Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CtrlAltDel screen regularly disappears without authorisation/accidenta


  • This topic is locked This topic is locked

#1
phickspc

phickspc

    Member

  • Member
  • PipPipPip
  • 362 posts

Hi, recently when I hold Ctrl Alt Del which to hide workspsace, whilst away from desk, I notice that the screen has gone and my workspace is visible again. I don't know why or how, considering my keyboard was not pressed and my room is locked. I have never experienced this issue in my 20+yrs of using a personal computer.

I've posted about the issue here.  I don't believe firmly that I've been hacked, but SpywareDr said we couldn't investigate further unless I confirmed no malware.

 

So, here is my FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2019
Ran by User1 (administrator) on User3 (14-09-2019 13:36:02)
Running from C:\Users\User1\Desktop
Loaded Profiles: User1 (Available Profiles: User3 & User2 & User1 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Portable Program Files\INET\FirefoxPortableESR\App\Firefox64\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Avid Technology, Inc. -> Avid Technology, Inc.) C:\Windows\SysWOW64\MAFWTray.exe
(BlackBerry Ltd. -> Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\MSG\LWS\Webcam Software\LWS.exe
(London Trust Media Incorporated -> ) C:\Program Files\Private Internet Access\pia-service.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae.exe
(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Portable Program Files\INET\FirefoxPortableESR\App\Firefox64\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Portable Program Files\MSG\ThunderbirdPortable\App\Thunderbird\thunderbird.exe
(Nalpeiron Ltd.) [File not signed] C:\Windows\SysWOW64\nlssrv32.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(pdfforge GmbH -> © pdfforge GmbH.) C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
(PeerBlock, LLC -> PeerBlock, LLC) C:\Portable Program Files\INET\PeerBlockPortable\App\PeerBlock\Modern64\peerblock.exe
(Rare Ideas, LLC -> PortableApps.com) C:\Portable Program Files\MSG\ThunderbirdPortable\ThunderbirdPortable.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\MAINTENANCE\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\MAINTENANCE\Unchecky\bin\unchecky_svc.exe
(Sebastien.warin.fr) [File not signed] C:\Program Files (x86)\AUDIO\Stream What You Hear\SWYH.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Skwire Empire) [File not signed] C:\Portable Program Files\UTILITIES\kLED\kLED.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2314120 2009-06-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis International GmbH -> Acronis)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Ltd. -> BlackBerry Limited)
HKLM-x32\...\Run: [M-Audio Taskbar Icon] => C:\Windows\SysWOW64\MAFWTray.exe [254256 2012-01-24] (Avid Technology, Inc. -> Avid Technology, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\WORK\NaturallySpeaking14\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\MSG\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4861688 2015-03-19] (BlackBerry Ltd. -> BlackBerry Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae.exe [2480328 2019-08-05] (Malwarebytes Inc -> Malwarebytes Corporation)
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [EPSON Stylus D92 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBZE.EXE [213504 2007-10-05] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [PeerBlock] => C:\Portable Program Files\INET\PeerBlockPortable\App\PeerBlock\Modern64\peerblock.exe [2513992 2014-01-15] (PeerBlock, LLC -> PeerBlock, LLC)
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [StreamWhatYouHear] => C:\Program Files (x86)\AUDIO\Stream What You Hear\SWYH.exe [364032 2016-03-09] (Sebastien.warin.fr) [File not signed]
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [RIMDeviceManager] => C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2471672 2015-05-20] (BlackBerry Ltd. -> Research In Motion Limited)
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\MountPoints2: {825f7915-8afe-11e6-b9cc-00248c02da27} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Start.exe
HKU\S-1-5-18\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-09-21] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.ULRA] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULRG] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY0] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH0] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQY2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [msacm.dvacm_vspx8] => C:\Program Files\VIDEO\Corel VideoStudio Ultimate X8\DVACM.acm [23552 2015-01-28] (Corel TW Corp.) [File not signed]
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-09-21] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [VIDC.ULRA] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULRG] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY0] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH0] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQY2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [401920 2010-03-22] (Philips Austria GmbH - Speech Processing) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [236544 2011-12-19] () [File not signed]
HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
Startup: C:\Users\User3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kLED.exe.lnk [2016-02-28]
ShortcutTarget: kLED.exe.lnk -> C:\Portable Program Files\UTILITIES\kLED\kLED.exe (Skwire Empire) [File not signed]
Startup: C:\Users\User3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-12-22]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kLED.lnk [2017-07-11]
ShortcutTarget: kLED.lnk -> C:\Portable Program Files\UTILITIES\kLED\kLED.exe (Skwire Empire) [File not signed]
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-02-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-09-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ThunderbirdPortable.exe.lnk [2019-06-13]
ShortcutTarget: ThunderbirdPortable.exe.lnk -> C:\Portable Program Files\MSG\ThunderbirdPortable\ThunderbirdPortable.exe (Rare Ideas, LLC -> PortableApps.com)
Startup: C:\Users\User2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-02-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03782E7F-03E0-4DEF-A906-A2FCEFE8F904} - System32\Tasks\{1A7050D9-E3AD-41F5-BA06-EE7F7E931C56} => C:\Windows\system32\pcalua.exe -a "D:\VSTi Software\Native Instruments Setups\Native.Instruments.Kontakt.VSTi.RTAS.v4.0.4.UPDATE.PROPER-AiR\Kontakt 4 Setup PC.exe" -d "D:\VSTi Software\Native Instruments Setups\Native.Instruments.Kontakt.VSTi.RTAS.v4.0.4.UPDATE.PROPER-AiR"
Task: {088B8578-F1E9-4E72-B263-4A2DA36BF64B} - System32\Tasks\{DB1241E9-6ECB-44CC-B724-7A04CD0810F6} => C:\Users\User2\AppData\Roaming\Microsoft\Installer\{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}\_8C4C6DE2B4274D54DAD619.exe [10134 2016-02-07] () [File not signed]
Task: {0F111F3F-03AD-42E2-801A-466ECE4E1CB3} - System32\Tasks\{887C1110-C5ED-4E7C-A980-3C0B6D2DC06D} => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe [111616 2010-12-13] (Microsoft Corporation) [File not signed]
Task: {20ADF8A4-1BF8-40FE-816B-0B307552DEC9} - System32\Tasks\{C56A10BC-EA49-4903-8B20-64E3BB9DD04C} => C:\Windows\system32\pcalua.exe -a C:\Users\Harvestthesouls\Downloads\IMSM_V8901023_Windows7\IMSM_V8901023_Windows7\setup.exe -d C:\Users\Harvestthesouls\Downloads\IMSM_V8901023_Windows7\IMSM_V8901023_Windows7
Task: {2B912585-4655-4633-93A6-032023931D84} - System32\Tasks\{36674DC5-28BC-4011-A06F-C94F7D70D3B7} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.18.85.112/en/abandoninstall?page=tsMain
Task: {2ED0EEF8-CBA1-4C74-B6AC-1D5658ED7C87} - System32\Tasks\{329C6536-59D9-4AB4-8D29-B034D57C5146} => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe [111616 2010-12-13] (Microsoft Corporation) [File not signed]
Task: {35462A02-EE83-4FB6-885F-4BEDE56AE37E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {40E24E2B-29F2-4DA5-B7F8-BA3DBBAA9803} - System32\Tasks\{2BE7ACF0-36A6-45B8-A198-68BF5C798FFE} => C:\Windows\system32\pcalua.exe -a C:\Users\Harvestthesouls\AppData\Local\Temp\Temp1_NI_DFD_129_Setup.zip\NI_DFD_129_Setup\NI_DFD_129_Setup.exe <==== ATTENTION
Task: {46FD89D8-EFB5-4792-82BE-3F2508097C32} - System32\Tasks\{D99CFF2F-7BA6-47F7-BF46-ED68A4B0F8C6} => C:\Users\User2\AppData\Roaming\Microsoft\Installer\{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}\_8C4C6DE2B4274D54DAD619.exe [10134 2016-02-07] () [File not signed]
Task: {49D5742A-B2D4-46F2-A1F8-9338B8F4AC63} - System32\Tasks\GoogleUpdateTaskMachineCore1cf826e5eb38d0d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-18] (Google Inc -> Google Inc.)
Task: {4F5F4CC2-1260-4254-A723-0F0AD2C018B8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {51EEFD20-43FB-4A59-82C0-404B3016C813} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {5626C39C-4F4D-400D-9791-50051F225313} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B01CAE1-A362-4702-B704-8731D14DE974} - System32\Tasks\{D3060A38-6A7B-4742-A417-0A5973361847} => C:\Windows\system32\pcalua.exe -a "D:\VSTi Software\Native Instruments Setups\Native.Instruments.Kontakt.Player.v2.2.4.001.VSTi.DXi.RTAS.REPACK-DYNAMiCS\NI Kontakt Player v2.2.4.exe" -d "D:\VSTi Software\Native Instruments Setups\Native.Instruments.Kontakt.Player.v2.2.4.001.VSTi.DXi.RTAS.REPACK-DYNAMiCS"
Task: {633E5843-662B-445E-97D8-66F81AEF7632} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {662F43B1-F324-47C0-B467-E123D3BCF53B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {68B5A1E7-A704-4EBF-9C68-B9B6C2B66A80} - System32\Tasks\G2MUploadTask-S-1-5-21-1925592742-456944920-4000667399-1008 => C:\Users\User1\AppData\Local\GoToMeeting\10996\g2mupload.exe [29736 2018-11-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {711AE5EF-74C2-44F9-9C7F-C5F8A566B2E9} - System32\Tasks\Auslogics\Driver Updater\Start Driver Updater automatic scanning => C:\Program Files (x86)\Auslogics\Driver Updater\DriverUpdater.exe [3175840 2016-01-11] (Auslogics Labs Pty Ltd -> Auslogics)
Task: {76312250-FAED-43D6-BB2B-93DA17A949BF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2314120 2009-06-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {9537870B-FB18-4BCC-A520-14365287A819} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-18] (Google Inc -> Google Inc.)
Task: {986FAA46-05C1-4BD4-96A2-94C22443135E} - System32\Tasks\{3362883A-034F-4055-96D0-908470C90366} => I:\VSTi Software\PIANO\pianitostudio.exe
Task: {9D8DD398-0EE4-4D2E-9B06-433F6D9E20DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-11] (Adobe Inc. -> Adobe)
Task: {BBD2BE3E-1523-4863-B874-B71AEDCAA360} - System32\Tasks\{E8903C49-EF76-4257-A723-778ADD211C92} => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe [111616 2010-12-13] (Microsoft Corporation) [File not signed]
Task: {C047FE30-82B1-46E5-ADB5-B8A43B6054D9} - System32\Tasks\{5B69AA6C-6F32-4695-BE52-0FEEB926B8B0} => C:\Windows\system32\pcalua.exe -a I:\downloads\pianitostudio.exe -d I:\downloads
Task: {D110944E-205A-4494-A573-B16F4B6B48D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-18] (Google Inc -> Google Inc.)
Task: {D3D1555C-4E38-459A-8473-471E23E21B0F} - System32\Tasks\G2MUpdateTask-S-1-5-21-1925592742-456944920-4000667399-1008 => C:\Users\User1\AppData\Local\GoToMeeting\10996\g2mupdate.exe [29736 2018-11-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {D7EC0C0C-1653-4558-8C4E-5249BA6A106A} - System32\Tasks\{20B784C2-3347-4E79-85C3-40CD3160C547} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.22.85.109/en/abandoninstall?page=tsMain
Task: {D8AE400C-FA2A-4336-A372-0E9E4C4700D6} - System32\Tasks\EPSON Perfection V39 Update => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {DA667271-97E7-498C-B38A-59887BC791CE} - System32\Tasks\{6F0D982D-0A7A-4A2A-AFD1-379D6FE7F3F7} => C:\Windows\system32\pcalua.exe -a "F:\Install Reason.exe" -d F:\
Task: {E7D82D8F-77E1-493E-890F-C84C702A484D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {E8DDAC1D-CA83-4E6F-B1F9-525B27AA9B1D} - System32\Tasks\{5BD0C69B-C1B9-4770-9C61-4D441974B34D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Harvestthesouls\AppData\Local\Temp\Temp1_East West Updates.zip\East West Updates\EWQLSO\gold\EWQLSO Gold Edition Setup.exe" <==== ATTENTION
Task: {EB5AE8B1-FFFF-4C83-B726-12AB536DB690} - System32\Tasks\{EFCB2B36-234C-446B-BD98-6595EF63956F} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.37.0.103/en/abandoninstall?page=tsMain
Task: {F0C7A64F-5252-4DF0-8594-C023D11063CE} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-09-11] (Adobe Inc. -> Adobe)
Task: {F46205F0-EB5F-4AF5-8CBB-8902A2956AC3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON Perfection V39 Update.job => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe7/EXE_S:EPSON Perfection V39,ES010D.DAT /F:UpdateUser1ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1925592742-456944920-4000667399-1008.job => C:\Users\User1\AppData\Local\GoToMeeting\10996\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1925592742-456944920-4000667399-1008.job => C:\Users\User1\AppData\Local\GoToMeeting\10996\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{20DC78A3-BF1B-4E36-91C7-CE2E9A975D75}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{238FBF41-957F-4B5C-B838-3AD6A3074AC5}: [DhcpNameServer] 209.222.18.222 209.222.18.218
HKLM\System\...\Parameters\PersistentRoutes: [104.96.147.3,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.177,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.40.37,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.115.60,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.165.248,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.165.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.185.70,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.30.202,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [137.116.81.24,255.255.255.255,0.0.0.0,1]
PersistentRoutes: There are 65 PersistentRoutes.


Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\WORK\NaturallySpeaking14\Program\x64\dgnriaie_x64.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\WORK\NaturallySpeaking14\Program\dgnriaie.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default [2019-09-14]
FF DownloadDir: E:\FILM & TV
FF Homepage: Mozilla\Firefox\Profiles\i0tpy5ax.default -> hxxps://www.google.co.uk/
FF NetworkProxy: Mozilla\Firefox\Profiles\i0tpy5ax.default -> type", 0
FF NewTabOverride: Mozilla\Firefox\Profiles\i0tpy5ax.default -> Enabled: {66E978CD-981F-47DF-AC42-E3CF417C1467}
FF Extension: (Youtube Mp3 Downloader) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-03-17] [Legacy]
FF Extension: (Grammarly for Firefox) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-06-15]
FF Extension: (Copy text with Alt-Click) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\@copy-text-without-selecting.xpi [2018-02-28]
FF Extension: (Google Images (UK)) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\@google-images-uk.xpi [2016-02-16] [Legacy]
FF Extension: (Google Translate in Menu (Right Click)) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\@google-translate-menu.xpi [2016-02-25] [Legacy]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-05-06] [Legacy]
FF Extension: (AdBlocker Ultimate) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-08-06]
FF Extension: (AdGuard AdBlocker) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-07-03]
FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18] [Legacy]
FF Extension: (New Add-on Bar) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-17] [Legacy]
FF Extension: (AutoCopy 2) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-04-29] [Legacy]
FF Extension: (Auto Refresh) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-04-28] [Legacy]
FF Extension: (Cleanest Addon Manager) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-08-27] [Legacy]
FF Extension: (InvisibleHand) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-07-25]
FF Extension: (Custom New Tab) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-09-01] [Legacy]
FF Extension: (Cookies Notification Hider) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-09-01]
FF Extension: (Duplicate in Tab Context Menu) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18] [Legacy]
FF Extension: (Enable Right Click and Copy) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-06-15]
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-05-20] [Legacy]
FF Extension: (Autofill) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-04-28] [Legacy]
FF Extension: (MEGA) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-09-13] [UpdateUrl:hxxps://mega.nz/firefox-web-extension-updates.json]
FF Extension: (Form History Control (II)) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18]
FF Extension: (HTTPS Everywhere) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-06-28] [UpdateUrl:hxxps://www.eff.org/files/https-everywhere-updates.json]
FF Extension: (Jazz-MIDI) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected]_soft.com.xpi [2018-01-23]
FF Extension: (Coupons at Checkout) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-02-06] [Legacy]
FF Extension: (Decentraleyes) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18]
FF Extension: (Tab Grenade) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-04-28] [Legacy]
FF Extension: (Double-click Image Downloader) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2018-05-17]
FF Extension: (Search Youtube) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-04-28] [Legacy]
FF Extension: (Paste Email Plus) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-05-01] [Legacy]
FF Extension: (Menu Wizard) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18] [Legacy]
FF Extension: (Save File to) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-02-24] [Legacy]
FF Extension: (Session Sync) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-07-13]
FF Extension: (Simple Form Fill) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18]
FF Extension: (LastPass: Free Password Manager) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-09-13]
FF Extension: (Add-on Preferences Button) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-04-28] [Legacy]
FF Extension: (The Addon Bar (restored)) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-05-03] [Legacy]
FF Extension: (Thumbnail Zoom Plus) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-06-08] [Legacy]
FF Extension: (TinEye Reverse Image Search) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\tine[email protected] [2019-07-11]
FF Extension: (uBlock Origin) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2018-12-02]
FF Extension: (Easy Video Downloader) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18]
FF Extension: (VKontakte.ru Downloader) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-01-18] [Legacy]
FF Extension: (Video WithOut Flash) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-01-18] [Legacy]
FF Extension: (WebRank SEO Toolbar) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-05-10] [Legacy]
FF Extension: (Zoom Page) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18] [Legacy]
FF Extension: (Session Manager) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (FlashGot) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-12-02] [Legacy]
FF Extension: (Bulk Image Downloader) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi [2017-11-18]
FF Extension: (Boomerang for Gmail) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}.xpi [2018-02-19] [UpdateUrl:hxxps://www.boomeranggmail.com/firefox/updates.json]
FF Extension: (New Tab Homepage) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2017-11-18]
FF Extension: (CacheViewer) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2016-01-18] [Legacy]
FF Extension: (Bulk Media Downloader) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{72b2e02b-3a71-4895-886c-fd12ebe36ba3}.xpi [2017-11-18]
FF Extension: (deskCut) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}.xpi [2016-04-28] [Legacy]
FF Extension: (Session Exporter) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{943b5589-7808-4a70-acdc-7b6ee21e7cce}.xpi [2017-06-22] [Legacy]
FF Extension: (Complete YouTube Saver) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2017-06-29] [Legacy]
FF Extension: (YouTube HTML5 Player) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{b6b1a201-b252-484f-b9fe-68efbb273fbd}.xpi [2016-04-28] [Legacy]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-06-02]
FF Extension: (Flash and Video Download) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-09-03]
FF Extension: (SoundCloud Downloader - Technowise) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2016-03-17] [Legacy]
FF Extension: (Search Engine Creator) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{cccd1663-fea2-4098-8d6d-9d1790b76b2d}.xpi [2016-02-16] [Legacy]
FF Extension: (RightToClick) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-01-18] [Legacy]
FF Extension: (No Name) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-09-01]
FF Extension: (Signature /Auto Paste /Prefill Fourms) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{D719B74B-E716-403b-91A9-1CE455AB8ccc}.xpi [2017-01-29] [Legacy]
FF Extension: (DownThemAll!) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29] [Legacy]
FF Extension: (Dictionary Lookup Extension) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{f01f4cbe-b8a8-4c37-94b3-119d8779e7e0}.xpi [2016-04-28] [Legacy]
FF Extension: (Multirow Bookmarks Toolbar) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.xpi [2016-03-25] [Legacy]
FF SearchPlugin: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\searchplugins\amazon-couk.xml [2016-02-16]
FF SearchPlugin: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\searchplugins\backtype.xml [2016-03-09]
FF SearchPlugin: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\searchplugins\search-amazon.xml [2016-02-08]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-02-10] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\WORK\NaturallySpeaking14\Program\x64\npDgnRia2_x64.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @jazz-soft.com/JazzPlugin -> C:\Program Files (x86)\AUDIO\Jazz-Soft.net\Jazz-Plugin\npJazz.dll [2017-04-03] (Jazz-Soft) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-05-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] (Research In Motion -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\WORK\NaturallySpeaking14\Program\npDgnRia2.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-1925592742-456944920-4000667399-1008: @citrixonline.com/appdetectorplugin -> C:\Users\User1\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-06-07] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-1925592742-456944920-4000667399-1008: @jazz-soft.com/JazzPlugin -> C:\Program Files (x86)\AUDIO\Jazz-Soft.net\Jazz-Plugin\npJazz.dll [2017-04-03] (Jazz-Soft) [File not signed]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2217416 2007-02-22] (Acronis, Inc -> )
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [236544 2012-04-06] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Ltd. -> BlackBerry Limited)
S3 cfbackd; C:\Program Files (x86)\DISK\CleverFiles\Disk Drill\cfbackd.w32.exe [211520 2015-09-25] (508 Software, LLC -> CleverFiles)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568144 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [165440 2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 MbaeSvc; C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae-svc.exe [152264 2019-08-05] (Malwarebytes Inc -> Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [63488 2010-01-25] (Nalpeiron Ltd.) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PDF Architect 5 Manager; C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985848 2017-05-16] (pdfforge GmbH -> © pdfforge GmbH.)
R2 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [1073664 2019-08-26] (London Trust Media Incorporated -> )
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (BlackBerry Ltd. -> Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1354488 2015-03-19] (BlackBerry Ltd. -> BlackBerry Limited)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R2 Unchecky; C:\Program Files (x86)\MAINTENANCE\Unchecky\bin\unchecky_svc.exe [297240 2018-04-16] (Reason Software Company Inc. -> Reason Software Company Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11174400 2012-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [343040 2012-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [118184 2018-05-14] (Alcorlink Corp. -> )
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (APOWERSOFT LIMITED -> Wondershare)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104984 2016-01-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11174400 2012-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 axefx2load; C:\Windows\System32\Drivers\axefx2load.sys [55600 2013-07-12] (Fractal Audio Systems -> Cypress Semiconductor)
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry)
R3 bomebus; C:\Windows\System32\DRIVERS\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
R3 bomemidi; C:\Windows\System32\drivers\bomemidi.sys [50744 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
R1 ESProtectionDriver; C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae64.sys [153312 2019-08-04] (Malwarebytes Corporation -> Malwarebytes)
S3 fasusbaudio; C:\Windows\System32\DRIVERS\fasusbaudio_x64.sys [254464 2014-05-16] (Fractal Audio Systems -> )
S3 fasusbaudioks; C:\Windows\System32\DRIVERS\fasusbaudioks_x64.sys [46080 2014-05-16] (Fractal Audio Systems -> )
R0 FlashBoot; C:\Windows\System32\DRIVERS\FlashBoot.sys [17616 2014-04-03] (Challenger Backup Solutions, LLC -> Challenger Backup Solutions, LLC)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2012-12-30] (Arainia Solutions, LLC -> Arainia Solutions LLC)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-08-08] (SurfRight B.V. -> )
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation) [File not signed]
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows ® Win 7 DDK provider)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (Sqa.com(Test) -> QUALCOMM Incorporated) [File not signed]
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17136 2009-07-29] (JMicron Technology Corp. -> JMicron Technology Corp.)
R3 MAFW; C:\Windows\System32\DRIVERS\mafw.sys [235312 2012-01-24] (Avid Technology, Inc. -> Avid Technology, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [140672 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2019-09-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation -> Malwarebytes Corporation)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R3 mcdbus; C:\Windows\SysWOW64\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] (ASUSTeK Computer Inc. -> )
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 pbfilter; C:\Portable Program Files\INET\PeerBlockPortable\App\PeerBlock\Modern64\pbfilter.sys [22600 2014-01-15] (PeerBlock, LLC -> )
S3 RDID1053; C:\Windows\System32\Drivers\rdwm1053.sys [81792 2009-09-18] (Roland Corporation -> Roland Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [218264 2019-04-23] (上海域联软件技术有限公司 -> Sandboxie Holdings, LLC) [File not signed]
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 tap-pia-0901; C:\Windows\System32\DRIVERS\tap-pia-0901.sys [30208 2019-05-30] (Private Internet Access (London Trust Media Incorporated) -> The OpenVPN Project)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-02-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA64.sys [654720 2010-08-20] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM64.sys [943872 2010-08-20] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
S3 ALSysIO; \??\C:\Users\User1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 EWAVE; \??\C:\Windows\system32\drivers\ew.sys [X]
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-14 13:36 - 2019-09-14 13:37 - 000056952 _____ C:\Users\User1\Desktop\FRST.txt
2019-09-14 13:35 - 2019-09-14 13:35 - 001614848 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2019-09-13 17:04 - 2019-09-13 17:04 - 000000000 ____D C:\Users\User1\Downloads\AcronisTrueImage2018Build11530
2019-09-13 16:50 - 2019-09-13 16:50 - 000000090 _____ C:\Users\User1\Desktop\10% Travelodge Discount Code _ September 2019 _ The Independent.url
2019-09-13 16:50 - 2019-09-13 16:50 - 000000084 _____ C:\Users\User1\Desktop\Your Travelodge code_ MT4F68LL.url
2019-09-13 15:52 - 2019-09-13 15:52 - 000000192 _____ C:\Users\User1\Desktop\YzhkEyeMask3DStereoEyeMaskSummerSleepShadingBreathableMenAndWomen.url
2019-09-11 14:44 - 2019-09-11 14:44 - 000001059 _____ C:\Users\User1\Desktop\AcronisTrueImage2018Build11530.lnk
2019-09-09 20:32 - 2019-09-09 20:32 - 000000355 _____ C:\Users\User1\Desktop\RecyclBin.lnk
2019-09-09 20:32 - 2019-09-09 20:32 - 000000355 _____ C:\Users\User1\Desktop\Computer.lnk
2019-09-09 13:56 - 2019-09-09 13:56 - 000001794 _____ C:\Users\User1\Desktop\AE.lnk
2019-09-08 22:55 - 2019-09-08 22:55 - 000000953 _____ C:\Users\User1\Desktop\Dwhelper.lnk
2019-09-08 21:03 - 2019-09-08 21:03 - 000000687 _____ C:\Users\User1\Desktop\#MEMORIES.lnk
2019-09-08 18:47 - 2019-09-08 18:47 - 000000404 _____ C:\Users\User1\Desktop\Inet.lnk
2019-09-07 22:49 - 2019-09-07 22:49 - 000000091 _____ C:\Users\User1\Desktop\BestKRadios.url
2019-09-06 15:08 - 2019-09-06 15:08 - 000000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk
2019-08-16 13:46 - 2019-08-04 03:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-08-16 13:46 - 2019-08-04 03:02 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-08-16 13:46 - 2019-08-04 02:51 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-08-16 13:46 - 2019-08-04 02:51 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-08-16 13:46 - 2019-08-04 02:33 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-08-16 13:46 - 2019-08-04 02:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-08-16 13:46 - 2019-08-04 01:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-08-16 13:46 - 2019-08-04 01:54 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-08-16 13:46 - 2019-08-04 01:41 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-08-16 13:46 - 2019-08-04 01:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-08-16 13:46 - 2019-08-04 01:40 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-08-16 13:46 - 2019-06-12 16:21 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-08-16 13:46 - 2019-06-12 16:20 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-08-16 13:46 - 2019-06-12 16:20 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-08-16 13:46 - 2019-06-12 16:20 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-08-16 13:46 - 2019-06-12 16:20 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-08-16 13:46 - 2019-06-12 16:20 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-08-16 13:46 - 2019-06-12 16:20 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-08-16 13:46 - 2019-06-12 16:20 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-08-16 13:46 - 2019-06-12 16:20 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-08-16 13:46 - 2019-06-12 16:20 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-08-16 13:46 - 2019-06-12 16:19 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-08-16 13:46 - 2019-06-12 16:19 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-08-16 13:46 - 2019-06-12 16:19 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-08-16 13:46 - 2019-06-12 16:08 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-08-16 13:46 - 2019-06-12 16:08 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-08-16 13:46 - 2019-06-12 16:07 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-08-16 13:46 - 2019-06-12 16:07 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-08-16 13:46 - 2019-06-12 16:07 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-08-16 13:46 - 2019-06-12 16:06 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-08-16 13:46 - 2019-06-12 16:06 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-08-16 13:46 - 2019-06-12 16:04 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-08-16 13:46 - 2019-06-12 15:49 - 000205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dism.exe
2019-08-16 13:46 - 2019-06-12 15:49 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-08-16 13:46 - 2019-06-12 15:37 - 000274944 _____ (Microsoft Corporation) C:\Windows\system32\Dism.exe
2019-08-16 13:46 - 2019-06-12 15:37 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-08-16 13:46 - 2019-06-04 00:11 - 000474112 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2019-08-16 13:46 - 2019-05-23 03:06 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-08-16 13:46 - 2019-05-13 15:44 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2019-08-16 13:46 - 2019-05-09 16:06 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2019-08-16 13:46 - 2019-04-19 03:43 - 000064232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2019-08-16 13:46 - 2019-04-19 03:43 - 000060648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2019-08-16 13:46 - 2019-04-19 03:42 - 000122600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2019-08-16 13:46 - 2019-04-19 03:42 - 000015080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2019-08-16 13:46 - 2019-04-09 16:05 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2019-08-16 13:46 - 2019-04-09 15:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-08-16 13:46 - 2019-04-09 15:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2019-08-16 13:46 - 2019-04-09 15:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2019-08-16 13:46 - 2019-04-07 15:38 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2019-08-16 13:46 - 2019-04-05 01:23 - 000057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll
2019-08-16 13:46 - 2019-03-11 22:33 - 000107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll
2019-08-16 13:46 - 2019-02-21 16:48 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2019-08-16 13:46 - 2019-02-21 16:43 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2019-08-16 13:46 - 2019-02-16 06:50 - 000321536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2019-08-16 13:46 - 2019-02-10 16:36 - 000205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2019-08-16 13:46 - 2019-02-10 16:36 - 000195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2019-08-16 13:46 - 2019-02-10 16:35 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys
2019-08-16 13:46 - 2018-12-08 03:56 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2019-08-16 13:46 - 2018-12-08 03:56 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2019-08-16 13:46 - 2018-12-04 17:07 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2019-08-16 13:46 - 2018-09-23 03:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2019-08-16 13:46 - 2018-09-23 03:54 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2019-08-16 13:46 - 2018-09-23 03:54 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2019-08-16 13:46 - 2018-09-23 03:54 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2019-08-16 13:46 - 2018-09-23 03:54 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2019-08-16 13:46 - 2018-09-23 03:37 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2019-08-16 13:46 - 2018-09-23 03:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2019-08-16 13:46 - 2018-09-23 03:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2019-08-16 13:46 - 2018-09-23 03:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2019-08-16 13:46 - 2018-09-23 03:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2019-08-16 13:46 - 2018-09-23 03:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2019-08-16 13:46 - 2018-09-23 03:34 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2019-08-16 13:46 - 2018-09-23 03:33 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2019-08-16 13:46 - 2018-09-23 03:22 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2019-08-16 13:46 - 2018-09-23 03:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2019-08-16 13:46 - 2018-09-23 03:21 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2019-08-16 13:46 - 2018-09-23 03:21 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2019-08-16 13:46 - 2018-09-09 01:59 - 002851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2019-08-16 13:46 - 2018-09-09 01:44 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2019-08-16 13:46 - 2018-08-30 02:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2019-08-16 13:46 - 2018-08-16 03:18 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2019-08-16 13:46 - 2018-08-13 22:49 - 001391856 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2019-08-16 13:46 - 2018-06-29 16:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2019-08-16 13:46 - 2018-06-29 16:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2019-08-16 13:46 - 2018-06-27 16:55 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2019-08-16 13:46 - 2018-06-27 16:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2019-08-16 13:46 - 2018-06-08 17:21 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2019-08-16 13:46 - 2018-06-08 16:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2019-08-16 13:46 - 2018-06-08 16:44 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2019-08-16 13:46 - 2018-06-08 16:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2019-08-16 13:46 - 2018-02-10 18:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
2019-08-16 13:46 - 2018-02-10 18:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2019-08-16 13:46 - 2018-02-10 18:25 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2019-08-16 13:46 - 2018-01-01 03:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2019-08-16 13:46 - 2018-01-01 03:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2019-08-16 13:46 - 2018-01-01 03:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2019-08-16 13:46 - 2018-01-01 03:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2019-08-16 13:46 - 2018-01-01 03:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2019-08-16 13:46 - 2018-01-01 03:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2019-08-16 13:46 - 2018-01-01 03:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2019-08-16 13:46 - 2018-01-01 03:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2019-08-16 13:46 - 2018-01-01 03:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2019-08-16 13:46 - 2018-01-01 03:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2019-08-16 13:46 - 2018-01-01 02:46 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
2019-08-16 13:46 - 2018-01-01 02:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
2019-08-16 13:46 - 2018-01-01 02:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
2019-08-16 13:46 - 2017-12-05 18:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2019-08-16 13:46 - 2017-12-05 18:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2019-08-16 13:46 - 2017-11-02 17:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2019-08-16 13:46 - 2017-10-12 01:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2019-08-16 13:46 - 2017-10-12 01:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2019-08-16 13:46 - 2017-09-08 15:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2019-08-16 13:46 - 2017-08-14 18:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2019-08-16 13:46 - 2017-08-14 18:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2019-08-16 13:46 - 2017-08-14 18:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2019-08-16 13:46 - 2017-08-13 22:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2019-08-16 13:46 - 2017-08-11 07:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2019-08-16 13:46 - 2017-08-11 07:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2019-08-16 13:46 - 2017-08-11 07:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2019-08-16 13:46 - 2017-08-11 07:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2019-08-16 13:46 - 2017-08-11 07:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2019-08-16 13:46 - 2017-08-11 07:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
2019-08-16 13:46 - 2017-08-11 07:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2019-08-16 13:46 - 2017-07-21 15:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2019-08-16 13:46 - 2017-07-07 16:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2019-08-16 13:46 - 2017-06-12 23:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2019-08-16 13:46 - 2017-06-12 23:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2019-08-16 13:45 - 2019-08-05 23:58 - 000397432 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-08-16 13:45 - 2019-08-05 22:55 - 000348800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-08-16 13:45 - 2019-08-04 04:37 - 025754624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-08-16 13:45 - 2019-08-04 03:16 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-08-16 13:45 - 2019-08-04 03:04 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-08-16 13:45 - 2019-08-04 03:03 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-08-16 13:45 - 2019-08-04 03:02 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-08-16 13:45 - 2019-08-04 03:02 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-08-16 13:45 - 2019-08-04 03:01 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-08-16 13:45 - 2019-08-04 02:55 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-08-16 13:45 - 2019-08-04 02:54 - 005775872 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-08-16 13:45 - 2019-08-04 02:54 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-08-16 13:45 - 2019-08-04 02:52 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-08-16 13:45 - 2019-08-04 02:51 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-08-16 13:45 - 2019-08-04 02:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-08-16 13:45 - 2019-08-04 02:43 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-08-16 13:45 - 2019-08-04 02:40 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-08-16 13:45 - 2019-08-04 02:34 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-08-16 13:45 - 2019-08-04 02:33 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-08-16 13:45 - 2019-08-04 02:30 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-08-16 13:45 - 2019-08-04 02:29 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-08-16 13:45 - 2019-08-04 02:27 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-08-16 13:45 - 2019-08-04 02:25 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-08-16 13:45 - 2019-08-04 02:21 - 020291584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-08-16 13:45 - 2019-08-04 02:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-08-16 13:45 - 2019-08-04 02:15 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-08-16 13:45 - 2019-08-04 02:14 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-08-16 13:45 - 2019-08-04 02:14 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-08-16 13:45 - 2019-08-04 02:12 - 002132480 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-08-16 13:45 - 2019-08-04 02:12 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-08-16 13:45 - 2019-08-04 02:11 - 015390720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-08-16 13:45 - 2019-08-04 02:04 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-08-16 13:45 - 2019-08-04 02:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-08-16 13:45 - 2019-08-04 02:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-08-16 13:45 - 2019-08-04 02:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-08-16 13:45 - 2019-08-04 02:01 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-08-16 13:45 - 2019-08-04 02:00 - 002301952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-08-16 13:45 - 2019-08-04 01:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-08-16 13:45 - 2019-08-04 01:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-08-16 13:45 - 2019-08-04 01:54 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-08-16 13:45 - 2019-08-04 01:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-08-16 13:45 - 2019-08-04 01:50 - 001566208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-08-16 13:45 - 2019-08-04 01:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-08-16 13:45 - 2019-08-04 01:40 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-08-16 13:45 - 2019-08-04 01:38 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-08-16 13:45 - 2019-08-04 01:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-08-16 13:45 - 2019-08-04 01:36 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-08-16 13:45 - 2019-08-04 01:35 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-08-16 13:45 - 2019-08-04 01:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-08-16 13:45 - 2019-08-04 01:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-08-16 13:45 - 2019-08-04 01:28 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-08-16 13:45 - 2019-08-04 01:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-08-16 13:45 - 2019-08-04 01:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-08-16 13:45 - 2019-08-04 01:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-08-16 13:45 - 2019-08-04 01:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-08-16 13:45 - 2019-08-04 01:06 - 001331200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-08-16 13:45 - 2019-08-04 01:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-08-16 13:45 - 2019-07-04 02:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-08-16 13:45 - 2019-07-04 02:14 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-08-16 13:45 - 2019-06-28 06:24 - 000887808 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2019-08-16 13:45 - 2019-06-28 06:24 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2019-08-16 13:45 - 2019-06-28 06:24 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2019-08-16 13:45 - 2019-06-28 06:24 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2019-08-16 13:45 - 2019-06-28 06:24 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2019-08-16 13:45 - 2019-06-28 06:23 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2019-08-16 13:45 - 2019-06-28 06:23 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2019-08-16 13:45 - 2019-06-28 06:23 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2019-08-16 13:45 - 2019-06-28 06:23 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2019-08-16 13:45 - 2019-06-21 04:09 - 000806400 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2019-08-16 13:45 - 2019-06-21 04:05 - 000628224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2019-08-16 13:45 - 2019-06-21 02:41 - 001251840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-08-16 13:45 - 2019-06-18 07:41 - 001649664 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-08-16 13:45 - 2019-06-13 04:25 - 000160488 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-08-16 13:45 - 2019-06-13 04:21 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-08-16 13:45 - 2019-06-12 16:21 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-08-16 13:45 - 2019-06-12 16:21 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-08-16 13:45 - 2019-06-12 16:21 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-08-16 13:45 - 2019-06-12 16:20 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-08-16 13:45 - 2019-06-12 16:20 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-08-16 13:45 - 2019-06-12 16:20 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2019-08-16 13:45 - 2019-06-12 16:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-08-16 13:45 - 2019-06-12 16:19 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-08-16 13:45 - 2019-06-12 16:19 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-08-16 13:45 - 2019-06-12 16:19 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-08-16 13:45 - 2019-06-12 16:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-08-16 13:45 - 2019-06-12 16:19 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-08-16 13:45 - 2019-06-12 16:11 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-08-16 13:45 - 2019-06-12 16:08 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-08-16 13:45 - 2019-06-12 16:08 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-08-16 13:45 - 2019-06-12 16:08 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-08-16 13:45 - 2019-06-12 16:08 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-08-16 13:45 - 2019-06-12 16:07 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-08-16 13:45 - 2019-06-12 16:06 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-08-16 13:45 - 2019-06-12 16:06 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-08-16 13:45 - 2019-06-12 16:06 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-08-16 13:45 - 2019-06-12 16:06 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-08-16 13:45 - 2019-06-12 16:06 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-08-16 13:45 - 2019-06-12 16:05 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-08-16 13:45 - 2019-06-12 16:01 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-08-16 13:45 - 2019-06-12 15:50 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-08-16 13:45 - 2019-06-12 15:49 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-08-16 13:45 - 2019-06-12 15:37 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-08-16 13:45 - 2019-06-11 03:59 - 002863104 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-08-16 13:45 - 2019-06-11 03:59 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-08-16 13:45 - 2019-06-11 03:59 - 000801792 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-08-16 13:45 - 2019-06-11 03:59 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-08-16 13:45 - 2019-06-11 03:59 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-08-16 13:45 - 2019-06-11 03:59 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-08-16 13:45 - 2019-06-11 03:59 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-08-16 13:45 - 2019-06-11 03:59 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-08-16 13:45 - 2019-06-04 00:11 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-08-16 13:45 - 2019-06-04 00:10 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2019-08-16 13:45 - 2019-06-02 04:50 - 000216576 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2019-08-16 13:45 - 2019-05-25 01:04 - 014185984 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-08-16 13:45 - 2019-05-25 01:03 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2019-08-16 13:45 - 2019-05-25 00:59 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-08-16 13:45 - 2019-05-25 00:58 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2019-08-16 13:45 - 2019-05-23 03:06 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2019-08-16 13:45 - 2019-05-23 02:58 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-08-16 13:45 - 2019-05-23 02:58 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2019-08-16 13:45 - 2019-05-23 01:31 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2019-08-16 13:45 - 2019-05-23 01:05 - 001182208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-08-16 13:45 - 2019-05-17 19:21 - 000372456 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2019-08-16 13:45 - 2019-05-13 15:44 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-08-16 13:45 - 2019-05-13 15:44 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-08-16 13:45 - 2019-05-09 16:18 - 002368000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-08-16 13:45 - 2019-05-09 16:18 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2019-08-16 13:45 - 2019-05-09 16:18 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2019-08-16 13:45 - 2019-05-09 16:17 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2019-08-16 13:45 - 2019-05-09 16:17 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2019-08-16 13:45 - 2019-05-09 16:09 - 000114400 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2019-08-16 13:45 - 2019-05-09 16:07 - 003247616 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-08-16 13:45 - 2019-05-09 16:07 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2019-08-16 13:45 - 2019-05-09 16:07 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2019-08-16 13:45 - 2019-05-09 16:06 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-08-16 13:45 - 2019-05-09 16:06 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2019-08-16 13:45 - 2019-05-09 15:51 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2019-08-16 13:45 - 2019-05-09 15:40 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2019-08-16 13:45 - 2019-04-25 16:18 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-08-16 13:45 - 2019-04-25 16:06 - 000110592 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-08-16 13:45 - 2019-04-19 03:44 - 000185064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2019-08-16 13:45 - 2019-04-19 03:43 - 000063208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2019-08-16 13:45 - 2019-04-19 03:43 - 000031976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2019-08-16 13:45 - 2019-04-19 03:43 - 000023784 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2019-08-16 13:45 - 2019-04-19 03:43 - 000020200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2019-08-16 13:45 - 2019-04-19 03:42 - 000068328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2019-08-16 13:45 - 2019-04-19 03:42 - 000036064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2019-08-16 13:45 - 2019-04-19 03:42 - 000012136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2019-08-16 13:45 - 2019-04-16 14:15 - 000419648 _____ C:\Windows\SysWOW64\locale.nls
2019-08-16 13:45 - 2019-04-16 14:15 - 000419648 _____ C:\Windows\system32\locale.nls
2019-08-16 13:45 - 2019-04-12 14:05 - 000994384 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000064248 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000020944 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000019408 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000017656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000017656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000016120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000015608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000014288 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000014072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000013560 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000012752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000012536 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000012240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000011512 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000011512 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000011512 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:05 - 000011504 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000914584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000065784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000021752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000018680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000017352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000017144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000015608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000015096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000013560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000013560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000013048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000012024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000012024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000011728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000011000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000011000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000011000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2019-08-16 13:45 - 2019-04-12 14:04 - 000011000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2019-08-16 13:45 - 2019-04-09 16:17 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2019-08-16 13:45 - 2019-04-09 16:05 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2019-08-16 13:45 - 2019-04-09 16:05 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2019-08-16 13:45 - 2019-04-09 16:05 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2019-08-16 13:45 - 2019-04-09 16:05 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2019-08-16 13:45 - 2019-04-09 16:05 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2019-08-16 13:45 - 2019-04-09 16:05 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2019-08-16 13:45 - 2019-04-09 16:03 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2019-08-16 13:45 - 2019-04-09 15:53 - 002651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-08-16 13:45 - 2019-04-09 15:52 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2019-08-16 13:45 - 2019-04-09 15:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-08-16 13:45 - 2019-04-09 15:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2019-08-16 13:45 - 2019-04-07 16:17 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-08-16 13:45 - 2019-04-07 16:17 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-08-16 13:45 - 2019-04-07 16:03 - 001281536 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-08-16 13:45 - 2019-04-07 16:03 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-08-16 13:45 - 2019-04-07 16:03 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-08-16 13:45 - 2019-04-07 16:03 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-08-16 13:45 - 2019-04-07 16:03 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-08-16 13:45 - 2019-04-07 15:49 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-08-16 13:45 - 2019-04-07 15:48 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-08-16 13:45 - 2019-04-07 15:42 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2019-08-16 13:45 - 2019-04-07 15:42 - 000376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-08-16 13:45 - 2019-04-07 15:35 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-08-16 13:45 - 2019-04-05 01:34 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll
2019-08-16 13:45 - 2019-03-29 02:36 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2019-08-16 13:45 - 2019-03-21 03:10 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\sxssrv.dll
2019-08-16 13:45 - 2019-03-11 22:41 - 001894912 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2019-08-16 13:45 - 2019-03-11 22:41 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-08-16 13:45 - 2019-03-11 22:41 - 000688128 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2019-08-16 13:45 - 2019-03-11 22:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll
2019-08-16 13:45 - 2019-03-11 22:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2019-08-16 13:45 - 2019-03-11 22:33 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2019-08-16 13:45 - 2019-03-11 22:33 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-08-16 13:45 - 2019-03-11 22:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2019-08-16 13:45 - 2019-03-05 03:44 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2019-08-16 13:45 - 2019-03-05 03:44 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2019-08-16 13:45 - 2019-03-05 03:44 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2019-08-16 13:45 - 2019-02-21 16:37 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2019-08-16 13:45 - 2019-02-16 07:02 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2019-08-16 13:45 - 2019-02-16 07:02 - 000443904 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2019-08-16 13:45 - 2019-02-15 17:09 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-08-16 13:45 - 2019-02-15 16:58 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-08-16 13:45 - 2019-02-15 16:40 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-08-16 13:45 - 2019-02-15 16:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-08-16 13:45 - 2019-02-15 16:38 - 000360960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-08-16 13:45 - 2019-02-15 16:38 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-08-16 13:45 - 2019-02-10 17:10 - 001680104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-08-16 13:45 - 2019-02-10 16:36 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2019-08-16 13:45 - 2019-02-07 17:06 - 000027648 _____ (Microsoft Corporation) C:\Windows\system32\brdgcfg.dll
2019-08-16 13:45 - 2019-02-07 17:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\bridgeres.dll
2019-08-16 13:45 - 2019-02-07 17:01 - 000095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2019-08-16 13:45 - 2019-02-07 16:46 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\bridgeunattend.exe
2019-08-16 13:45 - 2019-02-03 16:36 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys
2019-08-16 13:45 - 2018-12-08 04:08 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2019-08-16 13:45 - 2018-12-08 04:08 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2019-08-16 13:45 - 2018-12-08 04:08 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2019-08-16 13:45 - 2018-12-08 04:08 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2019-08-16 13:45 - 2018-12-08 04:08 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2019-08-16 13:45 - 2018-12-08 04:08 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2019-08-16 13:45 - 2018-12-08 03:56 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2019-08-16 13:45 - 2018-12-08 03:47 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-08-16 13:45 - 2018-12-08 03:47 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2019-08-16 13:45 - 2018-12-08 03:47 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2019-08-16 13:45 - 2018-12-08 03:41 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2019-08-16 13:45 - 2018-12-08 03:41 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2019-08-16 13:45 - 2018-12-08 03:41 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2019-08-16 13:45 - 2018-12-04 17:07 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2019-08-16 13:45 - 2018-12-04 16:55 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2019-08-16 13:45 - 2018-12-04 16:55 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2019-08-16 13:45 - 2018-11-18 03:57 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2019-08-16 13:45 - 2018-11-11 18:01 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2019-08-16 13:45 - 2018-10-27 04:42 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2019-08-16 13:45 - 2018-10-27 04:42 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2019-08-16 13:45 - 2018-10-27 04:42 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2019-08-16 13:45 - 2018-10-27 04:42 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2019-08-16 13:45 - 2018-10-27 04:41 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2019-08-16 13:45 - 2018-10-27 04:27 - 000173568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2019-08-16 13:45 - 2018-10-27 04:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2019-08-16 13:45 - 2018-10-27 04:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2019-08-16 13:45 - 2018-10-27 04:11 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2019-08-16 13:45 - 2018-10-27 04:11 - 000156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2019-08-16 13:45 - 2018-10-27 04:04 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2019-08-16 13:45 - 2018-10-27 04:04 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2019-08-16 13:45 - 2018-10-27 04:04 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2019-08-16 13:45 - 2018-10-27 04:04 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dispex.dll
2019-08-16 13:45 - 2018-09-23 03:54 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2019-08-16 13:45 - 2018-09-23 03:54 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2019-08-16 13:45 - 2018-09-23 03:54 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2019-08-16 13:45 - 2018-09-23 03:54 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2019-08-16 13:45 - 2018-09-23 03:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2019-08-16 13:45 - 2018-09-23 03:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2019-08-16 13:45 - 2018-09-23 03:34 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2019-08-16 13:45 - 2018-09-09 02:02 - 000986824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-08-16 13:45 - 2018-09-09 02:02 - 000265416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-08-16 13:45 - 2018-09-09 01:57 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2019-08-16 13:45 - 2018-08-30 02:10 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2019-08-16 13:45 - 2018-08-28 06:50 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2019-08-16 13:45 - 2018-08-12 21:28 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2019-08-16 13:45 - 2018-08-12 21:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2019-08-16 13:45 - 2018-08-10 16:55 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2019-08-16 13:45 - 2018-08-10 16:54 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2019-08-16 13:45 - 2018-08-10 16:54 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2019-08-16 13:45 - 2018-08-10 16:54 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2019-08-16 13:45 - 2018-08-10 16:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2019-08-16 13:45 - 2018-08-10 16:27 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2019-08-16 13:45 - 2018-08-10 16:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2019-08-16 13:45 - 2018-08-03 16:55 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2019-08-16 13:45 - 2018-08-03 16:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2019-08-16 13:45 - 2018-07-18 16:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2019-08-16 13:45 - 2018-07-06 17:09 - 000947904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2019-08-16 13:45 - 2018-06-29 16:55 - 000695808 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2019-08-16 13:45 - 2018-06-29 16:55 - 000137728 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2019-08-16 13:45 - 2018-06-29 16:55 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2019-08-16 13:45 - 2018-06-29 16:55 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2019-08-16 13:45 - 2018-06-29 16:14 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2019-08-16 13:45 - 2018-06-08 17:19 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2019-08-16 13:45 - 2018-06-08 17:19 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2019-08-16 13:45 - 2018-06-08 16:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2019-08-16 13:45 - 2018-05-15 04:44 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2019-08-16 13:45 - 2018-05-15 04:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2019-08-16 13:45 - 2018-05-11 22:19 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2019-08-16 13:45 - 2018-05-11 22:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2019-08-16 13:45 - 2018-05-11 01:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2019-08-16 13:45 - 2018-05-11 01:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2019-08-16 13:45 - 2018-05-02 16:32 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2019-08-16 13:45 - 2018-05-02 16:32 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2019-08-16 13:45 - 2018-05-02 16:32 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2019-08-16 13:45 - 2018-05-02 16:32 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2019-08-16 13:45 - 2018-05-02 16:32 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2019-08-16 13:45 - 2018-05-02 16:32 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2019-08-16 13:45 - 2018-05-02 16:32 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2019-08-16 13:45 - 2018-04-25 17:02 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2019-08-16 13:45 - 2018-04-25 16:18 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2019-08-16 13:45 - 2018-04-18 17:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2019-08-16 13:45 - 2018-04-18 17:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2019-08-16 13:45 - 2018-04-18 16:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2019-08-16 13:45 - 2018-04-18 16:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2019-08-16 13:45 - 2018-04-18 16:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2019-08-16 13:45 - 2018-04-18 16:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2019-08-16 13:45 - 2018-04-10 17:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2019-08-16 13:45 - 2018-04-10 17:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2019-08-16 13:45 - 2018-04-10 17:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2019-08-16 13:45 - 2018-04-10 17:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2019-08-16 13:45 - 2018-03-06 19:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2019-08-16 13:45 - 2018-03-06 19:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2019-08-16 13:45 - 2018-03-06 19:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2019-08-16 13:45 - 2018-03-06 19:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2019-08-16 13:45 - 2018-03-06 19:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2019-08-16 13:45 - 2018-03-06 19:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2019-08-16 13:45 - 2018-02-22 04:28 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2019-08-16 13:45 - 2018-02-22 04:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2019-08-16 13:45 - 2018-02-10 19:35 - 000334528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2019-08-16 13:45 - 2018-02-10 19:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2019-08-16 13:45 - 2018-02-10 19:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\racpldlg.dll
2019-08-16 13:45 - 2018-02-10 19:11 - 003665920 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2019-08-16 13:45 - 2018-02-10 19:11 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2019-08-16 13:45 - 2018-02-10 19:11 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2019-08-16 13:45 - 2018-02-10 18:36 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
2019-08-16 13:45 - 2018-02-10 18:26 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2019-08-16 13:45 - 2018-02-10 18:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2019-08-16 13:45 - 2018-02-10 18:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2019-08-16 13:45 - 2018-02-10 18:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2019-08-16 13:45 - 2018-01-12 17:40 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2019-08-16 13:45 - 2018-01-12 17:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2019-08-16 13:45 - 2018-01-12 17:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2019-08-16 13:45 - 2018-01-12 17:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2019-08-16 13:45 - 2018-01-01 03:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2019-08-16 13:45 - 2018-01-01 03:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2019-08-16 13:45 - 2018-01-01 03:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 001361408 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2019-08-16 13:45 - 2018-01-01 03:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2019-08-16 13:45 - 2018-01-01 03:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2019-08-16 13:45 - 2018-01-01 03:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2019-08-16 13:45 - 2018-01-01 03:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2019-08-16 13:45 - 2018-01-01 03:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
2019-08-16 13:45 - 2018-01-01 03:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
2019-08-16 13:45 - 2018-01-01 02:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2019-08-16 13:45 - 2018-01-01 02:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2019-08-16 13:45 - 2018-01-01 02:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2019-08-16 13:45 - 2018-01-01 02:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2019-08-16 13:45 - 2018-01-01 02:47 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
2019-08-16 13:45 - 2018-01-01 02:46 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
2019-08-16 13:45 - 2018-01-01 02:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2019-08-16 13:45 - 2018-01-01 02:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
2019-08-16 13:45 - 2018-01-01 02:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2019-08-16 13:45 - 2017-12-05 18:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2019-08-16 13:45 - 2017-12-05 18:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2019-08-16 13:45 - 2017-12-05 18:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2019-08-16 13:45 - 2017-12-05 18:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2019-08-16 13:45 - 2017-12-05 17:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2019-08-16 13:45 - 2017-12-05 16:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2019-08-16 13:45 - 2017-11-02 17:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2019-08-16 13:45 - 2017-11-02 17:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2019-08-16 13:45 - 2017-11-02 17:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2019-08-16 13:45 - 2017-11-02 16:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2019-08-16 13:45 - 2017-11-02 16:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2019-08-16 13:45 - 2017-11-02 16:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2019-08-16 13:45 - 2017-11-02 15:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2019-08-16 13:45 - 2017-10-17 00:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2019-08-16 13:45 - 2017-10-16 23:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2019-08-16 13:45 - 2017-10-12 01:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-08-16 13:45 - 2017-09-13 16:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2019-08-16 13:45 - 2017-09-08 15:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2019-08-16 13:45 - 2017-08-19 16:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2019-08-16 13:45 - 2017-08-19 16:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2019-08-16 13:45 - 2017-08-14 18:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2019-08-16 13:45 - 2017-08-14 18:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2019-08-16 13:45 - 2017-08-14 18:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2019-08-16 13:45 - 2017-08-14 18:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2019-08-16 13:45 - 2017-08-14 18:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2019-08-16 13:45 - 2017-08-14 18:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2019-08-16 13:45 - 2017-08-13 22:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2019-08-16 13:45 - 2017-08-13 22:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2019-08-16 13:45 - 2017-08-11 07:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2019-08-16 13:45 - 2017-08-11 07:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2019-08-16 13:45 - 2017-08-11 07:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2019-08-16 13:45 - 2017-08-11 07:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2019-08-16 13:45 - 2017-08-11 07:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2019-08-16 13:45 - 2017-08-11 07:20 - 000071680 _____ C:\Windows\system32\PrintBrmUi.exe
2019-08-16 13:45 - 2017-08-11 07:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2019-08-16 13:45 - 2017-08-11 07:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2019-08-16 13:45 - 2017-08-11 07:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2019-08-16 13:45 - 2017-08-11 07:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2019-08-16 13:45 - 2017-08-11 06:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2019-08-16 13:45 - 2017-07-29 15:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2019-08-16 13:45 - 2017-07-21 15:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2019-08-16 13:45 - 2017-07-21 15:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2019-08-16 13:45 - 2017-07-07 16:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2019-08-16 13:45 - 2017-07-07 16:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2019-08-16 13:45 - 2017-07-01 14:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2019-08-16 13:45 - 2017-07-01 14:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2019-08-16 13:45 - 2017-07-01 14:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2019-08-16 13:45 - 2017-06-12 23:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2019-08-16 13:45 - 2017-06-12 23:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2019-08-16 13:45 - 2017-06-12 23:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2019-08-16 13:45 - 2017-06-12 23:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2019-08-16 13:45 - 2017-06-12 23:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2019-08-16 13:45 - 2017-06-12 23:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2019-08-16 13:45 - 2017-06-12 23:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2019-08-16 13:45 - 2017-06-12 23:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2019-08-16 13:45 - 2017-06-12 23:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2019-08-16 13:45 - 2017-06-12 23:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2019-08-16 13:45 - 2017-06-12 23:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2019-08-16 13:45 - 2017-06-12 23:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2019-08-16 13:27 - 2019-08-16 15:49 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-08-16 01:31 - 2019-08-16 01:31 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2019-08-16 01:31 - 2019-08-16 01:31 - 000000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2019-08-16 00:40 - 2019-07-30 03:25 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-08-16 00:40 - 2019-07-30 03:23 - 005552568 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-08-16 00:40 - 2019-07-30 03:23 - 000710072 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-08-16 00:40 - 2019-07-30 03:23 - 000264120 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-08-16 00:40 - 2019-07-30 03:23 - 000155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-08-16 00:40 - 2019-07-30 03:23 - 000097208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-08-16 00:40 - 2019-07-30 03:22 - 001671000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000517632 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-08-16 00:40 - 2019-07-30 03:20 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 004058848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-08-16 00:40 - 2019-07-30 03:19 - 003965664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-08-16 00:40 - 2019-07-30 03:19 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:17 - 001319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-08-16 00:40 - 2019-07-30 03:16 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 03:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 02:54 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2019-08-16 00:40 - 2019-07-30 02:53 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-08-16 00:40 - 2019-07-30 02:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-08-16 00:40 - 2019-07-30 02:51 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-08-16 00:40 - 2019-07-30 02:51 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-08-16 00:40 - 2019-07-30 02:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-08-16 00:40 - 2019-07-30 02:51 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-08-16 00:40 - 2019-07-30 02:48 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-08-16 00:40 - 2019-07-30 02:48 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-08-16 00:40 - 2019-07-30 02:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-08-16 00:40 - 2019-07-30 02:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-08-16 00:40 - 2019-07-30 02:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-08-16 00:40 - 2019-07-30 02:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-08-16 00:40 - 2019-07-30 02:47 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-08-16 00:40 - 2019-07-30 02:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-08-16 00:40 - 2019-07-30 02:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 02:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 02:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 02:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-08-16 00:40 - 2019-07-30 02:44 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-08-16 00:40 - 2019-07-30 02:44 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-08-16 00:40 - 2019-07-30 02:44 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-08-16 00:40 - 2019-07-30 02:44 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-08-16 00:40 - 2019-07-30 02:44 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-08-16 00:40 - 2019-07-30 02:44 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-08-16 00:40 - 2019-07-30 02:43 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-08-16 00:40 - 2019-07-30 02:43 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-08-16 00:40 - 2019-07-30 02:43 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-08-16 00:40 - 2019-07-30 02:43 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-08-16 00:40 - 2019-07-24 01:37 - 003187712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-08-16 00:40 - 2019-07-19 04:30 - 003231744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-08-16 00:40 - 2019-07-13 09:37 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2019-08-16 00:40 - 2019-07-13 09:36 - 000289720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-08-16 00:40 - 2019-07-13 09:35 - 001894840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-08-16 00:40 - 2019-07-13 09:35 - 000385464 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-08-16 00:40 - 2019-07-13 09:35 - 000378808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2019-08-16 00:40 - 2019-07-13 09:34 - 001391616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-08-16 00:40 - 2019-07-13 09:34 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-08-16 00:40 - 2019-07-13 09:34 - 000335360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2PGraph.dll
2019-08-16 00:40 - 2019-07-13 09:34 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-08-16 00:40 - 2019-07-13 09:34 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2019-08-16 00:40 - 2019-07-13 09:34 - 000180736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2019-08-16 00:40 - 2019-07-13 09:34 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-08-16 00:40 - 2019-07-13 09:34 - 000039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssdpapi.dll
2019-08-16 00:40 - 2019-07-13 09:34 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2019-08-16 00:40 - 2019-07-13 09:34 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2019-08-16 00:40 - 2019-07-13 09:33 - 000256512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2019-08-16 00:40 - 2019-07-13 09:33 - 000194560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2019-08-16 00:40 - 2019-07-13 09:33 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-08-16 00:40 - 2019-07-13 09:33 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2019-08-16 00:40 - 2019-07-13 09:33 - 000043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2019-08-16 00:40 - 2019-07-13 09:33 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2019-08-16 00:40 - 2019-07-13 09:32 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-08-16 00:40 - 2019-07-13 09:32 - 001077760 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-08-16 00:40 - 2019-07-13 09:32 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\P2PGraph.dll
2019-08-16 00:40 - 2019-07-13 09:32 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-08-16 00:40 - 2019-07-13 09:32 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2019-08-16 00:40 - 2019-07-13 09:32 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2019-08-16 00:40 - 2019-07-13 09:32 - 000198656 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2019-08-16 00:40 - 2019-07-13 09:32 - 000193024 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
2019-08-16 00:40 - 2019-07-13 09:32 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-08-16 00:40 - 2019-07-13 09:32 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-08-16 00:40 - 2019-07-13 09:32 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\Groupinghc.dll
2019-08-16 00:40 - 2019-07-13 09:32 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\ssdpapi.dll
2019-08-16 00:40 - 2019-07-13 09:32 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-08-16 00:40 - 2019-07-13 09:32 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2019-08-16 00:40 - 2019-07-13 09:31 - 000318976 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-08-16 00:40 - 2019-07-13 09:31 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2019-08-16 00:40 - 2019-07-13 09:31 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2019-08-16 00:40 - 2019-07-13 09:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2019-08-16 00:40 - 2019-07-13 09:31 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-08-16 00:40 - 2019-07-13 09:31 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-08-16 00:40 - 2019-07-13 09:31 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcmonitor.dll
2019-08-16 00:40 - 2019-07-13 09:22 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-08-16 00:40 - 2019-07-13 09:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-08-16 00:40 - 2019-07-13 09:22 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-08-16 00:40 - 2019-07-13 09:15 - 006135808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-08-16 00:40 - 2019-07-13 09:13 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcmonitor.dll
2019-08-16 00:40 - 2019-07-13 09:07 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2019-08-16 00:40 - 2019-07-11 01:05 - 007082496 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-08-16 00:40 - 2019-04-23 19:42 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-08-16 00:40 - 2018-11-18 03:56 - 000459632 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-08-16 00:40 - 2018-11-18 03:43 - 000467856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-08-16 00:34 - 2019-02-16 06:32 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-08-16 00:34 - 2019-02-16 06:30 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-14 13:37 - 2009-10-25 13:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-09-14 13:36 - 2018-09-23 15:13 - 000000000 ____D C:\FRST
2019-09-14 13:33 - 2019-06-28 17:26 - 000000000 ____D C:\Users\User1\AppData\LocalLow\Mozilla
2019-09-14 13:24 - 2018-02-22 18:36 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2019-09-14 13:10 - 2016-06-07 16:10 - 000000550 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1925592742-456944920-4000667399-1008.job
2019-09-14 13:02 - 2009-07-14 05:45 - 000014176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-14 13:02 - 2009-07-14 05:45 - 000014176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-14 12:51 - 2016-02-19 17:00 - 000000913 _____ C:\Windows\Tasks\EPSON Perfection V39 Update.job
2019-09-14 12:46 - 2009-07-14 06:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-14 12:46 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-09-14 12:40 - 2016-05-26 14:28 - 000000000 ____D C:\ProgramData\NVIDIA
2019-09-14 12:40 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-13 23:09 - 2012-02-22 19:19 - 000766376 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-09-13 16:59 - 2016-02-07 22:30 - 000000000 ____D C:\Users\User1\AppData\Roaming\Mozilla
2019-09-13 14:36 - 2016-04-29 15:45 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2019-09-13 13:44 - 2019-05-17 17:16 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-13 13:43 - 2011-05-29 10:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-09-11 22:19 - 2016-03-17 20:26 - 000000000 ____D C:\Users\User1\dwhelper
2019-09-11 20:45 - 2018-01-29 14:04 - 000000904 _____ C:\Users\User1\Desktop\Music#NOW.lnk
2019-09-11 16:00 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2019-09-11 13:38 - 2018-03-13 19:44 - 000004456 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-09-11 13:38 - 2016-07-16 13:03 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-09-11 13:38 - 2012-08-08 17:04 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-09-11 13:38 - 2012-08-08 17:04 - 000000000 ____D C:\Windows\system32\Macromed
2019-09-11 13:38 - 2012-02-12 14:09 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-09-08 20:02 - 2016-02-07 22:22 - 000000000 ____D C:\Users\User1
2019-09-08 20:02 - 2016-01-18 17:24 - 000000000 ____D C:\Program Files (x86)\UTILITIES
2019-09-08 16:54 - 2019-05-16 19:25 - 000002052 _____ C:\Windows\Sandboxie.ini
2019-09-08 16:40 - 2016-02-13 22:22 - 000000000 ____D C:\Users\User1\AppData\Roaming\HandBrake
2019-09-07 13:00 - 2016-02-11 00:53 - 000167724 _____ C:\ads_err.adt
2019-09-06 21:08 - 2016-02-14 19:03 - 000000000 ____D C:\Windows\SysWOW64\files
2019-09-06 21:08 - 2016-02-14 19:03 - 000000000 ____D C:\Windows\SysWOW64\exceptions
2019-09-06 20:24 - 2016-02-08 17:37 - 000000000 ___RD C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\INET
2019-09-06 20:12 - 2016-02-14 00:38 - 000000000 ____D C:\Users\User1\AppData\Roaming\MacroCreator
2019-09-04 16:06 - 2019-07-11 14:14 - 000000000 ____D C:\Users\User1\AppData\Roaming\MusicBrainz
2019-09-04 15:26 - 2016-02-14 19:43 - 000000000 ____D C:\Users\User1\AppData\Local\CrashDumps
2019-09-04 14:53 - 2018-12-17 02:30 - 000000000 ____D C:\Users\User1\AppData\Roaming\FreeFileSync
2019-09-02 16:06 - 2018-09-04 01:43 - 000000000 ____D C:\Users\User1\AppData\Local\SquirrelTemp
2019-09-01 16:54 - 2019-08-02 23:05 - 000212992 _____ C:\Windows\system32\ClickToRun_Pipeline16
2019-08-19 22:56 - 2018-12-18 01:29 - 000000000 ____D C:\Users\User1\Documents\OneNote
2019-08-19 15:09 - 2016-02-07 19:00 - 000000000 ____D C:\Icons
2019-08-17 21:18 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2019-08-16 19:44 - 2016-02-27 18:42 - 012673080 _____ C:\Windows\system32\FNTCACHE.DAT
2019-08-16 15:39 - 2017-07-05 15:17 - 000000000 ___SD C:\Windows\system32\CompatTel
2019-08-16 15:39 - 2017-07-05 15:17 - 000000000 ____D C:\Windows\system32\appraiser
2019-08-16 15:39 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2019-08-16 15:39 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-08-16 15:39 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\Setup
2019-08-16 15:39 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\Dism
2019-08-16 15:39 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-08-16 13:27 - 2009-07-14 06:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2019-08-16 01:29 - 2018-02-22 17:38 - 000000000 ____D C:\Program Files\MAINTENANCE
2019-08-16 01:04 - 2016-02-08 17:37 - 000000000 ___RD C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAINTAIN

==================== Files in the root of some directories ================

2009-10-26 11:48 - 2009-10-26 11:48 - 000000604 ____H () C:\Program Files (x86)\STLL Notifier
2016-02-07 22:30 - 2010-04-17 16:14 - 000000052 _____ () C:\Users\User1\AppData\Roaming\Culture Prefs
2016-08-29 16:06 - 2016-08-29 16:06 - 000000112 _____ () C:\Users\User1\AppData\Roaming\JP2K CS6 Prefs
2016-02-11 00:49 - 2019-05-14 22:01 - 000005852 _____ () C:\Users\User1\AppData\Roaming\Rim.Desktop.Exception.log
2016-02-11 00:49 - 2016-03-19 22:56 - 000006217 _____ () C:\Users\User1\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2016-02-11 00:49 - 2019-05-14 22:01 - 000005852 _____ () C:\Users\User1\AppData\Roaming\Rim.DesktopHelper.Exception.log
2016-02-21 20:26 - 2016-11-17 22:59 - 000001475 _____ () C:\Users\User1\AppData\Roaming\SAS7_000.DAT
2016-02-18 01:11 - 2016-02-18 01:11 - 000000096 _____ () C:\Users\User1\AppData\Roaming\version2.xml
2016-02-10 15:22 - 2012-02-26 20:40 - 000037814 _____ () C:\Users\User1\AppData\Roaming\Microsoft\MSO1033.acl
2016-02-10 15:22 - 2014-03-14 23:09 - 000000110 _____ () C:\Users\User1\AppData\Roaming\Microsoft\MSO2057.acl
2016-02-10 15:22 - 2016-01-24 21:29 - 000000030 _____ () C:\Users\User1\AppData\Roaming\Microsoft\MSO3081.acl
2019-07-08 00:57 - 2017-07-16 14:49 - 000000218 _____ () C:\Users\User1\AppData\Local\recently-used.xbel
2016-02-07 22:29 - 2018-01-15 17:09 - 000007603 _____ () C:\Users\User1\AppData\Local\resmon.resmoncfg

==================== FLock ================

2016-05-29 20:09 C:\Users\User1\Start Menu

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-09-10 13:57
==================== End of FRST.txt ============================


Edited by phickspc, 14 September 2019 - 04:41 PM.

  • 0

Advertisements


#2
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 909 posts
Hi phickspc, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 4 days, it will be closed.
    • If your topic is closed and you still need assistance, send me a Personal Message with a link to your topic.
  • If you have questions at any time during the cleanup, feel free to ask.
Please give me some time to go over your logs and I will get back to you as soon as possible.
  • 0

#3
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 909 posts
Hi phickspc,

Please post the contents of the Addition.txt log in your reply. It will be located at C:\Users\User1\Desktop\Addition.txt
  • 0

#4
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 362 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-09-2019
Ran by User1 (18-09-2019 15:08:11)
Running from C:\Users\User1\Desktop
Windows 7 Professional Service Pack 1 (X64) (2009-10-24 16:18:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1925592742-456944920-4000667399-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1925592742-456944920-4000667399-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1925592742-456944920-4000667399-1002 - Limited - Enabled)
User3 (S-1-5-21-1925592742-456944920-4000667399-1003 - Administrator - Enabled) => C:\Users\User3
User1 (S-1-5-21-1925592742-456944920-4000667399-1008 - Administrator - Enabled) => C:\Users\User1
User2 (S-1-5-21-1925592742-456944920-4000667399-1006 - Administrator - Enabled) => C:\Users\User2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.255 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{421E3900-59C7-8A50-C424-83CFFC1DB2B9}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnyTrans for Android (HKLM-x32\...\{CE84DF95-1914-47BB-8055-847E28B605B9}) (Version: 6.3.5 - iMobie) Hidden
AnyTrans for Android (HKLM-x32\...\AnyTrans for Android 6.3.5) (Version: 6.3.5 - iMobie)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtsAcoustic Reverb 1.2.1 (HKLM-x32\...\ArtsAcoustic Reverb) (Version: 1.2.1 - ArtsAcoustic Vertrieb GbR)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AudioEase Altiverb VST RTAS v6.12 (HKLM-x32\...\AudioEase Altiverb VST RTAS_is1) (Version:  - )
Authy Desktop (HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\authy-electron) (Version: 1.7.0 - Twilio Inc.)
AutoHotkey 1.1.23.01 (HKLM\...\AutoHotkey) (Version: 1.1.23.01 - Lexikos)
Axe-Edit 3.12.0 (HKLM-x32\...\{0B2FECD3-B4EF-4071-9546-7529D90BAA99}_is1) (Version:  - Fractal Audio)
BlackBerry 10 Desktop Software (HKLM-x32\...\{a0642dd3-1105-464b-84c8-caaf676c39c8}) (Version: 1.1.0.22 - BlackBerry)
BlackBerry Blend (HKLM-x32\...\{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}) (Version: 1.1.0.23 - BlackBerry Ltd.) Hidden
BlackBerry Communication Drivers (HKLM-x32\...\{46CD5A63-0C1F-45C3-B643-CA87A17275C0}) (Version: 8.0.0.119 - BlackBerry Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Device Drivers (HKLM-x32\...\{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}) (Version: 8.0.0.119 - BlackBerry Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{E755A98B-F45F-4008-A1A5-FC4CB4D2177A}) (Version: 8.0.0.66 - Research In Motion Ltd)
BlackBerry Link (HKLM-x32\...\{C42468F9-9812-4550-A54B-5DDB062EB10F}) (Version: 1.2.4.28 - BlackBerry) Hidden
BlackBerry Link Remover (HKLM-x32\...\{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}) (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bome Virtual MIDI 2.1.0.44 (HKLM\...\BMIDI_Driver1.0.0.11_is1) (Version:  - Bome Software GmbH & Co. KG)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Contents64 (HKLM\...\{1CDDC143-E149-4945-A5C9-8B366D8C2FC6}) (Version: 18.0.0.181 - Corel Corporation) Hidden
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Corel VideoStudio Ultimate X8 (HKLM-x32\...\_{A22A80C4-F237-4B5A-825F-0731971ECBE6}) (Version: 18.6.0.6 - Corel Corporation)
dBpoweramp [Multi Encoder] Codec (HKLM-x32\...\dBpoweramp [Multi Encoder] Codec) (Version: Release 2 - Illustrate)
dBpoweramp AAC Encoder (HKLM-x32\...\dBpoweramp AAC Encoder) (Version:  - )
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 3 - Illustrate)
dBpoweramp FLAC Codec (HKLM-x32\...\dBpoweramp FLAC Codec) (Version: Release 10 (FLAC 1.2.0) - Illustrate)
dBpoweramp m4a Codec (HKLM-x32\...\dBpoweramp m4a Codec) (Version: Release 7 - Illustrate)
dBpoweramp m4b Audio book Encoder (HKLM-x32\...\dBpoweramp m4b Audio book Encoder) (Version:  - )
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 13.2 - Illustrate)
dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 5 - Illustrate)
Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
Desktop Restore (HKLM\...\{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}) (Version: 1.6.1 - JOConnell)
Disk Drill 2.0.0.338 (HKLM-x32\...\{91CF2A75-07FB-4CAF-AE14-2BE4EE77EF00}) (Version: 2.0.338 - CleverFiles)
Document Capture Pro (HKLM-x32\...\{8930DCE5-510D-4476-A879-835188F7B6F4}) (Version: 1.06.0011 - Seiko Epson Corporation)
Dragon 14 (HKLM-x32\...\{FEAB6184-0560-4EBF-A26B-C3F2B11FE9E1}) (Version: 14.00.000 - Nuance Communications Inc.)
Earope Advanced Ear Training v1.65 (HKLM-x32\...\Earope Advanced Ear Training_is1) (Version:  - )
EASEUS Data Recovery Wizard Professional 5.5.1 (HKLM-x32\...\EASEUS Data Recovery Wizard Professional 5.5.1_is1) (Version:  - EASEUS)
East West Boesendorfer 290 (HKLM-x32\...\East West Boesendorfer 290) (Version:  - )
East West Colossus (HKLM-x32\...\East West Colossus) (Version:  - )
East West EWQLSO Gold Edition (HKLM-x32\...\East West EWQLSO Gold Edition) (Version:  - )
East West EWQLSO PRO XP Brass (HKLM-x32\...\East West EWQLSO PRO XP Brass) (Version:  - )
East West EWQLSO PRO XP Percussion (HKLM-x32\...\East West EWQLSO PRO XP Percussion) (Version:  - )
East West EWQLSO PRO XP Strings (HKLM-x32\...\East West EWQLSO PRO XP Strings) (Version:  - )
East West EWQLSO PRO XP Woodwinds (HKLM-x32\...\East West EWQLSO PRO XP Woodwinds) (Version:  - )
East West HardcoreBass (HKLM-x32\...\East West HardcoreBass) (Version:  - )
East West Percussive Adventures 2 (HKLM-x32\...\East West Percussive Adventures 2) (Version:  - )
East West Ra (HKLM-x32\...\East West Ra) (Version:  - )
East West Stormdrum Intakt (HKLM-x32\...\East West Stormdrum Intakt) (Version:  - )
East West Symphonic Choirs (HKLM-x32\...\East West Symphonic Choirs) (Version:  - )
East West Vapor (HKLM-x32\...\East West Vapor) (Version:  - )
Easy Photo Scan (HKLM-x32\...\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}) (Version: 1.00.0006 - Seiko Epson Corporation)
Enigma (HKLM-x32\...\{1F145099-1224-4C5B-84F2-7AE6DC699F1A}) (Version: 1.2.0.0 - M-Audio)
Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.50.0.0 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.00 - SEIKO EPSON Corp.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
Exif Pilot 5.4 (HKLM-x32\...\Exif Pilot_is1) (Version: 5.4 - Two Pilots)
Extreme Sample Converter v3.5.3 (HKLM-x32\...\Extreme Sample Converter v3.5.3) (Version:  - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Finale 2012 (HKLM-x32\...\Finale 2012) (Version: 2012.c.r13.4 - MakeMusic)
Fix Shortcuts 1.2 (HKLM\...\Fix Shortcuts_is1) (Version:  - Puran Software)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
Foxit PhantomPDF Business (HKLM-x32\...\{1C0B89FF-BBF6-4DB7-BC97-89CA8D5D0F54}) (Version: 7.3.0.118 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.2.0.9297 - Foxit Software Inc.)
Fractal Audio Systems USB Audio Driver v2.23.0 (HKLM-x32\...\Fractal Audio Systems USB Audio Driver v2.23.0) (Version: 2.23.0 - Fractal Audio Systems)
Fractal Audio Systems USB Driver Package 2014.06.06 (HKLM\...\{E992CC59-71FD-4199-B04E-6274F7439EA0}_is1) (Version: 2014.06.06 - Fractal Audio Systems)
Fractal-Bot 2.11.0 (HKLM-x32\...\{6DBF83F6-BE11-414D-82DC-58C414CACF35}_is1) (Version:  - Fractal Audio)
FreeFileSync 10.8 (HKLM-x32\...\FreeFileSync_is1) (Version: 10.8 - FreeFileSync.org)
Garritan Instruments for Finale 2009 (HKLM\...\Garritan Instruments for Finale 2009_is1) (Version: v1.0.0.1 - Garritan)
Garritan Jazz Big Band (HKLM-x32\...\Garritan Jazz Big Band) (Version:  - )
Gnaural ver. 1.0.20110606 (HKLM-x32\...\Gnaural_is1) (Version:  - Bret Logan)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 8.37.0.10996 (HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\GoToMeeting) (Version: 8.37.0.10996 - LogMeIn, Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.25) (Version: 9.25 - Artifex Software Inc.)
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HD Tune Pro 5.00 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
HitmanPro 3.6 (HKLM\...\HitmanPro36) (Version: 3.6.1.163 - SurfRight B.V.)
ICA (HKLM-x32\...\{A22A80C4-F237-4B5A-825F-0731971ECBE6}) (Version: 18.0.0.181 - Corel Corporation) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel Processor Diagnostic Tool 64bit (HKLM-x32\...\{04d7bf4f-df2d-43f7-9ac0-0ecf85606989}) (Version: 4.1.3.35 - )
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
IPM_VS_Pro64 (HKLM\...\{CEE838EA-72D1-4149-91F5-5591AFE0CBBC}) (Version: 18.0 - Corel Corporation) Hidden
IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - )
iZotope iDrum (HKLM-x32\...\iZotope iDrum_is1) (Version: 1.61 - iZotope, Inc.)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Jazz-Plugin (HKLM-x32\...\{4D91EBA9-1769-467B-982B-C0693147D353}) (Version: 1.5 - Jazz-Soft)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
JDiskReport 1.4.1 (HKLM-x32\...\JDiskReport 1.4.1) (Version: 1.4.1 (2014-02-26 11:50:44) - JGoodies Karsten Lentzsch)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
K-Lite Codec Pack 13.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.5.5 - KLCP)
KRISTAL Audio Engine (HKLM-x32\...\KRISTAL Audio Engine) (Version:  - )
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Exploit version 1.13.1.98 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.13.1.98 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manager (HKLM-x32\...\{8DED36D9-54D6-4127-A112-5A1BA1CDD66B}) (Version: 5.0.26.33533 - 2017 pdfforge GmbH. All rights reserved) Hidden
Market Samurai (HKLM-x32\...\{BCBB1378-B65A-6D5C-152B-FEF3AEEE7CA8}) (Version: 0.93.86 - Alliance Software Pty Ltd) Hidden
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.86 - Alliance Software Pty Ltd)
M-Audio FireWire 6.0.4 (x64) (HKLM\...\{D53342CB-8C24-4493-9E04-C35D09873DF5}) (Version: 6.0.4 - M-Audio)
MeldaProduction Audio Plugins 9 (HKLM-x32\...\MeldaProduction Audio Plugins 9) (Version:  - MeldaProduction)
Micrologus Musician Training Center 2.3.1.6 (HKLM-x32\...\Micrologus_Musician_Training_Center_is1) (Version: 2.3.1.6 - Micrologus.com)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliPoint 7.0 (HKLM\...\{C74A84EC-7C5F-4C36-A4A6-381E516D643B}) (Version: 7.0.260.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.11929.20300 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mouse Manager (HKLM\...\Mouse Manager_is1) (Version: 1.3 - RealityRipple Software)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 2.1.3 - MusicBrainz)
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments Battery 3 (HKLM-x32\...\Native Instruments Battery 3) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Elektrik Piano (HKLM-x32\...\Native Instruments Elektrik Piano) (Version:  - )
Native Instruments Evolve Mutations (HKLM-x32\...\Native Instruments Evolve Mutations) (Version:  - Native Instruments)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version:  - Native Instruments)
Native Instruments Guitar Rig 3 (HKLM-x32\...\Native Instruments Guitar Rig 3) (Version:  - Native Instruments)
Native Instruments Guitar Rig 4 (HKLM-x32\...\Native Instruments Guitar Rig 4) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Guitar Rig v1.1.2 (HKLM-x32\...\Native Instruments Guitar Rig v1.1.2) (Version:  - )
Native Instruments Komplete 6 (HKLM-x32\...\Native Instruments Komplete 6) (Version:  - Native Instruments)
Native Instruments Kontakt 3 (HKLM-x32\...\Native Instruments Kontakt 3) (Version:  - Native Instruments)
Native Instruments Kontakt 4 (HKLM-x32\...\Native Instruments Kontakt 4) (Version:  - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Pro-53 v3.02 (HKLM-x32\...\Native Instruments Pro-53 v3.02) (Version:  - )
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:  - )
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Orb Composer S (HKLM\...\{B8013ED0-0295-4945-B444-6C9BD5687CF2}_is1) (Version: 1.4.4 - Hexachords & Team V.R)
PC 73 Virtual Piano Keyboard (HKLM-x32\...\PC 73 Virtual Piano Keyboard) (Version:  - )
PC-50 Driver (HKLM\...\RolandRDID0053) (Version:  - Roland Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.1.1 - pdfforge GmbH)
Playlist Creator 3.6.2 (HKLM-x32\...\Playlist Creator 3.6.2) (Version: 3.6.2.0 - oddgravity)
POP Peeper (HKLM-x32\...\POP Peeper) (Version:  - Esumsoft)
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
proDAD Mercalli 2.0 (64bit) (HKLM\...\proDAD-Mercalli-2.0) (Version: 2.0.120 - proDAD GmbH) Hidden
Project SAM Symphobia 1.0 (HKLM-x32\...\{676FAD0D-40C3-4911-93E7-5C70C201ADEA}_is1) (Version:  - )
Pulover's Macro Creator version 4.1.3 (HKLM\...\{223FFB42-2D49-4AF6-9EF2-82B7D0CAF8B4}_is1) (Version: 4.1.3 - Rodolfo U. Batista)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rank Tracker Samurai (HKLM-x32\...\{F9BFB0DE-0DE9-A021-D4E3-E60BC77DEE9B}) (Version: 0.00.17 - Alliance Software Pty Ltd) Hidden
Rank Tracker Samurai (HKLM-x32\...\RankTrackerSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.00.17 - Alliance Software Pty Ltd)
RapidComposer (HKLM\...\RapidComposer_is1) (Version: 3.6.5 - MusicDevelopments & Team V.R)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Reason 4.0 (HKLM-x32\...\Reason4_is1) (Version: 4.0 - Propellerhead Software AB)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
ReWire (HKLM\...\{4481A621-E317-411C-8926-864AACDF509B}) (Version: 1.00.0000 - Waves)
Riffstation (HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\{66bd4367-2215-46cb-a211-cbddfe321d39}) (Version: 1.6.3 - Sonic Ladder Ltd.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Sandboxie 5.30 (64-bit) (HKLM\...\Sandboxie) (Version: 5.30 - Sandboxie Holdings, LLC)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Security Task Manager 1.7f (HKLM-x32\...\Security Task Manager) (Version: 1.7f - Neuber GmbH)
Setup (HKLM-x32\...\{CC55892B-B7A6-4F5F-BFB4-F69D77E2D7D5}) (Version: 18.0.0.181 - Corel Corporation) Hidden
Share64 (HKLM\...\{3BB9B652-3725-419E-869F-7A5F7FE82C28}) (Version: 18.0.0.181 - Corel Corporation) Hidden
Skype version 8.23 (HKLM-x32\...\Skype_is1) (Version: 8.23 - Skype Technologies S.A.)
Softube FET Compressor VST RTAS v1.0.3 (HKLM-x32\...\Softube FET Compressor VST RTAS_is1) (Version:  - )
Softube Tube-Tech PE 1C VST RTAS v1.0.1 (HKLM-x32\...\Softube Tube-Tech PE 1C_is1) (Version:  - )
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SoundToys Native Effects VST RTAS v3.1.2 (HKLM-x32\...\SoundToys Native Effects VST RTAS_is1) (Version:  - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Stream What You Hear (SWYH) version 1.4 (HKLM-x32\...\{5FBEA9D3-668E-4B88-BF6C-E1BCF441ECFD}_is1) (Version: 1.4 - Sebastien.warin.fr)
Streaming Video Recorder V5.1.3 (HKLM-x32\...\{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1) (Version: 5.1.3 - APOWERSOFT LIMITED)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sylenth1 v2.20 (HKLM\...\Sylenth1_is1) (Version:  - )
Sylenth1 v2.20 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
System Scheduler 4.35 (HKLM-x32\...\Windows Scheduler_is1) (Version:  - Splinterware Software Solutions)
Sytrus (HKLM-x32\...\Sytrus) (Version:  - Image-Line)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TimeComX Basic (64-Bit) (HKLM-x32\...\TimeComX Basic 64-Bit) (Version: 1.3.2.0 - Bitdreamers)
Transcribe! 8.40 (HKLM-x32\...\Transcribe!_is1) (Version: 8.40 - Seventh String Software)
Trilogy (HKLM-x32\...\Trilogy_is1) (Version:  - Spectrasonics, Inc.)
TruePianos 1.5.0 (HKLM\...\TruePianos_is1) (Version:  - 4Front Technologies)
TruePianos: Amber Module 1.4.0 (HKLM-x32\...\TruePianos: Amber Module_is1) (Version:  - 4Front Technologies)
TruePianos: Diamond Module 1.4.0 (HKLM-x32\...\TruePianos: Diamond Module_is1) (Version:  - 4Front Technologies)
TruePianos: Emerald Module 1.4.0 (HKLM-x32\...\TruePianos: Emerald Module_is1) (Version:  - 4Front Technologies)
TruePianos: Sapphire Module 1.4.0 (HKLM-x32\...\TruePianos: Sapphire Module (Pedal sounds included)_is1) (Version:  - 4Front Technologies)
TruePianos: Sapphire Module 1.4.0 (HKLM-x32\...\TruePianos: Sapphire Module_is1) (Version:  - 4Front Technologies)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 15.4.0 - UMEZAWA Takeshi)
VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VideoStudio MyDVD (HKLM-x32\...\{49D8422A-D54E-425F-8A38-54167B1174A1}) (Version: 1.0 - Corel)
VideoStudio MyDVD (HKLM-x32\...\{7EB40408-4144-4477-95B5-B80B02A1FB66}) (Version: 1.0.112 - Corel Corporation) Hidden
Voxengo Boogex (HKLM\...\Voxengo Boogex_is1) (Version: 2.1 - Voxengo)
Voxengo Marvel GEQ (HKLM\...\Voxengo Marvel GEQ_is1) (Version: 1.4 - Voxengo)
Voxengo Overtone GEQ (HKLM\...\Voxengo Overtone GEQ_is1) (Version: 1.11 - Voxengo)
VSClassic64 (HKLM\...\{C8686FE2-D759-4304-9791-66ED3C1A7789}) (Version: 18.0.0.181 - Corel Corporation) Hidden
VSUltimate64 (HKLM\...\{4BBC9291-7961-42EE-9CDA-6EC4BD6EB782}) (Version: 18.0.0.181 - Corel Corporation) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wave Arts Tube Saturator (HKLM-x32\...\Wave Arts Tube Saturator) (Version:  - )
Wave Arts Tube Saturator 64 (HKLM\...\Wave Arts Tube Saturator 64) (Version:  - )
Waves Complete v8.0.11 (HKLM-x32\...\Waves Complete V8_is1) (Version:  - )
Waves Mercury Complete VST DX RTAS v1.01 (HKLM-x32\...\Waves Mercury Complete VST DX RTAS_is1) (Version:  - Waves Ltd.)
Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA  (01/16/2016 7.12.0.7723) (HKLM\...\E18EFCE3DA74D73E2828F3B3E53176B4E08B9418) (Version: 01/16/2016 7.12.0.7723 - Advanced Micro Devices)
Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA  (08/11/2015 7.12.0.7723) (HKLM\...\FF579B3D0A1F64296C1D2BD5BE5728F02B42E927) (Version: 08/11/2015 7.12.0.7723 - Advanced Micro Devices)
Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display  (04/05/2012 8.961.0.0000) (HKLM\...\66FF30DCFCACEE6BACEC2B23668C4F83C158922A) (Version: 04/05/2012 8.961.0.0000 - Advanced Micro Devices, Inc.)
Windows Driver Package - Alcor Micro, Corp. (AmUStor) USB  (04/11/2016 1.0.145.40103) (HKLM\...\7DBA26E9A80D98472F1CF95A0767EB4949C8885D) (Version: 04/11/2016 1.0.145.40103 - Alcor Micro, Corp.)
Windows Driver Package - Alcor Micro, Corp. (AmUStor) USB  (09/22/2015 1.0.144.2002) (HKLM\...\A841DAE23AACC3DE82C4ABD365CA02F42BD2D6BF) (Version: 09/22/2015 1.0.144.2002 - Alcor Micro, Corp.)
Windows Driver Package - Alcor Micro, Corp. (AmUStor) USB  (12/08/2015 1.0.145.40101) (HKLM\...\DF633FC6C1775EA261113B0E3C4728D8B6204522) (Version: 12/08/2015 1.0.145.40101 - Alcor Micro, Corp.)
Windows Driver Package - AMD (amdkmpfd) System  (02/12/2015 15.20.0.0000) (HKLM\...\708AE871DE4DE98C022B914117B48025341D07B8) (Version: 02/12/2015 15.20.0.0000 - AMD)
Windows Driver Package - AMD (amdkmpfd) System  (07/24/2013 13.15.1.0001) (HKLM\...\EF70220A4FF8FBE3EC6338B797A142BC03FACCE7) (Version: 07/24/2013 13.15.1.0001 - AMD)
Windows Driver Package - ATK (MTsensor) System  (05/05/2009 1043.6.0.0) (HKLM\...\A1CE88ECEE452DF2F78DB201E0D9BED96DD08791) (Version: 05/05/2009 1043.6.0.0 - ATK)
Windows Driver Package - BlackBerry (RimUsb) RIMUSBBB  (08/21/2015 4.2.0.37) (HKLM\...\B55CD77E7DF02D898BAAEF952AD0A614BA6C130B) (Version: 08/21/2015 4.2.0.37 - BlackBerry)
Windows Driver Package - Challenger Backup Solutions, LLC (FlashBoot) DiskDrive  (08/11/2013 2.3.72.0) (HKLM\...\CA8BFE662913F62CB908BA31685037C57A7DD973) (Version: 08/11/2013 2.3.72.0 - Challenger Backup Solutions, LLC)
Windows Driver Package - Dell Inc. Monitor  (06/22/2005 1.0) (HKLM\...\591C1894C89A0FDEDDFFF2E6FF3906BDD14F5041) (Version: 06/22/2005 1.0 - Dell Inc.)
Windows Driver Package - EPSON Printer  (04/21/2009 6.3.9600.17415) (HKLM\...\50BCF590163ED91C75D0032CD403946293288A3F) (Version: 04/21/2009 6.3.9600.17415 - EPSON)
Windows Driver Package - Fractal Audio Systems (axefx2load) USB  (05/15/2011 1.0.0.9) (HKLM\...\6AEB8A42A154DE456DE5E467C01A582911CB5C6A) (Version: 05/15/2011 1.0.0.9 - Fractal Audio Systems)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\30B2813B1F17EF6D99360A190E7F0D3BA2F0DC3C) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Windows Driver Package - Intel hdc  (07/25/2013 9.1.9.1005) (HKLM\...\45E15243FF229D0F06670A5B262CA9C7887085F6) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\0D5FF16DF1EB1D79525FA3E61418108F8F3002E1) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\CAC45647A959F237CE25C052FDB9A4A914C34830) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\ED810FFB415BA44CFFBFDE4E3A80FA4D67842D61) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB  (07/31/2013 9.1.9.1006) (HKLM\...\B0CC38E1CE139A5179BF0F8255865BD29DA00B02) (Version: 07/31/2013 9.1.9.1006 - Intel)
Windows Driver Package - JMicron (usbccgp) USB  (07/28/2009 1.0.4.2) (HKLM\...\D3AAF0E65D8B1D5934711D3312BF76371DB14E42) (Version: 07/28/2009 1.0.4.2 - JMicron)
Windows Driver Package - JMicron Technology Corp. (JRAID) SCSIAdapter  (09/17/2012 1.17.65.11) (HKLM\...\39FCA3B1E44BB5B526E74F29B111ACB49ABC9017) (Version: 09/17/2012 1.17.65.11 - JMicron Technology Corp.)
Windows Driver Package - KYE System Corp. (ioFakMap) HIDClass  (07/23/2015 10.0.0.1) (HKLM\...\4E0CA847D35A4DB0EBC8BA2B5254126B3D650579) (Version: 07/23/2015 10.0.0.1 - KYE System Corp.)
Windows Driver Package - KYE System Corp. (ioFakMap) HIDClass  (09/09/2013 6.3.0.1) (HKLM\...\2D411C1C731F85B0AE8A713F3C27A67932A89369) (Version: 09/09/2013 6.3.0.1 - KYE System Corp.)
Windows Driver Package - Logitech (HidUsb) HIDClass  (08/31/2012 1.10.77.0) (HKLM\...\5498ECA18B56D1C7C4EC25B46FBEA3A008C6545A) (Version: 08/31/2012 1.10.77.0 - Logitech)
Windows Driver Package - Logitech (usbccgp) USB  (11/04/2010 1.0.2.11) (HKLM\...\8A87028F68EFC3B6D4F26F7EF2DDB31C8F6767EF) (Version: 11/04/2010 1.0.2.11 - Logitech)
Windows Driver Package - Microsoft (usbvideo) Image  (11/30/2011 4.00.271.0) (HKLM\...\038FE5C3ADC3253893A69B8C3731D30F61329D0D) (Version: 11/30/2011 4.00.271.0 - Microsoft)
Windows Driver Package - Realtek (RTL8167) Net  (01/07/2016 7.098.0107.2016) (HKLM\...\98646A049185AFF3261925EB9AF62F27CDE1973A) (Version: 01/07/2016 7.098.0107.2016 - Realtek)
Windows Driver Package - Realtek (RTL8167) Net  (04/22/2016 7.100.0422.2016) (HKLM\...\F8155F67753B825ABE617429CF7039CBBA40F662) (Version: 04/22/2016 7.100.0422.2016 - Realtek)
Windows Driver Package - Realtek (RTL8167) Net  (10/01/2015 7.097.1001.2015) (HKLM\...\68DA79C9547185B2A7523EB8E6D022500B2B3ACC) (Version: 10/01/2015 7.097.1001.2015 - Realtek)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1925592742-456944920-4000667399-1008_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2016-01-07] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-07-13] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:/Program Files/UTILITIES/PDFCreator/PDFCreatorShell.DLL [2017-10-19] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DeskMenu] -> {7E74422F-2393-11D4-98E0-444553540000} => C:\Program Files (x86)\Desktop Restore\dkticnsr.dll [2010-11-12] (Jamie O'Connell) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-07-13] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\User1\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\User1\Desktop\PIAxTB.lnk -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\INET\PIAxTB.bat ()
Shortcut: C:\Users\User1\Desktop\RV.lnk -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\INET\TBxPIA.bat ()
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VST INST\Native Instruments\Service Center\Native Instruments Homepage.lnk -> hxxp://www.native-instruments.de
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VST INST\Native Instruments\Pro-53\Native Instruments Homepage.lnk -> hxxp://www.native-instruments.net
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VST INST\Native Instruments\Guitar Rig 1.1.2\Native Instruments Homepage.lnk -> hxxp://www.native-instruments.net
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VST FX\Native Instruments\Guitar Rig 1.1.2\Native Instruments Homepage.lnk -> hxxp://www.native-instruments.net
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NOTATION\Finale 2012\User Manual.lnk -> hxxp://www.finalemusic.com/UserManuals/Finale2012Win/Finale_Left.ht
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAINTAIN\JDiskReport 1.4.1\JGoodies Home Page.lnk -> hxxp://www.jgoodies.com
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAWs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAWs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://diagnostic.image-line.com
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAWs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAWs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AUDIO\dBpoweramp Music Converter\Register dBpoweramp.lnk -> hxxp://www.dbpoweramp.com/dmc-power-register.htm

==================== Loaded Modules (Whitelisted) ==============

2019-07-20 16:04 - 2016-08-06 15:39 - 000008704 _____ () [File not signed] C:\Portable Program Files\MSG\ThunderbirdPortable\Data\profile\extensions\[email protected]\lib\tray_x86-msvc.dll
2015-03-19 12:22 - 2015-03-19 12:22 - 000094208 _____ () [File not signed] C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll
2016-01-27 15:11 - 2012-01-29 17:55 - 000657920 _____ () [File not signed] C:\Program Files\TeraCopy\TeraCopy64.dll
2019-09-18 13:26 - 2019-09-18 13:26 - 000008704 _____ () [File not signed] C:\Users\User1\AppData\Local\Temp\nsvE543.tmp\newadvsplash.dll
2019-09-18 13:26 - 2019-09-18 13:26 - 000029696 _____ () [File not signed] C:\Users\User1\AppData\Local\Temp\nsvE543.tmp\registry.dll
2019-09-18 13:26 - 2019-09-18 13:26 - 000011264 _____ () [File not signed] C:\Users\User1\AppData\Local\Temp\nsvE543.tmp\System.dll
2018-05-02 23:24 - 2015-06-02 08:41 - 000721408 _____ (hxxp://lame.sf.net) [File not signed] C:\Program Files (x86)\AUDIO\Stream What You Hear\libmp3lame.32.dll
2016-02-09 18:37 - 2015-12-31 15:15 - 000077312 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2010-11-12 23:28 - 2010-11-12 23:28 - 000449536 _____ (Jamie O'Connell) [File not signed] C:\Program Files (x86)\Desktop Restore\dkticnsr.dll
2012-02-12 14:26 - 2012-02-12 14:26 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2012-02-12 14:26 - 2012-02-12 14:26 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2019-05-17 17:14 - 2019-05-17 17:14 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Client\AppVIsvSubsystems32.dll
2019-05-17 17:14 - 2019-05-17 17:14 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2019-05-17 17:14 - 2019-05-17 17:14 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2019-06-28 15:40 - 2018-03-24 00:05 - 000764640 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
2016-02-09 18:41 - 2018-01-07 17:05 - 000120072 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
2015-04-09 17:28 - 2015-04-09 17:28 - 000286720 _____ (Research in Motion Ltd) [File not signed] C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\rim_serial.dll
2014-11-28 12:46 - 2014-11-28 12:46 - 000469012 _____ (Research In Motion) [File not signed] C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\CE.dll
2013-08-01 17:05 - 2013-08-01 17:05 - 000112128 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2015-01-29 11:04 - 2015-01-29 11:04 - 000004096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Microsoft:lng933Lo6NoocmHoy30Ut [2282]
AlternateDataStreams: C:\ProgramData\Reprise:yhuwxvwhfkxkcgmvjenbtlifh [0]
AlternateDataStreams: C:\ProgramData\TEMP:24C8262A [121]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\dell.com -> dell.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-09-18 13:25 - 000007344 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1        localhost
127.0.0.1        74.86.5.247
127.0.0.1        tracking.opencandy.com.s3.amazonaws.com
127.0.0.1        media.opencandy.com
127.0.0.1        cdn.opencandy.com
127.0.0.1        tracking.opencandy.com
127.0.0.1        api.opencandy.com
0.0.0.0        statsfe2.update.microsoft.com.akadns.net
0.0.0.0        fe2.update.microsoft.com.akadns.net
0.0.0.0        s0.2mdn.net
0.0.0.0        survey.watson.microsoft.com
0.0.0.0        view.atdmt.com
0.0.0.0        watson.microsoft.com
0.0.0.0        watson.ppe.telemetry.microsoft.com

There are 160 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\ia32\compiler;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\VIDEO\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AcronisOSSReinstallSvc => 2
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: Gizmo Central => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: NIHardwareService => 2
MSCONFIG\Services: syncagentsrv => 2
MSCONFIG\Services: UnsignedThemes => 2
MSCONFIG\Services: WinDefend => 3
MSCONFIG\startupfolder: C:^Users^User1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avichannel => "C:\Program Files (x86)\MSG\Evaer Skype Recorder\videochannel.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: ISUSPM Startup => "c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Skype for Desktop => C:\Portable Program Files\skype-portable\app\Skype.exe
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\MAINTENANCE\TrueImageHome\TrueImageMonitor.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7276BF16-03F5-4092-A3D1-570910DD4CDA}] => (Block) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation -> Malwarebytes)
FirewallRules: [{8F8F735E-BFC5-48F5-9AF9-4746E1A72AAA}] => (Block) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation -> Malwarebytes)
FirewallRules: [{07275EB8-8FB1-4DF3-B4F8-4B7E33C9ACCB}] => (Allow) C:\Program Files (x86)\AUDIO\Winamp Lite\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{3C903969-A203-40CA-826A-78C91D9E1532}] => (Allow) C:\Program Files (x86)\AUDIO\Winamp Lite\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{56E20609-AB3F-46BF-BCA8-437C95AF384E}] => (Block) %ProgramFiles% (x86)\MAINTENANCE\EaseUS Todo PCTrans 8.6\bin\PCTrans.exe No File
FirewallRules: [{683AFC30-8E4D-4B29-AA01-DAF1FAC9ABA2}] => (Block) %ProgramFiles% (x86)\MAINTENANCE\EaseUS Todo PCTrans 8.6\bin\PCTrans.exe No File
FirewallRules: [{0B0A8C75-21CB-4939-A973-27884781226F}] => (Allow) C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A63EFC61-80C6-41BC-B263-46EB789A6787}] => (Allow) C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9D3DFA01-CBBB-4CEC-810D-C1CE8BC50517}] => (Block) %ProgramFiles% (x86)\VIDEO\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe No File
FirewallRules: [{17AC1934-72D6-4F99-B3C4-5D35FD601594}] => (Block) %ProgramFiles% (x86)\VIDEO\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe No File
FirewallRules: [TCP Query User{CDF03036-5F1B-4449-91C9-E89F25E481F3}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\inet\orbitdownloader\orbitnet.exe No File
FirewallRules: [UDP Query User{7EC33F40-F7AB-4CCD-92E1-1D098EBE71A0}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\inet\orbitdownloader\orbitnet.exe No File
FirewallRules: [{FFFAC329-843D-4B4C-B378-0A26D2082DA1}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{19AE25FA-4B4C-4FE8-941A-22B752127ADA}C:\portable program files\portableapps\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\portableapps\skypeportable\app\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{A9A343E7-7494-40B9-9062-7C2C7A736084}C:\portable program files\portableapps\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\portableapps\skypeportable\app\skype\phone\skype.exe No File
FirewallRules: [{F2B13664-C0CF-443E-9323-7AA59C9AB5A3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{9C094317-857E-4BBC-ABB9-8A198EB7B074}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{FC49401F-BD2A-46B9-9CB4-8495B2152A11}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{DB5BCCE7-A067-405E-B38B-7E9D59FF9185}] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{615FD8E7-2A10-45B4-94A9-6CA6FA3E2058}] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{52DE605D-52FD-4B65-9998-D9F50EC92171}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{49CC108C-A904-423A-AA0C-C5256BE16B45}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{19A63255-3E99-4AA8-A7AB-A93A74473391}] => (Block) %ProgramFiles% (x86)\VIDEO\Apowersoft Screen Recorder Pro 2.0.9\Apowersoft Screen Recorder Pro 2.exe No File
FirewallRules: [{B5D246FA-0172-40D8-98A0-B51B8C386508}] => (Block) %ProgramFiles% (x86)\VIDEO\Apowersoft Screen Recorder Pro 2.0.9\Apowersoft Screen Recorder Pro 2.exe No File
FirewallRules: [TCP Query User{805AA0FA-A7C3-4A40-A9E2-9FB7E6AD5A15}C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{D330B362-FC43-4C0B-91D9-D6CF44A11010}C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{298F4086-A4FB-4DE3-BE4B-1010ABEFB0ED}] => (Allow) LPort=51001
FirewallRules: [TCP Query User{0C4C360E-D6B8-47AA-93FA-E9857C929244}C:\portable program files\automate\phraseexpress\phraseexpress.exe] => (Block) C:\portable program files\automate\phraseexpress\phraseexpress.exe (Bartels Media GmbH -> Bartels Media GmbH)
FirewallRules: [UDP Query User{7A172613-B3B9-4631-94B4-E5DF36FBC873}C:\portable program files\automate\phraseexpress\phraseexpress.exe] => (Block) C:\portable program files\automate\phraseexpress\phraseexpress.exe (Bartels Media GmbH -> Bartels Media GmbH)
FirewallRules: [{3087E63C-4B9E-4D3D-A0A6-624B649CFEBD}] => (Allow) C:\Program Files (x86)\UTILITIES\RIM\Rim.Desktop.exe (Research In Motion -> Research In Motion)
FirewallRules: [{E6D4DB63-B282-491F-9160-38D68A199075}] => (Allow) C:\Program Files (x86)\UTILITIES\RIM\Rim.Desktop.exe (Research In Motion -> Research In Motion)
FirewallRules: [{157548F2-8CD2-4C01-B2A4-E0FE96CB5669}] => (Allow) LPort=4481
FirewallRules: [{2C8E22DE-2466-40C4-9468-8E9B667382B5}] => (Allow) LPort=4481
FirewallRules: [{C3159DD3-9B90-4035-BFF7-A9B462A6330F}] => (Allow) LPort=4482
FirewallRules: [{338342B8-002B-4036-B79D-8EE470B8DC2B}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{BB619C23-5A2E-413B-8689-F0B8C9952A00}C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{DF4C2ADE-C060-4500-9C05-48684BE02DB0}C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{4EDADFCE-A78B-4209-B134-12CA72A709A2}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\inet\orbitdownloader\orbitnet.exe No File
FirewallRules: [UDP Query User{7C9D37EA-595F-48AC-B1E1-58305DFC7D20}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\inet\orbitdownloader\orbitnet.exe No File
FirewallRules: [{6F8A4E5D-0E13-439B-89E2-F898138B72CD}] => (Block) %SystemDrive%\Portable Program Files\DAW\Reaper 5\reaper.exe No File
FirewallRules: [{5E1BA2ED-B2F2-4368-AC5E-2D1A00DA3AE2}] => (Block) %SystemDrive%\Portable Program Files\DAW\Reaper 5\reaper.exe No File
FirewallRules: [{69C55611-E8C5-4EB0-9315-0DBA0AD4A0F2}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{ACC4EFEA-F224-46A2-B2FA-B4D1AE2929C5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{CB17F21D-4110-469B-8103-EFD32DA4F380}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{B7B738EC-861B-4E84-A2E3-3A492788CCE8}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{48522084-EB66-4CA8-8CF8-54448155AB5E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F344E7D2-10C0-49BA-AA68-6C0A4B29746A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{157959D6-1D39-43F6-86D1-C58930392CD9}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E5BE19BB-D568-4159-ABCC-2441EA7DDAAA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A3E0608C-05A1-4F8B-B480-BCF07F37BE42}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{608BBFEC-CD06-4726-AC56-33BF9CAE1110}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{3FC17552-71B3-48A6-ACE2-382C462F16A5}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{B44A3412-BE8E-475A-A355-5D7FD658A529}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{7B0CD1B0-8E9A-452F-966C-CF50B95AD0B1}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{FB1CEFD8-2A19-4E68-9E61-62FDCDB1AE79}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{FB1904F6-5EC6-4F6C-8328-49A906E0C658}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{C19200BE-B755-44EF-80E9-B92D2AD92768}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{E62165A1-D14B-4708-9EF6-CA74E6469E5D}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{128A558E-DBEB-43AD-96A5-0D711A194CBE}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{EE37E8B9-B69F-47BF-A376-967AC114B8FD}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{87EA1D40-73A9-4BBE-8FFC-48F33B13F453}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe No File
FirewallRules: [{F9E20079-5963-4D5D-A159-8873F4B4A004}] => (Allow) LPort=51001
FirewallRules: [TCP Query User{7D542920-72D2-42F2-80CA-D8BC3D52BA2D}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{4F88A7F3-7DD5-424A-ABBC-32115CA91656}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe No File
FirewallRules: [{7BC8BFEC-5C81-4FE4-9F15-AD570573EE03}] => (Allow) tunmgr.exe No File
FirewallRules: [{BEC683C2-A866-45EB-A3F1-764D1EE90590}] => (Allow) tunmgr.exe No File
FirewallRules: [{DB1360CA-B36F-4314-A74F-C3CBF914B81F}] => (Allow) mDNSResponder.exe No File
FirewallRules: [{F2F50412-C47F-4948-8D7F-91F3D645B262}] => (Allow) mDNSResponder.exe No File
FirewallRules: [{2D88A4B8-537D-4EB1-89CD-35D7C086C4AD}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe (BlackBerry Ltd. -> )
FirewallRules: [{5975E934-291C-4D87-BBEE-B618F75399B3}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe (BlackBerry Ltd. -> BlackBerry Limited. All rights reserved)
FirewallRules: [TCP Query User{B4F7F1DE-E042-4936-8056-744A660845BF}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Block) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [UDP Query User{454B83D7-43DA-4FA7-B24B-C7B6F098A569}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Block) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [TCP Query User{F973CD42-139D-4CC9-B615-B13DAC72909F}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{A6931083-E271-4C06-BA7E-ABE871AACBCA}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{873763AD-34CA-415E-8BC2-E89A4A5922ED}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Allow) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [UDP Query User{9CD42232-D5B6-4EDD-A209-10AC000F958A}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Allow) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [TCP Query User{93A25F6F-ABE0-46A0-9946-EF79D4B9C9CB}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{3B2E817D-83C6-429B-8A17-F60FD0407278}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{94B57E57-396A-42A8-A964-7B1E086AE21E}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{30E64A32-5715-48DC-A279-8672B73F4042}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{0F0F7BE9-17B7-452C-8E20-B9831E88144F}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{5E5C7BA0-837D-40F8-8AF4-74122E5C2066}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{B32F8804-D26B-477E-BB4B-11B6BC9DF138}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{8E3D8492-879B-484F-A954-1C455F50816A}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{4442902D-1B01-45AA-A243-BAB434FD625A}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe] => (Allow) C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe No File
FirewallRules: [UDP Query User{171F69B9-26D7-4125-8926-BE1C9E711792}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe] => (Allow) C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe No File
FirewallRules: [TCP Query User{B0322ADD-DDFC-4650-8D71-8BC08CB83843}C:\portable program files\inet\winhttrack_3.48-18_rev8\bin\winhttrack\winhttrack.exe] => (Block) C:\portable program files\inet\winhttrack_3.48-18_rev8\bin\winhttrack\winhttrack.exe (Open Source Developer, Xavier Roche -> HTTrack)
FirewallRules: [UDP Query User{E2B20840-55EE-472D-B3BF-4E482492DA9D}C:\portable program files\inet\winhttrack_3.48-18_rev8\bin\winhttrack\winhttrack.exe] => (Block) C:\portable program files\inet\winhttrack_3.48-18_rev8\bin\winhttrack\winhttrack.exe (Open Source Developer, Xavier Roche -> HTTrack)
FirewallRules: [TCP Query User{7AE7AE53-BDCF-4589-ADBC-3AFF30AD325E}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe] => (Block) C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe No File
FirewallRules: [UDP Query User{7D77ECE6-CDEE-412B-9506-46193F974897}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe] => (Block) C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe No File
FirewallRules: [{BFE91F25-39BD-493D-B176-67B41553ED0D}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{798DA693-3288-4535-B055-7430C20EF39B}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{A028EAFD-429E-4025-9DCB-04ACDACB27EF}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll () [File not signed]
FirewallRules: [{B73BDB23-5B98-4503-8D53-DD8C83A8170E}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll () [File not signed]
FirewallRules: [{AD330C0B-218B-4767-AE82-56E119736790}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll () [File not signed]
FirewallRules: [{A04D3D64-8869-4FC6-B91F-19069314759C}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll () [File not signed]
FirewallRules: [{02E55126-479A-4BCB-B252-6CAB2E3B9696}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{C60BA495-AC36-4333-BDCE-AFD797E043EB}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{775A4488-04F9-4280-B1E1-E1291F59DED9}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{9E81C0A6-5FE0-4BA3-948F-9E0A1758BE2C}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{4358C953-F11F-4740-B270-BCC54D258D23}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{705DAFDD-E2D8-43B2-AEF1-CA5A436CC0EF}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{6703B2D8-666F-4F00-96CB-54D555A9F495}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{B1F8B121-748F-4F2C-A3A8-10656F8B9908}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [TCP Query User{A19847BB-7071-445F-8BB6-42833E0CB59C}C:\program files (x86)\audio\stream what you hear\swyh.exe] => (Block) C:\program files (x86)\audio\stream what you hear\swyh.exe (Sebastien.warin.fr) [File not signed]
FirewallRules: [UDP Query User{68D4689E-A0D2-40D0-A41E-95EE56FCFF3D}C:\program files (x86)\audio\stream what you hear\swyh.exe] => (Block) C:\program files (x86)\audio\stream what you hear\swyh.exe (Sebastien.warin.fr) [File not signed]
FirewallRules: [TCP Query User{7A3941F6-6713-4B21-A936-E2F344877BC7}C:\program files (x86)\audio\stream what you hear\swyh.exe] => (Block) C:\program files (x86)\audio\stream what you hear\swyh.exe (Sebastien.warin.fr) [File not signed]
FirewallRules: [UDP Query User{C78E3762-3291-4065-A248-DF13ED0A075B}C:\program files (x86)\audio\stream what you hear\swyh.exe] => (Block) C:\program files (x86)\audio\stream what you hear\swyh.exe (Sebastien.warin.fr) [File not signed]
FirewallRules: [TCP Query User{E188D6EE-D158-43B6-8547-03062D5AC899}C:\portable program files\inet\firefoxportable64\app\firefox\firefox.exe] => (Block) C:\portable program files\inet\firefoxportable64\app\firefox\firefox.exe No File
FirewallRules: [UDP Query User{EEF7D9E0-D3BF-4B6D-BB7F-60CA487EFAD4}C:\portable program files\inet\firefoxportable64\app\firefox\firefox.exe] => (Block) C:\portable program files\inet\firefoxportable64\app\firefox\firefox.exe No File
FirewallRules: [{A3C1A797-A089-436B-93FF-EC7C85C0BADE}] => (Allow) LPort=9098
FirewallRules: [{68B70A15-BAAF-499C-82A1-B53E33CB8028}] => (Allow) LPort=9098
FirewallRules: [{7A33D1EB-9D24-4AE5-AC91-91EB3D292026}] => (Allow) C:\Program Files (x86)\AnyTrans for Android\AnyTrans for Android.exe (iMobie Inc.) [File not signed]
FirewallRules: [{44C4D3B7-B7A4-49C5-AD58-DAC3B0EA4660}] => (Allow) C:\Program Files (x86)\AnyTrans for Android\AnyTrans for Android.exe (iMobie Inc.) [File not signed]
FirewallRules: [TCP Query User{2A983946-0FEF-43EA-9A8A-72BA7F16075B}C:\users\User1\downloads\sportable\app\skype\phone\skype.exe] => (Allow) C:\users\User1\downloads\sportable\app\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{813DFA3A-D7A7-404A-9658-882C8263BA84}C:\users\User1\downloads\sportable\app\skype\phone\skype.exe] => (Allow) C:\users\User1\downloads\sportable\app\skype\phone\skype.exe No File
FirewallRules: [{897273A7-90AE-4EDD-8FF1-2CD28977DCB2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3517CF07-A1F0-44AB-8E3F-8BE9E746D616}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{DB4D255E-04B5-4214-9113-7FF726E15B8C}C:\portable program files\portableapps\sportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\portableapps\sportable\app\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{BEEBF874-B9DD-43D6-84F5-59509EC6BBB6}C:\portable program files\portableapps\sportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\portableapps\sportable\app\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{55C4744E-1942-4D85-A839-480C21527E56}C:\portable program files\skype-portable\app\skype.exe] => (Allow) C:\portable program files\skype-portable\app\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{DA0BBAA8-9EFB-4A22-B8DA-B1D472F5A5DD}C:\portable program files\skype-portable\app\skype.exe] => (Allow) C:\portable program files\skype-portable\app\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{6D5AAA8A-A279-4A33-AED8-F588426F84AB}C:\portable program files\msg\sportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\sportable\app\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{9BCF3252-EC60-4479-A64C-E7D1A534DF61}C:\portable program files\msg\sportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\sportable\app\skype\phone\skype.exe No File
FirewallRules: [{D62B6C90-6D33-4000-BF2A-235CC3C4466A}] => (Allow) C:\Users\User1\AppData\Local\LINE\bin\5.10.0.1789\LINE.exe No File
FirewallRules: [{04C0B0D3-F339-4347-A94F-8E66E52CA88E}] => (Allow) C:\Users\User1\AppData\Local\LINE\bin\5.10.0.1789\LINE.exe No File
FirewallRules: [{35E352E3-4C2C-4704-86DD-1C85C2B310E9}] => (Allow) C:\Users\User1\AppData\Local\LINE\bin\5.10.0.1789\LineUpdater.exe No File
FirewallRules: [{DDF59802-79DC-49E4-A399-DE985EBA3C4B}] => (Allow) C:\Users\User1\AppData\Local\LINE\bin\5.10.0.1789\LineUpdater.exe No File
FirewallRules: [TCP Query User{C6FB997C-7D2A-4BB0-AE6B-B909EE0B1C1E}C:\users\User1\downloads\qownnotes\qownnotes.exe] => (Block) C:\users\User1\downloads\qownnotes\qownnotes.exe No File
FirewallRules: [UDP Query User{65FEA907-D435-43B0-BF5F-DDAE08525A23}C:\users\User1\downloads\qownnotes\qownnotes.exe] => (Block) C:\users\User1\downloads\qownnotes\qownnotes.exe No File
FirewallRules: [TCP Query User{69E392CE-71CD-414A-BE81-C48A61641078}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{EF1B4E72-08CD-469C-9F41-6047C0C68671}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe (Microsoft Windows -> Microsoft Corporation)

==================== Restore Points =========================

07-09-2019 15:59:09 Scheduled Checkpoint
08-09-2019 20:01:02 Revo Uninstaller's restore point - TAGO-Fences (remove only)
10-09-2019 13:28:15 Windows Update
13-09-2019 23:08:36 Windows Update
18-09-2019 13:35:46 Windows Update

==================== Faulty Device Manager Devices =============

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4d36e969-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2019 02:04:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueImageHomeNotify.exe, version: 17.0.0.6614, time stamp: 0x52691bc9
Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3
Exception code: 0x40000015
Fault offset: 0x000046b4
Faulting process id: 0x1ff4
Faulting application start time: 0x01d56dbd06d59bdc
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Report Id: 458dda15-d9b0-11e9-905d-00248c02da27

Error: (09/17/2019 11:38:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueImageHomeNotify.exe, version: 17.0.0.6614, time stamp: 0x52691bc9
Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3
Exception code: 0x40000015
Fault offset: 0x000046b4
Faulting process id: 0x1784
Faulting application start time: 0x01d56da89f114292
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Report Id: dd4389d0-d99b-11e9-905d-00248c02da27

Error: (09/17/2019 03:32:01 PM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run task  with GUID 'A2BB4F95-348C-4590-958E-DF518374D6D4' because of error 267 (The directory name is invalid).

Error: (09/17/2019 01:20:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueImageHomeNotify.exe, version: 17.0.0.6614, time stamp: 0x52691bc9
Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3
Exception code: 0x40000015
Fault offset: 0x000046b4
Faulting process id: 0x884
Faulting application start time: 0x01d56d52414ec846
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Report Id: 886fd4f5-d945-11e9-905d-00248c02da27

Error: (09/16/2019 11:47:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueImageHomeNotify.exe, version: 17.0.0.6614, time stamp: 0x52691bc9
Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3
Exception code: 0x40000015
Fault offset: 0x000046b4
Faulting process id: 0xf3c
Faulting application start time: 0x01d56ce0a90b5c14
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Report Id: e6d2f913-d8d3-11e9-84e2-00248c02da27

Error: (09/16/2019 11:38:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueImageHomeNotify.exe, version: 17.0.0.6614, time stamp: 0x52691bc9
Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3
Exception code: 0x40000015
Fault offset: 0x000046b4
Faulting process id: 0x12b0
Faulting application start time: 0x01d56cdf744fb5b9
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Report Id: b363d4c6-d8d2-11e9-84e2-00248c02da27

Error: (09/16/2019 08:28:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueImageHomeNotify.exe, version: 17.0.0.6614, time stamp: 0x52691bc9
Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3
Exception code: 0x40000015
Fault offset: 0x000046b4
Faulting process id: 0x880
Faulting application start time: 0x01d56cc4f255b120
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Report Id: 39790cd2-d8b8-11e9-84e2-00248c02da27

Error: (09/16/2019 03:32:01 PM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run task  with GUID 'A2BB4F95-348C-4590-958E-DF518374D6D4' because of error 267 (The directory name is invalid).


System errors:
=============
Error: (09/18/2019 02:09:12 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 45.

Error: (09/18/2019 02:09:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 45.

Error: (09/18/2019 01:27:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/17/2019 01:21:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/16/2019 08:29:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/16/2019 01:26:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/16/2019 01:24:05 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/16/2019 12:23:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Private Internet Access Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


CodeIntegrity:
===================================

Date: 2016-02-08 22:18:56.284
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:18:56.206
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:16:32.481
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:16:32.387
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:11:09.140
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:11:09.046
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-19 19:21:00.698
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-19 19:21:00.698
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1201 02/24/2010
Motherboard: ASUSTeK Computer INC. P6T
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 50%
Total physical RAM: 12278.12 MB
Available physical RAM: 6121.39 MB
Total Virtual: 24554.38 MB
Available Virtual: 17953.84 MB

==================== Drives ================================

Drive c: (Win7) (Fixed) (Total:465.76 GB) (Free:165.71 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (E) (Fixed) (Total:1863.01 GB) (Free:189.5 GB) NTFS
Drive i: (I) (Fixed) (Total:1863.02 GB) (Free:26.49 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 68FA4FB7)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: B55D94AC)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 1863 GB) (Disk ID: 59FFDD54)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#5
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 909 posts
Hi phickspc,

Is this computer used for business purposes?
  • 0

#6
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 362 posts

No, just me.


  • 0

#7
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 909 posts
Hi phickspc,

Did you set the following proxy server in Firefox?
 

FF NetworkProxy: Mozilla\Firefox\Profiles\i0tpy5ax.default -> type", 0


---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\MountPoints2: {825f7915-8afe-11e6-b9cc-00248c02da27} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Start.exe
    HKU\S-1-5-18\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    GroupPolicy: Restriction ? <==== ATTENTION
    Task: {03782E7F-03E0-4DEF-A906-A2FCEFE8F904} - System32\Tasks\{1A7050D9-E3AD-41F5-BA06-EE7F7E931C56} => C:\Windows\system32\pcalua.exe -a "D:\VSTi Software\Native Instruments Setups\Native.Instruments.Kontakt.VSTi.RTAS.v4.0.4.UPDATE.PROPER-AiR\Kontakt 4 Setup PC.exe" -d "D:\VSTi Software\Native Instruments Setups\Native.Instruments.Kontakt.VSTi.RTAS.v4.0.4.UPDATE.PROPER-AiR"
    Task: {20ADF8A4-1BF8-40FE-816B-0B307552DEC9} - System32\Tasks\{C56A10BC-EA49-4903-8B20-64E3BB9DD04C} => C:\Windows\system32\pcalua.exe -a C:\Users\Harvestthesouls\Downloads\IMSM_V8901023_Windows7\IMSM_V8901023_Windows7\setup.exe -d C:\Users\Harvestthesouls\Downloads\IMSM_V8901023_Windows7\IMSM_V8901023_Windows7
    Task: {40E24E2B-29F2-4DA5-B7F8-BA3DBBAA9803} - System32\Tasks\{2BE7ACF0-36A6-45B8-A198-68BF5C798FFE} => C:\Windows\system32\pcalua.exe -a C:\Users\Harvestthesouls\AppData\Local\Temp\Temp1_NI_DFD_129_Setup.zip\NI_DFD_129_Setup\NI_DFD_129_Setup.exe <==== ATTENTION
    Task: {711AE5EF-74C2-44F9-9C7F-C5F8A566B2E9} - System32\Tasks\Auslogics\Driver Updater\Start Driver Updater automatic scanning => C:\Program Files (x86)\Auslogics\Driver Updater\DriverUpdater.exe [3175840 2016-01-11] (Auslogics Labs Pty Ltd -> Auslogics)
    Task: {5B01CAE1-A362-4702-B704-8731D14DE974} - System32\Tasks\{D3060A38-6A7B-4742-A417-0A5973361847} => C:\Windows\system32\pcalua.exe -a "D:\VSTi Software\Native Instruments Setups\Native.Instruments.Kontakt.Player.v2.2.4.001.VSTi.DXi.RTAS.REPACK-DYNAMiCS\NI Kontakt Player v2.2.4.exe" -d "D:\VSTi Software\Native Instruments Setups\Native.Instruments.Kontakt.Player.v2.2.4.001.VSTi.DXi.RTAS.REPACK-DYNAMiCS"
    Task: {C047FE30-82B1-46E5-ADB5-B8A43B6054D9} - System32\Tasks\{5B69AA6C-6F32-4695-BE52-0FEEB926B8B0} => C:\Windows\system32\pcalua.exe -a I:\downloads\pianitostudio.exe -d I:\downloads
    Task: {DA667271-97E7-498C-B38A-59887BC791CE} - System32\Tasks\{6F0D982D-0A7A-4A2A-AFD1-379D6FE7F3F7} => C:\Windows\system32\pcalua.exe -a "F:\Install Reason.exe" -d F:\
    Task: {E8DDAC1D-CA83-4E6F-B1F9-525B27AA9B1D} - System32\Tasks\{5BD0C69B-C1B9-4770-9C61-4D441974B34D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Harvestthesouls\AppData\Local\Temp\Temp1_East West Updates.zip\East West Updates\EWQLSO\gold\EWQLSO Gold Edition Setup.exe" <==== ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
    S3 ALSysIO; \??\C:\Users\User1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
    S3 EWAVE; \??\C:\Windows\system32\drivers\ew.sys [X]
    S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
    AlternateDataStreams: C:\Windows:nlsPreferences [386]
    AlternateDataStreams: C:\ProgramData\Microsoft:lng933Lo6NoocmHoy30Ut [2282]
    AlternateDataStreams: C:\ProgramData\Reprise:yhuwxvwhfkxkcgmvjenbtlifh [0]
    AlternateDataStreams: C:\ProgramData\TEMP:24C8262A [121]
    FirewallRules: [{56E20609-AB3F-46BF-BCA8-437C95AF384E}] => (Block) %ProgramFiles% (x86)\MAINTENANCE\EaseUS Todo PCTrans 8.6\bin\PCTrans.exe No File
    FirewallRules: [{683AFC30-8E4D-4B29-AA01-DAF1FAC9ABA2}] => (Block) %ProgramFiles% (x86)\MAINTENANCE\EaseUS Todo PCTrans 8.6\bin\PCTrans.exe No File
    FirewallRules: [{9D3DFA01-CBBB-4CEC-810D-C1CE8BC50517}] => (Block) %ProgramFiles% (x86)\VIDEO\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe No File
    FirewallRules: [{17AC1934-72D6-4F99-B3C4-5D35FD601594}] => (Block) %ProgramFiles% (x86)\VIDEO\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe No File
    FirewallRules: [TCP Query User{CDF03036-5F1B-4449-91C9-E89F25E481F3}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\inet\orbitdownloader\orbitnet.exe No File
    FirewallRules: [UDP Query User{7EC33F40-F7AB-4CCD-92E1-1D098EBE71A0}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\inet\orbitdownloader\orbitnet.exe No File
    FirewallRules: [TCP Query User{19AE25FA-4B4C-4FE8-941A-22B752127ADA}C:\portable program files\portableapps\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\portableapps\skypeportable\app\skype\phone\skype.exe No File
    FirewallRules: [UDP Query User{A9A343E7-7494-40B9-9062-7C2C7A736084}C:\portable program files\portableapps\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\portableapps\skypeportable\app\skype\phone\skype.exe No File
    FirewallRules: [{19A63255-3E99-4AA8-A7AB-A93A74473391}] => (Block) %ProgramFiles% (x86)\VIDEO\Apowersoft Screen Recorder Pro 2.0.9\Apowersoft Screen Recorder Pro 2.exe No File
    FirewallRules: [{B5D246FA-0172-40D8-98A0-B51B8C386508}] => (Block) %ProgramFiles% (x86)\VIDEO\Apowersoft Screen Recorder Pro 2.0.9\Apowersoft Screen Recorder Pro 2.exe No File
    FirewallRules: [TCP Query User{4EDADFCE-A78B-4209-B134-12CA72A709A2}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\inet\orbitdownloader\orbitnet.exe No File
    FirewallRules: [UDP Query User{7C9D37EA-595F-48AC-B1E1-58305DFC7D20}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\inet\orbitdownloader\orbitnet.exe No File
    FirewallRules: [{6F8A4E5D-0E13-439B-89E2-F898138B72CD}] => (Block) %SystemDrive%\Portable Program Files\DAW\Reaper 5\reaper.exe No File
    FirewallRules: [{5E1BA2ED-B2F2-4368-AC5E-2D1A00DA3AE2}] => (Block) %SystemDrive%\Portable Program Files\DAW\Reaper 5\reaper.exe No File
    FirewallRules: [TCP Query User{A3E0608C-05A1-4F8B-B480-BCF07F37BE42}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe No File
    FirewallRules: [UDP Query User{608BBFEC-CD06-4726-AC56-33BF9CAE1110}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe No File
    FirewallRules: [TCP Query User{3FC17552-71B3-48A6-ACE2-382C462F16A5}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe No File
    FirewallRules: [UDP Query User{B44A3412-BE8E-475A-A355-5D7FD658A529}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe No File
    FirewallRules: [TCP Query User{7B0CD1B0-8E9A-452F-966C-CF50B95AD0B1}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe No File
    FirewallRules: [UDP Query User{FB1CEFD8-2A19-4E68-9E61-62FDCDB1AE79}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe No File
    FirewallRules: [TCP Query User{FB1904F6-5EC6-4F6C-8328-49A906E0C658}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe No File
    FirewallRules: [UDP Query User{C19200BE-B755-44EF-80E9-B92D2AD92768}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe No File
    FirewallRules: [TCP Query User{E62165A1-D14B-4708-9EF6-CA74E6469E5D}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe No File
    FirewallRules: [UDP Query User{128A558E-DBEB-43AD-96A5-0D711A194CBE}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe No File
    FirewallRules: [TCP Query User{EE37E8B9-B69F-47BF-A376-967AC114B8FD}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe No File
    FirewallRules: [UDP Query User{87EA1D40-73A9-4BBE-8FFC-48F33B13F453}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe No File
    FirewallRules: [TCP Query User{7D542920-72D2-42F2-80CA-D8BC3D52BA2D}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe No File
    FirewallRules: [UDP Query User{4F88A7F3-7DD5-424A-ABBC-32115CA91656}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe No File
    FirewallRules: [{7BC8BFEC-5C81-4FE4-9F15-AD570573EE03}] => (Allow) tunmgr.exe No File
    FirewallRules: [{BEC683C2-A866-45EB-A3F1-764D1EE90590}] => (Allow) tunmgr.exe No File
    FirewallRules: [{DB1360CA-B36F-4314-A74F-C3CBF914B81F}] => (Allow) mDNSResponder.exe No File
    FirewallRules: [{F2F50412-C47F-4948-8D7F-91F3D645B262}] => (Allow) mDNSResponder.exe No File
    FirewallRules: [TCP Query User{F973CD42-139D-4CC9-B615-B13DAC72909F}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe No File
    FirewallRules: [UDP Query User{A6931083-E271-4C06-BA7E-ABE871AACBCA}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe No File
    FirewallRules: [TCP Query User{93A25F6F-ABE0-46A0-9946-EF79D4B9C9CB}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe No File
    FirewallRules: [UDP Query User{3B2E817D-83C6-429B-8A17-F60FD0407278}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe No File
    FirewallRules: [TCP Query User{94B57E57-396A-42A8-A964-7B1E086AE21E}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe No File
    FirewallRules: [UDP Query User{30E64A32-5715-48DC-A279-8672B73F4042}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe No File
    FirewallRules: [TCP Query User{0F0F7BE9-17B7-452C-8E20-B9831E88144F}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe No File
    FirewallRules: [UDP Query User{5E5C7BA0-837D-40F8-8AF4-74122E5C2066}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe No File
    FirewallRules: [TCP Query User{B32F8804-D26B-477E-BB4B-11B6BC9DF138}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe No File
    FirewallRules: [UDP Query User{8E3D8492-879B-484F-A954-1C455F50816A}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe No File
    FirewallRules: [TCP Query User{4442902D-1B01-45AA-A243-BAB434FD625A}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe] => (Allow) C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe No File
    FirewallRules: [UDP Query User{171F69B9-26D7-4125-8926-BE1C9E711792}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe] => (Allow) C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe No File
    FirewallRules: [TCP Query User{7AE7AE53-BDCF-4589-ADBC-3AFF30AD325E}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe] => (Block) C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe No File
    FirewallRules: [UDP Query User{7D77ECE6-CDEE-412B-9506-46193F974897}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe] => (Block) C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe No File
    FirewallRules: [TCP Query User{E188D6EE-D158-43B6-8547-03062D5AC899}C:\portable program files\inet\firefoxportable64\app\firefox\firefox.exe] => (Block) C:\portable program files\inet\firefoxportable64\app\firefox\firefox.exe No File
    FirewallRules: [UDP Query User{EEF7D9E0-D3BF-4B6D-BB7F-60CA487EFAD4}C:\portable program files\inet\firefoxportable64\app\firefox\firefox.exe] => (Block) C:\portable program files\inet\firefoxportable64\app\firefox\firefox.exe No File
    FirewallRules: [TCP Query User{2A983946-0FEF-43EA-9A8A-72BA7F16075B}C:\users\User1\downloads\sportable\app\skype\phone\skype.exe] => (Allow) C:\users\User1\downloads\sportable\app\skype\phone\skype.exe No File
    FirewallRules: [UDP Query User{813DFA3A-D7A7-404A-9658-882C8263BA84}C:\users\User1\downloads\sportable\app\skype\phone\skype.exe] => (Allow) C:\users\User1\downloads\sportable\app\skype\phone\skype.exe No File
    FirewallRules: [TCP Query User{DB4D255E-04B5-4214-9113-7FF726E15B8C}C:\portable program files\portableapps\sportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\portableapps\sportable\app\skype\phone\skype.exe No File
    FirewallRules: [UDP Query User{BEEBF874-B9DD-43D6-84F5-59509EC6BBB6}C:\portable program files\portableapps\sportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\portableapps\sportable\app\skype\phone\skype.exe No File
    FirewallRules: [TCP Query User{6D5AAA8A-A279-4A33-AED8-F588426F84AB}C:\portable program files\msg\sportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\sportable\app\skype\phone\skype.exe No File
    FirewallRules: [UDP Query User{9BCF3252-EC60-4479-A64C-E7D1A534DF61}C:\portable program files\msg\sportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\sportable\app\skype\phone\skype.exe No File
    FirewallRules: [{D62B6C90-6D33-4000-BF2A-235CC3C4466A}] => (Allow) C:\Users\User1\AppData\Local\LINE\bin\5.10.0.1789\LINE.exe No File
    FirewallRules: [{04C0B0D3-F339-4347-A94F-8E66E52CA88E}] => (Allow) C:\Users\User1\AppData\Local\LINE\bin\5.10.0.1789\LINE.exe No File
    FirewallRules: [{35E352E3-4C2C-4704-86DD-1C85C2B310E9}] => (Allow) C:\Users\User1\AppData\Local\LINE\bin\5.10.0.1789\LineUpdater.exe No File
    FirewallRules: [{DDF59802-79DC-49E4-A399-DE985EBA3C4B}] => (Allow) C:\Users\User1\AppData\Local\LINE\bin\5.10.0.1789\LineUpdater.exe No File
    FirewallRules: [TCP Query User{C6FB997C-7D2A-4BB0-AE6B-B909EE0B1C1E}C:\users\User1\downloads\qownnotes\qownnotes.exe] => (Block) C:\users\User1\downloads\qownnotes\qownnotes.exe No File
    FirewallRules: [UDP Query User{65FEA907-D435-43B0-BF5F-DDAE08525A23}C:\users\User1\downloads\qownnotes\qownnotes.exe] => (Block) C:\users\User1\downloads\qownnotes\qownnotes.exe No File
    C:\Program Files (x86)\Auslogics
    VirusTotal: C:\Users\User2\AppData\Roaming\Microsoft\Installer\{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}\_8C4C6DE2B4274D54DAD619.exe
    CMD: ipconfig /flushdns
    CMD: Bitsadmin /Reset /Allusers
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • Let me know how the computer is doing.

  • 0

#8
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 362 posts

Where do I copy & paste that text and what will it do?

My apologies, I misread your post.

But just to understand what I'm doing, could you please explain what the script will do to those specific entries?


Edited by phickspc, 21 September 2019 - 05:57 AM.

  • 0

#9
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 909 posts
Hi phickspc,

No need to paste the script. FRST will read the contents of the Windows clipboard when you click Fix.

The script will create a restore point, remove a few "orphaned" registry entries associated with files that are no longer present, and the remnants of a program that is no longer uninstalled. The fix will also upload a file to VirusTotal to be scanned, as well as empty temporary files/etc.
  • 0

#10
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 362 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-09-2019
Ran by User1 (22-09-2019 17:08:21) Run:2
Running from C:\Users\User1\Desktop
Loaded Profiles: User1 (Available Profiles: User3 & User2 & User1 & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\MountPoints2: {825f7915-8afe-11e6-b9cc-00248c02da27} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Start.exe
HKU\S-1-5-18\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
GroupPolicy: Restriction ? <==== ATTENTION
Task: {03782E7F-03E0-4DEF-A906-A2FCEFE8F904} - System32\Tasks\{1A7050D9-E3AD-41F5-BA06-EE7F7E931C56} => C:\Windows\system32\pcalua.exe -a "D:\VSTi Software\Native Instruments Setups\Native.Instruments.Kontakt.VSTi.RTAS.v4.0.4.UPDATE.PROPER-AiR\Kontakt 4 Setup PC.exe" -d "D:\VSTi Software\Native Instruments Setups\Native.Instruments.Kontakt.VSTi.RTAS.v4.0.4.UPDATE.PROPER-AiR"
Task: {20ADF8A4-1BF8-40FE-816B-0B307552DEC9} - System32\Tasks\{C56A10BC-EA49-4903-8B20-64E3BB9DD04C} => C:\Windows\system32\pcalua.exe -a C:\Users\Harvestthesouls\Downloads\IMSM_V8901023_Windows7\IMSM_V8901023_Windows7\setup.exe -d C:\Users\Harvestthesouls\Downloads\IMSM_V8901023_Windows7\IMSM_V8901023_Windows7
Task: {40E24E2B-29F2-4DA5-B7F8-BA3DBBAA9803} - System32\Tasks\{2BE7ACF0-36A6-45B8-A198-68BF5C798FFE} => C:\Windows\system32\pcalua.exe -a C:\Users\Harvestthesouls\AppData\Local\Temp\Temp1_NI_DFD_129_Setup.zip\NI_DFD_129_Setup\NI_DFD_129_Setup.exe <==== ATTENTION
Task: {711AE5EF-74C2-44F9-9C7F-C5F8A566B2E9} - System32\Tasks\Auslogics\Driver Updater\Start Driver Updater automatic scanning => C:\Program Files (x86)\Auslogics\Driver Updater\DriverUpdater.exe [3175840 2016-01-11] (Auslogics Labs Pty Ltd -> Auslogics)
Task: {5B01CAE1-A362-4702-B704-8731D14DE974} - System32\Tasks\{D3060A38-6A7B-4742-A417-0A5973361847} => C:\Windows\system32\pcalua.exe -a "D:\VSTi Software\Native Instruments Setups\Native.Instruments.Kontakt.Player.v2.2.4.001.VSTi.DXi.RTAS.REPACK-DYNAMiCS\NI Kontakt Player v2.2.4.exe" -d "D:\VSTi Software\Native Instruments Setups\Native.Instruments.Kontakt.Player.v2.2.4.001.VSTi.DXi.RTAS.REPACK-DYNAMiCS"
Task: {C047FE30-82B1-46E5-ADB5-B8A43B6054D9} - System32\Tasks\{5B69AA6C-6F32-4695-BE52-0FEEB926B8B0} => C:\Windows\system32\pcalua.exe -a I:\downloads\pianitostudio.exe -d I:\downloads
Task: {DA667271-97E7-498C-B38A-59887BC791CE} - System32\Tasks\{6F0D982D-0A7A-4A2A-AFD1-379D6FE7F3F7} => C:\Windows\system32\pcalua.exe -a "F:\Install Reason.exe" -d F:\
Task: {E8DDAC1D-CA83-4E6F-B1F9-525B27AA9B1D} - System32\Tasks\{5BD0C69B-C1B9-4770-9C61-4D441974B34D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Harvestthesouls\AppData\Local\Temp\Temp1_East West Updates.zip\East West Updates\EWQLSO\gold\EWQLSO Gold Edition Setup.exe" <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
S3 ALSysIO; \??\C:\Users\User1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 EWAVE; \??\C:\Windows\system32\drivers\ew.sys [X]
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Microsoft:lng933Lo6NoocmHoy30Ut [2282]
AlternateDataStreams: C:\ProgramData\Reprise:yhuwxvwhfkxkcgmvjenbtlifh [0]
AlternateDataStreams: C:\ProgramData\TEMP:24C8262A [121]
FirewallRules: [{56E20609-AB3F-46BF-BCA8-437C95AF384E}] => (Block) %ProgramFiles% (x86)\MAINTENANCE\EaseUS Todo PCTrans 8.6\bin\PCTrans.exe No File
FirewallRules: [{683AFC30-8E4D-4B29-AA01-DAF1FAC9ABA2}] => (Block) %ProgramFiles% (x86)\MAINTENANCE\EaseUS Todo PCTrans 8.6\bin\PCTrans.exe No File
FirewallRules: [{9D3DFA01-CBBB-4CEC-810D-C1CE8BC50517}] => (Block) %ProgramFiles% (x86)\VIDEO\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe No File
FirewallRules: [{17AC1934-72D6-4F99-B3C4-5D35FD601594}] => (Block) %ProgramFiles% (x86)\VIDEO\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe No File
FirewallRules: [TCP Query User{CDF03036-5F1B-4449-91C9-E89F25E481F3}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\inet\orbitdownloader\orbitnet.exe No File
FirewallRules: [UDP Query User{7EC33F40-F7AB-4CCD-92E1-1D098EBE71A0}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\inet\orbitdownloader\orbitnet.exe No File
FirewallRules: [TCP Query User{19AE25FA-4B4C-4FE8-941A-22B752127ADA}C:\portable program files\portableapps\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\portableapps\skypeportable\app\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{A9A343E7-7494-40B9-9062-7C2C7A736084}C:\portable program files\portableapps\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\portableapps\skypeportable\app\skype\phone\skype.exe No File
FirewallRules: [{19A63255-3E99-4AA8-A7AB-A93A74473391}] => (Block) %ProgramFiles% (x86)\VIDEO\Apowersoft Screen Recorder Pro 2.0.9\Apowersoft Screen Recorder Pro 2.exe No File
FirewallRules: [{B5D246FA-0172-40D8-98A0-B51B8C386508}] => (Block) %ProgramFiles% (x86)\VIDEO\Apowersoft Screen Recorder Pro 2.0.9\Apowersoft Screen Recorder Pro 2.exe No File
FirewallRules: [TCP Query User{4EDADFCE-A78B-4209-B134-12CA72A709A2}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\inet\orbitdownloader\orbitnet.exe No File
FirewallRules: [UDP Query User{7C9D37EA-595F-48AC-B1E1-58305DFC7D20}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe] => (Block) C:\program files (x86)\inet\orbitdownloader\orbitnet.exe No File
FirewallRules: [{6F8A4E5D-0E13-439B-89E2-F898138B72CD}] => (Block) %SystemDrive%\Portable Program Files\DAW\Reaper 5\reaper.exe No File
FirewallRules: [{5E1BA2ED-B2F2-4368-AC5E-2D1A00DA3AE2}] => (Block) %SystemDrive%\Portable Program Files\DAW\Reaper 5\reaper.exe No File
FirewallRules: [TCP Query User{A3E0608C-05A1-4F8B-B480-BCF07F37BE42}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{608BBFEC-CD06-4726-AC56-33BF9CAE1110}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{3FC17552-71B3-48A6-ACE2-382C462F16A5}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{B44A3412-BE8E-475A-A355-5D7FD658A529}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{7B0CD1B0-8E9A-452F-966C-CF50B95AD0B1}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{FB1CEFD8-2A19-4E68-9E61-62FDCDB1AE79}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{FB1904F6-5EC6-4F6C-8328-49A906E0C658}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{C19200BE-B755-44EF-80E9-B92D2AD92768}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{E62165A1-D14B-4708-9EF6-CA74E6469E5D}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{128A558E-DBEB-43AD-96A5-0D711A194CBE}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{EE37E8B9-B69F-47BF-A376-967AC114B8FD}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{87EA1D40-73A9-4BBE-8FFC-48F33B13F453}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{7D542920-72D2-42F2-80CA-D8BC3D52BA2D}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{4F88A7F3-7DD5-424A-ABBC-32115CA91656}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe No File
FirewallRules: [{7BC8BFEC-5C81-4FE4-9F15-AD570573EE03}] => (Allow) tunmgr.exe No File
FirewallRules: [{BEC683C2-A866-45EB-A3F1-764D1EE90590}] => (Allow) tunmgr.exe No File
FirewallRules: [{DB1360CA-B36F-4314-A74F-C3CBF914B81F}] => (Allow) mDNSResponder.exe No File
FirewallRules: [{F2F50412-C47F-4948-8D7F-91F3D645B262}] => (Allow) mDNSResponder.exe No File
FirewallRules: [TCP Query User{F973CD42-139D-4CC9-B615-B13DAC72909F}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{A6931083-E271-4C06-BA7E-ABE871AACBCA}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{93A25F6F-ABE0-46A0-9946-EF79D4B9C9CB}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{3B2E817D-83C6-429B-8A17-F60FD0407278}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{94B57E57-396A-42A8-A964-7B1E086AE21E}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{30E64A32-5715-48DC-A279-8672B73F4042}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{0F0F7BE9-17B7-452C-8E20-B9831E88144F}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{5E5C7BA0-837D-40F8-8AF4-74122E5C2066}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{B32F8804-D26B-477E-BB4B-11B6BC9DF138}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{8E3D8492-879B-484F-A954-1C455F50816A}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe No File
FirewallRules: [TCP Query User{4442902D-1B01-45AA-A243-BAB434FD625A}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe] => (Allow) C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe No File
FirewallRules: [UDP Query User{171F69B9-26D7-4125-8926-BE1C9E711792}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe] => (Allow) C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe No File
FirewallRules: [TCP Query User{7AE7AE53-BDCF-4589-ADBC-3AFF30AD325E}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe] => (Block) C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe No File
FirewallRules: [UDP Query User{7D77ECE6-CDEE-412B-9506-46193F974897}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe] => (Block) C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe No File
FirewallRules: [TCP Query User{E188D6EE-D158-43B6-8547-03062D5AC899}C:\portable program files\inet\firefoxportable64\app\firefox\firefox.exe] => (Block) C:\portable program files\inet\firefoxportable64\app\firefox\firefox.exe No File
FirewallRules: [UDP Query User{EEF7D9E0-D3BF-4B6D-BB7F-60CA487EFAD4}C:\portable program files\inet\firefoxportable64\app\firefox\firefox.exe] => (Block) C:\portable program files\inet\firefoxportable64\app\firefox\firefox.exe No File
FirewallRules: [TCP Query User{2A983946-0FEF-43EA-9A8A-72BA7F16075B}C:\users\User1\downloads\sportable\app\skype\phone\skype.exe] => (Allow) C:\users\User1\downloads\sportable\app\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{813DFA3A-D7A7-404A-9658-882C8263BA84}C:\users\User1\downloads\sportable\app\skype\phone\skype.exe] => (Allow) C:\users\User1\downloads\sportable\app\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{DB4D255E-04B5-4214-9113-7FF726E15B8C}C:\portable program files\portableapps\sportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\portableapps\sportable\app\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{BEEBF874-B9DD-43D6-84F5-59509EC6BBB6}C:\portable program files\portableapps\sportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\portableapps\sportable\app\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{6D5AAA8A-A279-4A33-AED8-F588426F84AB}C:\portable program files\msg\sportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\sportable\app\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{9BCF3252-EC60-4479-A64C-E7D1A534DF61}C:\portable program files\msg\sportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\sportable\app\skype\phone\skype.exe No File
FirewallRules: [{D62B6C90-6D33-4000-BF2A-235CC3C4466A}] => (Allow) C:\Users\User1\AppData\Local\LINE\bin\5.10.0.1789\LINE.exe No File
FirewallRules: [{04C0B0D3-F339-4347-A94F-8E66E52CA88E}] => (Allow) C:\Users\User1\AppData\Local\LINE\bin\5.10.0.1789\LINE.exe No File
FirewallRules: [{35E352E3-4C2C-4704-86DD-1C85C2B310E9}] => (Allow) C:\Users\User1\AppData\Local\LINE\bin\5.10.0.1789\LineUpdater.exe No File
FirewallRules: [{DDF59802-79DC-49E4-A399-DE985EBA3C4B}] => (Allow) C:\Users\User1\AppData\Local\LINE\bin\5.10.0.1789\LineUpdater.exe No File
FirewallRules: [TCP Query User{C6FB997C-7D2A-4BB0-AE6B-B909EE0B1C1E}C:\users\User1\downloads\qownnotes\qownnotes.exe] => (Block) C:\users\User1\downloads\qownnotes\qownnotes.exe No File
FirewallRules: [UDP Query User{65FEA907-D435-43B0-BF5F-DDAE08525A23}C:\users\User1\downloads\qownnotes\qownnotes.exe] => (Block) C:\users\User1\downloads\qownnotes\qownnotes.exe No File
C:\Program Files (x86)\Auslogics
VirusTotal: C:\Users\User2\AppData\Roaming\Microsoft\Installer\{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}\_8C4C6DE2B4274D54DAD619.exe
CMD: ipconfig /flushdns
CMD: Bitsadmin /Reset /Allusers

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{825f7915-8afe-11e6-b9cc-00248c02da27} => removed successfully
HKLM\Software\Classes\CLSID\{825f7915-8afe-11e6-b9cc-00248c02da27} => not found
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03782E7F-03E0-4DEF-A906-A2FCEFE8F904}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03782E7F-03E0-4DEF-A906-A2FCEFE8F904}" => removed successfully
C:\Windows\System32\Tasks\{1A7050D9-E3AD-41F5-BA06-EE7F7E931C56} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1A7050D9-E3AD-41F5-BA06-EE7F7E931C56}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20ADF8A4-1BF8-40FE-816B-0B307552DEC9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20ADF8A4-1BF8-40FE-816B-0B307552DEC9}" => removed successfully
C:\Windows\System32\Tasks\{C56A10BC-EA49-4903-8B20-64E3BB9DD04C} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C56A10BC-EA49-4903-8B20-64E3BB9DD04C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40E24E2B-29F2-4DA5-B7F8-BA3DBBAA9803}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40E24E2B-29F2-4DA5-B7F8-BA3DBBAA9803}" => removed successfully
C:\Windows\System32\Tasks\{2BE7ACF0-36A6-45B8-A198-68BF5C798FFE} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2BE7ACF0-36A6-45B8-A198-68BF5C798FFE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{711AE5EF-74C2-44F9-9C7F-C5F8A566B2E9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{711AE5EF-74C2-44F9-9C7F-C5F8A566B2E9}" => removed successfully
C:\Windows\System32\Tasks\Auslogics\Driver Updater\Start Driver Updater automatic scanning => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\Driver Updater\Start Driver Updater automatic scanning" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B01CAE1-A362-4702-B704-8731D14DE974}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B01CAE1-A362-4702-B704-8731D14DE974}" => removed successfully
C:\Windows\System32\Tasks\{D3060A38-6A7B-4742-A417-0A5973361847} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D3060A38-6A7B-4742-A417-0A5973361847}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C047FE30-82B1-46E5-ADB5-B8A43B6054D9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C047FE30-82B1-46E5-ADB5-B8A43B6054D9}" => removed successfully
C:\Windows\System32\Tasks\{5B69AA6C-6F32-4695-BE52-0FEEB926B8B0} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5B69AA6C-6F32-4695-BE52-0FEEB926B8B0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA667271-97E7-498C-B38A-59887BC791CE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA667271-97E7-498C-B38A-59887BC791CE}" => removed successfully
C:\Windows\System32\Tasks\{6F0D982D-0A7A-4A2A-AFD1-379D6FE7F3F7} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6F0D982D-0A7A-4A2A-AFD1-379D6FE7F3F7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8DDAC1D-CA83-4E6F-B1F9-525B27AA9B1D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8DDAC1D-CA83-4E6F-B1F9-525B27AA9B1D}" => removed successfully
C:\Windows\System32\Tasks\{5BD0C69B-C1B9-4770-9C61-4D441974B34D} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5BD0C69B-C1B9-4770-9C61-4D441974B34D}" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully
HKLM\System\CurrentControlSet\Services\ALSysIO => removed successfully
ALSysIO => service removed successfully
HKLM\System\CurrentControlSet\Services\EWAVE => removed successfully
EWAVE => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMFarflt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible => removed successfully
nvvad_WaveExtensible => service removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully
C:\ProgramData\Microsoft => ":lng933Lo6NoocmHoy30Ut" ADS removed successfully
C:\ProgramData\Reprise => ":yhuwxvwhfkxkcgmvjenbtlifh" ADS removed successfully
C:\ProgramData\TEMP => ":24C8262A" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56E20609-AB3F-46BF-BCA8-437C95AF384E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{683AFC30-8E4D-4B29-AA01-DAF1FAC9ABA2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D3DFA01-CBBB-4CEC-810D-C1CE8BC50517}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17AC1934-72D6-4F99-B3C4-5D35FD601594}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CDF03036-5F1B-4449-91C9-E89F25E481F3}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7EC33F40-F7AB-4CCD-92E1-1D098EBE71A0}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{19AE25FA-4B4C-4FE8-941A-22B752127ADA}C:\portable program files\portableapps\skypeportable\app\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A9A343E7-7494-40B9-9062-7C2C7A736084}C:\portable program files\portableapps\skypeportable\app\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19A63255-3E99-4AA8-A7AB-A93A74473391}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5D246FA-0172-40D8-98A0-B51B8C386508}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4EDADFCE-A78B-4209-B134-12CA72A709A2}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7C9D37EA-595F-48AC-B1E1-58305DFC7D20}C:\program files (x86)\inet\orbitdownloader\orbitnet.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F8A4E5D-0E13-439B-89E2-F898138B72CD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E1BA2ED-B2F2-4368-AC5E-2D1A00DA3AE2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A3E0608C-05A1-4F8B-B480-BCF07F37BE42}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{608BBFEC-CD06-4726-AC56-33BF9CAE1110}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3FC17552-71B3-48A6-ACE2-382C462F16A5}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B44A3412-BE8E-475A-A355-5D7FD658A529}C:\programdata\logishrd\logioptions\software\6.00.540\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7B0CD1B0-8E9A-452F-966C-CF50B95AD0B1}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FB1CEFD8-2A19-4E68-9E61-62FDCDB1AE79}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FB1904F6-5EC6-4F6C-8328-49A906E0C658}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C19200BE-B755-44EF-80E9-B92D2AD92768}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E62165A1-D14B-4708-9EF6-CA74E6469E5D}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{128A558E-DBEB-43AD-96A5-0D711A194CBE}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EE37E8B9-B69F-47BF-A376-967AC114B8FD}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{87EA1D40-73A9-4BBE-8FFC-48F33B13F453}C:\programdata\logishrd\logioptions\software\6.20.43\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7D542920-72D2-42F2-80CA-D8BC3D52BA2D}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4F88A7F3-7DD5-424A-ABBC-32115CA91656}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BC8BFEC-5C81-4FE4-9F15-AD570573EE03}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BEC683C2-A866-45EB-A3F1-764D1EE90590}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB1360CA-B36F-4314-A74F-C3CBF914B81F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2F50412-C47F-4948-8D7F-91F3D645B262}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F973CD42-139D-4CC9-B615-B13DAC72909F}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A6931083-E271-4C06-BA7E-ABE871AACBCA}C:\programdata\logishrd\logioptions\software\6.30.80\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{93A25F6F-ABE0-46A0-9946-EF79D4B9C9CB}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3B2E817D-83C6-429B-8A17-F60FD0407278}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{94B57E57-396A-42A8-A964-7B1E086AE21E}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{30E64A32-5715-48DC-A279-8672B73F4042}C:\programdata\logishrd\logioptions\software\6.40.169\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0F0F7BE9-17B7-452C-8E20-B9831E88144F}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5E5C7BA0-837D-40F8-8AF4-74122E5C2066}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B32F8804-D26B-477E-BB4B-11B6BC9DF138}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8E3D8492-879B-484F-A954-1C455F50816A}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4442902D-1B01-45AA-A243-BAB434FD625A}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{171F69B9-26D7-4125-8926-BE1C9E711792}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7AE7AE53-BDCF-4589-ADBC-3AFF30AD325E}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7D77ECE6-CDEE-412B-9506-46193F974897}C:\portable program files\inet\firefoxportable\app\firefox64\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E188D6EE-D158-43B6-8547-03062D5AC899}C:\portable program files\inet\firefoxportable64\app\firefox\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EEF7D9E0-D3BF-4B6D-BB7F-60CA487EFAD4}C:\portable program files\inet\firefoxportable64\app\firefox\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2A983946-0FEF-43EA-9A8A-72BA7F16075B}C:\users\User1\downloads\sportable\app\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{813DFA3A-D7A7-404A-9658-882C8263BA84}C:\users\User1\downloads\sportable\app\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DB4D255E-04B5-4214-9113-7FF726E15B8C}C:\portable program files\portableapps\sportable\app\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BEEBF874-B9DD-43D6-84F5-59509EC6BBB6}C:\portable program files\portableapps\sportable\app\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6D5AAA8A-A279-4A33-AED8-F588426F84AB}C:\portable program files\msg\sportable\app\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9BCF3252-EC60-4479-A64C-E7D1A534DF61}C:\portable program files\msg\sportable\app\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D62B6C90-6D33-4000-BF2A-235CC3C4466A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{04C0B0D3-F339-4347-A94F-8E66E52CA88E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35E352E3-4C2C-4704-86DD-1C85C2B310E9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDF59802-79DC-49E4-A399-DE985EBA3C4B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C6FB997C-7D2A-4BB0-AE6B-B909EE0B1C1E}C:\users\User1\downloads\qownnotes\qownnotes.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{65FEA907-D435-43B0-BF5F-DDAE08525A23}C:\users\User1\downloads\qownnotes\qownnotes.exe" => removed successfully
C:\Program Files (x86)\Auslogics => moved successfully
VirusTotal: C:\Users\User2\AppData\Roaming\Microsoft\Installer\{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}\_8C4C6DE2B4274D54DAD619.exe => https://www.virustot...sis/1568040025/

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25757213 B
Java, Flash, Steam htmlcache => 1548 B
Windows/system/drivers => 764201565 B
Edge => 0 B
Chrome => 0 B
Firefox => 458988835 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33125 B
systemprofile32 => 414005 B
LocalService => 33125 B
NetworkService => 261694463 B
User3 => 60431997 B
User2 => 11162137 B
User1 => 3225209038 B
Administrator => 7276911 B

RecycleBin => 1632150 B
EmptyTemp: => 4.5 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-09-2019 19:09:25)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\MBAMFarflt => could not remove, key could be protected

==== End of Fixlog 19:09:25 ====


  • 0

Advertisements


#11
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 362 posts

Still having weird problems like program settings resetting.

So, here's a new FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2019
Ran by User1 (administrator) on PC (22-09-2019 19:20:57)
Running from C:\Users\User1\Desktop
Loaded Profiles: User1 (Available Profiles: User3 & User2 & User1 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Portable Program Files\INET\FirefoxPortableESR\App\Firefox64\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Avid Technology, Inc. -> Avid Technology, Inc.) C:\Windows\SysWOW64\MAFWTray.exe
(BlackBerry Ltd. -> Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\MSG\LWS\Webcam Software\LWS.exe
(London Trust Media Incorporated -> ) C:\Program Files\Private Internet Access\pia-service.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae.exe
(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Inc -> Malwarebytes Corporation) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\EXCEL.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Portable Program Files\INET\FirefoxPortableESR\App\Firefox64\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Portable Program Files\MSG\ThunderbirdPortable\App\Thunderbird\thunderbird.exe
(Nalpeiron Ltd.) [File not signed] C:\Windows\SysWOW64\nlssrv32.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Nullsoft Inc. -> Nullsoft, Inc.) C:\Program Files (x86)\AUDIO\Winamp Lite\winamp.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(pdfforge GmbH -> © pdfforge GmbH.) C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
(PeerBlock, LLC -> PeerBlock, LLC) C:\Portable Program Files\INET\PeerBlockPortable\App\PeerBlock\Modern64\peerblock.exe
(Rare Ideas, LLC -> PortableApps.com) C:\Portable Program Files\MSG\ThunderbirdPortable\ThunderbirdPortable.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\MAINTENANCE\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\MAINTENANCE\Unchecky\bin\unchecky_svc.exe
(Sebastien.warin.fr) [File not signed] C:\Program Files (x86)\AUDIO\Stream What You Hear\SWYH.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Skwire Empire) [File not signed] C:\Portable Program Files\UTILITIES\kLED\kLED.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2314120 2009-06-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis International GmbH -> Acronis)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Ltd. -> BlackBerry Limited)
HKLM-x32\...\Run: [M-Audio Taskbar Icon] => C:\Windows\SysWOW64\MAFWTray.exe [254256 2012-01-24] (Avid Technology, Inc. -> Avid Technology, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\WORK\NaturallySpeaking14\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\MSG\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4861688 2015-03-19] (BlackBerry Ltd. -> BlackBerry Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae.exe [2480328 2019-08-05] (Malwarebytes Inc -> Malwarebytes Corporation)
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [EPSON Stylus D92 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBZE.EXE [213504 2007-10-05] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [PeerBlock] => C:\Portable Program Files\INET\PeerBlockPortable\App\PeerBlock\Modern64\peerblock.exe [2513992 2014-01-15] (PeerBlock, LLC -> PeerBlock, LLC)
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [StreamWhatYouHear] => C:\Program Files (x86)\AUDIO\Stream What You Hear\SWYH.exe [364032 2016-03-09] (Sebastien.warin.fr) [File not signed]
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [RIMDeviceManager] => C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2471672 2015-05-20] (BlackBerry Ltd. -> Research In Motion Limited)
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-09-21] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.ULRA] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULRG] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY0] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH0] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQY2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [msacm.dvacm_vspx8] => C:\Program Files\VIDEO\Corel VideoStudio Ultimate X8\DVACM.acm [23552 2015-01-28] (Corel TW Corp.) [File not signed]
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-09-21] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [VIDC.ULRA] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULRG] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY0] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH0] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQY2] => C:\Windows\system32\utv_vcm.dll [111104 2016-01-10] () [File not signed]
HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [401920 2010-03-22] (Philips Austria GmbH - Speech Processing) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [236544 2011-12-19] () [File not signed]
HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
Startup: C:\Users\User3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kLED.exe.lnk [2016-02-28]
ShortcutTarget: kLED.exe.lnk -> C:\Portable Program Files\UTILITIES\kLED\kLED.exe (Skwire Empire) [File not signed]
Startup: C:\Users\User3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-12-22]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kLED.lnk [2017-07-11]
ShortcutTarget: kLED.lnk -> C:\Portable Program Files\UTILITIES\kLED\kLED.exe (Skwire Empire) [File not signed]
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-02-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-09-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ThunderbirdPortable.exe.lnk [2019-06-13]
ShortcutTarget: ThunderbirdPortable.exe.lnk -> C:\Portable Program Files\MSG\ThunderbirdPortable\ThunderbirdPortable.exe (Rare Ideas, LLC -> PortableApps.com)
Startup: C:\Users\User2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-02-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {088B8578-F1E9-4E72-B263-4A2DA36BF64B} - System32\Tasks\{DB1241E9-6ECB-44CC-B724-7A04CD0810F6} => C:\Users\User2\AppData\Roaming\Microsoft\Installer\{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}\_8C4C6DE2B4274D54DAD619.exe [10134 2016-02-07] () [File not signed]
Task: {0F111F3F-03AD-42E2-801A-466ECE4E1CB3} - System32\Tasks\{887C1110-C5ED-4E7C-A980-3C0B6D2DC06D} => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe [111616 2010-12-13] (Microsoft Corporation) [File not signed]
Task: {1A18E6B2-DBB7-4D89-9DBD-27DC876C9828} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {2B912585-4655-4633-93A6-032023931D84} - System32\Tasks\{36674DC5-28BC-4011-A06F-C94F7D70D3B7} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.18.85.112/en/abandoninstall?page=tsMain
Task: {2ED0EEF8-CBA1-4C74-B6AC-1D5658ED7C87} - System32\Tasks\{329C6536-59D9-4AB4-8D29-B034D57C5146} => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe [111616 2010-12-13] (Microsoft Corporation) [File not signed]
Task: {35462A02-EE83-4FB6-885F-4BEDE56AE37E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {46FD89D8-EFB5-4792-82BE-3F2508097C32} - System32\Tasks\{D99CFF2F-7BA6-47F7-BF46-ED68A4B0F8C6} => C:\Users\User2\AppData\Roaming\Microsoft\Installer\{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}\_8C4C6DE2B4274D54DAD619.exe [10134 2016-02-07] () [File not signed]
Task: {49D5742A-B2D4-46F2-A1F8-9338B8F4AC63} - System32\Tasks\GoogleUpdateTaskMachineCore1cf826e5eb38d0d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-18] (Google Inc -> Google Inc.)
Task: {4F5F4CC2-1260-4254-A723-0F0AD2C018B8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {51EEFD20-43FB-4A59-82C0-404B3016C813} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {5626C39C-4F4D-400D-9791-50051F225313} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {633E5843-662B-445E-97D8-66F81AEF7632} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {662F43B1-F324-47C0-B467-E123D3BCF53B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {68B5A1E7-A704-4EBF-9C68-B9B6C2B66A80} - System32\Tasks\G2MUploadTask-S-1-5-21-1925592742-456944920-4000667399-1008 => C:\Users\User1\AppData\Local\GoToMeeting\10996\g2mupload.exe [29736 2018-11-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {76312250-FAED-43D6-BB2B-93DA17A949BF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2314120 2009-06-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {9537870B-FB18-4BCC-A520-14365287A819} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-18] (Google Inc -> Google Inc.)
Task: {986FAA46-05C1-4BD4-96A2-94C22443135E} - System32\Tasks\{3362883A-034F-4055-96D0-908470C90366} => I:\VSTi Software\PIANO\pianitostudio.exe
Task: {9D8DD398-0EE4-4D2E-9B06-433F6D9E20DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-11] (Adobe Inc. -> Adobe)
Task: {BBD2BE3E-1523-4863-B874-B71AEDCAA360} - System32\Tasks\{E8903C49-EF76-4257-A723-778ADD211C92} => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe [111616 2010-12-13] (Microsoft Corporation) [File not signed]
Task: {D110944E-205A-4494-A573-B16F4B6B48D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-18] (Google Inc -> Google Inc.)
Task: {D3D1555C-4E38-459A-8473-471E23E21B0F} - System32\Tasks\G2MUpdateTask-S-1-5-21-1925592742-456944920-4000667399-1008 => C:\Users\User1\AppData\Local\GoToMeeting\10996\g2mupdate.exe [29736 2018-11-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {D7EC0C0C-1653-4558-8C4E-5249BA6A106A} - System32\Tasks\{20B784C2-3347-4E79-85C3-40CD3160C547} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.22.85.109/en/abandoninstall?page=tsMain
Task: {D8AE400C-FA2A-4336-A372-0E9E4C4700D6} - System32\Tasks\EPSON Perfection V39 Update => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {E7D82D8F-77E1-493E-890F-C84C702A484D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB5AE8B1-FFFF-4C83-B726-12AB536DB690} - System32\Tasks\{EFCB2B36-234C-446B-BD98-6595EF63956F} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.37.0.103/en/abandoninstall?page=tsMain
Task: {F0C7A64F-5252-4DF0-8594-C023D11063CE} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-09-11] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON Perfection V39 Update.job => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe7/EXE_S:EPSON Perfection V39,ES010D.DAT /F:UpdateUser1ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1925592742-456944920-4000667399-1008.job => C:\Users\User1\AppData\Local\GoToMeeting\10996\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1925592742-456944920-4000667399-1008.job => C:\Users\User1\AppData\Local\GoToMeeting\10996\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{20DC78A3-BF1B-4E36-91C7-CE2E9A975D75}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{238FBF41-957F-4B5C-B838-3AD6A3074AC5}: [DhcpNameServer] 209.222.18.222 209.222.18.218
HKLM\System\...\Parameters\PersistentRoutes: [104.96.147.3,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.177,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [111.221.29.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [131.253.40.37,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.115.60,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.165.248,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.165.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.185.70,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.30.202,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [137.116.81.24,255.255.255.255,0.0.0.0,1]
PersistentRoutes: There are 65 PersistentRoutes.


Internet Explorer:
==================
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\WORK\NaturallySpeaking14\Program\x64\dgnriaie_x64.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\WORK\NaturallySpeaking14\Program\dgnriaie.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-01] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default [2019-09-22]
FF DownloadDir: E:\FILM & TV
FF Homepage: Mozilla\Firefox\Profiles\i0tpy5ax.default -> hxxps://www.google.co.uk/
FF NetworkProxy: Mozilla\Firefox\Profiles\i0tpy5ax.default -> type", 0
FF NewTabOverride: Mozilla\Firefox\Profiles\i0tpy5ax.default -> Enabled: {66E978CD-981F-47DF-AC42-E3CF417C1467}
FF Extension: (Youtube Mp3 Downloader) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-03-17] [Legacy]
FF Extension: (Grammarly for Firefox) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-06-15]
FF Extension: (Copy text with Alt-Click) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\@copy-text-without-selecting.xpi [2018-02-28]
FF Extension: (Google Images (UK)) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\@google-images-uk.xpi [2016-02-16] [Legacy]
FF Extension: (Google Translate in Menu (Right Click)) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\@google-translate-menu.xpi [2016-02-25] [Legacy]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-05-06] [Legacy]
FF Extension: (AdBlocker Ultimate) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-08-06]
FF Extension: (AdGuard AdBlocker) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-07-03]
FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18] [Legacy]
FF Extension: (New Add-on Bar) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-17] [Legacy]
FF Extension: (AutoCopy 2) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-04-29] [Legacy]
FF Extension: (Auto Refresh) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-04-28] [Legacy]
FF Extension: (Cleanest Addon Manager) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-08-27] [Legacy]
FF Extension: (InvisibleHand) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-07-25]
FF Extension: (Custom New Tab) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-09-01] [Legacy]
FF Extension: (Cookies Notification Hider) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-09-01]
FF Extension: (Duplicate in Tab Context Menu) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18] [Legacy]
FF Extension: (Enable Right Click and Copy) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-06-15]
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-05-20] [Legacy]
FF Extension: (Autofill) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-04-28] [Legacy]
FF Extension: (MEGA) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-09-20] [UpdateUrl:hxxps://mega.nz/firefox-web-extension-updates.json]
FF Extension: (Form History Control (II)) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18]
FF Extension: (HTTPS Everywhere) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-06-28] [UpdateUrl:hxxps://www.eff.org/files/https-everywhere-updates.json]
FF Extension: (Jazz-MIDI) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected]_soft.com.xpi [2018-01-23]
FF Extension: (Coupons at Checkout) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-02-06] [Legacy]
FF Extension: (Decentraleyes) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18]
FF Extension: (Tab Grenade) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-04-28] [Legacy]
FF Extension: (Privacy Badger) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-09-15]
FF Extension: (Double-click Image Downloader) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2018-05-17]
FF Extension: (Search Youtube) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-04-28] [Legacy]
FF Extension: (Paste Email Plus) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-05-01] [Legacy]
FF Extension: (Menu Wizard) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18] [Legacy]
FF Extension: (Save File to) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-02-24] [Legacy]
FF Extension: (Session Sync) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-07-13]
FF Extension: (Simple Form Fill) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18]
FF Extension: (LastPass: Free Password Manager) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-09-13]
FF Extension: (Add-on Preferences Button) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-04-28] [Legacy]
FF Extension: (The Addon Bar (restored)) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-05-03] [Legacy]
FF Extension: (Thumbnail Zoom Plus) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-06-08] [Legacy]
FF Extension: (TinEye Reverse Image Search) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2019-07-11]
FF Extension: (uBlock Origin) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2018-12-02]
FF Extension: (Easy Video Downloader) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18]
FF Extension: (VKontakte.ru Downloader) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-01-18] [Legacy]
FF Extension: (Video WithOut Flash) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2016-01-18] [Legacy]
FF Extension: (WebRank SEO Toolbar) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-05-10] [Legacy]
FF Extension: (Zoom Page) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\[email protected] [2017-11-18] [Legacy]
FF Extension: (Session Manager) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (FlashGot) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-12-02] [Legacy]
FF Extension: (Bulk Image Downloader) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi [2017-11-18]
FF Extension: (Boomerang for Gmail) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}.xpi [2018-02-19] [UpdateUrl:hxxps://www.boomeranggmail.com/firefox/updates.json]
FF Extension: (New Tab Homepage) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2017-11-18]
FF Extension: (CacheViewer) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2016-01-18] [Legacy]
FF Extension: (Bulk Media Downloader) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{72b2e02b-3a71-4895-886c-fd12ebe36ba3}.xpi [2017-11-18]
FF Extension: (deskCut) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}.xpi [2016-04-28] [Legacy]
FF Extension: (Session Exporter) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{943b5589-7808-4a70-acdc-7b6ee21e7cce}.xpi [2017-06-22] [Legacy]
FF Extension: (Complete YouTube Saver) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2017-06-29] [Legacy]
FF Extension: (YouTube HTML5 Player) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{b6b1a201-b252-484f-b9fe-68efbb273fbd}.xpi [2016-04-28] [Legacy]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-06-02]
FF Extension: (Flash and Video Download) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-09-03]
FF Extension: (SoundCloud Downloader - Technowise) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2016-03-17] [Legacy]
FF Extension: (Search Engine Creator) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{cccd1663-fea2-4098-8d6d-9d1790b76b2d}.xpi [2016-02-16] [Legacy]
FF Extension: (RightToClick) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-01-18] [Legacy]
FF Extension: (No Name) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-09-01]
FF Extension: (Signature /Auto Paste /Prefill Fourms) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{D719B74B-E716-403b-91A9-1CE455AB8ccc}.xpi [2017-01-29] [Legacy]
FF Extension: (DownThemAll!) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29] [Legacy]
FF Extension: (Dictionary Lookup Extension) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{f01f4cbe-b8a8-4c37-94b3-119d8779e7e0}.xpi [2016-04-28] [Legacy]
FF Extension: (Multirow Bookmarks Toolbar) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\Extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.xpi [2016-03-25] [Legacy]
FF SearchPlugin: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\searchplugins\amazon-couk.xml [2016-02-16]
FF SearchPlugin: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\searchplugins\backtype.xml [2016-03-09]
FF SearchPlugin: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\i0tpy5ax.default\searchplugins\search-amazon.xml [2016-02-08]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-02-10] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\WORK\NaturallySpeaking14\Program\x64\npDgnRia2_x64.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-07-17] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @jazz-soft.com/JazzPlugin -> C:\Program Files (x86)\AUDIO\Jazz-Soft.net\Jazz-Plugin\npJazz.dll [2017-04-03] (Jazz-Soft) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-05-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] (Research In Motion -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\WORK\NaturallySpeaking14\Program\npDgnRia2.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-1925592742-456944920-4000667399-1008: @citrixonline.com/appdetectorplugin -> C:\Users\User1\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-06-07] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-1925592742-456944920-4000667399-1008: @jazz-soft.com/JazzPlugin -> C:\Program Files (x86)\AUDIO\Jazz-Soft.net\Jazz-Plugin\npJazz.dll [2017-04-03] (Jazz-Soft) [File not signed]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2217416 2007-02-22] (Acronis, Inc -> )
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [236544 2012-04-06] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Ltd. -> BlackBerry Limited)
S3 cfbackd; C:\Program Files (x86)\DISK\CleverFiles\Disk Drill\cfbackd.w32.exe [211520 2015-09-25] (508 Software, LLC -> CleverFiles)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568144 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [165440 2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 MbaeSvc; C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae-svc.exe [152264 2019-08-05] (Malwarebytes Inc -> Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [63488 2010-01-25] (Nalpeiron Ltd.) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PDF Architect 5 Manager; C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985848 2017-05-16] (pdfforge GmbH -> © pdfforge GmbH.)
R2 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [1073664 2019-08-26] (London Trust Media Incorporated -> )
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (BlackBerry Ltd. -> Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1354488 2015-03-19] (BlackBerry Ltd. -> BlackBerry Limited)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2019-04-22] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R2 Unchecky; C:\Program Files (x86)\MAINTENANCE\Unchecky\bin\unchecky_svc.exe [297240 2018-04-16] (Reason Software Company Inc. -> Reason Software Company Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11174400 2012-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [343040 2012-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [118184 2018-05-14] (Alcorlink Corp. -> )
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (APOWERSOFT LIMITED -> Wondershare)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104984 2016-01-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11174400 2012-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 axefx2load; C:\Windows\System32\Drivers\axefx2load.sys [55600 2013-07-12] (Fractal Audio Systems -> Cypress Semiconductor)
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry)
R3 bomebus; C:\Windows\System32\DRIVERS\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
R3 bomemidi; C:\Windows\System32\drivers\bomemidi.sys [50744 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
R1 ESProtectionDriver; C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Exploit\mbae64.sys [153312 2019-08-04] (Malwarebytes Corporation -> Malwarebytes)
S3 fasusbaudio; C:\Windows\System32\DRIVERS\fasusbaudio_x64.sys [254464 2014-05-16] (Fractal Audio Systems -> )
S3 fasusbaudioks; C:\Windows\System32\DRIVERS\fasusbaudioks_x64.sys [46080 2014-05-16] (Fractal Audio Systems -> )
R0 FlashBoot; C:\Windows\System32\DRIVERS\FlashBoot.sys [17616 2014-04-03] (Challenger Backup Solutions, LLC -> Challenger Backup Solutions, LLC)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2012-12-30] (Arainia Solutions, LLC -> Arainia Solutions LLC)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-08-08] (SurfRight B.V. -> )
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation) [File not signed]
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows ® Win 7 DDK provider)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (Sqa.com(Test) -> QUALCOMM Incorporated) [File not signed]
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17136 2009-07-29] (JMicron Technology Corp. -> JMicron Technology Corp.)
R3 MAFW; C:\Windows\System32\DRIVERS\mafw.sys [235312 2012-01-24] (Avid Technology, Inc. -> Avid Technology, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [140672 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2019-09-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation -> Malwarebytes Corporation)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R3 mcdbus; C:\Windows\SysWOW64\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] (ASUSTeK Computer Inc. -> )
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 pbfilter; C:\Portable Program Files\INET\PeerBlockPortable\App\PeerBlock\Modern64\pbfilter.sys [22600 2014-01-15] (PeerBlock, LLC -> )
S3 RDID1053; C:\Windows\System32\Drivers\rdwm1053.sys [81792 2009-09-18] (Roland Corporation -> Roland Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [218264 2019-04-23] (上海域联软件技术有限公司 -> Sandboxie Holdings, LLC) [File not signed]
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 tap-pia-0901; C:\Windows\System32\DRIVERS\tap-pia-0901.sys [30208 2019-05-30] (Private Internet Access (London Trust Media Incorporated) -> The OpenVPN Project)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-02-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA64.sys [654720 2010-08-20] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM64.sys [943872 2010-08-20] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-22 19:20 - 2019-09-22 19:22 - 000054503 _____ C:\Users\User1\Desktop\FRST.txt
2019-09-22 19:18 - 2019-09-22 19:19 - 000000000 ____D C:\Users\User1\AppData\LocalLow\uTorrent
2019-09-22 17:00 - 2019-09-22 17:00 - 000000000 _____ C:\Users\User1\AppData\LocalLow\FIN1D22.tmp
2019-09-22 17:00 - 2019-09-22 17:00 - 000000000 _____ C:\Users\User1\AppData\LocalLow\FIN1D21.tmp
2019-09-22 16:58 - 2019-09-22 16:58 - 000000000 _____ C:\Users\User1\AppData\LocalLow\FIN39A7.tmp
2019-09-22 16:58 - 2019-09-22 16:58 - 000000000 _____ C:\Users\User1\AppData\LocalLow\FIN39A6.tmp
2019-09-22 16:00 - 2019-09-22 16:00 - 000000000 _____ C:\Users\User1\AppData\LocalLow\FINFE5E.tmp
2019-09-22 16:00 - 2019-09-22 16:00 - 000000000 _____ C:\Users\User1\AppData\LocalLow\FINFE5D.tmp
2019-09-22 15:58 - 2019-09-22 15:58 - 000000000 ____D C:\Users\User1\AppData\LocalLow\Finale
2019-09-22 15:39 - 2019-09-22 15:39 - 000000000 ____D C:\Users\User1\AppData\Local\TileDataLayer
2019-09-22 15:39 - 2019-09-22 15:39 - 000000000 ____D C:\Users\User1\AppData\Local\Packages
2019-09-22 15:39 - 2019-09-22 15:39 - 000000000 ____D C:\ProgramData\USOPrivate
2019-09-22 14:30 - 2019-09-22 14:30 - 000000000 ____D C:\Users\User1\Downloads\ATKgAA
2019-09-22 14:28 - 2019-09-22 14:53 - 000000000 ____D C:\Users\User1\Downloads\MakeMusic Finale 25.5
2019-09-21 15:00 - 2019-09-21 15:00 - 000000000 _____ C:\Users\User1\AppData\LocalLow\FIN3390.tmp
2019-09-21 15:00 - 2019-09-21 15:00 - 000000000 _____ C:\Users\User1\AppData\LocalLow\FIN338F.tmp
2019-09-21 14:59 - 2019-09-21 14:59 - 000000000 _____ C:\Users\User1\AppData\LocalLow\FIN5919.tmp
2019-09-21 14:59 - 2019-09-21 14:59 - 000000000 _____ C:\Users\User1\AppData\LocalLow\FIN5918.tmp
2019-09-21 14:58 - 2019-09-21 14:58 - 000000000 _____ C:\Users\User1\AppData\LocalLow\FIN2FA9.tmp
2019-09-21 14:58 - 2019-09-21 14:58 - 000000000 _____ C:\Users\User1\AppData\LocalLow\FIN2FA8.tmp
2019-09-21 14:36 - 2019-09-21 14:36 - 000000174 _____ C:\Users\User1\AppData\LocalLow\FINF015.tmp
2019-09-21 12:50 - 2019-09-21 12:50 - 000000000 ____D C:\Users\User1\AppData\Roaming\Skype
2019-09-20 22:09 - 2019-09-20 22:09 - 000000000 ____D C:\Users\User1\Documents\Corel VideoStudio Pro
2019-09-20 17:21 - 2019-09-20 17:23 - 000000000 ____D C:\Users\User1\AppData\Roaming\Arobas Music
2019-09-18 16:11 - 2019-09-18 16:11 - 000000667 _____ C:\Users\User1\Downloads\#Junk19.lnk
2019-09-18 16:09 - 2019-09-18 16:09 - 000000902 _____ C:\Users\User1\Desktop\#AcronisNEW.lnk
2019-09-18 15:06 - 2019-09-22 17:03 - 001616384 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2019-09-18 00:26 - 2019-09-18 00:26 - 000000224 _____ C:\Users\User1\Desktop\Toilets.URL
2019-09-17 00:38 - 2019-09-17 00:38 - 000000195 _____ C:\Users\User1\Desktop\27-28Sep-StudioPassPeripheryWithAdamNollyGetgood,MattHalpern.url
2019-09-16 01:26 - 2019-09-16 01:26 - 000001115 _____ C:\Users\User1\Desktop\D-d.lnk
2019-09-16 00:01 - 2019-09-16 00:01 - 000002363 _____ C:\Users\User1\Desktop\Authy.lnk
2019-09-16 00:01 - 2019-09-16 00:01 - 000000000 ____D C:\Users\User1\AppData\Roaming\Authy Desktop
2019-09-16 00:01 - 2019-09-16 00:01 - 000000000 ____D C:\Users\User1\AppData\Local\authy-electron
2019-09-15 22:00 - 2019-06-14 14:21 - 000001767 _____ C:\Users\User1\Desktop\MSOffcDocs.ffs_gui
2019-09-15 22:00 - 2019-02-02 03:00 - 000001678 _____ C:\Users\User1\Desktop\1N.ffs_gui
2019-09-09 20:32 - 2019-09-09 20:32 - 000000355 _____ C:\Users\User1\Desktop\Recycl.lnk
2019-09-09 20:32 - 2019-09-09 20:32 - 000000355 _____ C:\Users\User1\Desktop\Computr.lnk
2019-09-09 13:56 - 2019-09-09 13:56 - 000001794 _____ C:\Users\User1\Desktop\AE.lnk
2019-09-08 22:55 - 2019-09-08 22:55 - 000000953 _____ C:\Users\User1\Desktop\Dwhelper.lnk
2019-09-08 21:03 - 2019-09-08 21:03 - 000000687 _____ C:\Users\User1\Desktop\#MEMORIES.lnk
2019-09-08 18:47 - 2019-09-08 18:47 - 000000404 _____ C:\Users\User1\Desktop\Inet.lnk
2019-09-07 22:49 - 2019-09-07 22:49 - 000000091 _____ C:\Users\User1\Desktop\BestKRadios.url
2019-09-06 15:08 - 2019-09-06 15:08 - 000000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-22 19:20 - 2018-09-23 15:13 - 000000000 ____D C:\FRST
2019-09-22 19:18 - 2019-06-28 17:26 - 000000000 ____D C:\Users\User1\AppData\LocalLow\Mozilla
2019-09-22 19:18 - 2009-07-14 05:45 - 000014176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-22 19:18 - 2009-07-14 05:45 - 000014176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-22 19:16 - 2009-07-14 06:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-22 19:16 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-09-22 19:11 - 2018-06-05 19:07 - 000000000 ____D C:\Users\User1\AppData\Roaming\Thunderbird
2019-09-22 19:11 - 2016-02-07 22:30 - 000000000 ____D C:\Users\User1\AppData\Roaming\Mozilla
2019-09-22 19:10 - 2018-02-22 18:36 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2019-09-22 19:10 - 2016-05-26 14:28 - 000000000 ____D C:\ProgramData\NVIDIA
2019-09-22 19:10 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-22 18:51 - 2016-02-19 17:00 - 000000913 _____ C:\Windows\Tasks\EPSON Perfection V39 Update.job
2019-09-22 18:20 - 2016-04-29 15:45 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2019-09-22 18:10 - 2016-06-07 16:10 - 000000550 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1925592742-456944920-4000667399-1008.job
2019-09-22 17:44 - 2016-02-14 23:59 - 000000008 __RSH C:\ProgramData\ntuser.pol
2019-09-22 17:17 - 2016-02-06 23:02 - 000000000 ____D C:\Users\User2\AppData\LocalLow\Temp
2019-09-22 17:17 - 2010-03-24 15:39 - 000000000 ____D C:\Users\User3\AppData\LocalLow\Temp
2019-09-22 17:16 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-09-22 17:16 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2019-09-22 16:57 - 2009-10-25 23:42 - 000001024 _____ C:\Windows\demdata.txt
2019-09-22 16:32 - 2016-02-14 19:43 - 000000000 ____D C:\Users\User1\AppData\Local\CrashDumps
2019-09-22 16:01 - 2018-10-06 20:14 - 001265960 _____ C:\Users\User1\AppData\Local\GDIPFONTCACHEV1.DAT
2019-09-22 15:59 - 2016-02-07 22:30 - 000000000 ____D C:\Users\User1\AppData\Roaming\MakeMusic
2019-09-22 15:45 - 2009-10-25 23:32 - 000000000 ____D C:\Program Files (x86)\Native Instruments
2019-09-22 13:28 - 2009-10-25 13:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-09-21 14:31 - 2009-10-25 22:31 - 000000000 ____D C:\Program Files\Vst Plugins
2019-09-21 14:31 - 2009-10-25 13:44 - 000000000 ____D C:\Program Files (x86)\VST PLUGINS
2019-09-21 13:01 - 2016-03-17 20:26 - 000000000 ____D C:\Users\User1\dwhelper
2019-09-20 23:07 - 2009-10-26 12:17 - 000000000 ____D C:\Program Files (x86)\Guitar Pro 5
2019-09-20 21:37 - 2016-02-20 00:08 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2019-09-20 21:22 - 2016-02-20 15:55 - 000000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSG
2019-09-20 21:19 - 2016-02-08 17:37 - 000000000 ___RD C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAINTAIN
2019-09-20 21:18 - 2016-05-27 15:44 - 000000000 ____D C:\Users\User1\AppData\Local\Skype
2019-09-20 21:18 - 2016-02-08 17:37 - 000000000 ___RD C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\INET
2019-09-20 20:54 - 2016-02-13 22:18 - 000000000 ____D C:\Program Files\VIDEO
2019-09-20 17:35 - 2017-01-12 21:49 - 725163101 _____ C:\Windows\MEMORY.DMP
2019-09-20 17:35 - 2009-10-25 21:52 - 000000000 ____D C:\Windows\Minidump
2019-09-20 17:09 - 2016-02-13 22:22 - 000000000 ____D C:\Users\User1\AppData\Roaming\HandBrake
2019-09-20 16:28 - 2018-03-26 23:48 - 000000000 ____D C:\Users\User1\AppData\Roaming\Thinstall
2019-09-20 15:13 - 2016-02-15 16:51 - 000000000 ____D C:\Portable Program Files
2019-09-18 16:48 - 2017-11-22 20:33 - 000000000 ___RD C:\Users\User1\Desktop\BB&id
2019-09-18 14:09 - 2016-02-11 00:53 - 000168015 _____ C:\ads_err.adt
2019-09-16 15:47 - 2018-12-18 01:29 - 000000000 ____D C:\Users\User1\Documents\OneNote
2019-09-16 00:01 - 2018-09-04 01:43 - 000000000 ____D C:\Users\User1\AppData\Local\SquirrelTemp
2019-09-15 21:30 - 2019-05-16 19:25 - 000002052 _____ C:\Windows\Sandboxie.ini
2019-09-13 23:09 - 2012-02-22 19:19 - 000766376 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-09-13 13:44 - 2019-05-17 17:16 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-13 13:43 - 2011-05-29 10:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-09-13 01:53 - 2016-02-07 22:30 - 000023636 _____ C:\Users\User1\Documents\Layout 1280 x 1024.dtr
2019-09-13 01:51 - 2016-02-07 22:39 - 000001696 _____ C:\Users\User1\Desktop\Gtr,Kar.lnk
2019-09-13 01:47 - 2016-02-07 22:39 - 000000615 _____ C:\Users\User1\Desktop\Aud.lnk
2019-09-13 01:42 - 2018-07-03 22:23 - 000000868 _____ C:\Users\User1\Desktop\InetCafes.lnk
2019-09-11 20:45 - 2018-01-29 14:04 - 000000904 _____ C:\Users\User1\Desktop\Music#NOW.lnk
2019-09-11 16:00 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2019-09-11 13:38 - 2018-03-13 19:44 - 000004456 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-09-11 13:38 - 2016-07-16 13:03 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-09-11 13:38 - 2012-08-08 17:04 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-09-11 13:38 - 2012-08-08 17:04 - 000000000 ____D C:\Windows\system32\Macromed
2019-09-11 13:38 - 2012-02-12 14:09 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-09-10 02:03 - 2018-10-04 23:10 - 000022976 _____ C:\Users\User2\Documents\Layout 1280 x 1024.dtr
2019-09-09 13:56 - 2019-07-10 20:37 - 000001618 _____ C:\Users\User1\Desktop\FixShortcts.lnk
2019-09-09 13:55 - 2019-07-12 14:42 - 000013025 _____ C:\Users\User1\Desktop\ShortctMan.lnk
2019-09-09 02:27 - 2019-01-23 03:27 - 000001045 _____ C:\Users\User1\Desktop\Hoods.lnk
2019-09-09 02:26 - 2019-02-01 16:36 - 000002149 _____ C:\Users\User1\Desktop\#PerfLife.lnk
2019-09-08 20:59 - 2019-03-15 01:22 - 000000694 _____ C:\Users\User1\Desktop\GTAV100%.lnk
2019-09-08 20:49 - 2016-02-08 17:35 - 000001676 _____ C:\Users\User1\Desktop\StartMen2.lnk
2019-09-08 20:49 - 2016-02-08 17:35 - 000001295 _____ C:\Users\User1\Desktop\StartMen.lnk
2019-09-08 20:45 - 2016-02-07 22:39 - 000000730 _____ C:\Users\User1\Desktop\Biz.lnk
2019-09-08 20:02 - 2016-02-07 22:22 - 000000000 ____D C:\Users\User1
2019-09-08 20:02 - 2016-01-18 17:24 - 000000000 ____D C:\Program Files (x86)\UTILITIES
2019-09-06 21:08 - 2016-02-14 19:03 - 000000000 ____D C:\Windows\SysWOW64\files
2019-09-06 21:08 - 2016-02-14 19:03 - 000000000 ____D C:\Windows\SysWOW64\exceptions
2019-09-06 20:12 - 2016-02-14 00:38 - 000000000 ____D C:\Users\User1\AppData\Roaming\MacroCreator
2019-09-06 15:10 - 2019-03-01 17:50 - 000000000 ____D C:\Users\User1\AppData\Local\Private Internet Access
2019-09-06 15:08 - 2019-03-01 17:34 - 000000000 ____D C:\Program Files\Private Internet Access
2019-09-04 16:06 - 2019-07-11 14:14 - 000000000 ____D C:\Users\User1\AppData\Roaming\MusicBrainz
2019-09-04 14:53 - 2018-12-17 02:30 - 000000000 ____D C:\Users\User1\AppData\Roaming\FreeFileSync
2019-09-03 14:44 - 2019-08-01 15:16 - 000001739 _____ C:\Users\User1\Desktop\Mode,Scale,Chrd,Interval.lnk
2019-09-01 16:54 - 2019-08-02 23:05 - 000212992 _____ C:\Windows\system32\ClickToRun_Pipeline16

==================== Files in the root of some directories ================

2009-10-26 11:48 - 2009-10-26 11:48 - 000000604 ____H () C:\Program Files (x86)\STLL Notifier
2016-02-07 22:30 - 2010-04-17 16:14 - 000000052 _____ () C:\Users\User1\AppData\Roaming\Culture Prefs
2016-08-29 16:06 - 2016-08-29 16:06 - 000000112 _____ () C:\Users\User1\AppData\Roaming\JP2K CS6 Prefs
2016-02-11 00:49 - 2019-05-14 22:01 - 000005852 _____ () C:\Users\User1\AppData\Roaming\Rim.Desktop.Exception.log
2016-02-11 00:49 - 2016-03-19 22:56 - 000006217 _____ () C:\Users\User1\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2016-02-11 00:49 - 2019-05-14 22:01 - 000005852 _____ () C:\Users\User1\AppData\Roaming\Rim.DesktopHelper.Exception.log
2016-02-21 20:26 - 2016-11-17 22:59 - 000001475 _____ () C:\Users\User1\AppData\Roaming\SAS7_000.DAT
2016-02-18 01:11 - 2016-02-18 01:11 - 000000096 _____ () C:\Users\User1\AppData\Roaming\version2.xml
2016-02-10 15:22 - 2012-02-26 20:40 - 000037814 _____ () C:\Users\User1\AppData\Roaming\Microsoft\MSO1033.acl
2016-02-10 15:22 - 2014-03-14 23:09 - 000000110 _____ () C:\Users\User1\AppData\Roaming\Microsoft\MSO2057.acl
2016-02-10 15:22 - 2016-01-24 21:29 - 000000030 _____ () C:\Users\User1\AppData\Roaming\Microsoft\MSO3081.acl
2019-07-08 00:57 - 2017-07-16 14:49 - 000000218 _____ () C:\Users\User1\AppData\Local\recently-used.xbel
2016-02-07 22:29 - 2018-01-15 17:09 - 000007603 _____ () C:\Users\User1\AppData\Local\resmon.resmoncfg

==================== FLock ================

2016-05-29 20:09 C:\Users\User1\Start Menu

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-09-20 14:12
==================== End of FRST.txt ============================


  • 0

#12
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 362 posts

Addition V2.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-09-2019
Ran by User1 (22-09-2019 19:22:48)
Running from C:\Users\User1\Desktop
Windows 7 Professional Service Pack 1 (X64) (2009-10-24 16:18:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1925592742-456944920-4000667399-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1925592742-456944920-4000667399-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1925592742-456944920-4000667399-1002 - Limited - Enabled)
User3 (S-1-5-21-1925592742-456944920-4000667399-1003 - Administrator - Enabled) => C:\Users\User3
User1 (S-1-5-21-1925592742-456944920-4000667399-1008 - Administrator - Enabled) => C:\Users\User1
User2 (S-1-5-21-1925592742-456944920-4000667399-1006 - Administrator - Enabled) => C:\Users\User2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.255 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{421E3900-59C7-8A50-C424-83CFFC1DB2B9}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnyTrans for Android (HKLM-x32\...\{CE84DF95-1914-47BB-8055-847E28B605B9}) (Version: 6.3.5 - iMobie) Hidden
AnyTrans for Android (HKLM-x32\...\AnyTrans for Android 6.3.5) (Version: 6.3.5 - iMobie)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtsAcoustic Reverb 1.2.1 (HKLM-x32\...\ArtsAcoustic Reverb) (Version: 1.2.1 - ArtsAcoustic Vertrieb GbR)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AudioEase Altiverb VST RTAS v6.12 (HKLM-x32\...\AudioEase Altiverb VST RTAS_is1) (Version:  - )
Authy Desktop (HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\authy-electron) (Version: 1.7.0 - Twilio Inc.)
AutoHotkey 1.1.23.01 (HKLM\...\AutoHotkey) (Version: 1.1.23.01 - Lexikos)
Axe-Edit 3.12.0 (HKLM-x32\...\{0B2FECD3-B4EF-4071-9546-7529D90BAA99}_is1) (Version:  - Fractal Audio)
BlackBerry 10 Desktop Software (HKLM-x32\...\{a0642dd3-1105-464b-84c8-caaf676c39c8}) (Version: 1.1.0.22 - BlackBerry)
BlackBerry Blend (HKLM-x32\...\{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}) (Version: 1.1.0.23 - BlackBerry Ltd.) Hidden
BlackBerry Communication Drivers (HKLM-x32\...\{46CD5A63-0C1F-45C3-B643-CA87A17275C0}) (Version: 8.0.0.119 - BlackBerry Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Device Drivers (HKLM-x32\...\{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}) (Version: 8.0.0.119 - BlackBerry Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{E755A98B-F45F-4008-A1A5-FC4CB4D2177A}) (Version: 8.0.0.66 - Research In Motion Ltd)
BlackBerry Link (HKLM-x32\...\{C42468F9-9812-4550-A54B-5DDB062EB10F}) (Version: 1.2.4.28 - BlackBerry) Hidden
BlackBerry Link Remover (HKLM-x32\...\{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}) (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bome Virtual MIDI 2.1.0.44 (HKLM\...\BMIDI_Driver1.0.0.11_is1) (Version:  - Bome Software GmbH & Co. KG)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Contents64 (HKLM\...\{1CDDC143-E149-4945-A5C9-8B366D8C2FC6}) (Version: 18.0.0.181 - Corel Corporation) Hidden
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Corel VideoStudio Ultimate X8 (HKLM-x32\...\_{A22A80C4-F237-4B5A-825F-0731971ECBE6}) (Version: 18.6.0.6 - Corel Corporation)
dBpoweramp [Multi Encoder] Codec (HKLM-x32\...\dBpoweramp [Multi Encoder] Codec) (Version: Release 2 - Illustrate)
dBpoweramp AAC Encoder (HKLM-x32\...\dBpoweramp AAC Encoder) (Version:  - )
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 3 - Illustrate)
dBpoweramp FLAC Codec (HKLM-x32\...\dBpoweramp FLAC Codec) (Version: Release 10 (FLAC 1.2.0) - Illustrate)
dBpoweramp m4a Codec (HKLM-x32\...\dBpoweramp m4a Codec) (Version: Release 7 - Illustrate)
dBpoweramp m4b Audio book Encoder (HKLM-x32\...\dBpoweramp m4b Audio book Encoder) (Version:  - )
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 13.2 - Illustrate)
dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 5 - Illustrate)
Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
Desktop Restore (HKLM\...\{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}) (Version: 1.6.1 - JOConnell)
Disk Drill 2.0.0.338 (HKLM-x32\...\{91CF2A75-07FB-4CAF-AE14-2BE4EE77EF00}) (Version: 2.0.338 - CleverFiles)
Document Capture Pro (HKLM-x32\...\{8930DCE5-510D-4476-A879-835188F7B6F4}) (Version: 1.06.0011 - Seiko Epson Corporation)
Dragon 14 (HKLM-x32\...\{FEAB6184-0560-4EBF-A26B-C3F2B11FE9E1}) (Version: 14.00.000 - Nuance Communications Inc.)
Earope Advanced Ear Training v1.65 (HKLM-x32\...\Earope Advanced Ear Training_is1) (Version:  - )
EASEUS Data Recovery Wizard Professional 5.5.1 (HKLM-x32\...\EASEUS Data Recovery Wizard Professional 5.5.1_is1) (Version:  - EASEUS)
East West Boesendorfer 290 (HKLM-x32\...\East West Boesendorfer 290) (Version:  - )
East West Colossus (HKLM-x32\...\East West Colossus) (Version:  - )
East West EWQLSO Gold Edition (HKLM-x32\...\East West EWQLSO Gold Edition) (Version:  - )
East West EWQLSO PRO XP Brass (HKLM-x32\...\East West EWQLSO PRO XP Brass) (Version:  - )
East West EWQLSO PRO XP Percussion (HKLM-x32\...\East West EWQLSO PRO XP Percussion) (Version:  - )
East West EWQLSO PRO XP Strings (HKLM-x32\...\East West EWQLSO PRO XP Strings) (Version:  - )
East West EWQLSO PRO XP Woodwinds (HKLM-x32\...\East West EWQLSO PRO XP Woodwinds) (Version:  - )
East West HardcoreBass (HKLM-x32\...\East West HardcoreBass) (Version:  - )
East West Percussive Adventures 2 (HKLM-x32\...\East West Percussive Adventures 2) (Version:  - )
East West Ra (HKLM-x32\...\East West Ra) (Version:  - )
East West Stormdrum Intakt (HKLM-x32\...\East West Stormdrum Intakt) (Version:  - )
East West Symphonic Choirs (HKLM-x32\...\East West Symphonic Choirs) (Version:  - )
East West Vapor (HKLM-x32\...\East West Vapor) (Version:  - )
Easy Photo Scan (HKLM-x32\...\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}) (Version: 1.00.0006 - Seiko Epson Corporation)
Enigma (HKLM-x32\...\{1F145099-1224-4C5B-84F2-7AE6DC699F1A}) (Version: 1.2.0.0 - M-Audio)
Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.50.0.0 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.00 - SEIKO EPSON Corp.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
Exif Pilot 5.4 (HKLM-x32\...\Exif Pilot_is1) (Version: 5.4 - Two Pilots)
Extreme Sample Converter v3.5.3 (HKLM-x32\...\Extreme Sample Converter v3.5.3) (Version:  - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Finale 2012 (HKLM-x32\...\Finale 2012) (Version: 2012.c.r13.4 - MakeMusic)
Fix Shortcuts 1.2 (HKLM\...\Fix Shortcuts_is1) (Version:  - Puran Software)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
Foxit PhantomPDF Business (HKLM-x32\...\{1C0B89FF-BBF6-4DB7-BC97-89CA8D5D0F54}) (Version: 7.3.0.118 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.2.0.9297 - Foxit Software Inc.)
Fractal Audio Systems USB Audio Driver v2.23.0 (HKLM-x32\...\Fractal Audio Systems USB Audio Driver v2.23.0) (Version: 2.23.0 - Fractal Audio Systems)
Fractal Audio Systems USB Driver Package 2014.06.06 (HKLM\...\{E992CC59-71FD-4199-B04E-6274F7439EA0}_is1) (Version: 2014.06.06 - Fractal Audio Systems)
Fractal-Bot 2.11.0 (HKLM-x32\...\{6DBF83F6-BE11-414D-82DC-58C414CACF35}_is1) (Version:  - Fractal Audio)
FreeFileSync 10.8 (HKLM-x32\...\FreeFileSync_is1) (Version: 10.8 - FreeFileSync.org)
Garritan Instruments for Finale 2009 (HKLM\...\Garritan Instruments for Finale 2009_is1) (Version: v1.0.0.1 - Garritan)
Garritan Jazz Big Band (HKLM-x32\...\Garritan Jazz Big Band) (Version:  - )
Gnaural ver. 1.0.20110606 (HKLM-x32\...\Gnaural_is1) (Version:  - Bret Logan)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 8.37.0.10996 (HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\GoToMeeting) (Version: 8.37.0.10996 - LogMeIn, Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.25) (Version: 9.25 - Artifex Software Inc.)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HD Tune Pro 5.00 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
HitmanPro 3.6 (HKLM\...\HitmanPro36) (Version: 3.6.1.163 - SurfRight B.V.)
ICA (HKLM-x32\...\{A22A80C4-F237-4B5A-825F-0731971ECBE6}) (Version: 18.0.0.181 - Corel Corporation) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel Processor Diagnostic Tool 64bit (HKLM-x32\...\{04d7bf4f-df2d-43f7-9ac0-0ecf85606989}) (Version: 4.1.3.35 - )
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
IPM_VS_Pro64 (HKLM\...\{CEE838EA-72D1-4149-91F5-5591AFE0CBBC}) (Version: 18.0 - Corel Corporation) Hidden
IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - )
iZotope iDrum (HKLM-x32\...\iZotope iDrum_is1) (Version: 1.61 - iZotope, Inc.)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Jazz-Plugin (HKLM-x32\...\{4D91EBA9-1769-467B-982B-C0693147D353}) (Version: 1.5 - Jazz-Soft)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
JDiskReport 1.4.1 (HKLM-x32\...\JDiskReport 1.4.1) (Version: 1.4.1 (2014-02-26 11:50:44) - JGoodies Karsten Lentzsch)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
K-Lite Codec Pack 13.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.5.5 - KLCP)
KRISTAL Audio Engine (HKLM-x32\...\KRISTAL Audio Engine) (Version:  - )
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Exploit version 1.13.1.98 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.13.1.98 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manager (HKLM-x32\...\{8DED36D9-54D6-4127-A112-5A1BA1CDD66B}) (Version: 5.0.26.33533 - 2017 pdfforge GmbH. All rights reserved) Hidden
Market Samurai (HKLM-x32\...\{BCBB1378-B65A-6D5C-152B-FEF3AEEE7CA8}) (Version: 0.93.86 - Alliance Software Pty Ltd) Hidden
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.86 - Alliance Software Pty Ltd)
M-Audio FireWire 6.0.4 (x64) (HKLM\...\{D53342CB-8C24-4493-9E04-C35D09873DF5}) (Version: 6.0.4 - M-Audio)
MeldaProduction Audio Plugins 9 (HKLM-x32\...\MeldaProduction Audio Plugins 9) (Version:  - MeldaProduction)
Micrologus Musician Training Center 2.3.1.6 (HKLM-x32\...\Micrologus_Musician_Training_Center_is1) (Version: 2.3.1.6 - Micrologus.com)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliPoint 7.0 (HKLM\...\{C74A84EC-7C5F-4C36-A4A6-381E516D643B}) (Version: 7.0.260.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.11929.20300 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mouse Manager (HKLM\...\Mouse Manager_is1) (Version: 1.3 - RealityRipple Software)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 2.1.3 - MusicBrainz)
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments Battery 3 (HKLM-x32\...\Native Instruments Battery 3) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Elektrik Piano (HKLM-x32\...\Native Instruments Elektrik Piano) (Version:  - )
Native Instruments Evolve Mutations (HKLM-x32\...\Native Instruments Evolve Mutations) (Version:  - Native Instruments)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version:  - Native Instruments)
Native Instruments Guitar Rig 3 (HKLM-x32\...\Native Instruments Guitar Rig 3) (Version:  - Native Instruments)
Native Instruments Guitar Rig 4 (HKLM-x32\...\Native Instruments Guitar Rig 4) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Guitar Rig v1.1.2 (HKLM-x32\...\Native Instruments Guitar Rig v1.1.2) (Version:  - )
Native Instruments Komplete 6 (HKLM-x32\...\Native Instruments Komplete 6) (Version:  - Native Instruments)
Native Instruments Kontakt 3 (HKLM-x32\...\Native Instruments Kontakt 3) (Version:  - Native Instruments)
Native Instruments Kontakt 4 (HKLM-x32\...\Native Instruments Kontakt 4) (Version:  - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Pro-53 v3.02 (HKLM-x32\...\Native Instruments Pro-53 v3.02) (Version:  - )
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:  - )
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Orb Composer S (HKLM\...\{B8013ED0-0295-4945-B444-6C9BD5687CF2}_is1) (Version: 1.4.4 - Hexachords & Team V.R)
PC 73 Virtual Piano Keyboard (HKLM-x32\...\PC 73 Virtual Piano Keyboard) (Version:  - )
PC-50 Driver (HKLM\...\RolandRDID0053) (Version:  - Roland Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.1.1 - pdfforge GmbH)
Playlist Creator 3.6.2 (HKLM-x32\...\Playlist Creator 3.6.2) (Version: 3.6.2.0 - oddgravity)
POP Peeper (HKLM-x32\...\POP Peeper) (Version:  - Esumsoft)
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Private Internet Access (HKLM\...\{33023371-7761-4F81-BBB1-0E0D0D175ACF}) (Version: 1.4.0+03180 - London Trust Media, Inc.)
proDAD Mercalli 2.0 (64bit) (HKLM\...\proDAD-Mercalli-2.0) (Version: 2.0.120 - proDAD GmbH) Hidden
Project SAM Symphobia 1.0 (HKLM-x32\...\{676FAD0D-40C3-4911-93E7-5C70C201ADEA}_is1) (Version:  - )
Pulover's Macro Creator version 4.1.3 (HKLM\...\{223FFB42-2D49-4AF6-9EF2-82B7D0CAF8B4}_is1) (Version: 4.1.3 - Rodolfo U. Batista)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rank Tracker Samurai (HKLM-x32\...\{F9BFB0DE-0DE9-A021-D4E3-E60BC77DEE9B}) (Version: 0.00.17 - Alliance Software Pty Ltd) Hidden
Rank Tracker Samurai (HKLM-x32\...\RankTrackerSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.00.17 - Alliance Software Pty Ltd)
RapidComposer (HKLM\...\RapidComposer_is1) (Version: 3.6.5 - MusicDevelopments & Team V.R)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Reason 4.0 (HKLM-x32\...\Reason4_is1) (Version: 4.0 - Propellerhead Software AB)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
ReWire (HKLM\...\{4481A621-E317-411C-8926-864AACDF509B}) (Version: 1.00.0000 - Waves)
Riffstation (HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\{66bd4367-2215-46cb-a211-cbddfe321d39}) (Version: 1.6.3 - Sonic Ladder Ltd.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Sandboxie 5.30 (64-bit) (HKLM\...\Sandboxie) (Version: 5.30 - Sandboxie Holdings, LLC)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Security Task Manager 1.7f (HKLM-x32\...\Security Task Manager) (Version: 1.7f - Neuber GmbH)
Setup (HKLM-x32\...\{CC55892B-B7A6-4F5F-BFB4-F69D77E2D7D5}) (Version: 18.0.0.181 - Corel Corporation) Hidden
Share64 (HKLM\...\{3BB9B652-3725-419E-869F-7A5F7FE82C28}) (Version: 18.0.0.181 - Corel Corporation) Hidden
Skype version 8.23 (HKLM-x32\...\Skype_is1) (Version: 8.23 - Skype Technologies S.A.)
Softube FET Compressor VST RTAS v1.0.3 (HKLM-x32\...\Softube FET Compressor VST RTAS_is1) (Version:  - )
Softube Tube-Tech PE 1C VST RTAS v1.0.1 (HKLM-x32\...\Softube Tube-Tech PE 1C_is1) (Version:  - )
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SoundToys Native Effects VST RTAS v3.1.2 (HKLM-x32\...\SoundToys Native Effects VST RTAS_is1) (Version:  - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Stream What You Hear (SWYH) version 1.4 (HKLM-x32\...\{5FBEA9D3-668E-4B88-BF6C-E1BCF441ECFD}_is1) (Version: 1.4 - Sebastien.warin.fr)
Streaming Video Recorder V5.1.3 (HKLM-x32\...\{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1) (Version: 5.1.3 - APOWERSOFT LIMITED)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sylenth1 v2.20 (HKLM\...\Sylenth1_is1) (Version:  - )
Sylenth1 v2.20 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
System Scheduler 4.35 (HKLM-x32\...\Windows Scheduler_is1) (Version:  - Splinterware Software Solutions)
Sytrus (HKLM-x32\...\Sytrus) (Version:  - Image-Line)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TimeComX Basic (64-Bit) (HKLM-x32\...\TimeComX Basic 64-Bit) (Version: 1.3.2.0 - Bitdreamers)
Transcribe! 8.40 (HKLM-x32\...\Transcribe!_is1) (Version: 8.40 - Seventh String Software)
Trilogy (HKLM-x32\...\Trilogy_is1) (Version:  - Spectrasonics, Inc.)
TruePianos 1.5.0 (HKLM\...\TruePianos_is1) (Version:  - 4Front Technologies)
TruePianos: Amber Module 1.4.0 (HKLM-x32\...\TruePianos: Amber Module_is1) (Version:  - 4Front Technologies)
TruePianos: Diamond Module 1.4.0 (HKLM-x32\...\TruePianos: Diamond Module_is1) (Version:  - 4Front Technologies)
TruePianos: Emerald Module 1.4.0 (HKLM-x32\...\TruePianos: Emerald Module_is1) (Version:  - 4Front Technologies)
TruePianos: Sapphire Module 1.4.0 (HKLM-x32\...\TruePianos: Sapphire Module (Pedal sounds included)_is1) (Version:  - 4Front Technologies)
TruePianos: Sapphire Module 1.4.0 (HKLM-x32\...\TruePianos: Sapphire Module_is1) (Version:  - 4Front Technologies)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 15.4.0 - UMEZAWA Takeshi)
VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VideoStudio MyDVD (HKLM-x32\...\{49D8422A-D54E-425F-8A38-54167B1174A1}) (Version: 1.0 - Corel)
VideoStudio MyDVD (HKLM-x32\...\{7EB40408-4144-4477-95B5-B80B02A1FB66}) (Version: 1.0.112 - Corel Corporation) Hidden
Voxengo Boogex (HKLM\...\Voxengo Boogex_is1) (Version: 2.1 - Voxengo)
Voxengo Marvel GEQ (HKLM\...\Voxengo Marvel GEQ_is1) (Version: 1.4 - Voxengo)
Voxengo Overtone GEQ (HKLM\...\Voxengo Overtone GEQ_is1) (Version: 1.11 - Voxengo)
VSClassic64 (HKLM\...\{C8686FE2-D759-4304-9791-66ED3C1A7789}) (Version: 18.0.0.181 - Corel Corporation) Hidden
VSUltimate64 (HKLM\...\{4BBC9291-7961-42EE-9CDA-6EC4BD6EB782}) (Version: 18.0.0.181 - Corel Corporation) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wave Arts Tube Saturator (HKLM-x32\...\Wave Arts Tube Saturator) (Version:  - )
Wave Arts Tube Saturator 64 (HKLM\...\Wave Arts Tube Saturator 64) (Version:  - )
Waves Complete v8.0.11 (HKLM-x32\...\Waves Complete V8_is1) (Version:  - )
Waves Mercury Complete VST DX RTAS v1.01 (HKLM-x32\...\Waves Mercury Complete VST DX RTAS_is1) (Version:  - Waves Ltd.)
Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA  (01/16/2016 7.12.0.7723) (HKLM\...\E18EFCE3DA74D73E2828F3B3E53176B4E08B9418) (Version: 01/16/2016 7.12.0.7723 - Advanced Micro Devices)
Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA  (08/11/2015 7.12.0.7723) (HKLM\...\FF579B3D0A1F64296C1D2BD5BE5728F02B42E927) (Version: 08/11/2015 7.12.0.7723 - Advanced Micro Devices)
Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display  (04/05/2012 8.961.0.0000) (HKLM\...\66FF30DCFCACEE6BACEC2B23668C4F83C158922A) (Version: 04/05/2012 8.961.0.0000 - Advanced Micro Devices, Inc.)
Windows Driver Package - Alcor Micro, Corp. (AmUStor) USB  (04/11/2016 1.0.145.40103) (HKLM\...\7DBA26E9A80D98472F1CF95A0767EB4949C8885D) (Version: 04/11/2016 1.0.145.40103 - Alcor Micro, Corp.)
Windows Driver Package - Alcor Micro, Corp. (AmUStor) USB  (09/22/2015 1.0.144.2002) (HKLM\...\A841DAE23AACC3DE82C4ABD365CA02F42BD2D6BF) (Version: 09/22/2015 1.0.144.2002 - Alcor Micro, Corp.)
Windows Driver Package - Alcor Micro, Corp. (AmUStor) USB  (12/08/2015 1.0.145.40101) (HKLM\...\DF633FC6C1775EA261113B0E3C4728D8B6204522) (Version: 12/08/2015 1.0.145.40101 - Alcor Micro, Corp.)
Windows Driver Package - AMD (amdkmpfd) System  (02/12/2015 15.20.0.0000) (HKLM\...\708AE871DE4DE98C022B914117B48025341D07B8) (Version: 02/12/2015 15.20.0.0000 - AMD)
Windows Driver Package - AMD (amdkmpfd) System  (07/24/2013 13.15.1.0001) (HKLM\...\EF70220A4FF8FBE3EC6338B797A142BC03FACCE7) (Version: 07/24/2013 13.15.1.0001 - AMD)
Windows Driver Package - ATK (MTsensor) System  (05/05/2009 1043.6.0.0) (HKLM\...\A1CE88ECEE452DF2F78DB201E0D9BED96DD08791) (Version: 05/05/2009 1043.6.0.0 - ATK)
Windows Driver Package - BlackBerry (RimUsb) RIMUSBBB  (08/21/2015 4.2.0.37) (HKLM\...\B55CD77E7DF02D898BAAEF952AD0A614BA6C130B) (Version: 08/21/2015 4.2.0.37 - BlackBerry)
Windows Driver Package - Challenger Backup Solutions, LLC (FlashBoot) DiskDrive  (08/11/2013 2.3.72.0) (HKLM\...\CA8BFE662913F62CB908BA31685037C57A7DD973) (Version: 08/11/2013 2.3.72.0 - Challenger Backup Solutions, LLC)
Windows Driver Package - Dell Inc. Monitor  (06/22/2005 1.0) (HKLM\...\591C1894C89A0FDEDDFFF2E6FF3906BDD14F5041) (Version: 06/22/2005 1.0 - Dell Inc.)
Windows Driver Package - EPSON Printer  (04/21/2009 6.3.9600.17415) (HKLM\...\50BCF590163ED91C75D0032CD403946293288A3F) (Version: 04/21/2009 6.3.9600.17415 - EPSON)
Windows Driver Package - Fractal Audio Systems (axefx2load) USB  (05/15/2011 1.0.0.9) (HKLM\...\6AEB8A42A154DE456DE5E467C01A582911CB5C6A) (Version: 05/15/2011 1.0.0.9 - Fractal Audio Systems)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\30B2813B1F17EF6D99360A190E7F0D3BA2F0DC3C) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Windows Driver Package - Intel hdc  (07/25/2013 9.1.9.1005) (HKLM\...\45E15243FF229D0F06670A5B262CA9C7887085F6) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\0D5FF16DF1EB1D79525FA3E61418108F8F3002E1) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\CAC45647A959F237CE25C052FDB9A4A914C34830) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\ED810FFB415BA44CFFBFDE4E3A80FA4D67842D61) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB  (07/31/2013 9.1.9.1006) (HKLM\...\B0CC38E1CE139A5179BF0F8255865BD29DA00B02) (Version: 07/31/2013 9.1.9.1006 - Intel)
Windows Driver Package - JMicron (usbccgp) USB  (07/28/2009 1.0.4.2) (HKLM\...\D3AAF0E65D8B1D5934711D3312BF76371DB14E42) (Version: 07/28/2009 1.0.4.2 - JMicron)
Windows Driver Package - JMicron Technology Corp. (JRAID) SCSIAdapter  (09/17/2012 1.17.65.11) (HKLM\...\39FCA3B1E44BB5B526E74F29B111ACB49ABC9017) (Version: 09/17/2012 1.17.65.11 - JMicron Technology Corp.)
Windows Driver Package - KYE System Corp. (ioFakMap) HIDClass  (07/23/2015 10.0.0.1) (HKLM\...\4E0CA847D35A4DB0EBC8BA2B5254126B3D650579) (Version: 07/23/2015 10.0.0.1 - KYE System Corp.)
Windows Driver Package - KYE System Corp. (ioFakMap) HIDClass  (09/09/2013 6.3.0.1) (HKLM\...\2D411C1C731F85B0AE8A713F3C27A67932A89369) (Version: 09/09/2013 6.3.0.1 - KYE System Corp.)
Windows Driver Package - Logitech (HidUsb) HIDClass  (08/31/2012 1.10.77.0) (HKLM\...\5498ECA18B56D1C7C4EC25B46FBEA3A008C6545A) (Version: 08/31/2012 1.10.77.0 - Logitech)
Windows Driver Package - Logitech (usbccgp) USB  (11/04/2010 1.0.2.11) (HKLM\...\8A87028F68EFC3B6D4F26F7EF2DDB31C8F6767EF) (Version: 11/04/2010 1.0.2.11 - Logitech)
Windows Driver Package - Microsoft (usbvideo) Image  (11/30/2011 4.00.271.0) (HKLM\...\038FE5C3ADC3253893A69B8C3731D30F61329D0D) (Version: 11/30/2011 4.00.271.0 - Microsoft)
Windows Driver Package - Realtek (RTL8167) Net  (01/07/2016 7.098.0107.2016) (HKLM\...\98646A049185AFF3261925EB9AF62F27CDE1973A) (Version: 01/07/2016 7.098.0107.2016 - Realtek)
Windows Driver Package - Realtek (RTL8167) Net  (04/22/2016 7.100.0422.2016) (HKLM\...\F8155F67753B825ABE617429CF7039CBBA40F662) (Version: 04/22/2016 7.100.0422.2016 - Realtek)
Windows Driver Package - Realtek (RTL8167) Net  (10/01/2015 7.097.1001.2015) (HKLM\...\68DA79C9547185B2A7523EB8E6D022500B2B3ACC) (Version: 10/01/2015 7.097.1001.2015 - Realtek)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1925592742-456944920-4000667399-1008_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2016-01-07] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-07-13] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:/Program Files/UTILITIES/PDFCreator/PDFCreatorShell.DLL [2017-10-19] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DeskMenu] -> {7E74422F-2393-11D4-98E0-444553540000} => C:\Program Files (x86)\Desktop Restore\dkticnsr.dll [2010-11-12] (Jamie O'Connell) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-07-13] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\User1\Desktop\PIAxTB.lnk -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\INET\PIAxTB.bat ()
Shortcut: C:\Users\User1\Desktop\RV.lnk -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\INET\TBxPIA.bat ()
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VST INST\Native Instruments\Service Center\Native Instruments Homepage.lnk -> hxxp://www.native-instruments.de
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VST INST\Native Instruments\Pro-53\Native Instruments Homepage.lnk -> hxxp://www.native-instruments.net
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VST INST\Native Instruments\Guitar Rig 1.1.2\Native Instruments Homepage.lnk -> hxxp://www.native-instruments.net
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VST FX\Native Instruments\Guitar Rig 1.1.2\Native Instruments Homepage.lnk -> hxxp://www.native-instruments.net
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NOTATION\Finale 2012\User Manual.lnk -> hxxp://www.finalemusic.com/UserManuals/Finale2012Win/Finale_Left.ht
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAINTAIN\JDiskReport 1.4.1\JGoodies Home Page.lnk -> hxxp://www.jgoodies.com
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAWs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAWs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://diagnostic.image-line.com
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAWs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAWs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AUDIO\dBpoweramp Music Converter\Register dBpoweramp.lnk -> hxxp://www.dbpoweramp.com/dmc-power-register.htm

==================== Loaded Modules (Whitelisted) ==============

2019-07-20 16:04 - 2016-08-06 15:39 - 000008704 _____ () [File not signed] C:\Portable Program Files\MSG\ThunderbirdPortable\Data\profile\extensions\[email protected]\lib\tray_x86-msvc.dll
2015-03-19 12:22 - 2015-03-19 12:22 - 000094208 _____ () [File not signed] C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll
2019-09-22 19:11 - 2019-09-22 19:11 - 000008704 _____ () [File not signed] C:\Users\User1\AppData\Local\Temp\nsaDE5E.tmp\newadvsplash.dll
2019-09-22 19:11 - 2019-09-22 19:11 - 000029696 _____ () [File not signed] C:\Users\User1\AppData\Local\Temp\nsaDE5E.tmp\registry.dll
2019-09-22 19:11 - 2019-09-22 19:11 - 000011264 _____ () [File not signed] C:\Users\User1\AppData\Local\Temp\nsaDE5E.tmp\System.dll
2013-12-16 22:47 - 2013-12-16 22:47 - 000193024 _____ (Darren Owen aka DrO) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\gen_jumpex.dll
2013-12-09 04:16 - 2013-12-09 04:16 - 000010752 _____ (Darren Owen aka DrO) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\System\UnicodeTaskbarFix.w5s
2018-05-02 23:24 - 2015-06-02 08:41 - 000721408 _____ (hxxp://lame.sf.net) [File not signed] C:\Program Files (x86)\AUDIO\Stream What You Hear\libmp3lame.32.dll
2019-05-17 17:14 - 2019-05-17 17:14 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Client\AppVIsvSubsystems32.dll
2019-05-17 17:14 - 2019-05-17 17:14 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2019-05-17 17:14 - 2019-05-17 17:14 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000260096 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\libsndfile.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000086528 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\nde.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000418816 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\nsutil.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000029184 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\nxlite.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000051712 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\gen_crasher.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000031232 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\gen_hotkeys.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000026624 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\gen_tray.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000086528 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\in_cdda.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000049664 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\in_flac.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000112128 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\in_midi.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000164864 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\in_mod.dll
2013-11-26 16:40 - 2013-11-26 16:40 - 000269824 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\in_mp3.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000054784 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\in_mp4.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000247808 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\in_vorbis.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000024064 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\in_wave.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000313856 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\in_wm.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000024576 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\out_disk.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000053760 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\out_ds.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000019968 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\Plugins\out_wave.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000026112 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\System\albumart.w5s
2013-12-13 03:47 - 2013-12-13 03:47 - 000018944 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\System\bmp.w5s
2013-12-13 03:47 - 2013-12-13 03:47 - 000018432 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\System\dlmgr.w5s
2013-12-13 03:47 - 2013-12-13 03:47 - 000019968 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\System\gif.w5s
2013-12-13 03:47 - 2013-12-13 03:47 - 000624640 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\System\jnetlib.w5s
2013-12-13 03:47 - 2013-12-13 03:47 - 000156672 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\System\jpeg.w5s
2013-12-13 03:47 - 2013-12-13 03:47 - 000088576 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\System\playlist.w5s
2013-12-13 03:47 - 2013-12-13 03:47 - 000086016 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\System\png.w5s
2013-12-13 03:47 - 2013-12-13 03:47 - 000024064 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\System\tagz.w5s
2013-12-13 03:47 - 2013-12-13 03:47 - 000089088 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\System\xml.w5s
2013-12-13 03:47 - 2013-12-13 03:47 - 000017408 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\System\xspf.w5s
2013-12-13 03:47 - 2013-12-13 03:47 - 000088576 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\tataki.dll
2013-12-13 03:47 - 2013-12-13 03:47 - 000044544 _____ (Nullsoft, Inc.) [File not signed] C:\Program Files (x86)\AUDIO\Winamp Lite\zlib.dll
2016-02-09 18:41 - 2018-01-07 17:05 - 000120072 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
2013-08-01 17:05 - 2013-08-01 17:05 - 000112128 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2015-01-29 11:04 - 2015-01-29 11:04 - 000004096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1925592742-456944920-4000667399-1008\...\dell.com -> dell.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-09-22 19:10 - 000007344 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1        localhost
127.0.0.1        activate.adobe.com
127.0.0.1        practivate.adobe.com
127.0.0.1        ereg.adobe.com
127.0.0.1        activate.wip3.adobe.com
127.0.0.1        wip3.adobe.com
127.0.0.1        3dns-3.adobe.com
127.0.0.1        3dns-2.adobe.com
127.0.0.1        adobe-dns.adobe.com
127.0.0.1        adobe-dns-2.adobe.com
127.0.0.1        adobe-dns-3.adobe.com
127.0.0.1        ereg.wip3.adobe.com
127.0.0.1        activate-sea.adobe.com
127.0.0.1        wwis-dubc1-vip60.adobe.com
127.0.0.1        activate-sjc0.adobe.com
74.86.5.247        apowersoft.com
127.0.0.1        74.86.5.247
127.0.0.1        activation.acronis.com
127.0.0.1        tracking.opencandy.com.s3.amazonaws.com
127.0.0.1        media.opencandy.com
127.0.0.1        cdn.opencandy.com
127.0.0.1        tracking.opencandy.com
127.0.0.1        api.opencandy.com
0.0.0.0        statsfe2.update.microsoft.com.akadns.net
0.0.0.0        fe2.update.microsoft.com.akadns.net
0.0.0.0        s0.2mdn.net
0.0.0.0        survey.watson.microsoft.com
0.0.0.0        view.atdmt.com
0.0.0.0        watson.microsoft.com
0.0.0.0        watson.ppe.telemetry.microsoft.com

There are 160 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\ia32\compiler;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\VIDEO\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1925592742-456944920-4000667399-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AcronisOSSReinstallSvc => 2
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: Gizmo Central => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: NIHardwareService => 2
MSCONFIG\Services: syncagentsrv => 2
MSCONFIG\Services: UnsignedThemes => 2
MSCONFIG\Services: WinDefend => 3
MSCONFIG\startupfolder: C:^Users^User1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avichannel => "C:\Program Files (x86)\MSG\Evaer Skype Recorder\videochannel.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: ISUSPM Startup => "c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Skype for Desktop => C:\Portable Program Files\MSG\SkypePortable\app\Skype.exe
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\MAINTENANCE\TrueImageHome\TrueImageMonitor.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7276BF16-03F5-4092-A3D1-570910DD4CDA}] => (Block) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation -> Malwarebytes)
FirewallRules: [{8F8F735E-BFC5-48F5-9AF9-4746E1A72AAA}] => (Block) C:\Program Files (x86)\MAINTENANCE\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation -> Malwarebytes)
FirewallRules: [{07275EB8-8FB1-4DF3-B4F8-4B7E33C9ACCB}] => (Allow) C:\Program Files (x86)\AUDIO\Winamp Lite\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{3C903969-A203-40CA-826A-78C91D9E1532}] => (Allow) C:\Program Files (x86)\AUDIO\Winamp Lite\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{0B0A8C75-21CB-4939-A973-27884781226F}] => (Allow) C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A63EFC61-80C6-41BC-B263-46EB789A6787}] => (Allow) C:\Program Files (x86)\WORK\Microsoft Office 2007\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FFFAC329-843D-4B4C-B378-0A26D2082DA1}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F2B13664-C0CF-443E-9323-7AA59C9AB5A3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{9C094317-857E-4BBC-ABB9-8A198EB7B074}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{FC49401F-BD2A-46B9-9CB4-8495B2152A11}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{DB5BCCE7-A067-405E-B38B-7E9D59FF9185}] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{615FD8E7-2A10-45B4-94A9-6CA6FA3E2058}] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{52DE605D-52FD-4B65-9998-D9F50EC92171}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{49CC108C-A904-423A-AA0C-C5256BE16B45}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{805AA0FA-A7C3-4A40-A9E2-9FB7E6AD5A15}C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{D330B362-FC43-4C0B-91D9-D6CF44A11010}C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe No File
FirewallRules: [{298F4086-A4FB-4DE3-BE4B-1010ABEFB0ED}] => (Allow) LPort=51001
FirewallRules: [{2104B83A-CE5C-4188-9D32-7BAE007C2647}] => (Allow) C:\Portable Program Files\INET\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{25A5C495-CCA4-4052-BA37-A7E99513E409}] => (Allow) C:\Portable Program Files\INET\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{0C4C360E-D6B8-47AA-93FA-E9857C929244}C:\portable program files\automate\phraseexpress\phraseexpress.exe] => (Block) C:\portable program files\automate\phraseexpress\phraseexpress.exe (Bartels Media GmbH -> Bartels Media GmbH)
FirewallRules: [UDP Query User{7A172613-B3B9-4631-94B4-E5DF36FBC873}C:\portable program files\automate\phraseexpress\phraseexpress.exe] => (Block) C:\portable program files\automate\phraseexpress\phraseexpress.exe (Bartels Media GmbH -> Bartels Media GmbH)
FirewallRules: [{3087E63C-4B9E-4D3D-A0A6-624B649CFEBD}] => (Allow) C:\Program Files (x86)\UTILITIES\RIM\Rim.Desktop.exe (Research In Motion -> Research In Motion)
FirewallRules: [{E6D4DB63-B282-491F-9160-38D68A199075}] => (Allow) C:\Program Files (x86)\UTILITIES\RIM\Rim.Desktop.exe (Research In Motion -> Research In Motion)
FirewallRules: [{157548F2-8CD2-4C01-B2A4-E0FE96CB5669}] => (Allow) LPort=4481
FirewallRules: [{2C8E22DE-2466-40C4-9468-8E9B667382B5}] => (Allow) LPort=4481
FirewallRules: [{C3159DD3-9B90-4035-BFF7-A9B462A6330F}] => (Allow) LPort=4482
FirewallRules: [{338342B8-002B-4036-B79D-8EE470B8DC2B}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{BB619C23-5A2E-413B-8689-F0B8C9952A00}C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{DF4C2ADE-C060-4500-9C05-48684BE02DB0}C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\skypeportable\app\skype\phone\skype.exe No File
FirewallRules: [{69C55611-E8C5-4EB0-9315-0DBA0AD4A0F2}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{ACC4EFEA-F224-46A2-B2FA-B4D1AE2929C5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{CB17F21D-4110-469B-8103-EFD32DA4F380}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{B7B738EC-861B-4E84-A2E3-3A492788CCE8}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{48522084-EB66-4CA8-8CF8-54448155AB5E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F344E7D2-10C0-49BA-AA68-6C0A4B29746A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{157959D6-1D39-43F6-86D1-C58930392CD9}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E5BE19BB-D568-4159-ABCC-2441EA7DDAAA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F9E20079-5963-4D5D-A159-8873F4B4A004}] => (Allow) LPort=51001
FirewallRules: [{2D88A4B8-537D-4EB1-89CD-35D7C086C4AD}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe (BlackBerry Ltd. -> )
FirewallRules: [{5975E934-291C-4D87-BBEE-B618F75399B3}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe (BlackBerry Ltd. -> BlackBerry Limited. All rights reserved)
FirewallRules: [TCP Query User{B4F7F1DE-E042-4936-8056-744A660845BF}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Block) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [UDP Query User{454B83D7-43DA-4FA7-B24B-C7B6F098A569}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Block) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [TCP Query User{873763AD-34CA-415E-8BC2-E89A4A5922ED}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Allow) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [UDP Query User{9CD42232-D5B6-4EDD-A209-10AC000F958A}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Allow) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [TCP Query User{B0322ADD-DDFC-4650-8D71-8BC08CB83843}C:\portable program files\inet\winhttrack_3.48-18_rev8\bin\winhttrack\winhttrack.exe] => (Block) C:\portable program files\inet\winhttrack_3.48-18_rev8\bin\winhttrack\winhttrack.exe (Open Source Developer, Xavier Roche -> HTTrack)
FirewallRules: [UDP Query User{E2B20840-55EE-472D-B3BF-4E482492DA9D}C:\portable program files\inet\winhttrack_3.48-18_rev8\bin\winhttrack\winhttrack.exe] => (Block) C:\portable program files\inet\winhttrack_3.48-18_rev8\bin\winhttrack\winhttrack.exe (Open Source Developer, Xavier Roche -> HTTrack)
FirewallRules: [{BFE91F25-39BD-493D-B176-67B41553ED0D}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{798DA693-3288-4535-B055-7430C20EF39B}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{A028EAFD-429E-4025-9DCB-04ACDACB27EF}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll () [File not signed]
FirewallRules: [{B73BDB23-5B98-4503-8D53-DD8C83A8170E}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll () [File not signed]
FirewallRules: [{AD330C0B-218B-4767-AE82-56E119736790}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll () [File not signed]
FirewallRules: [{A04D3D64-8869-4FC6-B91F-19069314759C}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll () [File not signed]
FirewallRules: [{02E55126-479A-4BCB-B252-6CAB2E3B9696}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{C60BA495-AC36-4333-BDCE-AFD797E043EB}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{775A4488-04F9-4280-B1E1-E1291F59DED9}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{9E81C0A6-5FE0-4BA3-948F-9E0A1758BE2C}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{4358C953-F11F-4740-B270-BCC54D258D23}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{705DAFDD-E2D8-43B2-AEF1-CA5A436CC0EF}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll (APOWERSOFT LIMITED -> )
FirewallRules: [{6703B2D8-666F-4F00-96CB-54D555A9F495}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{B1F8B121-748F-4F2C-A3A8-10656F8B9908}] => (Allow) C:\Program Files (x86)\VIDEO\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [TCP Query User{A19847BB-7071-445F-8BB6-42833E0CB59C}C:\program files (x86)\audio\stream what you hear\swyh.exe] => (Block) C:\program files (x86)\audio\stream what you hear\swyh.exe (Sebastien.warin.fr) [File not signed]
FirewallRules: [UDP Query User{68D4689E-A0D2-40D0-A41E-95EE56FCFF3D}C:\program files (x86)\audio\stream what you hear\swyh.exe] => (Block) C:\program files (x86)\audio\stream what you hear\swyh.exe (Sebastien.warin.fr) [File not signed]
FirewallRules: [TCP Query User{7A3941F6-6713-4B21-A936-E2F344877BC7}C:\program files (x86)\audio\stream what you hear\swyh.exe] => (Block) C:\program files (x86)\audio\stream what you hear\swyh.exe (Sebastien.warin.fr) [File not signed]
FirewallRules: [UDP Query User{C78E3762-3291-4065-A248-DF13ED0A075B}C:\program files (x86)\audio\stream what you hear\swyh.exe] => (Block) C:\program files (x86)\audio\stream what you hear\swyh.exe (Sebastien.warin.fr) [File not signed]
FirewallRules: [{A3C1A797-A089-436B-93FF-EC7C85C0BADE}] => (Allow) LPort=9098
FirewallRules: [{68B70A15-BAAF-499C-82A1-B53E33CB8028}] => (Allow) LPort=9098
FirewallRules: [{7A33D1EB-9D24-4AE5-AC91-91EB3D292026}] => (Allow) C:\Program Files (x86)\AnyTrans for Android\AnyTrans for Android.exe (iMobie Inc.) [File not signed]
FirewallRules: [{44C4D3B7-B7A4-49C5-AD58-DAC3B0EA4660}] => (Allow) C:\Program Files (x86)\AnyTrans for Android\AnyTrans for Android.exe (iMobie Inc.) [File not signed]
FirewallRules: [{897273A7-90AE-4EDD-8FF1-2CD28977DCB2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe No File
FirewallRules: [{3517CF07-A1F0-44AB-8E3F-8BE9E746D616}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe No File
FirewallRules: [TCP Query User{55C4744E-1942-4D85-A839-480C21527E56}C:\portable program files\skype-portable\app\skype.exe] => (Allow) C:\portable program files\skype-portable\app\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{DA0BBAA8-9EFB-4A22-B8DA-B1D472F5A5DD}C:\portable program files\skype-portable\app\skype.exe] => (Allow) C:\portable program files\skype-portable\app\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{69E392CE-71CD-414A-BE81-C48A61641078}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{EF1B4E72-08CD-469C-9F41-6047C0C68671}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{1347C334-5D01-41A6-A760-5623B14DD62D}C:\portable program files\msg\skypeportable\app\skype.exe] => (Allow) C:\portable program files\msg\skypeportable\app\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{0FBB0857-AB8F-403A-9870-6C2610B8F456}C:\portable program files\msg\skypeportable\app\skype.exe] => (Allow) C:\portable program files\msg\skypeportable\app\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4B96DFAC-9164-4AA3-8FAD-541ABFC20B7C}] => (Block) C:\portable program files\msg\skypeportable\app\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AC4BC761-93F2-4685-A96D-E4E06B934DE6}] => (Block) C:\portable program files\msg\skypeportable\app\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{BCA26FE6-EDCC-4AC2-8489-B4C8C843427B}C:\portable program files\msg\skypeportable.old\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\skypeportable.old\app\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{F44B4324-21B6-4D1D-ABD6-13AEC3701138}C:\portable program files\msg\skypeportable.old\app\skype\phone\skype.exe] => (Allow) C:\portable program files\msg\skypeportable.old\app\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ADD91B81-C5CB-4EA0-9CF8-057F1E39E1AA}] => (Block) C:\portable program files\msg\skypeportable.old\app\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{708FFFF8-6146-44A9-881A-7C65FBDE61E7}] => (Block) C:\portable program files\msg\skypeportable.old\app\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

08-09-2019 20:01:02 Revo Uninstaller's restore point - TAGO-Fences (remove only)
10-09-2019 13:28:15 Windows Update
13-09-2019 23:08:36 Windows Update
18-09-2019 13:35:46 Windows Update
20-09-2019 20:02:51 Revo Uninstaller's restore point - VideoPad Video Editor
20-09-2019 21:36:31 Revo Uninstaller's restore point - VideoPad Video Editor
22-09-2019 13:29:25 Windows Update

==================== Faulty Device Manager Devices =============

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4d36e969-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/22/2019 05:16:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\User1\Desktop\FRST64.exe ; Description = Restore Point Created by FRST; Error = 0x80010100).

Error: (09/22/2019 05:04:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 22.9.2019.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1260

Start Time: 01d5715f5fd06846

Termination Time: 16

Application Path: C:\Users\User1\Desktop\FRST64.exe

Report Id: a3c3b400-dd52-11e9-a0ef-00248c02da27

Error: (09/22/2019 04:32:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Finale.exe, version: 2012.3.4.13, time stamp: 0x504e16b7
Faulting module name: ntdll.dll, version: 6.1.7601.24511, time stamp: 0x5d3fa86b
Exception code: 0xc0000374
Fault offset: 0x000ce9a3
Faulting process id: 0x1824
Faulting application start time: 0x01d5715adbcfd965
Faulting application path: C:\Program Files (x86)\Finale 2012\Finale.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 1ebd496f-dd4e-11e9-a0ef-00248c02da27

Error: (09/22/2019 04:18:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Finale.exe, version: 2012.3.4.13, time stamp: 0x504e16b7
Faulting module name: ntdll.dll, version: 6.1.7601.24511, time stamp: 0x5d3fa86b
Exception code: 0xc0000374
Fault offset: 0x000ce9a3
Faulting process id: 0x12f0
Faulting application start time: 0x01d5715907b7dc4d
Faulting application path: C:\Program Files (x86)\Finale 2012\Finale.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 4ca14ad8-dd4c-11e9-a0ef-00248c02da27

Error: (09/22/2019 04:12:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Finale.exe, version: 2012.3.4.13, time stamp: 0x504e16b7
Faulting module name: ntdll.dll, version: 6.1.7601.24511, time stamp: 0x5d3fa86b
Exception code: 0xc0000005
Fault offset: 0x0002e084
Faulting process id: 0xb24
Faulting application start time: 0x01d571581ac9e8c0
Faulting application path: C:\Program Files (x86)\Finale 2012\Finale.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 5d7349eb-dd4b-11e9-a0ef-00248c02da27

Error: (09/22/2019 04:11:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Finale.exe, version: 2012.3.4.13, time stamp: 0x504e16b7
Faulting module name: ntdll.dll, version: 6.1.7601.24511, time stamp: 0x5d3fa86b
Exception code: 0xc0000374
Fault offset: 0x000ce9a3
Faulting process id: 0x624
Faulting application start time: 0x01d5715806924a27
Faulting application path: C:\Program Files (x86)\Finale 2012\Finale.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 5094451b-dd4b-11e9-a0ef-00248c02da27

Error: (09/22/2019 03:56:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Finale.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6bc

Start Time: 01d57155b98f54fe

Termination Time: 7

Application Path: C:\Program Files (x86)\Finale 2014\Finale.exe

Report Id: 349e7cf1-dd49-11e9-829c-00248c02da27

Error: (09/22/2019 03:32:01 PM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run task  with GUID 'A2BB4F95-348C-4590-958E-DF518374D6D4' because of error 267 (The directory name is invalid).


System errors:
=============
Error: (09/22/2019 07:11:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/22/2019 05:16:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Epson Scanner Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2019 05:16:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2019 05:16:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/22/2019 05:16:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlackBerry Device Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2019 05:16:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dragon Logger Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/22/2019 05:16:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The BlackBerry Link Communication Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/22/2019 05:16:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Unchecky service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================

Date: 2016-02-08 22:18:56.284
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:18:56.206
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:16:32.481
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:16:32.387
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:11:09.140
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-08 22:11:09.046
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uphcleanhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-19 19:21:00.698
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-19 19:21:00.698
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1201 02/24/2010
Motherboard: ASUSTeK Computer INC. P6T
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 48%
Total physical RAM: 12278.12 MB
Available physical RAM: 6369.18 MB
Total Virtual: 24554.38 MB
Available Virtual: 18554.48 MB

==================== Drives ================================

Drive c: (Win7) (Fixed) (Total:465.76 GB) (Free:177.23 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (MEDIA) (Fixed) (Total:1863.01 GB) (Free:167.39 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 68FA4FB7)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: B55D94AC)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#13
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 362 posts

P.S. I noticed that the fix failed to make a system restore point. Is that something we need to investigate?


  • 0

#14
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 909 posts
Hi phickspc,
 

P.S. I noticed that the fix failed to make a system restore point. Is that something we need to investigate?


Yes, we'll take a look as to why a restore point wasn't created.

---------------------------------------------------
CKScanner

Download CKScanner by askey127 from here

Important : Save it to your desktop.
  • Double-click CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
---------------------------------------------------
MGA Diagnostic Tool

Download MGA Diagnostic Tool to your Desktop.
  • Double click MGADiag.exe to launch the program.
  • Click Continue and let the scan run.
  • When finished it will have created a log.
  • Click Copy.
  • Next open Notepad.
    • Click Start, type Notepad and press Enter.
    • This will open an empty Notepad file.
    • Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
    • Save the file to your Desktop.
  • Close MGA Diagnostic Tool.
  • Copy/Paste the log in your next reply.
---------------------------------------------------

In your next reply, please include:
  • CKFiles.txt
  • MGA Diagnostics log

  • 0

#15
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 362 posts

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\portable program files\inet\ffx profiles\currentprofile\storage\default\https+++crackberry.onesignal.com\.metadata
c:\portable program files\inet\ffx profiles\currentprofile\storage\default\https+++crackberry.onesignal.com\.metadata-v2
c:\portable program files\inet\ffx profiles\currentprofile\storage\default\https+++crackberry.onesignal.com\idb\993782502obnde__ksdisg_nla.sqlite
c:\portable program files\inet\ffx profiles\oldprofile\storage\default\https+++crackberry.onesignal.com\.metadata
c:\portable program files\inet\ffx profiles\oldprofile\storage\default\https+++crackberry.onesignal.com\.metadata-v2
c:\portable program files\inet\ffx profiles\oldprofile\storage\default\https+++crackberry.onesignal.com\idb\993782502obnde__ksdisg_nla.sqlite
c:\portable program files\inet\firefoxportableesr\data\profile\storage\default\https+++crackberry.onesignal.com\.metadata
c:\portable program files\inet\firefoxportableesr\data\profile\storage\default\https+++crackberry.onesignal.com\.metadata-v2
c:\portable program files\inet\firefoxportableesr\data\profile\storage\default\https+++crackberry.onesignal.com\idb\993782502obnde__ksdisg_nla.sqlite
scanner sequence 3.ZZ.11.OTNAWZ
 ----- EOF -----
 


  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP