Hi PC acting strange for a few days after trying Pixio software from a friend
both files in topic are reporting not found on start up
I get two windows chimes on boot up
also windows will not update.
I have ran Mcaffee antivirus from BT, this was missing when i first started checking, and has always been installed before, dont know when this stopped, so re downloaded and installed.
also bought and installed Total AV this found a few files it did not like.
WinIPAC.CAB Heur/apc
mediaplayercodac pack plus v4.5.1.s PUA/AD.installCore.B
pryAltSlave.exe HEUR/ZPC
******************************************************
******************************************************
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2019
Ran by Dave (administrator) on DESKTOP-B2C17BD (01-11-2019 13:57:15)
Running from D:\FRST
Loaded Profiles: Dave (Available Profiles: Dave)
Platform: Windows 10 Pro Version 1809 17763.615 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(BRITISH TELECOMMUNICATIONS PLC -> BT) C:\Program Files\BT Cloud\BT Cloud\BTCloud.exe
(Cole Williams Software Limited -> ) C:\Windows\SysWOW64\Codecs\TrayMenu.exe
(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe
(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
(Facebook Inc) C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, LLC. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_19_7\mcapexe.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\McCSPServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_5.1904.8017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19031.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
(Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe
(Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [winlogui] => C:\WINDOWS\system32\winlogui.exe [5120 2019-07-17] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [61370712 2019-10-09] (Discord Inc. -> Discord Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [27146448 2018-03-30] (Corsair Components, Inc. -> Corsair Components, Inc.)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [912776 2019-08-01] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [SynchronossPC] => C:\Program Files\BT Cloud\BT Cloud\BTCloud.exe [2874208 2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> BT)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Run: [Discord] => C:\Users\Dave\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.70\Installer\chrmstp.exe [2019-10-29] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2018-11-11]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe (Cole Williams Software Limited -> )
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2018-02-15]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-04-13]
ShortcutTarget: Twitch.lnk -> C:\Users\Dave\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1430BBB9-C4D1-4D89-BCBC-0D830830DA39} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {2A515AFE-3B1B-4E98-ACD6-15D8C9A0A1B6} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1028256 2019-08-09] (McAfee, LLC. -> McAfee, LLC.)
Task: {3037E774-0498-4FCA-AEB0-D13850D30A31} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {30473C45-E59F-4F5C-8A93-0DE0F9140DD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-20] (Google Inc -> Google Inc.)
Task: {36437FDC-7426-4FC6-968E-4A01615EFB90} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1028256 2019-08-09] (McAfee, LLC. -> McAfee, LLC.)
Task: {49B280B4-3087-499B-A2AD-47E7BB2ABFE7} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-08-01] (Nota Inc. -> Nota Inc.)
Task: {5BA57DAA-BE19-4C8F-8773-520DE6E7825F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5F95F785-814D-45FF-9251-26A3B5E84A70} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-08-01] (Nota Inc. -> Nota Inc.)
Task: {77FC5F34-BCE0-4385-B31C-8EA167F2E868} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [759752 2019-08-14] (McAfee, LLC. -> McAfee, LLC.)
Task: {87A1399E-0C06-4379-AC6C-E86986D577A3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {997E448F-020A-4A9C-89FC-2CE1E92F3AA5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4546112 2019-07-08] (McAfee, LLC -> McAfee, LLC.)
Task: {9E10BC46-4DD1-4539-85FD-462432ABECF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-20] (Google Inc -> Google Inc.)
Task: {A0A16883-3483-4CBA-B193-8C9F9CC8CCB3} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A0B2FF28-DEC7-4C0A-8B20-F0710A380288} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A1551FF9-0D9E-4123-958F-B82A509B3433} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ABCD32AB-0067-4D6D-85A4-3A9139A32E14} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {ABFDB273-AA0B-4424-AC99-842E2D3559E8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3310688 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ADB50EB6-839C-4B24-97EB-1E62D330900D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653864 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AEA77805-2D1A-418F-9DAE-800145B30B48} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B9F1DD05-21A9-4E77-B749-ADFA55A20E10} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2018-10-01] (Apple Inc. -> Apple Inc.)
Task: {BD315901-C2CE-400B-9CF4-3ACD14C934F8} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D88068E8-647D-406C-9445-FFC976FA2E81} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2019-07-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {DB18667D-BEE6-4469-958E-A03B10992F6E} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {DD2A64AD-8F2A-4C73-8096-7812D5FA85A8} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EDB52BAC-9635-496F-BBBB-4125F9EE71B0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FCF6DA57-8F5C-4BCD-A7EC-59A70DF2E41C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.101\DADUpdater.exe [4134976 2019-10-17] (McAfee, Inc. -> McAfee, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4e8a697d-e1a8-4d22-97b2-990cdc3b26c0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6c2173d6-8f91-426e-9780-843ae995e8bf}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll => No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => not found
FF HKLM\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => not found
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll [2019-07-25] (Adobe Systems Incorporated -> )
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2019-08-23] (McAfee, LLC. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll [2019-07-25] (Adobe Systems Incorporated -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2019-08-23] (McAfee, LLC. -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-02] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-02] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> d:\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR NewTab: Default -> Not-active:"chrome-extension://kcnahncmjobdbpabldpbldbfcieeoloj/ntp.html"
CHR DefaultSearchURL: Default -> hxxp://securedserch.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> sse
CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms}
CHR Notifications: Default -> hxxps://mintguide.org; hxxps://techzillo.com; hxxps://www.devonlive.com; hxxps://www.digitalcameraworld.com; hxxps://www.duolingo.com; hxxps://www.jdsports.co.uk; hxxps://www.pinterest.co.uk; hxxps://www.plymouthherald.co.uk; hxxps://www.selectfashion.co.uk; hxxps://www.tomtom.com; hxxps://www.tui.co.uk; hxxps://www.tuifly.be
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default [2019-11-01]
CHR Extension: (Google Drive) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-21]
CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-10-01]
CHR Extension: (Maps & Directions by MyMapsExpress) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnahncmjobdbpabldpbldbfcieeoloj [2019-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-29]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-04-26]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-566713143-4107614601-1362537991-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc. -> Apple Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2018-04-03] (ASUSTeK Computer Inc. -> ) [File not signed]
R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [34512 2018-03-30] (Corsair Components, Inc. -> Corsair Components, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [785024 2018-09-07] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_19_7\McApExe.exe [747384 2019-08-23] (McAfee, LLC. -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\\McCSPServiceHost.exe [2226608 2019-06-13] (McAfee, LLC. -> McAfee, LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1720032 2019-08-09] (McAfee, LLC -> McAfee, LLC.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2009-11-06] (NVIDIA Corporation -> NVIDIA)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1362400 2019-08-09] (McAfee, LLC. -> McAfee, Inc.)
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [5189808 2019-10-22] (Protected Antivirus Limited -> TotalAV)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA Corporation -> NVIDIA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-06-13] (Microsoft Corporation -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 ClientAnalyticsService; "C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe" [X]
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [195504 2019-07-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [195816 2019-07-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-07-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-06-21] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75696 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 cpuz146; C:\WINDOWS\temp\cpuz146\cpuz146_x64.sys [52824 2019-11-01] (CPUID -> CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [521648 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [379824 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2019-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517040 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [993712 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [564584 2019-07-21] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108904 2019-07-21] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116656 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252336 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvpcdi.inf_amd64_083e361abca28d10\nvlddmkm.sys [22370696 2019-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvoclk64; C:\WINDOWS\system32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corporation -> NVIDIA Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2018-09-15] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 SIUSBXP; C:\WINDOWS\system32\drivers\SiUSBXp.sys [19456 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R1 webshieldfilter; C:\WINDOWS\System32\drivers\webshieldfilter.sys [79048 2019-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-01 13:38 - 2019-11-01 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-11-01 06:39 - 2019-11-01 13:57 - 000000000 ____D C:\FRST
2019-11-01 06:38 - 2019-11-01 06:38 - 001619456 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2019-11-01 06:29 - 2019-11-01 06:29 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2019-11-01 06:10 - 2019-07-01 14:04 - 000195816 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2019-11-01 06:10 - 2019-07-01 14:04 - 000195504 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2019-11-01 06:10 - 2019-07-01 14:04 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2019-11-01 06:01 - 2019-11-01 06:01 - 000001085 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
2019-11-01 06:01 - 2019-11-01 06:01 - 000001060 _____ C:\Users\Public\Desktop\TotalAV.lnk
2019-11-01 06:01 - 2019-11-01 06:01 - 000001060 _____ C:\ProgramData\Desktop\TotalAV.lnk
2019-11-01 06:01 - 2019-11-01 06:01 - 000000000 ____D C:\Users\Dave\Documents\TotalAV
2019-11-01 06:01 - 2019-11-01 06:01 - 000000000 ____D C:\Users\Dave\AppData\Roaming\TotalAV
2019-11-01 06:01 - 2019-11-01 06:01 - 000000000 ____D C:\ProgramData\SecuritySuite
2019-11-01 06:01 - 2019-10-15 16:51 - 000079048 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\webshieldfilter.sys
2019-11-01 06:00 - 2019-11-01 09:44 - 000000000 ____D C:\Program Files (x86)\TotalAV
2019-11-01 06:00 - 2019-11-01 06:00 - 013112192 _____ C:\Users\Dave\Downloads\TotalAV_Setup.exe
2019-10-31 08:16 - 2019-10-31 08:16 - 000000000 ____D C:\Users\Dave\Desktop\Tor Browser
2019-10-31 08:15 - 2019-10-31 08:16 - 066777040 _____ C:\Users\Dave\Downloads\torbrowser-install-win64-9.0_en-US.exe
2019-10-30 09:51 - 2019-10-30 20:36 - 000000000 ____D C:\Users\Dave\AppData\Roaming\tor
2019-10-28 19:08 - 2019-10-29 12:56 - 000000000 ____D C:\Program Files\McAfee
2019-10-28 19:08 - 2019-10-28 19:08 - 000000000 ____D C:\Program Files\Common Files\AV
2019-10-28 18:44 - 2019-10-28 18:45 - 000000000 ___HD C:\$WINDOWS.~BT
2019-10-27 07:45 - 2019-10-27 07:45 - 000053981 _____ C:\Users\Dave\Downloads\MonthlyStatement 29_06_2019 (3).pdf
2019-10-23 19:50 - 2019-10-23 19:50 - 000000000 ____D C:\ProgramData\Avanquest Software
2019-10-23 19:49 - 2019-10-28 18:30 - 000000000 ____D C:\Users\Dave\AppData\Local\Avanquest
2019-10-23 19:49 - 2019-10-28 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InPixio
2019-10-23 19:49 - 2019-10-23 19:49 - 000000000 ____D C:\Users\Public\Documents\Avanquest Software
2019-10-23 19:49 - 2019-10-23 19:49 - 000000000 ____D C:\ProgramData\Documents\Avanquest Software
2019-10-23 19:46 - 2019-10-28 18:30 - 000000000 ____D C:\ProgramData\Configuration
2019-10-20 18:11 - 2019-10-20 18:11 - 000094097 _____ C:\Users\Dave\Downloads\jekyll-knowledge-organiser.pptx
2019-10-16 20:03 - 2019-10-31 08:20 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\uTorrent
2019-10-13 14:30 - 2019-10-29 12:32 - 000000000 ____D C:\Program Files (x86)\Origin
2019-10-13 14:30 - 2019-10-28 22:32 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Origin
2019-10-13 14:29 - 2019-10-13 14:31 - 000000000 ____D C:\Users\Dave\AppData\Local\Origin
2019-10-11 17:42 - 2019-10-29 12:32 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Discord
2019-10-11 17:42 - 2019-10-29 12:32 - 000000000 ____D C:\Users\Dave\AppData\Local\Discord
2019-10-11 17:42 - 2019-10-11 17:42 - 000002273 _____ C:\Users\Dave\Desktop\Discord.lnk
2019-10-10 13:10 - 2019-10-10 13:10 - 000000000 ____D C:\ProgramData\SquirrelMachineInstalls
2019-10-09 18:50 - 2019-10-10 06:45 - 000041529 _____ C:\Users\Dave\Documents\Viking facts by alice.pptx
2019-10-09 16:18 - 2019-10-09 16:20 - 061370712 _____ (Discord Inc.) C:\Users\Dave\Downloads\DiscordSetup.exe
2019-10-09 16:17 - 2019-10-09 16:17 - 000000000 ____D C:\Users\Dave\AppData\Local\Deployment
2019-10-09 11:21 - 2019-10-09 12:08 - 000000000 ____D C:\WINDOWS\pss
2019-10-08 13:00 - 2019-10-08 13:00 - 000002801 _____ C:\Users\Dave\Documents\CV 2019 general.txt
2019-10-08 12:55 - 2019-10-08 13:23 - 000022700 _____ C:\Users\Dave\Documents\CV 2019 general.odt
2019-10-08 07:08 - 2019-10-08 07:08 - 000051443 _____ C:\Users\Dave\Desktop\timetable_export20191008-1-3non4p (1).pdf
2019-10-08 07:07 - 2019-10-08 07:07 - 000051443 _____ C:\Users\Dave\Documents\timetable_export20191008-1-3non4p.pdf
2019-10-03 18:32 - 2019-10-30 13:32 - 000003518 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2019-10-03 18:32 - 2019-10-29 12:21 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-10-03 18:32 - 2019-10-29 12:21 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-01 13:31 - 2019-05-12 20:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-11-01 12:59 - 2018-09-15 07:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-01 12:25 - 2017-11-18 16:14 - 000000000 ____D C:\ProgramData\NVIDIA
2019-11-01 09:48 - 2019-05-12 20:17 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-11-01 09:48 - 2018-09-15 07:31 - 000000000 ____D C:\WINDOWS\INF
2019-11-01 09:44 - 2019-05-12 20:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-11-01 09:43 - 2018-09-15 06:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-11-01 09:42 - 2019-02-16 16:04 - 000000000 ____D C:\Users\Dave\AppData\LocalLow\Mozilla
2019-11-01 06:58 - 2019-05-12 20:07 - 000442304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-11-01 06:54 - 2019-07-25 13:09 - 000000000 ____D C:\Users\Dave\AppData\Roaming\pacificpoker
2019-11-01 06:30 - 2019-04-02 09:15 - 000000000 ____D C:\Program Files (x86)\Star Stable Online
2019-11-01 06:28 - 2017-11-19 10:29 - 000000000 ____D C:\ProgramData\Nero
2019-11-01 06:26 - 2019-05-08 15:14 - 000000000 ____D C:\Users\Dave\AppData\Roaming\IrfanView
2019-11-01 06:26 - 2019-05-08 15:14 - 000000000 ____D C:\Program Files\IrfanView
2019-11-01 05:56 - 2018-03-05 09:38 - 000000000 ___HD C:\Users\Dave\AppData\Local\ElevatedDiagnostics
2019-11-01 05:52 - 2019-05-12 20:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2019-11-01 05:52 - 2018-05-14 15:26 - 000000000 ___RD C:\Users\Dave\iCloudDrive
2019-10-31 22:22 - 2019-05-12 20:14 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{907F8551-7A3F-4E95-BC93-A5BEB3AED07B}
2019-10-31 08:18 - 2019-05-20 20:59 - 000000000 ____D C:\Users\Dave\AppData\Local\BitTorrentHelper
2019-10-31 08:15 - 2018-02-11 17:02 - 000000000 ___HD C:\Users\Dave\AppData\Local\CrashDumps
2019-10-30 20:59 - 2017-11-18 17:12 - 000000000 ____D C:\Program Files (x86)\McAfee
2019-10-30 18:16 - 2018-12-08 16:11 - 000000000 ____D C:\Users\Dave\Desktop\New folder pics(2)
2019-10-30 09:58 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-29 14:55 - 2018-08-19 16:33 - 000000000 ___HD C:\Users\Dave\AppData\Local\D3DSCache
2019-10-29 13:53 - 2019-05-12 20:14 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2019-10-29 12:56 - 2017-11-20 15:19 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-29 12:56 - 2017-11-18 17:10 - 000000000 ____D C:\Program Files\Common Files\McAfee
2019-10-29 12:55 - 2019-05-12 20:14 - 000003332 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2019-10-29 12:52 - 2019-07-17 06:27 - 000000000 ____D C:\ProgramData\McAfee
2019-10-29 12:52 - 2018-09-15 07:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-10-29 12:32 - 2019-07-22 15:28 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Stellarium
2019-10-29 12:32 - 2019-05-12 20:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2019-10-29 12:32 - 2018-06-26 11:45 - 000000000 ___HD C:\Users\Dave\AppData\Local\gtk-2.0
2019-10-29 12:32 - 2018-05-14 15:32 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2019-10-29 12:32 - 2018-05-14 15:26 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2019-10-29 12:32 - 2017-11-20 17:03 - 000000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-10-29 12:31 - 2018-09-15 07:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-29 12:31 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\registration
2019-10-29 12:16 - 2018-01-28 12:08 - 000000000 ____D C:\ProgramData\Origin
2019-10-29 11:33 - 2019-05-12 20:09 - 000000000 ____D C:\Users\Dave
2019-10-28 19:10 - 2018-09-15 06:09 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2019-10-28 18:45 - 2019-05-12 18:44 - 000000000 ___DC C:\WINDOWS\Panther
2019-10-16 21:19 - 2018-06-26 11:41 - 000000000 ___HD C:\Users\Dave\AppData\Local\babl-0.1
2019-10-13 15:08 - 2017-11-20 17:03 - 000000000 ____D C:\Users\Dave\AppData\Local\SquirrelTemp
2019-10-11 17:26 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-10-11 17:25 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-10-09 16:20 - 2019-07-25 13:09 - 000000000 ____D C:\Users\Dave\Documents\888poker
2019-10-09 15:41 - 2019-06-20 13:03 - 000000000 ____D C:\ProgramData\NCH Software
2019-10-09 12:05 - 2019-07-17 06:26 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-10-09 11:12 - 2018-05-14 15:26 - 000000000 ___HD C:\Users\Dave\AppData\Local\172FC105-D730-4286-9A8E-1AF03EC9789F.aplzod
2019-10-08 12:59 - 2019-06-20 13:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2019-10-08 12:58 - 2019-07-15 12:40 - 000023525 _____ C:\Users\Dave\Documents\CV 2019 v1.odt
2019-10-07 06:33 - 2018-01-28 12:11 - 000000000 ____D C:\Program Files (x86)\Origin Games
2019-10-03 06:58 - 2018-04-25 20:09 - 000000000 ____D C:\ProgramData\CLink4
2019-10-02 16:58 - 2019-05-12 20:14 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-02 16:58 - 2019-05-12 20:14 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-02 16:58 - 2017-11-20 15:18 - 000000000 ____D C:\Program Files (x86)\Google
==================== Files in the root of some directories ========
2019-06-20 19:47 - 2019-07-07 16:34 - 000005632 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-06-09 19:17 - 2019-06-09 19:17 - 000000000 _____ () C:\Users\Dave\AppData\Local\oobelibMkey.log
2019-06-03 16:13 - 2019-06-03 16:13 - 000022693 _____ () C:\Users\Dave\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
************************************************
************************************************
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2019
Ran by Dave (01-11-2019 13:57:50)
Running from D:\FRST
Windows 10 Pro Version 1809 17763.615 (X64) (2019-05-12 20:14:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-566713143-4107614601-1362537991-500 - Administrator - Disabled)
Dave (S-1-5-21-566713143-4107614601-1362537991-1001 - Administrator - Enabled) => C:\Users\Dave
DefaultAccount (S-1-5-21-566713143-4107614601-1362537991-503 - Limited - Disabled)
Guest (S-1-5-21-566713143-4107614601-1362537991-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-566713143-4107614601-1362537991-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
AV: Total AV (Enabled - Up to date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Total AV (Enabled - Up to date) {1755713B-9494-6E81-A820-9E949B4A199E}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Bridge CC 2019 (HKLM-x32\...\KBRG_9_0_2) (Version: 9.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated)
Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version: - )
airnef v1.1 - Wirelessly download images and movies from your Nikon Camera! (HKLM-x32\...\testcams.com airnef) (Version: 1.1 - testcams.com)
Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.4.1 - ASUSTeK Computer Inc.)
Atari Vault (HKLM-x32\...\Atari Vault_is1) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.21.2018 - BlueStack Systems, Inc.)
BT Cloud (HKLM\...\BT Cloud) (Version: 17.3.0.46 - BT Cloud)
BT Virus Protect (HKLM-x32\...\MSC) (Version: 16.0 R21 - McAfee, LLC.)
calibre (HKLM-x32\...\{AECEA345-D5A9-40DE-92E1-4828CAD0FEA3}) (Version: 3.47.1 - Kovid Goyal)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.10.20.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.2.0 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.7.0.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.6.30.1 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.19.10.0 - Canon Inc.)
CDisplayEx 1.10.33 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Cooler Master Portal Settings software (HKLM-x32\...\{1A3E3EA7-5A7C-4292-8A13-B0DE1BF49E13}_COOLER_MASTER_PORTAL) (Version: 1.00 - Cooler Master)
Corsair LINK 4 (HKLM-x32\...\{40036d0c-634b-4fc0-be89-13343b4bea96}) (Version: 4.9.7.35 - Corsair Components, Inc.)
Corsair LINK 4 (HKLM-x32\...\{D97F4B31-5A7D-4A07-AC85-16D64FAB93E1}) (Version: 4.9.7.35 - Corsair Components, Inc.) Hidden
CPUID HWMonitor 1.40 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.40 - CPUID, Inc.)
Discord (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
EDEngineer (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\ced7325f031a438b) (Version: 1.1.4.1 - Max)
Elite Dangerous Launcher version 0.4.6568.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.6568.0 - Frontier Developments)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EQUtil (HKLM-x32\...\{5365BB9D-6D5D-4A82-A1E4-E8595FDAF25E}) (Version: 1.1.2 - Forsaken Worlds Software)
EverQuest II (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\DG0-EverQuest II) (Version: - Sony Online Entertainment)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Game Installer (HKLM-x32\...\Game Installer 1.0.0) (Version: 1.0.0 - Intrepid Studios, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.70 - Google LLC)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Gyazo 4.0.1.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HWiNFO64 Version 6.04 (HKLM\...\HWiNFO64_is1) (Version: 6.04 - Martin Malík - REALiX)
iCloud (HKLM\...\{29C6B346-C29C-40CE-89EB-DF7C149E0EB9}) (Version: 7.7.0.27 - Apple Inc.)
Intrepid Studios Launcher (HKLM-x32\...\Launcher 1.0.114) (Version: 1.0.114 - Intrepid Studios, Inc.)
iTunes (HKLM\...\{7DDA6271-F51E-4BE5-AAE9-5A8A4612FA43}) (Version: 12.9.0.167 - Apple Inc.)
Launcher (HKLM-x32\...\{57EBDBA4-CEEE-46D4-9B83-D020605160D4}) (Version: 1.0.114 - Intrepid Studios, Inc.) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.78 - McAfee, LLC.)
Media Player Codec Pack 4.5.1 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.5.1 - Media Player Codec Pack)
Microsoft .NET Core Runtime - 2.0.7 (x64) (HKLM-x32\...\{b7cb6538-e06d-4f16-ae77-f9d8b79960f5}) (Version: 2.0.7.26407 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation)
NVIDIA Graphics Driver 436.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Update (HKLM-x32\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.0.1 - OBS Project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8158 - Realtek Semiconductor Corp.)
Stellarium 0.19.1.1 (HKLM\...\Stellarium_is1) (Version: 0.19.1.1 - Stellarium team)
TeamSpeak 3 Client (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\TeamSpeak 3 Client) (Version: 3.2.3 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.56.52.1020 - Electronic Arts Inc.)
TomTom MyDrive Connect 4.2.5.3754 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.5.3754 - TomTom)
TotalAV (HKLM-x32\...\TotalAV) (Version: 5.2.27 - TotalAV)
Twitch (HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB (07/14/2017 3.3) (HKLM\...\A2206C09905C467F30CB24DCBB49F056D7F0A290) (Version: 07/14/2017 3.3 - Corsair Components, Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Packages:
=========
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt [2019-10-29] (Facebook Inc)
Kodi -> C:\Program Files\WindowsApps\XBMCFoundation.Kodi_18.3.500.0_x64__4n2hpmxwrvr6p [2019-10-29] (XBMC Foundation)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11723.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Studios) [MS Ad]
MineSweeper (Free) -> C:\Program Files\WindowsApps\50834ZAppsStudio.MineSweeperFree_1.1.22.0_x64__fr8j70y4p4pst [2019-10-29] (Z Apps Studio) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation) [MS Ad]
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_17.30.3.0_x64__8wekyb3d8bbwe [2019-10-29] (Microsoft Corporation)
Photos Opener For Win10 -> C:\Program Files\WindowsApps\38526MediaLife.PhotosOpenerForWin10_0.0.7.0_x64__1crh1k73ty8mg [2019-10-29] (Media Life)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2019-10-29] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{47d3ca42-2728-48d2-9875-4f46ef602aa9} -> [BT Cloud] => K:\BT Cloud0
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-566713143-4107614601-1362537991-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-10-01] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] () [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] () [File not signed]
ContextMenuHandlers5: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2019-02-11] (BRITISH TELECOMMUNICATIONS PLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2002-05-14] () [File not signed]
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.ffds] => C:\WINDOWS\system32\ff_vfw.dll [141504 2016-12-14] (Cole Williams Software Limited -> )
HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [251392 2017-12-08] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [vidc.lags] => C:\WINDOWS\system32\lagarith.dll [163008 2016-09-21] (Cole Williams Software Limited -> )
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [126656 2016-12-14] (Cole Williams Software Limited -> )
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [vidc.lags] => C:\Windows\SysWOW64\lagarith.dll [230080 2016-09-21] (Cole Williams Software Limited -> )
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\LameACM.acm [756224 2012-02-28] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [msacm.aacacm] => C:\Windows\SysWOW64\AACACM.acm [294912 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.divxa32] => C:\Windows\SysWOW64\DivXa32.acm [291408 2013-12-17] (Packed With Joy !) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Dave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2019-03-27 08:01 - 2019-03-27 08:02 - 262255104 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\App.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000875008 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\c++_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000816640 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\CrossPortability_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000053760 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\EGL_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000087040 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\exif_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000998400 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\ffmpeg_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000829952 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\GLESv2_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 006719488 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\JavaScriptCore_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000453120 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\OpenAL_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 064193536 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 001305600 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\pgl_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000040448 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\pthreadVC_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000113664 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\system_malloc_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000883200 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\System_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000368128 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\SystemResources_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000015872 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\unwind_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 021368832 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WebCore_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 004304384 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WebKit_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 001553408 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WebKitLegacy_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000095232 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WinMediaFoundation_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000013312 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WinPhoneBridge_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000372736 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WP8MSVCBridge.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000147456 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WP8MSVCCommon.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000098304 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\WRTBridge_osmeta.dll
2019-03-27 08:01 - 2019-03-27 08:02 - 000096768 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt\z_osmeta.dll
2018-03-29 16:56 - 2018-03-29 16:56 - 001272832 _____ (CPUID) [File not signed] C:\Program Files (x86)\CorsairLink4\cpuidsdk.dll
2018-12-26 18:55 - 2018-04-30 12:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2009-03-03 00:30 - 2009-03-03 00:30 - 001524736 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\System Update\MFC71.dll
2009-03-03 00:30 - 2009-03-03 00:30 - 000978944 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\System Update\MSVCP71.dll
2009-03-03 00:30 - 2009-03-03 00:30 - 000520192 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\System Update\MSVCR71.dll
2018-02-26 12:56 - 2018-02-26 12:56 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\CorsairLink4\SiUSBXp.dll
2019-11-01 06:01 - 2019-10-15 16:51 - 002648576 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\TotalAV\libcrypto-1_1.dll
2019-11-01 06:01 - 2019-10-15 16:51 - 000640512 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\TotalAV\libssl-1_1.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:9E00596C [131]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 13:46 - 2018-11-03 17:37 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "Twonky Server.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Nero BackItUp"
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-566713143-4107614601-1362537991-1001\...\StartupApproved\Run: => "Discord"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{21BE3364-C598-40EA-91D8-7471DE6E0ADA}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [{9EE91BAB-0BC8-45A0-BAFB-39C4BFB78443}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{2837D90B-1433-42B9-BB6C-A9B93EE26C50}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{90C1D3DC-EBBB-41B1-9510-A045CE13605B}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{90C7F088-6FDC-45A7-A0FF-BEA2DE2D7B17}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{9CA089E3-96D2-4B82-9BC5-AB0B0669AB4E}] => (Allow) E:\Ashes of Creation Apocalypse\EasyAntiCheat\EasyAntiCheat_Setup.exe No File
FirewallRules: [{142B9F96-4B36-4AD8-9904-09642058449A}] => (Allow) E:\Ashes\updater.exe No File
FirewallRules: [{6C7F5B28-736B-49EE-B6C3-64A5AC1B7809}] => (Allow) E:\Ashes\resources\app.asar.unpacked\externals\patcher\Patcher.exe No File
FirewallRules: [{9B87695E-EBA5-4F4B-A6DB-32AEB729113F}] => (Allow) E:\Ashes\Intrepid Studios Launcher.exe No File
FirewallRules: [{5E2D6354-6FC9-463E-884E-D22FBC1BF992}] => (Allow) D:\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3ACDC24E-BB62-4BA4-861A-AA8427CD7666}] => (Allow) E:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{DD219F6C-C419-486A-8A55-192388FBDC7E}] => (Allow) E:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{05B6C5B2-4022-4ECB-899A-DE5C79335DDB}] => (Allow) E:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{AA4CB73E-8C74-4BD9-9985-739305E9613E}] => (Allow) E:\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{5AD5EE8C-90BF-4110-8D1A-21C54D154CBD}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc.) [File not signed]
FirewallRules: [TCP Query User{E7BDDAE8-908F-420A-8583-BC3086D5540E}F:\eq2 october 2016\eq2voiceservice.exe] => (Allow) F:\eq2 october 2016\eq2voiceservice.exe No File
FirewallRules: [UDP Query User{55702FF5-9075-49B4-887A-85F8E62B0044}F:\eq2 october 2016\eq2voiceservice.exe] => (Allow) F:\eq2 october 2016\eq2voiceservice.exe No File
FirewallRules: [{01C04159-B27C-4CD0-B686-F05EAB66CED3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{4D2D5BE8-E7B2-415A-B625-04BB2D28C4B3}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{E7711763-FA5C-4AF9-B828-23E2B2D7432C}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{06D970DA-D4AD-4046-A68F-39E430B16E50}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\NBService.exe No File
FirewallRules: [{1F3F7222-6877-4156-98B4-1E9A1DF1C64B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe No File
FirewallRules: [{24BDE94D-06E6-4D91-B239-3E424D98F263}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{060F1F97-01B4-4B94-A13D-57CF68991C2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{23BD3B75-A521-45E8-8365-1AAFAC7AB649}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{C066DDBA-6D65-4DB8-8D20-20AA59C6142C}C:\program files\windowsapps\xbmcfoundation.kodi_18.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_18.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{A2150FCA-6A6C-4A03-9441-9FAC413614A6}C:\program files\windowsapps\xbmcfoundation.kodi_18.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_18.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [TCP Query User{A8A84F84-3831-42C1-AD08-2B5CD2288EDA}D:\eq2 october 2016\eq2voiceservice.exe] => (Allow) D:\eq2 october 2016\eq2voiceservice.exe (Vivox Inc. -> Vivox Inc.)
FirewallRules: [UDP Query User{5B330DB6-5954-431E-9A4E-0411EE8B116B}D:\eq2 october 2016\eq2voiceservice.exe] => (Allow) D:\eq2 october 2016\eq2voiceservice.exe (Vivox Inc. -> Vivox Inc.)
FirewallRules: [{7A9D951A-AAEB-421F-8018-E6C047E1A24F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ECC2AAB9-2AAB-4DA0-A787-A74D92A667CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5639C9BC-8A9B-47A0-9B87-E3BD5CCF125E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{992DFDF5-CF86-4C75-B94D-4FF5AE480AC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{545FE976-1755-44AD-90D9-8D0171A3E801}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{325BA5DE-0A98-4D69-AB31-580DA81CA11A}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{F336DA54-13BF-4BCA-9BED-B1D36C2DDBF1}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{3A6E9548-9ADD-437F-B850-1A5695EA71BD}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{839ABFC4-367C-4468-98E1-D0587B286DDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
21-10-2019 16:54:48 Scheduled Checkpoint
28-10-2019 18:29:09 Removed Apple Software Update
01-11-2019 06:26:43 Removed Nero 2018.
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/01/2019 09:51:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2fcc
Start Time: 01d5909902c5dc8d
Termination Time: 4294967295
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Report Id: f1d6d269-480d-41e5-80c3-05883cd14ea4
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Hang type: Cross-process
Error: (11/01/2019 06:01:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.
Error: (11/01/2019 06:01:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.
Error: (11/01/2019 06:01:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.
Error: (11/01/2019 06:01:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.
Error: (11/01/2019 06:01:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.
Error: (11/01/2019 06:01:51 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.
Error: (11/01/2019 06:01:50 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.
System errors:
=============
Error: (11/01/2019 01:55:03 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-B2C17BD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-B2C17BD\Dave SID (S-1-5-21-566713143-4107614601-1362537991-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/01/2019 01:34:15 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-B2C17BD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-B2C17BD\Dave SID (S-1-5-21-566713143-4107614601-1362537991-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/01/2019 11:39:56 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-B2C17BD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-B2C17BD\Dave SID (S-1-5-21-566713143-4107614601-1362537991-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/01/2019 11:35:30 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (11/01/2019 11:33:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.
Error: (11/01/2019 10:29:09 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (11/01/2019 10:27:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.
Error: (11/01/2019 10:18:03 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Windows Defender:
===================================
Date: 2019-05-12 21:15:02.507
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
CodeIntegrity:
===================================
Date: 2019-11-01 09:44:09.289
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-11-01 09:44:09.221
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-11-01 09:44:09.152
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-11-01 09:44:09.089
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-11-01 09:44:08.173
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-11-01 09:44:08.096
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-11-01 09:44:08.013
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-11-01 09:44:07.933
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 1402 12/11/2015
Motherboard: ASUSTeK COMPUTER INC. Z170-A
Processor: Intel® Core i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 30%
Total physical RAM: 16304.66 MB
Available physical RAM: 11312.04 MB
Total Virtual: 18736.66 MB
Available Virtual: 12452.99 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:236.66 GB) (Free:83.99 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1862.89 GB) (Free:1370.14 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.39 GB) (Free:478.61 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:238.35 GB) (Free:202.51 GB) NTFS
Drive g: (AV DVR) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
Drive i: (Seagate) (Fixed) (Total:931.51 GB) (Free:746.9 GB) NTFS
\\?\Volume{137ad416-f156-4ae2-8f33-e35c2c2030c6}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS
\\?\Volume{a04d7653-909e-4867-866f-a8336ca3a711}\ () (Fixed) (Total:0.86 GB) (Free:0.46 GB) NTFS
\\?\Volume{dbd54cbb-cc51-4e3b-a98c-7c65250c2320}\ () (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
\\?\Volume{6d874024-395b-47b7-8ac9-019123a2452f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 3 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 5 (Size: 931.5 GB) (Disk ID: 039294DF)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================