Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

very slow computer - cleaning before moving to SSD

Started by bbj , Aug 02 2019 09:00 PM

  • This topic is locked This topic is locked

#1
bbj
Posted 02 August 2019 - 09:00 PM

bbj

    Member

  • Member
  • PipPip
  • 64 posts

Hello, I am helping my sister and brother-in-law with their computer. The computer is more than a few years old with a HDD so I am migrating everything over to a Solid State Drive as a first upgrade step.

 

When I got the computer and turned it on, it took about 5 minutes to fully boot up because of all the programs running in the background. I used CCleaner to scan and then to look at the startup programs and disable the unneeded ones. I then opened Malwarebytes but it would not go through the pre-scan stuff so I used MBAM-Clean to remove the old version and get the new one. Now when I open MBAM it won't start (doesn't show in Task Manager applications even though it shows in processes and services).

 

So I need help getting it clean so it can go over to the SSD with a minimum of junk.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019
Ran by the Hoff (administrator) on THEHOFF-PC (02-08-2019 19:27:49)
Running from C:\Users\the Hoff\Desktop
Loaded Profiles: the Hoff (Available Profiles: the Hoff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Actual Tools -> Actual Tools) [File not signed] C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
(Actual Tools -> Actual Tools) C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
(Actual Tools -> Actual Tools) C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Amazon Services LLC -> Amazon Services LLC) C:\Users\the Hoff\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\[]TOOLS[]\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\[]TOOLS[]\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\[]TOOLS[]\Avast\AvastUI.exe
(Box, Inc. -> Box, Inc.) C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\windows\System32\DbxSvc.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(GoPro, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Plex, Inc -> ) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Plex, Inc -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex, Inc -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Plex, Inc -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Plex, Inc -> Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Stardock Corporation) [File not signed] C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\[]TOOLS[]\Avast\AvLaunch.exe [269192 2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech Inc -> Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [CursorFX] => C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe [417280 2010-03-23] (Stardock Corporation) [File not signed]
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [Actual Multiple Monitors] => C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [1782576 2013-09-19] (Actual Tools -> Actual Tools) [File not signed]
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24989672 2019-07-15] (Plex, Inc -> Plex, Inc.)
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [GoogleChromeAutoLaunch_421738EA55700933B3FAC1540D8F5C6F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1555952 2019-07-12] (Google LLC -> Google LLC)
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {177d581c-6911-11e1-b881-bcaec54f1b9f} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {1f7655c1-33c8-11e5-8de9-bcaec54f1b9f} - F:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {20838ec2-465e-11e7-910d-bcaec54f1b9f} - E:\VerizonWirelessUpgradeAssistantSetup.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {65f4fc7e-5707-11e0-a635-bcaec54f1b9f} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {73d43358-0978-11e5-8599-bcaec54f1b9f} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {90c3ab84-df7e-11e6-9f04-bcaec54f1b9f} - E:\VerizonWirelessUpgradeAssistantSetup.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {90c3abbe-df7e-11e6-9f04-bcaec54f1b9f} - E:\VerizonWirelessUpgradeAssistantSetup.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {912af8cb-85b2-11e3-8d84-bcaec54f1b9f} - N:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {d0b5e897-7d42-11e2-9f15-bcaec54f1b9f} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24989672 2019-07-15] (Plex, Inc -> Plex, Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\windows\system32\lvcod64.dll [175392 2012-09-21] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.CFHD] => C:\windows\system32\CFHD.dll [1334784 2016-05-12] (CineForm Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-09-21] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.CFHD] => C:\Windows\SysWOW64\CFHD.dll [1119744 2016-05-12] (CineForm Inc.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12A83DF3-8D6F-40A3-AFA4-6E482BCE9251} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {1678C4F8-485F-493A-A5B5-C07709444E6F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {184FC201-EE9F-4ACB-A34E-F93250F8FD28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {1D80650F-D4ED-47BB-A6CE-09F59B260EEC} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e91e1a557402 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {2D167A0F-365F-4DC0-929A-CFE3DB1467C5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {310475E1-2368-4C8F-B0C0-F8FFBA7A0F0B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {37C24772-6096-4852-9F2F-9BD112FA9BEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {3E75F997-9576-46F1-9FD6-B72B45C280DB} - System32\Tasks\AdobeAAMUpdater-1.0-theHoff-PC-the Hoff => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {61D5FAE9-2E2B-44D5-9798-B660CA7647A1} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {6CA54804-74C3-4865-AE4C-E14A575CAE65} - System32\Tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\4962\g2mupdate.exe [41536 2016-05-18] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
Task: {6F8D1709-4239-45F2-8549-499C72076BF8} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-02] (Dropbox, Inc -> Dropbox, Inc.)
Task: {7041E7E3-8E1F-457F-996F-BDF1EE220248} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e91e1aea8a41 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {7220FC43-43BD-4A4D-9C9E-03D115747650} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-08-02] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {81759849-BAC2-4560-B379-F29B7FEF9FF4} - System32\Tasks\G2MUploadTask-S-1-5-21-3472861432-3466800176-631802751-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\4962\g2mupload.exe [41536 2016-05-18] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
Task: {82A7B415-81BF-41CF-B6C4-754E25DFD0FD} - System32\Tasks\Amazon Music Helper => C:\Users\the Hoff\AppData\Local\Amazon Music\Amazon Music Helper.exe [3694056 2017-03-28] (Amazon Services LLC -> Amazon Services LLC)
Task: {8831782A-BD51-45B3-A77F-B9DEF42FA4B0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {99BF1AB0-AF5C-47C5-9E0D-217DE75D449E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {AA84109C-B609-49BC-BA4A-0EB05A8A999F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3472861432-3466800176-631802751-1001UA => C:\Users\the Hoff\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AFA8001A-F4D1-481F-845A-C6F7E12B49E6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B527F042-33F2-4252-8A9B-3D7149FAAE8A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {C07B0ED4-21B5-4B66-9E4C-E9583ECC7ED0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {C07FDEDB-3165-425C-8FF4-1A0BC19B1F8B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2047368 2019-07-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {C717FCAF-4112-4596-9E84-F300775F73F5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D7DB9198-81B0-429C-BF2C-8FDA5FE6E823} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3472861432-3466800176-631802751-1001Core => C:\Users\the Hoff\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {DB3D67B2-0E62-4F9E-A346-DF36215A1E9E} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4639280 2018-12-02] (McAfee, Inc. -> McAfee, Inc.)
Task: {E1C6D5C0-EC7A-41F9-B338-164B9AB74347} - System32\Tasks\Avast Emergency Update => C:\Program Files\[]TOOLS[]\Avast\AvEmUpdate.exe [3940232 2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
Task: {ECD1D176-4038-492A-9691-1FE2394AF83F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-02] (Dropbox, Inc -> Dropbox, Inc.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FEEB1477-41C9-42C2-81F5-E385530E8CFC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {FEEBFBA3-7517-48F0-9623-3922637009F1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2179792 2013-05-13] (Microsoft Corporation -> Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3472861432-3466800176-631802751-1001Core.job => C:\Users\the Hoff\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3472861432-3466800176-631802751-1001UA.job => C:\Users\the Hoff\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001.job => C:\Users\the Hoff\AppData\Local\GoToMeeting\12022\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-3472861432-3466800176-631802751-1001.job => C:\Users\the Hoff\AppData\Local\GoToMeeting\12022\g2mupload.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B0B045C6-0DBA-4926-8B56-159FF565315A}: [DhcpNameServer] 192.168.1.1
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.0.2,1]

Internet Explorer:
==================
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com/
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
SearchScopes: HKLM -> {5807584B-75B6-465D-88B0-3C4AC684276C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {B01640CD-4AE7-4121-9097-F4E61054E570} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3472861432-3466800176-631802751-1001 -> {B01640CD-4AE7-4121-9097-F4E61054E570} URL = hxxp://www.bing.com/search?FORM=MNMTDF&PC=MANM&q={searchTerms}&src=IE-SearchBox
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech Inc -> Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-01-29] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7b7ioxbj.Mandy
FF ProfilePath: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\nscrosro.default-1450112767985 [not found] <==== ATTENTION
FF ProfilePath: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7b7ioxbj.Mandy [2019-08-02]
FF Extension: (Cookie Restrictions Strict List Study) - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7b7ioxbj.Mandy\Extensions\[email protected] [2019-06-29]
FF Extension: (uBlock Origin) - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7b7ioxbj.Mandy\Extensions\[email protected] [2019-08-02]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-03-19] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-08-02] (Adobe Systems Incorporated -> )
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\[]TOOLS[]\PDF-XChange\npPDFXCviewNPPlugin.dll [2011-02-15] (Tracker Software Products Ltd -> Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-08-02] (Adobe Systems Incorporated -> )
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\[]TOOLS[]\PDF-XChange\Win32\npPDFXCviewNPPlugin.dll [2011-02-15] (Tracker Software Products Ltd -> Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google Inc -> Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=1.1.7 -> C:\Program Files (x86)\[]TOOLS[]\VLC\npvlc.dll [2011-01-30] (the VideoLAN Team) [File not signed]
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3472861432-3466800176-631802751-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\the Hoff\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-07-29] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-3472861432-3466800176-631802751-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.) [File not signed]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://norwex.biz/en_US/consultant/login","hxxp://google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default [2019-08-02]
CHR Extension: (Google Drive) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-09]
CHR Extension: (ShowPassword) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiclfnbhommljbjcoelobnnnibemabl [2017-12-12]
CHR Extension: (uBlock Origin) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-07-28]
CHR Extension: (Adobe Acrobat) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-12]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2016-09-13]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-06-08]
CHR Extension: (Hangouts Notifications) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpmaadfebbedknhmeeijeicldjlegee [2018-11-16]
CHR Extension: (Google Docs Offline) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (AdBlock) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-08-01]
CHR Extension: (Avast Online Security) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-07-28]
CHR Extension: (Weather) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\iolcbmjhmpdheggkocibajddahbeiglb [2019-06-08]
CHR Extension: (Google Forms) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2017-03-29]
CHR Extension: (Power Zoom - Zoom Images with a Mouse Hover) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlioidldolgbmanndggdnldambdlglgj [2016-01-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-19]
CHR Extension: (Boomerang for Gmail) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2018-09-20]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2019-06-27]
CHR Extension: (Google Hangouts) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2019-05-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2019-06-20]
CHR Extension: (Chrome Media Router) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-27]
CHR HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\THEHOF~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-10]
CHR HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\[]TOOLS[]\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AMD External Events Utility; C:\windows\system32\atiesrxx.exe [238080 2013-04-29] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\[]TOOLS[]\Avast\aswidsagent.exe [6797008 2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\[]TOOLS[]\Avast\AvastSvc.exe [414976 2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
R2 BoxUpdateSvc; C:\Program Files\Box\Box\Box.Desktop.UpdateService.exe [53056 2018-08-17] (Box, Inc. -> Box, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-02] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-02] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [51024 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-12] (GoPro, Inc. -> )
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc -> Logitech Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2128872 2019-07-15] (Plex, Inc -> Plex, Inc.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\[]TOOLS[]\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdiox64; C:\windows\System32\DRIVERS\amdiox64.sys [46136 2010-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 amdkmdag; C:\windows\System32\DRIVERS\atikmdag.sys [11922944 2013-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\windows\System32\DRIVERS\atikmpag.sys [359936 2013-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 aswArDisk; C:\windows\System32\drivers\aswArDisk.sys [37320 2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [209256 2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [263224 2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [206056 2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [61688 2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42504 2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [168896 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [112520 2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [88160 2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1030784 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [477288 2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [225816 2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [387896 2019-07-25] (AVAST Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\windows\System32\drivers\AtihdW76.sys [96896 2012-05-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 atikmdag; C:\windows\System32\DRIVERS\atikmdag.sys [11922944 2013-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R1 cbfs6; C:\windows\system32\drivers\cbfs6.sys [460992 2016-09-21] (EldoS Corporation -> /n software, Inc.)
S3 dg_ssudbus; C:\windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\windows\System32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc -> Logitech Inc.)
R3 MTsensor; C:\windows\system32\DRIVERS\ASACPI.sys [15680 2006-11-01] (ASUSTeK Computer Inc. -> )
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2015-12-03] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
S3 ssudmdm; C:\windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
R3 VIAHdAudAddService; C:\windows\System32\drivers\viahduaa.sys [1222144 2009-07-10] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
S3 WDC_SAM; C:\windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-02 19:27 - 2019-08-02 19:29 - 000039701 _____ C:\Users\the Hoff\Desktop\FRST.txt
2019-08-02 19:24 - 2019-08-02 19:24 - 002096128 _____ (Farbar) C:\Users\the Hoff\Desktop\FRST64.exe
2019-08-02 18:45 - 2019-08-02 18:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-02 18:45 - 2019-08-02 18:45 - 000000000 ____D C:\Program Files\Malwarebytes
2019-08-02 18:45 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2019-08-02 18:30 - 2019-08-02 18:31 - 000858912 _____ (Malwarebytes) C:\Users\the Hoff\Downloads\mb-clean-3.1.0.1035.exe
2019-08-02 18:11 - 2019-08-02 18:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-08-01 17:46 - 2019-08-01 17:46 - 020891464 _____ (Piriform Software Ltd) C:\Users\the Hoff\Downloads\ccsetup560.exe
2019-07-30 15:18 - 2019-07-30 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-07-30 05:19 - 2019-07-30 05:19 - 000051024 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2019-07-30 05:19 - 2019-07-30 05:19 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2019-07-30 05:19 - 2019-07-30 05:19 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2019-07-30 05:19 - 2019-07-30 05:19 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2019-07-29 10:36 - 2019-07-29 10:36 - 000000000 ____D C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2019-07-25 02:15 - 2019-07-25 02:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2019-07-24 04:59 - 2019-07-13 01:14 - 000334848 _____ (Microsoft Corporation) C:\windows\system32\sipnotify.exe
2019-07-15 20:43 - 2019-07-31 08:43 - 000168896 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2019-07-15 20:43 - 2019-07-15 20:43 - 000225816 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2019-07-15 20:43 - 2019-07-15 20:42 - 000363400 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2019-07-11 20:24 - 2019-07-11 20:24 - 000000000 _____ C:\windows\system32\last.dump
2019-07-09 13:55 - 2019-06-27 22:24 - 000887808 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll
2019-07-09 13:55 - 2019-06-20 19:44 - 003229696 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2019-07-09 13:55 - 2019-06-20 18:41 - 001251840 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2019-07-09 13:55 - 2019-06-20 02:11 - 000396896 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2019-07-09 13:55 - 2019-06-20 01:15 - 000348976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2019-07-09 13:55 - 2019-06-18 20:06 - 004927488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2019-07-09 13:55 - 2019-06-18 18:07 - 005785600 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2019-07-09 13:55 - 2019-06-17 23:41 - 001649664 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2019-07-09 13:55 - 2019-06-17 21:34 - 025730560 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2019-07-09 13:55 - 2019-06-17 21:21 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2019-07-09 13:55 - 2019-06-17 21:21 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2019-07-09 13:55 - 2019-06-17 21:09 - 002903552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2019-07-09 13:55 - 2019-06-17 21:08 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2019-07-09 13:55 - 2019-06-17 21:07 - 000578560 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2019-07-09 13:55 - 2019-06-17 21:07 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2019-07-09 13:55 - 2019-06-17 21:07 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2019-07-09 13:55 - 2019-06-17 21:07 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2019-07-09 13:55 - 2019-06-17 21:00 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2019-07-09 13:55 - 2019-06-17 20:59 - 005775872 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2019-07-09 13:55 - 2019-06-17 20:59 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2019-07-09 13:55 - 2019-06-17 20:57 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2019-07-09 13:55 - 2019-06-17 20:56 - 020274688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2019-07-09 13:55 - 2019-06-17 20:56 - 000790528 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2019-07-09 13:55 - 2019-06-17 20:56 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2019-07-09 13:55 - 2019-06-17 20:56 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2019-07-09 13:55 - 2019-06-17 20:55 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2019-07-09 13:55 - 2019-06-17 20:51 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2019-07-09 13:55 - 2019-06-17 20:48 - 000969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2019-07-09 13:55 - 2019-06-17 20:45 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2019-07-09 13:55 - 2019-06-17 20:39 - 000496128 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2019-07-09 13:55 - 2019-06-17 20:39 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2019-07-09 13:55 - 2019-06-17 20:39 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2019-07-09 13:55 - 2019-06-17 20:38 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2019-07-09 13:55 - 2019-06-17 20:38 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2019-07-09 13:55 - 2019-06-17 20:38 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2019-07-09 13:55 - 2019-06-17 20:38 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2019-07-09 13:55 - 2019-06-17 20:37 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2019-07-09 13:55 - 2019-06-17 20:35 - 002297344 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2019-07-09 13:55 - 2019-06-17 20:35 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2019-07-09 13:55 - 2019-06-17 20:34 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2019-07-09 13:55 - 2019-06-17 20:32 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2019-07-09 13:55 - 2019-06-17 20:32 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2019-07-09 13:55 - 2019-06-17 20:32 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2019-07-09 13:55 - 2019-06-17 20:30 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2019-07-09 13:55 - 2019-06-17 20:30 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2019-07-09 13:55 - 2019-06-17 20:29 - 000663040 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2019-07-09 13:55 - 2019-06-17 20:29 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2019-07-09 13:55 - 2019-06-17 20:29 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2019-07-09 13:55 - 2019-06-17 20:21 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2019-07-09 13:55 - 2019-06-17 20:21 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2019-07-09 13:55 - 2019-06-17 20:20 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2019-07-09 13:55 - 2019-06-17 20:20 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2019-07-09 13:55 - 2019-06-17 20:19 - 015311872 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2019-07-09 13:55 - 2019-06-17 20:17 - 002136064 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2019-07-09 13:55 - 2019-06-17 20:17 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2019-07-09 13:55 - 2019-06-17 20:16 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2019-07-09 13:55 - 2019-06-17 20:16 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2019-07-09 13:55 - 2019-06-17 20:16 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-07-09 13:55 - 2019-06-17 20:13 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2019-07-09 13:55 - 2019-06-17 20:13 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2019-07-09 13:55 - 2019-06-17 20:11 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2019-07-09 13:55 - 2019-06-17 20:10 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2019-07-09 13:55 - 2019-06-17 20:07 - 004494336 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2019-07-09 13:55 - 2019-06-17 20:06 - 004858880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2019-07-09 13:55 - 2019-06-17 20:04 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2019-07-09 13:55 - 2019-06-17 20:03 - 013706752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2019-07-09 13:55 - 2019-06-17 20:03 - 002060288 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2019-07-09 13:55 - 2019-06-17 20:03 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2019-07-09 13:55 - 2019-06-17 20:02 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2019-07-09 13:55 - 2019-06-17 19:55 - 001557504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2019-07-09 13:55 - 2019-06-17 19:44 - 004386304 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2019-07-09 13:55 - 2019-06-17 19:43 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2019-07-09 13:55 - 2019-06-17 19:41 - 001323008 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2019-07-09 13:55 - 2019-06-17 19:39 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2019-07-09 13:55 - 2019-06-12 20:25 - 000160488 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2019-07-09 13:55 - 2019-06-12 20:21 - 000732160 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2019-07-09 13:55 - 2019-06-12 08:23 - 004057320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2019-07-09 13:55 - 2019-06-12 08:23 - 003964136 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2019-07-09 13:55 - 2019-06-12 08:10 - 005550824 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-07-09 13:55 - 2019-06-12 08:06 - 000680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2019-07-09 13:55 - 2019-06-12 07:49 - 000205312 _____ (Microsoft Corporation) C:\windows\SysWOW64\Dism.exe
2019-07-09 13:55 - 2019-06-12 07:37 - 000274944 _____ (Microsoft Corporation) C:\windows\system32\Dism.exe
2019-07-09 13:55 - 2019-06-10 19:59 - 002863104 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2019-07-09 13:55 - 2019-06-10 19:59 - 001712640 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2019-07-09 13:55 - 2019-06-10 19:59 - 000801792 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2019-07-09 13:55 - 2019-06-10 19:59 - 000634368 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2019-07-09 13:55 - 2019-06-10 19:59 - 000501760 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2019-07-09 13:55 - 2019-06-10 19:59 - 000456192 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2019-07-09 13:55 - 2019-06-10 19:59 - 000315904 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2019-07-09 13:55 - 2019-06-10 19:59 - 000257024 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2019-07-09 13:55 - 2019-06-07 08:08 - 000516096 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2019-07-09 13:54 - 2019-06-27 22:24 - 000448512 _____ (Microsoft Corporation) C:\windows\system32\wlansec.dll
2019-07-09 13:54 - 2019-06-27 22:24 - 000414208 _____ (Microsoft Corporation) C:\windows\system32\wlanmsm.dll
2019-07-09 13:54 - 2019-06-27 22:24 - 000118784 _____ (Microsoft Corporation) C:\windows\system32\wlanhlp.dll
2019-07-09 13:54 - 2019-06-27 22:24 - 000113664 _____ (Microsoft Corporation) C:\windows\system32\wlanapi.dll
2019-07-09 13:54 - 2019-06-27 22:23 - 000428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanmsm.dll
2019-07-09 13:54 - 2019-06-27 22:23 - 000392704 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlansec.dll
2019-07-09 13:54 - 2019-06-27 22:23 - 000083968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanhlp.dll
2019-07-09 13:54 - 2019-06-27 22:23 - 000080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanapi.dll
2019-07-09 13:54 - 2019-06-20 20:09 - 000806400 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2019-07-09 13:54 - 2019-06-20 20:05 - 000628224 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2019-07-09 13:54 - 2019-06-18 20:06 - 000269824 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2019-07-09 13:54 - 2019-06-12 08:22 - 001314104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2019-07-09 13:54 - 2019-06-12 08:21 - 012574208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2019-07-09 13:54 - 2019-06-12 08:21 - 011411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2019-07-09 13:54 - 2019-06-12 08:21 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2019-07-09 13:54 - 2019-06-12 08:21 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2019-07-09 13:54 - 2019-06-12 08:21 - 000617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2019-07-09 13:54 - 2019-06-12 08:21 - 000275968 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2019-07-09 13:54 - 2019-06-12 08:21 - 000179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2019-07-09 13:54 - 2019-06-12 08:21 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2019-07-09 13:54 - 2019-06-12 08:21 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2019-07-09 13:54 - 2019-06-12 08:21 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2019-07-09 13:54 - 2019-06-12 08:21 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 003207168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 001329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000555520 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000261632 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssign32.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2019-07-09 13:54 - 2019-06-12 08:20 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 001177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 001005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000373248 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000195072 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:15 - 000631680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2019-07-09 13:54 - 2019-06-12 08:11 - 000708328 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2019-07-09 13:54 - 2019-06-12 08:11 - 000262376 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2019-07-09 13:54 - 2019-06-12 08:11 - 000153832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2019-07-09 13:54 - 2019-06-12 08:11 - 000094440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2019-07-09 13:54 - 2019-06-12 08:10 - 000095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2019-07-09 13:54 - 2019-06-12 08:09 - 001664352 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 014637568 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 012574720 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2019-07-09 13:54 - 2019-06-12 08:08 - 000782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 000361984 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 000236032 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 000229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 000094208 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2019-07-09 13:54 - 2019-06-12 08:08 - 000005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2019-07-09 13:54 - 2019-06-12 08:08 - 000005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 004120576 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 001574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 001484800 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 001472512 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 001211392 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 001202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 001162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 001068544 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000733184 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000499712 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000433152 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000408576 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000317440 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000187904 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000081920 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\mssign32.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2019-07-09 13:54 - 2019-06-12 08:07 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000438784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000295936 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2019-07-09 13:54 - 2019-06-12 08:06 - 000004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 08:05 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2019-07-09 13:54 - 2019-06-12 08:04 - 000023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2019-07-09 13:54 - 2019-06-12 08:01 - 000663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2019-07-09 13:54 - 2019-06-12 07:55 - 000009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2019-07-09 13:54 - 2019-06-12 07:54 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2019-07-09 13:54 - 2019-06-12 07:50 - 000055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2019-07-09 13:54 - 2019-06-12 07:49 - 000125952 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2019-07-09 13:54 - 2019-06-12 07:49 - 000024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2019-07-09 13:54 - 2019-06-12 07:48 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2019-07-09 13:54 - 2019-06-12 07:48 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2019-07-09 13:54 - 2019-06-12 07:48 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2019-07-09 13:54 - 2019-06-12 07:48 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2019-07-09 13:54 - 2019-06-12 07:47 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2019-07-09 13:54 - 2019-06-12 07:46 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 07:46 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 07:46 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 07:46 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-07-09 13:54 - 2019-06-12 07:42 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2019-07-09 13:54 - 2019-06-12 07:42 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2019-07-09 13:54 - 2019-06-12 07:42 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2019-07-09 13:54 - 2019-06-12 07:42 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2019-07-09 13:54 - 2019-06-12 07:39 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2019-07-09 13:54 - 2019-06-12 07:39 - 000129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys
2019-07-09 13:54 - 2019-06-12 07:38 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2019-07-09 13:54 - 2019-06-12 07:37 - 000011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2019-07-09 13:54 - 2019-06-12 07:37 - 000009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2019-07-09 13:54 - 2019-06-12 07:36 - 000464384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2019-07-09 13:54 - 2019-06-12 07:36 - 000406016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2019-07-09 13:54 - 2019-06-12 07:36 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2019-07-09 13:54 - 2019-06-12 07:36 - 000169472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2019-07-09 13:54 - 2019-06-12 07:36 - 000160768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2019-07-09 13:54 - 2019-06-12 07:36 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2019-07-09 13:54 - 2019-06-12 07:35 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2019-07-09 13:54 - 2019-06-12 07:35 - 000064512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys
2019-07-09 13:54 - 2019-06-12 07:35 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys
2019-07-09 13:54 - 2019-06-12 07:35 - 000060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys
2019-07-09 13:54 - 2019-06-12 07:35 - 000060928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys
2019-07-09 13:54 - 2019-06-12 07:35 - 000044544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\npfs.sys
2019-07-09 13:54 - 2019-06-12 07:35 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2019-07-09 13:54 - 2019-06-07 08:18 - 001425920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2019-07-09 13:54 - 2019-06-07 08:18 - 000026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleres.dll
2019-07-09 13:54 - 2019-06-07 08:08 - 002072576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2019-07-09 13:54 - 2019-06-07 08:08 - 000026112 _____ (Microsoft Corporation) C:\windows\system32\oleres.dll
2019-07-09 13:54 - 2019-06-07 08:07 - 000008704 _____ (Microsoft Corporation) C:\windows\system32\comcat.dll
2019-07-09 13:54 - 2019-06-07 07:55 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\comcat.dll
2019-07-09 13:54 - 2018-11-17 19:43 - 000322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-02 19:28 - 2009-07-13 21:45 - 000018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-08-02 19:28 - 2009-07-13 21:45 - 000018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-08-02 19:27 - 2015-08-09 12:35 - 000000000 ____D C:\FRST
2019-08-02 19:25 - 2011-03-03 17:00 - 000000000 ____D C:\Users\the Hoff\AppData\Roaming\TeraCopy
2019-08-02 19:06 - 2016-12-06 12:26 - 000000000 ____D C:\Users\the Hoff\AppData\LocalLow\Mozilla
2019-08-02 18:54 - 2011-03-03 14:01 - 000000000 ____D C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\[]TOOLS[]
2019-08-02 18:45 - 2009-07-13 20:20 - 000000000 ____D C:\windows\inf
2019-08-02 18:39 - 2017-04-03 18:36 - 000000248 _____ C:\windows\Tasks\AutoKMS.job
2019-08-02 18:39 - 2016-11-02 18:58 - 000000912 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-08-02 18:39 - 2016-11-02 18:58 - 000000908 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-08-02 18:39 - 2009-07-13 22:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-08-02 18:38 - 2015-12-27 19:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-08-02 18:37 - 2011-03-03 13:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[]TOOLS[]
2019-08-02 18:37 - 2011-03-03 13:38 - 000000000 ____D C:\Program Files (x86)\[]TOOLS[]
2019-08-02 17:11 - 2013-02-06 21:37 - 000000000 ___RD C:\Users\the Hoff\Google Drive
2019-08-02 17:04 - 2015-01-14 03:28 - 000000000 ____D C:\windows\pss
2019-08-02 16:55 - 2018-09-06 05:01 - 000004128 _____ C:\windows\System32\Tasks\CCleaner Update
2019-08-02 16:52 - 2017-03-15 03:52 - 000004158 _____ C:\windows\System32\Tasks\Avast Emergency Update
2019-08-02 09:21 - 2011-03-03 12:59 - 000000000 ____D C:\Users\the Hoff
2019-08-01 17:52 - 2011-03-04 07:57 - 000000000 ____D C:\Program Files\Common Files\Apple
2019-08-01 17:51 - 2011-03-03 19:29 - 000000000 ____D C:\ProgramData\Apple
2019-08-01 08:49 - 2017-12-11 23:17 - 000000000 ___RD C:\Users\the Hoff\iCloudDrive
2019-08-01 08:48 - 2014-08-12 22:57 - 000000000 ____D C:\ProgramData\Logishrd
2019-07-31 08:43 - 2011-03-03 15:29 - 001030784 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2019-07-30 15:18 - 2016-11-02 18:58 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-07-29 12:45 - 2017-08-02 17:24 - 000003618 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)
2019-07-29 12:45 - 2017-04-03 18:36 - 000002540 _____ C:\windows\System32\Tasks\AutoKMS
2019-07-29 12:45 - 2017-03-29 13:54 - 000001850 _____ C:\windows\System32\Tasks\Amazon Music Helper
2019-07-29 12:45 - 2016-11-02 18:58 - 000003918 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2019-07-29 12:45 - 2016-11-02 18:58 - 000003666 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2019-07-29 12:45 - 2016-07-28 15:19 - 000003332 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1e91e1aea8a41
2019-07-29 12:45 - 2016-07-28 15:19 - 000003204 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1e91e1a557402
2019-07-29 12:45 - 2015-12-03 09:13 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
2019-07-29 12:45 - 2015-08-25 21:05 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2019-07-29 12:45 - 2015-05-29 22:48 - 000002800 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2019-07-29 10:36 - 2017-05-21 22:41 - 000000000 ____D C:\Users\the Hoff\AppData\Roaming\Zoom
2019-07-25 08:43 - 2013-03-05 09:44 - 000387896 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2019-07-25 02:16 - 2014-12-26 18:03 - 000000000 ____D C:\ProgramData\Package Cache
2019-07-22 11:16 - 2011-03-04 13:47 - 000000000 ____D C:\Users\the Hoff\AppData\Local\CrashDumps
2019-07-19 15:43 - 2009-07-13 22:09 - 000000000 ____D C:\windows\System32\Tasks\WPD
2019-07-16 16:22 - 2012-03-08 18:40 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-15 20:42 - 2019-01-14 08:44 - 000263224 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdriver.sys
2019-07-15 20:42 - 2019-01-05 08:44 - 000206056 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsh.sys
2019-07-15 20:42 - 2019-01-05 08:44 - 000061688 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniv.sys
2019-07-15 20:42 - 2019-01-05 08:44 - 000037320 _____ (AVAST Software) C:\windows\system32\Drivers\aswArDisk.sys
2019-07-15 20:42 - 2018-10-19 12:35 - 000042504 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2019-07-15 20:42 - 2017-11-16 04:46 - 000209256 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2019-07-15 20:42 - 2013-03-05 09:44 - 000088160 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2019-07-15 20:42 - 2012-02-24 06:42 - 000112520 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2019-07-15 20:42 - 2011-03-03 15:29 - 000477288 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2019-07-10 05:26 - 2009-07-13 20:20 - 000000000 ____D C:\windows\rescache
2019-07-10 04:19 - 2009-07-13 22:13 - 000786578 _____ C:\windows\system32\PerfStringBackup.INI
2019-07-10 04:11 - 2009-07-13 21:45 - 000421128 _____ C:\windows\system32\FNTCACHE.DAT
2019-07-10 04:03 - 2014-12-10 04:51 - 000000000 ____D C:\windows\system32\appraiser
2019-07-10 04:03 - 2014-05-07 03:01 - 000000000 ___SD C:\windows\system32\CompatTel
2019-07-10 04:03 - 2009-07-13 20:20 - 000000000 ____D C:\windows\SysWOW64\Dism
2019-07-10 04:03 - 2009-07-13 20:20 - 000000000 ____D C:\windows\system32\Dism
2019-07-10 03:40 - 2011-03-05 22:19 - 000778700 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2019-07-10 03:35 - 2009-07-13 19:34 - 000000478 _____ C:\windows\win.ini
2019-07-10 03:15 - 2013-08-14 03:03 - 000000000 ____D C:\windows\system32\MRT
2019-07-10 03:03 - 2011-03-04 06:43 - 136618864 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2019-07-08 10:42 - 2011-03-04 11:14 - 000000000 ___RD C:\Users\the Hoff\Dropbox
2019-07-05 15:22 - 2018-09-14 14:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google

==================== Files in the root of some directories ================

2011-08-12 21:20 - 2017-06-29 11:37 - 000045056 _____ () C:\Users\the Hoff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-01 09:16
==================== End of FRST.txt ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by the Hoff (02-08-2019 19:29:44)
Running from C:\Users\the Hoff\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-03 19:59:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3472861432-3466800176-631802751-500 - Administrator - Disabled)
Guest (S-1-5-21-3472861432-3466800176-631802751-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3472861432-3466800176-631802751-1006 - Limited - Enabled)
the Hoff (S-1-5-21-3472861432-3466800176-631802751-1001 - Administrator - Enabled) => C:\Users\the Hoff

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Actual Multiple Monitors 8.0 (HKLM-x32\...\Actual Multiple Monitors_is1) (Version: 8.0 - Actual Tools)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Amazon Amazon Music) (Version: 5.4.0.1779 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Backup and Sync from Google (HKLM\...\{768C0072-2FD2-4934-9824-B2A1E81AEA5D}) (Version: 3.45.5545.5747 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box (HKLM\...\{70BE6D52-C4F9-4C00-842E-9966AC42B8E9}) (Version: 1.17.120 - Box, Inc.)
calibre (HKLM-x32\...\{1AB14879-AF77-44C2-82A3-5A90C8102C06}) (Version: 3.42.0 - Kovid Goyal)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - ‭Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version:  - Elaborate Bytes)
CursorFX (HKLM-x32\...\{C1080852-065E-4991-9260-F3756E3CC182}) (Version: 2.00 - Stardock Corporation) Hidden
CursorFX (HKLM-x32\...\CursorFX) (Version:  - Stardock Corporation)
dBpoweramp [Calculate Audio CRC] Codec (HKLM-x32\...\dBpoweramp [Calculate Audio CRC] Codec) (Version:  - )
dBpoweramp [Multi Encoder] Codec (HKLM-x32\...\dBpoweramp [Multi Encoder] Codec) (Version: Release 2 - Illustrate)
dBpoweramp [ReplayGain] Codec (HKLM-x32\...\dBpoweramp [ReplayGain] Codec) (Version:  - )
dBpoweramp AAC Encoder (HKLM-x32\...\dBpoweramp AAC Encoder) (Version:  - )
dBpoweramp CLI Encoder (HKLM-x32\...\dBpoweramp CLI Encoder) (Version:  - )
dBpoweramp Dalet Codec (HKLM-x32\...\dBpoweramp Dalet Codec) (Version:  - )
dBpoweramp FLAC Codec (HKLM-x32\...\dBpoweramp FLAC Codec) (Version:  - )
dBpoweramp m4a Codec (HKLM-x32\...\dBpoweramp m4a Codec) (Version: Release 7 - Illustrate)
dBpoweramp m4a Utilities (HKLM-x32\...\dBpoweramp m4a Utilities) (Version:  - )
dBpoweramp Monkeys Audio Codec (HKLM-x32\...\dBpoweramp Monkeys Audio Codec) (Version:  - )
dBpoweramp Mp2 and BwfMp2 codec (HKLM-x32\...\dBpoweramp Mp2 and BwfMp2 codec) (Version:  - )
dBpoweramp mp3 (Fraunhofer IIS) Codec (HKLM-x32\...\dBpoweramp mp3 (Fraunhofer IIS) Codec) (Version: Release 2 (v4.0.3) - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 13.1 - Illustrate)
dBpoweramp Ogg Vorbis Codec (HKLM-x32\...\dBpoweramp Ogg Vorbis Codec) (Version:  - )
dBpoweramp Real Audio (Helix) Encoder (HKLM-x32\...\dBpoweramp Real Audio (Helix) Encoder) (Version:  - )
dBPoweramp tooLame MP2 codec (HKLM-x32\...\dBPoweramp tooLame MP2 codec) (Version:  - )
dBpoweramp Wave64 Codec (HKLM-x32\...\dBpoweramp Wave64 Codec) (Version:  - )
dBpoweramp WavPack Codec (HKLM-x32\...\dBpoweramp WavPack Codec) (Version:  - )
dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 5 - Illustrate)
Dropbox (HKLM-x32\...\Dropbox) (Version: 78.4.119 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
DVDFab 8.0.6.1 (18/12/2010) (HKLM-x32\...\DVDFab 8_is1) (Version:  - Fengtao Software Inc.)
Elements 10 Organizer (HKLM-x32\...\{22D3A614-482C-444A-932C-9DA1B8ECDFD2}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.8.3 (HKLM-x32\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
GetDiz 4.5 (HKLM-x32\...\GetDiz 4.5) (Version: 4.5 - Outertech)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoPro (HKLM\...\{1E92618C-EB66-4C4C-9F45-93EC6EF53273}) (Version: 0.1.2733 - GoPro, Inc.) Hidden
GoPro for Desktop (HKLM-x32\...\{88734dc7-c200-4ad3-b29f-bb5e436cb30f}) (Version: 1.4.0.2733 - GoPro, Inc.)
GoPro Studio (HKLM-x32\...\{99502BF0-655A-425D-8754-9EEC557D3D73}) (Version: 5.9.2733 - GoPro, Inc.) Hidden
GoTo Opener (HKLM-x32\...\{351B54B2-1AFC-42A7-A8C0-9E05C26F0D1E}) (Version: 1.0.470 - LogMeIn, Inc.)
GoToMeeting 8.39.5.12022 (HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\GoToMeeting) (Version: 8.39.5.12022 - LogMeIn, Inc.)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.)
Innova OBD PC-Link (HKLM-x32\...\{2DB69B0F-6B08-43DF-8FF7-34575BB5E3C5}) (Version: 2.3.9 - Innova Electronics)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
JumpStart Languages (HKLM-x32\...\JumpStart Languages) (Version:  - )
Junk Mail filter update (HKLM-x32\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kits Configuration Installer (HKLM-x32\...\{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}) (Version: 8.59.25584 - Microsoft) Hidden
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.14261.0 - Linksys LLC)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.3.138.1 - McAfee, LLC)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 68.0.1.7137 - Mozilla)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
PDF-XChange Viewer (HKLM\...\{EE18FF09-2F2A-4A88-85B3-B845EFD5C5FE}) (Version: 2.5.193.0 - Tracker Software Products Ltd.)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{11adedc6-abd6-4c3e-a37b-5d2c3159714c}) (Version: 1.16.3.1402 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{51928EFC-2EBA-4CC2-8F0B-35AB3B96F1D2}) (Version: 1.16.1402 - Plex, Inc.) Hidden
PSE10 STI Installer (HKLM-x32\...\{11D08055-939C-432b-98C3-E072478A0CD7}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Quicken WillMaker Plus 2014 (HKLM-x32\...\{44160FDE-C190-45C1-B8E1-23F00228E572}) (Version: 1.0.0.0 - Nolo)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
Revo Uninstaller 1.91 (HKLM-x32\...\Revo Uninstaller) (Version: 1.91 - VS Revo Group)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Sansa Updater (HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Sansa Updater) (Version:  - SanDisk Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Software Upgrade Assistant (HKLM-x32\...\{B33BA940-B460-4F02-BFF3-1DDCE7083726}_is1) (Version: 2.3.6 - Motorola Mobility LLC)
Spotify (HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Stopping Plex (HKLM-x32\...\{D4E8F43C-F61F-4A10-87B3-86F3018F8982}) (Version: 1.16.1402 - Plex, Inc.) Hidden
SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector Inc.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version:  - )
TreeSize Free V4.2.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.2.2 - JAM Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.7 - Tweaking.com)
Typing Instructor Platinum (HKLM-x32\...\{F358C0E1-B8DD-43A4-8B2E-269710247F16}) (Version: 21.00.0000 - Individual Software)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{519CABB0-76BB-4ACF-9EAE-38E042EFB00A}) (Version: 4.19.0106 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{930FA71B-703F-4178-9FE8-1BCAA359E6EE}) (Version: 4.18.1201 - Samsung Electronics Co., Ltd.)
VFW_Codec32 (HKLM-x32\...\{4275850F-4E2E-4F60-9E73-8BD8F70891D3}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{7010885D-3378-4C9B-B330-88271728EDE5}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 Logon Background Changer (HKLM-x32\...\{2E6044C5-3495-485F-91BC-46D1B6430E51}) (Version: 1.5.2 - Julien MANICI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.9 - HTC)
WPT Redistributables (HKLM-x32\...\{A5D42D71-4036-5F88-5085-657C9DF9F1DD}) (Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{986EABFC-92F6-CECD-9E5A-B13CAC40BB1D}) (Version: 8.59.29722 - Microsoft) Hidden
Zoom (HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\ZoomUMX) (Version: 4.4 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\the Hoff\AppData\Local\GoToMeeting\12022\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
SSODL: EldosMountNotificator-cbfs6 - {FEA65D1F-FCA0-43CF-A73E-691530704657} - C:\windows\system32\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {FEA65D1F-FCA0-43CF-A73E-691530704657} - C:\windows\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {FEA65D1F-FCA0-43CF-A73E-691530704657} => C:\windows\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {FEA65D1F-FCA0-43CF-A73E-691530704657} => C:\windows\SysWOW64\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellIconOverlayIdentifiers: [    BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-1.17.120.dll [2018-08-17] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-1.17.120.dll [2018-08-17] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-1.17.120.dll [2018-08-17] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-1.17.120.dll [2018-08-17] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-1.17.120.dll [2018-08-17] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-1.17.120.dll [2018-08-17] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\[]TOOLS[]\Avast\ashShell.dll [2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\[]TOOLS[]\Avast\ashShell.dll [2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {699A9745-7D6F-4BC0-B6DE-484E22F2E3D7} => C:\windows\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ShellIconOverlayIdentifiers-x32: [    BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-1.17.120.dll [2018-08-17] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [    BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-1.17.120.dll [2018-08-17] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [    BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-1.17.120.dll [2018-08-17] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [    BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-1.17.120.dll [2018-08-17] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [    BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-1.17.120.dll [2018-08-17] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [    BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-1.17.120.dll [2018-08-17] (Box, Inc. -> Box, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {699A9745-7D6F-4BC0-B6DE-484E22F2E3D7} => C:\windows\system32\cbfsMntNtf6.dll [2016-09-21] (EldoS Corporation -> /n software, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\[]TOOLS[]\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\[]TOOLS[]\Avast\ashShell.dll [2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1-x32: [DVDFAB32] -> {2B896307-03F8-4771-B13F-88176CAC4065} => C:\Program Files (x86)\[]TOOLS[]\DVDFab 8\DVDFabShellEx32.dll [2010-11-16] (Fengtao Software Inc. -> Fengtao Software Inc.)
ContextMenuHandlers1: [DVDFAB64] -> {2B896307-03F8-4771-B13F-88176CAC4066} => C:\Program Files (x86)\[]TOOLS[]\DVDFab 8\DVDFabShellEx.dll [2010-11-16] (Fengtao Software Inc. -> Fengtao Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopyExt.dll [2009-06-22] () [File not signed]
ContextMenuHandlers1: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopyExt64.dll [2009-06-21] () [File not signed]
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopyExt.dll [2009-06-22] () [File not signed]
ContextMenuHandlers2: [TeraCopyS64] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopyExt.dll [2009-06-22] () [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\[]TOOLS[]\Avast\ashShell.dll [2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\[]TOOLS[]\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopyExt.dll [2009-06-22] () [File not signed]
ContextMenuHandlers4: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopyExt64.dll [2009-06-21] () [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [Actual Multiple Monitors] -> {96703F22-7167-4098-A19A-9749F3A3C6ED} => C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsShellExtension64.dll [2013-08-16] (Actual Tools -> Actual Tools)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopyExt.dll [2009-06-22] () [File not signed]
ContextMenuHandlers5: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopyExt64.dll [2009-06-21] () [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\[]TOOLS[]\Avast\ashShell.dll [2019-07-15] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopyExt.dll [2009-06-22] () [File not signed]
ContextMenuHandlers6: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopyExt64.dll [2009-06-21] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_jhknlonaankphkkbnmjdlpehkinifeeg\Google Forms.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=jhknlonaankphkkbnmjdlpehkinifeeg
ShortcutWithArgument: C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Forms.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=jhknlonaankphkkbnmjdlpehkinifeeg
ShortcutWithArgument: C:\Users\the Hoff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Forms.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=jhknlonaankphkkbnmjdlpehkinifeeg
ShortcutWithArgument: C:\Users\the Hoff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Forms.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=jhknlonaankphkkbnmjdlpehkinifeeg
ShortcutWithArgument: C:\Users\the Hoff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd

==================== Loaded Modules (Whitelisted) ==============

2010-03-23 07:17 - 2010-03-23 07:17 - 000059904 _____ () [File not signed] C:\Program Files (x86)\[]TOOLS[]\CursorFX\zlib1.dll
2011-03-03 16:36 - 2009-06-22 04:27 - 000126464 _____ () [File not signed] C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopy64.dll
2011-03-03 16:36 - 2009-06-21 08:52 - 000318976 _____ () [File not signed] C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopyExt64.dll
2012-03-05 17:03 - 2012-03-05 17:03 - 000677376 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-04-30 00:25 - 2013-04-30 00:25 - 000211968 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-02-16 15:53 - 2012-02-16 15:53 - 003642880 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-10-03 15:56 - 2013-09-19 18:36 - 001782576 _____ (Actual Tools -> Actual Tools) [File not signed] C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
2013-04-30 00:03 - 2013-04-30 00:03 - 000837632 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2013-04-30 00:02 - 2013-04-30 00:02 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2013-04-30 00:25 - 2013-04-30 00:25 - 000361984 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2011-03-06 18:18 - 2007-04-25 20:28 - 000183296 _____ (Canon Inc.) [File not signed] C:\windows\System32\CNCF2Lc.DLL
2011-03-06 18:18 - 2007-05-01 06:00 - 000258560 _____ (CANON INC.) [File not signed] C:\windows\System32\CNMLM90.DLL
2015-10-03 07:18 - 2012-07-31 01:48 - 000359936 _____ (CANON INC.) [File not signed] C:\windows\System32\CNMN6PPM.DLL
2011-03-06 18:18 - 2007-05-01 06:00 - 000027648 _____ (CANON INC.) [File not signed] C:\windows\system32\spool\PRTPROCS\x64\CNMPD90.DLL
2008-05-07 12:59 - 2008-05-07 19:59 - 000048640 _____ (Hewlett-Packard Company) [File not signed] C:\windows\System32\hpzlllhn.dll
2011-05-17 18:42 - 2008-05-07 19:59 - 000099840 _____ (Hewlett-Packard Corporation) [File not signed] C:\windows\system32\spool\PRTPROCS\x64\hpzpplhn.dll
2010-06-28 22:54 - 2010-06-28 22:54 - 000080384 _____ (KYOCERA MITA Corporation) [File not signed] C:\windows\System32\KMPJL64.DLL
2010-03-23 07:17 - 2010-03-23 07:17 - 000417280 _____ (Stardock Corporation) [File not signed] C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2019-01-04 04:38 - 000000054 _____ C:\windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\[]TOOLS[]\QuickTime\QTSystem\;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^Users^the Hoff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^the Hoff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^the Hoff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Verizon Wireless Software Utility Application for Android – Samsung.lnk => C:\windows\pss\Verizon Wireless Software Utility Application for Android – Samsung.lnk.Startup
MSCONFIG\startupreg: Box => "C:\Program Files\Box\Box\Box.exe" -m
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Dropbox Update => "C:\Users\the Hoff\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: GoPro Tray App => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{7F886027-1EC6-485C-A1E6-9BFF1B169B81}C:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Block) C:\program files (x86)\plex\plex media server\plexscripthost.exe (Plex, Inc -> Python Software Foundation)
FirewallRules: [UDP Query User{833784F3-2979-4265-8516-C37225830DA0}C:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Block) C:\program files (x86)\plex\plex media server\plexscripthost.exe (Plex, Inc -> Python Software Foundation)
FirewallRules: [TCP Query User{2EA624A2-2F5F-4530-9D52-ED03DCB40510}C:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Block) C:\program files (x86)\plex\plex media server\plexscripthost.exe (Plex, Inc -> Python Software Foundation)
FirewallRules: [UDP Query User{E063BFD4-6177-4920-8812-94E620896C48}C:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Block) C:\program files (x86)\plex\plex media server\plexscripthost.exe (Plex, Inc -> Python Software Foundation)
FirewallRules: [TCP Query User{29FA61CD-0B87-4EC9-B25F-50E6C9AD9BFE}C:\program files\itunes\itunes.exe] => (Block) C:\program files\itunes\itunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BC348D61-D046-490F-9B20-676EF5342439}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{212D4C4D-C4EF-4242-A85C-57972F8D5285}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DC6D7D76-5BD2-491C-8BA2-EE7ADBC7CCEC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{96875257-564A-4230-AD40-239312116A34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7A50A590-688F-4E24-9EBC-6A4D7D55E0C9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8A4A1EEF-4D42-4696-BDE8-AB2C2D2532B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{352BAEC5-F2F2-4033-B6D2-21B4A5FBEF8A}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe () [File not signed]
FirewallRules: [UDP Query User{0ADEA218-CB52-492F-95C3-FA811B8CEAFB}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe () [File not signed]
FirewallRules: [{E172366E-386F-4107-B410-DED83513C77A}] => (Allow) C:\Users\the Hoff\AppData\Roaming\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E826E398-18BE-4DD6-B700-1A5F585FB6D4}] => (Allow) C:\Users\the Hoff\AppData\Roaming\Spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A6CB4876-AFA5-4E5E-A431-CC74ED29435B}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe (GoPro, Inc. -> )
FirewallRules: [{3149095F-AFE1-449E-946B-8B6CDBE92717}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe (GoPro, Inc. -> )
FirewallRules: [{0138EB29-56E0-411D-A1D1-E504BFA07FCE}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe (GoPro, Inc. -> )
FirewallRules: [{0378D645-A777-4697-939F-9F985DA120E1}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe (GoPro, Inc. -> )
FirewallRules: [TCP Query User{1EB5A5DB-1C31-41E1-9A1F-6398FB04A9C6}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe (Plex, Inc -> Plex, Inc.)
FirewallRules: [UDP Query User{4F6A1F76-ABA6-4583-B97C-C881F50CE168}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe (Plex, Inc -> Plex, Inc.)
FirewallRules: [TCP Query User{0C2BEEFD-598D-4526-91D3-049F5DB8FB9B}C:\users\the hoff\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\the hoff\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [UDP Query User{10279782-679B-4693-8BC6-82FCA07278A2}C:\users\the hoff\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\the hoff\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [TCP Query User{D4DEBBF2-485F-4318-B734-6719D582BACA}C:\users\the hoff\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\the hoff\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [UDP Query User{D397A4DF-4EC9-4A12-ACB7-178ADBC41BD4}C:\users\the hoff\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\the hoff\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [TCP Query User{75BBD6EB-6E0B-40C0-87C2-9A5AAF7AD4B0}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{C4D3C730-C6CA-4B98-A3E7-3CDABF303CD8}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{A0178A3E-83CE-4C48-A999-677CCDA540FE}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{25461025-7939-4854-B68A-2C176E439503}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{51839F7B-29E0-43B7-8452-12AF2CC05EAA}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{6867B17B-1A74-456D-B53E-A93EC5296FEC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{A250F3C6-3B56-4104-B6B9-1F06971C7159}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{7485D274-FBA2-4B3C-B0C3-016E613E333F}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{C8BB45C4-219F-471E-BA95-2AF0FD5940ED}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc -> Plex, Inc.)
FirewallRules: [UDP Query User{0BF3AC52-70E5-4E25-A826-4EB08EC1EC21}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe (Plex, Inc -> Plex, Inc.)
FirewallRules: [{5F3CC4DF-5803-4FA1-98EE-D81611339B2E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2F61A3D5-70BF-4DC7-B9C5-B1686815A07F}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc -> Plex, Inc.)
FirewallRules: [{CC112FF7-9437-4B50-80AD-1BBA3AD7E67B}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc -> Python Software Foundation)
FirewallRules: [{E5BFA7D0-48C9-421D-A0AF-22085AAA2CCB}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc -> Plex, Inc.)
FirewallRules: [{91A0A013-8252-46F7-84AC-94FE4BB82086}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc -> )
FirewallRules: [{2392606C-8F6D-4073-A248-2F394560C93F}] => (Allow) C:\Users\the Hoff\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7AA7D791-FC72-4421-8C82-2F969F9FE933}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7

==================== Restore Points =========================

01-08-2019 17:52:46 Removed Apple Software Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2019 06:41:56 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2019 06:40:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2019 06:40:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2019 06:38:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x517f39a1
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x7fc
Faulting application start time: 0x01d5499075523207
Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Report Id: 5366ff7a-b58f-11e9-8b8b-bcaec54f1b9f

Error: (08/02/2019 06:37:45 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2019 06:15:18 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2019 05:12:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x517f39a1
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x7b0
Faulting application start time: 0x01d5498c7f8d4b73
Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Report Id: 7032b762-b583-11e9-8811-bcaec54f1b9f

Error: (08/02/2019 04:53:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/02/2019 06:42:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (08/02/2019 06:40:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee True Key service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/02/2019 06:40:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee True Key service to connect.

Error: (08/02/2019 06:38:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/02/2019 06:37:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (08/02/2019 06:36:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.

Error: (08/02/2019 05:17:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (08/02/2019 05:15:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee True Key service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================

Date: 2018-03-14 10:44:28.157
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-14 10:44:27.570
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-14 10:44:26.960
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-14 10:44:26.358
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-14 10:44:25.770
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-14 10:44:25.184
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-14 10:44:24.589
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-14 10:44:23.990
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 0801 06/11/2010
Motherboard: ASUSTeK Computer INC. M4A78LT-M
Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 55%
Total physical RAM: 7934.18 MB
Available physical RAM: 3503.26 MB
Total Virtual: 15866.5 MB
Available Virtual: 11078.67 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1862.92 GB) (Free:1732.31 GB) NTFS
Drive z: (Storage) (Fixed) (Total:3725.9 GB) (Free:1532.44 GB) NTFS

\\?\Volume{a8c4ae2d-3f53-11e0-a0a0-806e6f6e6963}\ (System) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 3726 GB) (Disk ID: 075A0ECB)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements

#2
iMacg3
Posted 04 August 2019 - 04:30 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi bbj, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not run any fixes or tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 4 days, it will be closed.
    • If your topic is closed and you still need assistance, send me or any Moderator a Private Message with a link to your topic.
  • If you have questions at any time during the cleanup, feel free to ask.
--------------------

Please give me some time to go over your logs and I will get back to you as soon as possible.
  • 0

#3
iMacg3
Posted 04 August 2019 - 04:45 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi bbj,

Is this computer used for business purposes?

---------------------------------------------------
CKScanner

Download CKScanner by askey127 from here

Important : Save it to your desktop.
  • Double-click CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
---------------------------------------------------
Download and Run a Diagnostic Tool (MGADiag.exe) from here and save it to your desktop.
  • Double-click on MGADiag.exe
  • Click Continue
  • When the program has finished, click Copy
  • Open Notepad, and press Ctrl + V to paste the contents of the report into the text file
  • Save the file to your desktop as MGAdiag.txt
  • Post the contents of MGAdiag.txt to your reply.
---------------------------------------------------

In your next reply, please include:
  • CKFiles.txt
  • MGAdiag.txt

  • 0

#4
bbj
Posted 05 August 2019 - 12:41 AM

bbj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

This is a personal home computer used by the family.

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\frst\quarantine\c\windows\kmsemulator.exe.xbad
c:\windows\kmsemulator.exe
c:\windows\system32\driverstore\filerepository\oemsetup.inf_amd64_neutral_54fd64bcde912154\kmstmnet.exe
c:\windows\system32\driverstore\filerepository\oemsetup.inf_amd64_neutral_54fd64bcde912154\kmstmnw.exe
c:\windows\system32\driverstore\filerepository\oemsetup.inf_amd64_neutral_54fd64bcde912154\kmstmvm.exe
scanner sequence 3.EM.11.BIAACZ
 ----- EOF -----

 

 

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-H9K4M-DV32X-8X2XD
Windows Product Key Hash: hIy5Kq09q7qZt8Eky8OoVdeQhnI=
Windows Product ID: 00359-OEM-8992687-00261
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {410CA7CC-0856-4E5B-880C-32DF0DFA8E71}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.190612-0600
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{410CA7CC-0856-4E5B-880C-32DF0DFA8E71}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-8X2XD</PKey><PID>00359-OEM-8992687-00261</PID><PIDType>2</PIDType><SID>S-1-5-21-3472861432-3466800176-631802751</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0801   </Version><SMBIOSVersion major="2" minor="5"/><Date>20100611000000.000000+000</Date></BIOS><HWID>71BC3007018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>zt grp</OEMID><OEMTableID>ztsys122</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800261-02-1033-7600.0000-2462009
Installation ID: 020891745032380684789486157256572711404964233271192985
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: 8X2XD
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 8/4/2019 11:37:46 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAEABAABAAEAAAACAAAAAQABAAEAln3eKSgNVPIQM+JrOJisITw96kXO7npgji4=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
  ACPI Table Name    OEMID Value    OEMTableID Value
  APIC            061110        APIC1015
  FACP            061110        FACP1015
  SRAT            AMD           FAM_F_10
  HPET            061110        OEMHPET
  MCFG            061110        OEMMCFG
  OEMB            061110        OEMB1015
  SLIC            zt grp        ztsys122
  SSDT            A M I         POWERNOW


  • 0

#5
iMacg3
Posted 05 August 2019 - 11:08 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi bbj,

Is your computer's operating system properly activated?
  • 0

#6
bbj
Posted 05 August 2019 - 05:47 PM

bbj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

It's from Costco a few years ago and has been in use since purchase.

 

https://imgur.com/a/j5uljIm


  • 0

#7
iMacg3
Posted 06 August 2019 - 07:41 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi bbj,

Unfortunately, it looks like you may have pirated/cracked/improperly licensed software on your computer. As per this forum's Terms of Use, we do not support the use of pirated software. Please uninstall/remove any pirated software from your computer, then do the following:

---------------------------------------------------
FRST scan
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

  • 0

#8
bbj
Posted 06 August 2019 - 08:24 AM

bbj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

OK, I'm not sure what needs to be removed. How should I go about this?


  • 0

#9
iMacg3
Posted 06 August 2019 - 04:36 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi bbj,

Please note that this fix as well as the anti malware tools we use will remove pirated programs/software used to "crack" Microsoft programs.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {177d581c-6911-11e1-b881-bcaec54f1b9f} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {1f7655c1-33c8-11e5-8de9-bcaec54f1b9f} - F:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {20838ec2-465e-11e7-910d-bcaec54f1b9f} - E:\VerizonWirelessUpgradeAssistantSetup.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {65f4fc7e-5707-11e0-a635-bcaec54f1b9f} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {73d43358-0978-11e5-8599-bcaec54f1b9f} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {90c3ab84-df7e-11e6-9f04-bcaec54f1b9f} - E:\VerizonWirelessUpgradeAssistantSetup.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {90c3abbe-df7e-11e6-9f04-bcaec54f1b9f} - E:\VerizonWirelessUpgradeAssistantSetup.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {912af8cb-85b2-11e3-8d84-bcaec54f1b9f} - N:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {d0b5e897-7d42-11e2-9f15-bcaec54f1b9f} - F:\VZW_Software_upgrade_assistant.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {2D167A0F-365F-4DC0-929A-CFE3DB1467C5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {310475E1-2368-4C8F-B0C0-F8FFBA7A0F0B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8831782A-BD51-45B3-A77F-B9DEF42FA4B0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: C:\windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ProfilePath: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\nscrosro.default-1450112767985 [not found] <==== ATTENTION
FF ProfilePath: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default [not found] <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\[]TOOLS[]\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]
2019-08-02 18:39 - 2017-04-03 18:36 - 000000248 _____ C:\windows\Tasks\AutoKMS.job
2019-07-29 12:45 - 2017-04-03 18:36 - 000002540 _____ C:\windows\System32\Tasks\AutoKMS
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
C:\Windows\AutoKMS
Reg: reg delete "HKLM\Software\Microsoft\Shared Tools\msconfig\startupreg" 
Reg: reg add "HKLM\Software\Microsoft\shared tools\msconfig\startupreg"
Reg: reg delete "HKLM\Software\Microsoft\Shared Tools\msconfig\startupfolder"
Reg: reg add "HKLM\Software\Microsoft\Shared Tools\msconfig\startupfolder"
CMD: Bitsadmin /Reset /Allusers
End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------

Do you recognize the following folder?
 

C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\[]TOOLS[]


Do you use the program Auslogics Disk Defrag?

---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt

  • 0

#10
bbj
Posted 06 August 2019 - 07:50 PM

bbj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Yes, to try and keep the 'Start > All Programs' tidy, the TOOLS folder has things like AV, MBAM, CCleaner etc. An old version of Auslogics Disc Defrag is installed but should be updated to a newer version/better program (the OS will be on the new SSD, so defrag shouldn't be a big issue.)

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-08-2019
Ran by the Hoff (06-08-2019 18:51:24) Run:1
Running from C:\Users\the Hoff\Desktop
Loaded Profiles: the Hoff (Available Profiles: the Hoff)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {177d581c-6911-11e1-b881-bcaec54f1b9f} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {1f7655c1-33c8-11e5-8de9-bcaec54f1b9f} - F:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {20838ec2-465e-11e7-910d-bcaec54f1b9f} - E:\VerizonWirelessUpgradeAssistantSetup.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {65f4fc7e-5707-11e0-a635-bcaec54f1b9f} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {73d43358-0978-11e5-8599-bcaec54f1b9f} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {90c3ab84-df7e-11e6-9f04-bcaec54f1b9f} - E:\VerizonWirelessUpgradeAssistantSetup.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {90c3abbe-df7e-11e6-9f04-bcaec54f1b9f} - E:\VerizonWirelessUpgradeAssistantSetup.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {912af8cb-85b2-11e3-8d84-bcaec54f1b9f} - N:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\MountPoints2: {d0b5e897-7d42-11e2-9f15-bcaec54f1b9f} - F:\VZW_Software_upgrade_assistant.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {2D167A0F-365F-4DC0-929A-CFE3DB1467C5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {310475E1-2368-4C8F-B0C0-F8FFBA7A0F0B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8831782A-BD51-45B3-A77F-B9DEF42FA4B0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: C:\windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ProfilePath: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\nscrosro.default-1450112767985 [not found] <==== ATTENTION
FF ProfilePath: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default [not found] <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\[]TOOLS[]\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]
2019-08-02 18:39 - 2017-04-03 18:36 - 000000248 _____ C:\windows\Tasks\AutoKMS.job
2019-07-29 12:45 - 2017-04-03 18:36 - 000002540 _____ C:\windows\System32\Tasks\AutoKMS
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
C:\Windows\AutoKMS
Reg: reg delete "HKLM\Software\Microsoft\Shared Tools\msconfig\startupreg"
Reg: reg add "HKLM\Software\Microsoft\shared tools\msconfig\startupreg"
Reg: reg delete "HKLM\Software\Microsoft\Shared Tools\msconfig\startupfolder"
Reg: reg add "HKLM\Software\Microsoft\Shared Tools\msconfig\startupfolder"
CMD: Bitsadmin /Reset /Allusers

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{177d581c-6911-11e1-b881-bcaec54f1b9f} => removed successfully
HKLM\Software\Classes\CLSID\{177d581c-6911-11e1-b881-bcaec54f1b9f} => not found
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f7655c1-33c8-11e5-8de9-bcaec54f1b9f} => removed successfully
HKLM\Software\Classes\CLSID\{1f7655c1-33c8-11e5-8de9-bcaec54f1b9f} => not found
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20838ec2-465e-11e7-910d-bcaec54f1b9f} => removed successfully
HKLM\Software\Classes\CLSID\{20838ec2-465e-11e7-910d-bcaec54f1b9f} => not found
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f4fc7e-5707-11e0-a635-bcaec54f1b9f} => removed successfully
HKLM\Software\Classes\CLSID\{65f4fc7e-5707-11e0-a635-bcaec54f1b9f} => not found
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73d43358-0978-11e5-8599-bcaec54f1b9f} => removed successfully
HKLM\Software\Classes\CLSID\{73d43358-0978-11e5-8599-bcaec54f1b9f} => not found
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90c3ab84-df7e-11e6-9f04-bcaec54f1b9f} => removed successfully
HKLM\Software\Classes\CLSID\{90c3ab84-df7e-11e6-9f04-bcaec54f1b9f} => not found
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90c3abbe-df7e-11e6-9f04-bcaec54f1b9f} => removed successfully
HKLM\Software\Classes\CLSID\{90c3abbe-df7e-11e6-9f04-bcaec54f1b9f} => not found
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{912af8cb-85b2-11e3-8d84-bcaec54f1b9f} => removed successfully
HKLM\Software\Classes\CLSID\{912af8cb-85b2-11e3-8d84-bcaec54f1b9f} => not found
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f} => removed successfully
HKLM\Software\Classes\CLSID\{d0b5e87b-7d42-11e2-9f15-bcaec54f1b9f} => not found
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0b5e897-7d42-11e2-9f15-bcaec54f1b9f} => removed successfully
HKLM\Software\Classes\CLSID\{d0b5e897-7d42-11e2-9f15-bcaec54f1b9f} => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2D167A0F-365F-4DC0-929A-CFE3DB1467C5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D167A0F-365F-4DC0-929A-CFE3DB1467C5}" => removed successfully
C:\windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{310475E1-2368-4C8F-B0C0-F8FFBA7A0F0B} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{310475E1-2368-4C8F-B0C0-F8FFBA7A0F0B} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8831782A-BD51-45B3-A77F-B9DEF42FA4B0} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8831782A-BD51-45B3-A77F-B9DEF42FA4B0} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => removed successfully
C:\windows\Tasks\AutoKMS.job => moved successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\nscrosro.default-1450112767985 => path removed successfully
C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default => path removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\System\CurrentControlSet\Services\RTHDMIAzAudService => removed successfully
RTHDMIAzAudService => service removed successfully
"C:\windows\Tasks\AutoKMS.job" => not found
"C:\windows\System32\Tasks\AutoKMS" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => removed successfully
HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => not found
C:\Windows\AutoKMS => moved successfully

========= reg delete "HKLM\Software\Microsoft\Shared Tools\msconfig\startupreg" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\msconfig\startupreg (Yes/No)? The operation completed successfully.


========= End of Reg: =========


========= reg add "HKLM\Software\Microsoft\shared tools\msconfig\startupreg" =========

The operation completed successfully.


========= End of Reg: =========


========= reg delete "HKLM\Software\Microsoft\Shared Tools\msconfig\startupfolder" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\msconfig\startupfolder (Yes/No)? The operation completed successfully.


========= End of Reg: =========


========= reg add "HKLM\Software\Microsoft\Shared Tools\msconfig\startupfolder" =========

The operation completed successfully.


========= End of Reg: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{7D64CD66-04C8-42B0-81EF-45BC2F619CD7} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11429518 B
Java, Flash, Steam htmlcache => 587 B
Windows/system/drivers => 1794 B
Edge => 0 B
Chrome => 41645688 B
Firefox => 243166045 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
the Hoff => 174603645 B

RecycleBin => 119497150 B
EmptyTemp: => 575 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:52:59 ====


Edited by bbj, 06 August 2019 - 08:32 PM.

  • 0

#11
iMacg3
Posted 07 August 2019 - 08:17 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi bbj,

---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
---------------------------------------------------

In your next reply, please include:
  • AdwCleaner[S0*].txt
  • eset.txt
  • Let me know how the computer is doing.

  • 0

#12
bbj
Posted 07 August 2019 - 07:40 PM

bbj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

The computer still seems very slow. 6+ minutes from clicking restart until it's usable again. First time loading Firefox is really slow. Lots of swirling cursor when navigating file folders. Is this load of Windows a lost cause for migrating onto an SSD?

 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-08-07.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    08-07-2019
# Duration: 00:00:27
# OS:       Windows 7 Home Premium
# Scanned:  35883
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.SamsungSmartSwitch



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

eset.txt

8/7/2019 21:57:11 PM
Files scanned: 602513
Infected files: 9
Cleaned threats: 7
Total scan time 02:38:07
Scan status: Finished
C:\FRST\Quarantine\C\Program Files (x86)\[]TOOLS[]\DVDFab 8\Patch.exe.xBAD    a variant of MSIL/Packed.FishNet.A suspicious application    cleaned by deleting

C:\FRST\Quarantine\C\Users\the Hoff\Desktop\ccsetup508.exe.xBAD    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting

C:\FRST\Quarantine\C\Users\the Hoff\dwhelper\Download CCleaner 5.08.5308 - Download - FileHippo.com.mp4.xBAD    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting

C:\FRST\Quarantine\C\windows\KMSEmulator.exe.xBAD    Win32/HackKMS.A potentially unsafe application    cleaned by deleting

C:\Program Files\[]TOOLS[]\Avast\Setup\aswOfferTool.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    error while deleting (Access denied)

C:\Program Files\[]TOOLS[]\Avast\Setup\offertool_x64_ais-94f.vpx    Win32/Bundled.Toolbar.Google.D potentially unsafe application    error while deleting (Access denied)

C:\Users\Public\Downloads\Office 2010 Toolkit.exe    a variant of MSIL/HackKMS.G potentially unsafe application    cleaned by deleting

C:\Users\the Hoff\Dropbox\Public\Office 2010 Toolkit.exe    a variant of MSIL/HackKMS.G potentially unsafe application    cleaned by deleting

C:\windows\KMSEmulator.exe    Win32/HackKMS.A potentially unsafe application    cleaned by deleting


Edited by bbj, 07 August 2019 - 11:34 PM.

  • 0

#13
iMacg3
Posted 08 August 2019 - 09:17 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Your logs show evidence of potentially pirated software / software used to "crack" Microsoft programs.

As per the Geeks to Go Terms of Use:
 

We will NOT help anyone we suspect of having obtained their software or services illegally.


This topic is now closed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP