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-22 23:12:04.947
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-22 23:12:04.939
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-22 23:12:04.933
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-22 23:12:04.878
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-22 23:12:04.871
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-22 23:12:04.864
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-22 23:12:04.858
Description:
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 39%
Total physical RAM: 4085.18 MB
Available physical RAM: 2451.63 MB
Total Virtual: 8168.5 MB
Available Virtual: 6843.67 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:465.66 GB) (Free:214.85 GB) NTFS
Drive e: () (Removable) (Total:0.96 GB) (Free:0.6 GB) FAT

\\?\Volume{94606fda-23de-11e8-a024-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B47F0451)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 980 MB) (Disk ID: 23F04F75)
Partition 1: (Not Active) - (Size=980 MB) - (Type=06)

==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 01 November 2018 - 10:41 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   6.18KB   156 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP