Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

This Virus Got Me Good! I NEED HELP!

Started by joe_rockstar , Jun 17 2020 08:37 AM
TROJAN REGEDIT WONT OPEN GROUP POLICIES HIJACK PRETTY MUCH EVERYTHING! WIN32.EXE DONT RUN

  • Please log in to reply

#1
joe_rockstar
Posted 17 June 2020 - 08:37 AM

joe_rockstar

    New Member

  • Member
  • Pip
  • 1 posts

Hey guys this is  my first time posting. i have been goo up until this point and consider myself pretty computer savvy. Well that is all in the past  now. I deleted all of the Active Programs, dealing with most issues but there is still an issue with the Group Policy being Hijacked. It locked me out of the Registry, Shut down the Windows Module Installer and much more. I'm using internet minimally and just running scan after scan. I attached the OTL Logs. If you would liek to me Run Farbar or somethinf else let me know.

 

Thanks,

 

joe_rockstar

 

,|m|

 

I Copied the Report See below,

 

OTL logfile created on: 6/17/2020 9:40:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\LaPuglia\Desktop\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.19596)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.80 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 47.20% Memory free
19.50 Gb Paging File | 14.62 Gb Available in Paging File | 74.97% Paging File free
Paging file location(s): c:\pagefile.sys 11983 11983 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.97 Gb Total Space | 97.92 Gb Free Space | 21.76% Space Free | Partition Type: NTFS
Drive D: | 15.50 Gb Total Space | 1.16 Gb Free Space | 7.46% Space Free | Partition Type: NTFS
Drive F: | 103.02 Mb Total Space | 69.34 Mb Free Space | 67.30% Space Free | Partition Type: NTFS
 
Computer Name: THE_ARCHITECT | User Name: LaPuglia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2020/06/17 09:39:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LaPuglia\Desktop\OTL\OTL.com
PRC - [2020/03/20 16:55:23 | 000,295,368 | ---- | M] (Google LLC) -- C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
PRC - [2020/03/16 17:40:40 | 016,220,920 | ---- | M] (Mega Limited) -- C:\Users\LaPuglia\AppData\Local\MEGAsync\MEGAsync.exe
PRC - [2019/12/09 16:19:34 | 000,753,616 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2019/12/09 16:19:32 | 004,992,976 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
PRC - [2019/12/09 16:19:32 | 004,380,624 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2019/12/09 16:19:32 | 001,882,064 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
PRC - [2019/12/09 16:19:28 | 002,046,928 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
PRC - [2011/04/30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/04/30 00:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/07/23 11:44:54 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/23 11:44:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2020/06/07 04:20:22 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\23a35ef81ffbf4de11dfeb349180d7b1\IAStorUtil.ni.dll
MOD - [2020/06/07 04:20:22 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4a3ce14184dfdc93635038f76034a8c3\IAStorCommon.ni.dll
MOD - [2020/04/24 16:13:36 | 011,935,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\985aa03b1fbd363d5da69696bc0f0b7b\System.Web.ni.dll
MOD - [2020/04/24 16:13:18 | 000,777,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03516e02f8c3ca4a545df7bae4e3efde\System.Runtime.Remoting.ni.dll
MOD - [2020/04/24 16:11:49 | 012,438,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a719aea3b5dc13f8e57ecf22df24eae\System.Windows.Forms.ni.dll
MOD - [2020/04/24 16:11:34 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e35a681550637a5bd4c5da0b7dc25d3a\System.Drawing.ni.dll
MOD - [2020/04/24 16:11:13 | 005,469,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fd536482f890d7ab680214be0595a29b\System.Xml.ni.dll
MOD - [2020/04/24 16:11:05 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4eabada2a830341a3603730a8ddc99d3\System.Configuration.ni.dll
MOD - [2020/04/24 16:10:31 | 003,358,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\02bf8e571566cb813ae55cb5d57ac710\WindowsBase.ni.dll
MOD - [2020/04/24 16:10:23 | 008,008,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d45595d9058c5c291bb9722f99adcf62\System.ni.dll
MOD - [2020/04/24 16:10:07 | 011,516,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\787cb87aec48853fe68b886437fa1d9b\mscorlib.ni.dll
MOD - [2019/05/13 20:06:38 | 000,805,624 | ---- | M] () -- C:\Users\LaPuglia\AppData\Local\MEGAsync\libsodium.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2020/06/17 08:21:51 | 006,933,272 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV:64bit: - [2020/04/01 17:57:24 | 001,369,856 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2019/12/16 20:52:57 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2019/12/10 04:32:47 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\sysnative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2018/08/13 17:49:28 | 001,391,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\sysnative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2016/11/14 21:14:42 | 000,361,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2016/11/14 21:14:42 | 000,119,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2016/03/25 14:59:37 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2015/02/05 20:47:50 | 000,031,160 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/12/13 18:04:46 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2020/06/09 17:58:41 | 000,335,416 | ---- | M] (Adobe) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2020/06/01 21:07:36 | 001,287,152 | ---- | M] (Google LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\elevation_service.exe -- (GoogleChromeElevationService)
SRV - [2019/12/09 16:19:34 | 000,753,616 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2019/03/28 02:11:14 | 000,132,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2016/07/16 08:59:27 | 001,840,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\FntCache.dll -- (FontCache)
SRV - [2016/07/16 08:11:11 | 001,980,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\diagtrack.dll -- (DiagTrack)
SRV - [2016/07/16 08:11:11 | 000,079,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2016/07/16 08:11:05 | 000,511,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\defragsvc.dll -- (DEFRAGSVC)
SRV - [2016/07/16 08:11:05 | 000,123,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\umpo.dll -- (Power)
SRV - [2016/07/16 08:10:57 | 001,708,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\wevtsvc.dll -- (eventlog)
SRV - [2016/03/25 14:59:37 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/03/19 01:32:43 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011/07/15 07:16:29 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/13 16:25:59 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/04/30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/07/23 11:44:54 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/23 11:44:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\Program Files\QuickCPU\hwlink.sys -- (cbhardwarelink)
DRV:64bit: - [2020/06/17 08:23:14 | 000,073,368 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\mbam.sys -- (MBAMProtection)
DRV:64bit: - [2020/06/17 08:22:52 | 000,196,456 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\sysnative\drivers\farflt.sys -- (MBAMFarflt)
DRV:64bit: - [2020/06/17 08:22:51 | 000,120,432 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\mwac.sys -- (MBAMWebProtection)
DRV:64bit: - [2020/06/17 08:22:49 | 000,214,496 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\sysnative\drivers\MbamChameleon.sys -- (MBAMChameleon)
DRV:64bit: - [2020/06/17 08:22:47 | 000,248,968 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2020/06/07 10:55:17 | 000,255,928 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\4123E143.sys -- (4123E143)
DRV:64bit: - [2020/05/23 05:51:26 | 000,028,936 | ---- | M] (Glarysoft Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\sysnative\drivers\GUBootStartup.sys -- (GUBootStartup)
DRV:64bit: - [2020/05/18 17:05:26 | 000,221,376 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\sysnative\drivers\wofadk.sys -- (WofAdk)
DRV:64bit: - [2020/05/11 00:17:21 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2020/05/08 21:29:59 | 000,255,928 | ---- | M] (Malwarebytes) [File_System | Disabled | Stopped] -- C:\Windows\sysnative\drivers\13237357.sys -- (13237357)
DRV:64bit: - [2019/07/01 10:04:11 | 000,212,392 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\sysnative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2019/07/01 10:04:11 | 000,175,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2019/07/01 10:04:11 | 000,036,072 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2017/10/11 12:23:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2017/09/01 18:12:38 | 000,038,320 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\sysnative\amwrtdrv.sys -- (amwrtdrv)
DRV:64bit: - [2017/06/06 20:36:28 | 000,138,296 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2017/02/28 14:20:18 | 000,038,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\ampa.sys -- (ampa)
DRV:64bit: - [2016/12/27 18:45:52 | 000,035,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\ddmdrv.sys -- (ddmdrv)
DRV:64bit: - [2016/12/21 22:54:56 | 000,051,120 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\sysnative\ambakdrv.sys -- (ambakdrv)
DRV:64bit: - [2016/12/21 22:52:42 | 000,171,952 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\sysnative\ammntdrv.sys -- (ammntdrv)
DRV:64bit: - [2016/08/25 09:46:12 | 000,135,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2016/03/25 15:09:47 | 000,023,272 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2016/03/25 15:09:46 | 000,107,752 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2016/03/25 15:09:46 | 000,026,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2016/03/25 13:44:12 | 000,110,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2016/01/26 07:41:34 | 000,172,760 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2016/01/26 07:41:32 | 000,600,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2016/01/26 07:41:32 | 000,244,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2016/01/21 23:33:37 | 000,848,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2015/05/29 10:05:32 | 000,646,408 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2015/05/29 10:05:32 | 000,030,960 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2014/01/27 23:58:27 | 000,041,704 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/02/19 13:44:10 | 012,312,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/10/03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2011/12/21 10:18:34 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/10/01 01:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/13 18:04:58 | 000,146,048 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\AESTAu64.sys -- (AESTAud)
DRV:64bit: - [2010/12/13 18:04:48 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/12/08 17:30:00 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/12/08 14:55:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/31 16:32:44 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\sysnative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/07/20 17:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 17:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/02 18:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/09/17 17:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2020/06/17 08:22:50 | 000,043,232 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7350016F-93E0-4BA5-9195-211B682E3FF3}\MpKslaf28b105.sys -- (MpKslaf28b105)
DRV - [2017/09/01 13:12:38 | 000,038,320 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\amwrtdrv.sys -- (amwrtdrv)
DRV - [2017/02/28 14:20:18 | 000,038,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ampa.sys -- (ampa)
DRV - [2016/12/27 18:45:52 | 000,033,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ddmdrv.sys -- (ddmdrv)
DRV - [2016/12/21 17:54:56 | 000,051,120 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\ambakdrv.sys -- (ambakdrv)
DRV - [2016/12/21 17:52:42 | 000,171,952 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\ammntdrv.sys -- (ammntdrv)
DRV - [2016/07/16 09:01:07 | 000,533,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2016/07/16 09:01:07 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\vwififlt.sys -- (vwififlt)
DRV - [2016/07/16 09:01:07 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\vwifimp.sys -- (vwifimp)
DRV - [2016/07/16 09:01:07 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\vwifibus.sys -- (vwifibus)
DRV - [2016/07/16 08:41:24 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\filetrace.sys -- (Filetrace)
DRV - [2016/07/16 08:11:11 | 002,538,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\tcpip.sys -- (TCPIP6)
DRV - [2016/07/16 08:11:11 | 002,538,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\tcpip.sys -- (Tcpip)
DRV - [2016/07/16 08:11:11 | 002,257,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysWow64\drivers\ntfs.sys -- (Ntfs)
DRV - [2016/07/16 08:11:11 | 001,182,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ndis.sys -- (NDIS)
DRV - [2016/07/16 08:11:11 | 000,861,296 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2016/07/16 08:11:11 | 000,714,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\srv2.sys -- (srv2)
DRV - [2016/07/16 08:11:11 | 000,583,520 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\afd.sys -- (AFD)
DRV - [2016/07/16 08:11:11 | 000,449,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2016/07/16 08:11:11 | 000,435,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\rdbss.sys -- (rdbss)
DRV - [2016/07/16 08:11:11 | 000,409,088 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\srv.sys -- (srv)
DRV - [2016/07/16 08:11:11 | 000,377,696 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysWOW64\drivers\fltMgr.sys -- (FltMgr)
DRV - [2016/07/16 08:11:11 | 000,361,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\msrpc.sys -- (MsRPC)
DRV - [2016/07/16 08:11:11 | 000,282,112 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2016/07/16 08:11:11 | 000,247,808 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\srvnet.sys -- (srvnet)
DRV - [2016/07/16 08:11:11 | 000,224,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2016/07/16 08:11:11 | 000,144,384 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\dfsc.sys -- (DfsC)
DRV - [2016/07/16 08:11:11 | 000,133,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ksecdd.sys -- (KSecDD)
DRV - [2016/07/16 08:11:11 | 000,128,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\partmgr.sys -- (partmgr)
DRV - [2016/07/16 08:11:11 | 000,126,304 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysWOW64\drivers\mup.sys -- (Mup)
DRV - [2016/07/16 08:11:11 | 000,118,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\tdx.sys -- (tdx)
DRV - [2016/07/16 08:11:11 | 000,104,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\mountmgr.sys -- (mountmgr)
DRV - [2016/07/16 08:11:11 | 000,103,424 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\bowser.sys -- (bowser)
DRV - [2016/07/16 08:11:11 | 000,068,608 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWow64\drivers\npfs.sys -- (Npfs)
DRV - [2016/07/16 08:11:11 | 000,057,184 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\netbios.sys -- (NetBIOS)
DRV - [2016/07/16 08:11:11 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2016/07/16 08:11:11 | 000,031,584 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysWow64\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2016/07/16 08:11:11 | 000,031,232 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWow64\drivers\msfs.sys -- (Msfs)
DRV - [2016/07/16 08:11:11 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2016/07/16 08:11:11 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ksthunk.sys -- (ksthunk)
DRV - [2016/07/16 08:11:11 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mstee.sys -- (MSTEE)
DRV - [2016/07/16 08:11:11 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mspqm.sys -- (MSPQM)
DRV - [2016/07/16 08:11:11 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2016/07/16 08:11:11 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\null.sys -- (Null)
DRV - [2016/07/16 08:11:05 | 000,619,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\cng.sys -- (CNG)
DRV - [2016/07/16 08:11:05 | 000,168,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2016/07/16 08:11:05 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2016/07/16 08:11:05 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2016/07/16 08:11:05 | 000,062,816 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\fsdepends.sys -- (FsDepends)
DRV - [2016/07/16 08:11:05 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysWOW64\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2016/07/16 08:11:05 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2016/07/16 08:11:02 | 000,352,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\fastfat.sys -- (fastfat)
DRV - [2016/07/16 08:11:01 | 000,645,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fvevol.sys -- (fvevol)
DRV - [2016/07/16 08:11:01 | 000,320,000 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysWOW64\drivers\udfs.sys -- (udfs)
DRV - [2016/07/16 08:11:01 | 000,085,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysWOW64\drivers\fileinfo.sys -- (FileInfo)
DRV - [2016/07/16 08:11:00 | 000,334,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\exfat.sys -- (exfat)
DRV - [2016/07/16 08:11:00 | 000,035,680 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2016/07/16 08:10:51 | 002,190,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2016/07/16 08:10:51 | 000,279,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\netbt.sys -- (NetBT)
DRV - [2016/07/16 08:10:51 | 000,104,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2016/07/16 08:10:51 | 000,096,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2016/07/16 08:10:51 | 000,079,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2016/07/16 08:10:51 | 000,079,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wanarp.sys -- (WANARP)
DRV - [2016/07/16 08:10:51 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\rassstp.sys -- (RasSstp)
DRV - [2016/07/16 08:10:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWow64\drivers\ndproxy.sys -- (NDProxy)
DRV - [2016/07/16 08:10:51 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2016/07/16 08:10:50 | 000,391,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\volsnap.sys -- (volsnap)
DRV - [2016/07/16 08:10:50 | 000,367,456 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\volmgrx.sys -- (volmgrx)
DRV - [2016/07/16 08:10:50 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ndiswan.sys -- (NdisWan)
DRV - [2016/07/16 08:10:50 | 000,107,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\agilevpn.sys -- (RasAgileVpn)
DRV - [2016/07/16 08:10:50 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysWOW64\drivers\cdfs.sys -- (cdfs)
DRV - [2016/07/16 08:10:50 | 000,081,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2016/07/16 08:10:50 | 000,051,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\pcw.sys -- (pcw)
DRV - [2016/07/16 08:10:50 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2016/07/16 08:10:50 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\rasacd.sys -- (RasAcd)
DRV - [2016/07/16 08:10:45 | 000,501,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbhub.sys -- (usbhub)
DRV - [2016/07/16 08:10:45 | 000,129,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2016/07/16 08:10:45 | 000,096,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbehci.sys -- (usbehci)
DRV - [2016/07/16 08:10:45 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbuhci.sys -- (usbuhci)
DRV - [2016/07/16 08:10:45 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbohci.sys -- (usbohci)
DRV - [2016/07/16 08:10:43 | 000,336,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\pci.sys -- (pci)
DRV - [2016/07/16 08:10:43 | 000,279,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\sdbus.sys -- (sdbus)
DRV - [2016/07/16 08:10:43 | 000,169,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbccgp.sys -- (usbccgp)
DRV - [2016/07/16 08:10:43 | 000,114,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\i8042prt.sys -- (i8042prt)
DRV - [2016/07/16 08:10:43 | 000,062,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\kbdclass.sys -- (kbdclass)
DRV - [2016/07/16 08:10:43 | 000,059,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mouclass.sys -- (mouclass)
DRV - [2016/07/16 08:10:43 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\kbdhid.sys -- (kbdhid)
DRV - [2016/07/16 08:10:43 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\hidusb.sys -- (HidUsb)
DRV - [2016/07/16 08:10:43 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mouhid.sys -- (mouhid)
DRV - [2016/07/16 08:10:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\CmBatt.sys -- (CmBatt)
DRV - [2016/07/16 08:10:43 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\sermouse.sys -- (sermouse)
DRV - [2016/07/16 08:10:43 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\swenum.sys -- (swenum)
DRV - [2016/07/16 08:10:43 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\umpass.sys -- (UmPass)
DRV - [2016/07/16 08:10:42 | 000,714,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\vhdmp.sys -- (vhdmp)
DRV - [2016/07/16 08:10:42 | 000,705,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\acpi.sys -- (ACPI)
DRV - [2016/07/16 08:10:42 | 000,134,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\intelppm.sys -- (intelppm)
DRV - [2016/07/16 08:10:42 | 000,123,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\amdk8.sys -- (AmdK8)
DRV - [2016/07/16 08:10:42 | 000,120,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\amdppm.sys -- (AmdPPM)
DRV - [2016/07/16 08:10:42 | 000,119,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\processr.sys -- (Processor)
DRV - [2016/07/16 08:10:42 | 000,101,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\disk.sys -- (Disk)
DRV - [2016/07/16 08:10:42 | 000,096,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\parport.sys -- (Parport)
DRV - [2016/07/16 08:10:42 | 000,083,968 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\serial.sys -- (Serial)
DRV - [2016/07/16 08:10:42 | 000,080,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\volmgr.sys -- (volmgr)
DRV - [2016/07/16 08:10:42 | 000,053,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2016/07/16 08:10:42 | 000,043,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\mssmbios.sys -- (mssmbios)
DRV - [2016/07/16 08:10:41 | 000,166,752 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\vsmraid.sys -- (vsmraid)
DRV - [2016/07/16 08:10:41 | 000,166,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\nvstor.sys -- (nvstor)
DRV - [2016/07/16 08:10:41 | 000,150,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\nvraid.sys -- (nvraid)
DRV - [2016/07/16 08:10:41 | 000,089,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2016/07/16 08:10:41 | 000,081,760 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2016/07/16 08:10:41 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\umbus.sys -- (umbus)
DRV - [2016/07/16 08:10:41 | 000,044,896 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2016/07/16 08:10:41 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\stexstor.sys -- (stexstor)
DRV - [2016/07/16 08:10:41 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\atapi.sys -- (atapi)
DRV - [2016/07/16 08:10:41 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\serenum.sys -- (Serenum)
DRV - [2016/07/16 08:10:41 | 000,019,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\intelide.sys -- (intelide)
DRV - [2016/07/16 08:10:41 | 000,016,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pciide.sys -- (pciide)
DRV - [2016/07/16 08:10:41 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MTConfig.sys -- (MTConfig)
DRV - [2016/07/16 08:10:40 | 000,575,840 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\megasr.sys -- (MegaSR)
DRV - [2016/07/16 08:10:40 | 000,059,744 | ---- | M] (Avago Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\megasas.sys -- (megasas)
DRV - [2016/07/16 08:10:38 | 000,022,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\isapnp.sys -- (isapnp)
DRV - [2016/07/16 08:10:38 | 000,018,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\msisadrv.sys -- (msisadrv)
DRV - [2016/07/16 08:10:37 | 003,418,976 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\evbda.sys -- (ebdrv)
DRV - [2016/07/16 08:10:37 | 000,533,856 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\bxvbda.sys -- (b06bdrv)
DRV - [2016/07/16 08:10:37 | 000,412,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\iaStorV.sys -- (iaStorV)
DRV - [2016/07/16 08:10:37 | 000,277,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2016/07/16 08:10:37 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\amdsbs.sys -- (amdsbs)
DRV - [2016/07/16 08:10:37 | 000,235,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\1394ohci.sys -- (1394ohci)
DRV - [2016/07/16 08:10:37 | 000,173,056 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\cdrom.sys -- (cdrom)
DRV - [2016/07/16 08:10:37 | 000,131,936 | ---- | M] (PMC-Sierra, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\arcsas.sys -- (arcsas)
DRV - [2016/07/16 08:10:37 | 000,110,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\sbp2port.sys -- (sbp2port)
DRV - [2016/07/16 08:10:37 | 000,108,896 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2016/07/16 08:10:37 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\amdsata.sys -- (amdsata)
DRV - [2016/07/16 08:10:37 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\HpSAMD.sys -- (HpSAMD)
DRV - [2016/07/16 08:10:37 | 000,036,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hidbatt.sys -- (HidBatt)
DRV - [2016/07/16 08:10:37 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\fdc.sys -- (fdc)
DRV - [2016/07/16 08:10:37 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wacompen.sys -- (WacomPen)
DRV - [2016/07/16 08:10:37 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\amdxata.sys -- (amdxata)
DRV - [2016/07/16 08:10:37 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\flpydisk.sys -- (flpydisk)
DRV - [2016/07/16 08:10:37 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2016/07/16 08:10:37 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\sfloppy.sys -- (sfloppy)
DRV - [2016/07/16 08:10:37 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\errdev.sys -- (ErrDev)
DRV - [2016/07/16 08:10:36 | 000,758,624 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\elxstor.sys -- (elxstor)
DRV - [2016/07/16 08:10:36 | 000,118,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pcmcia.sys -- (pcmcia)
DRV - [2016/07/16 08:10:36 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2013/11/21 10:22:10 | 000,115,448 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2011/01/19 17:16:14 | 000,049,216 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\SwSetup\sp60864\iscflashx64.sys -- (iscFlash)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3CB12E97-BDDF-4488-8C61-217335DD319F}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {3CB12E97-BDDF-4488-8C61-217335DD319F}
IE - HKLM\..\SearchScopes\{3CB12E97-BDDF-4488-8C61-217335DD319F}: "URL" = https://www.google.c...utputEncoding?}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,IE11DefaultsFRECompletionTime =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,IE11DefaultsFREConfigUpdateTimestamp =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,IE11DefaultsFREGPOCheckTimestamp =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,IE11DefaultsFREModalCompletionTime =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....09&ocid=UE09DHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?...09&ocid=UE09DHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 21 64 48 F2 39 D6 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = FC C2 64 5F DD 29 D6 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=IESR02&pc=UE10
IE - HKCU\..\SearchScopes\{3CB12E97-BDDF-4488-8C61-217335DD319F}: "URL" = https://www.google.c...utputEncoding?}
IE - HKCU\..\SearchScopes\{EF641CB9-A500-480E-ABFC-370E51010B2B}: "URL" = https://search.yahoo...rtPage?}&fr=ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.251.2: C:\Program Files\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.251.2: C:\Program Files\Java\jre1.8.0_251\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.251.2: C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.251.2: C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@zoom.us/ZoomVideoPlugin: C:\Users\LaPuglia\AppData\Roaming\Zoom\bin\npzoomplugin.dll File not found
 
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\LaPuglia\AppData\Roaming\IDM\idmmzcc5 [2020/04/28 13:48:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
 
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2020/06/17 00:47:47 | 000,000,795 | ---- | M]) - C:\Windows\sysnative\drivers\etc\hosts
O1 - Hosts:         127.0.0.1          www.aomeitech.com
O1 - Hosts:         127.0.0.1          aomeitech.com
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_251\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_251\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - Startup: C:\Users\LaPuglia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\MEGAsync.lnk = C:\Users\LaPuglia\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm File not found
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm File not found
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Reg Error: Value error. File not found
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\sysnative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\sysnative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\sysnative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\sysnative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\sysnative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\sysnative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\sysnative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\sysnative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\sysnative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\sysnative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\sysnative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\sysnative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\sysnative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\sysnative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\sysnative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\sysnative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\sysnative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\sysnative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Trusted sites)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://24.38.28.18/XTSAC.cab(XTSAC Control)
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://24.38.28.18/...acheCleaner.cab(WebCacheCleaner Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001A090B-98CB-4049-BF35-0825231AFD44}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48FA2140-D8B4-4DFA-A179-505743FF82AC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F13F5AC-294D-43C3-9C54-B2AEEB381536}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\sysnative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\sysnative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\sysnative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\sysnative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\sysnative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\sysnative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\sysnative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\sysnative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\sysnative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\sysnative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\sysnative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\sysnative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\sysnative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\sysnative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\sysnative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\sysnative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\sysnative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\sysnative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\sysnative\WPDShServiceObj.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\SysWOW64\WPDShServiceObj.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2020/06/03 18:00:20 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (ACHINE BootExecute)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2020/06/17 09:30:36 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Desktop\OTL
[2020/06/17 08:23:14 | 000,073,368 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2020/06/17 08:22:52 | 000,196,456 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2020/06/17 08:22:51 | 000,120,432 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2020/06/17 05:53:02 | 000,000,000 | ---D | C] -- C:\Windows\softwaredistribution
[2020/06/17 05:15:09 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Users\LaPuglia\Desktop\rege32.exe
[2020/06/17 03:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2020/06/17 02:35:36 | 004,646,240 | ---- | C] (EZB Systems, Inc.                                           ) -- C:\Users\LaPuglia\Desktop\uiso9_pe.exe
[2020/06/16 23:39:30 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Desktop\FRST_061620
[2020/06/16 18:56:14 | 000,000,000 | ---D | C] -- C:\0b07da0ebc347df4ba09b1cd
[2020/06/16 18:17:48 | 000,214,496 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2020/06/16 16:20:25 | 000,248,968 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2020/06/16 16:20:02 | 000,153,312 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbae64.sys
[2020/06/16 16:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2020/06/16 13:28:39 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Desktop\Carifred
[2020/06/16 10:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant
[2020/06/16 10:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOMEI Partition Assistant
[2020/06/16 10:40:32 | 000,255,928 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\655A4AEB.sys
[2020/06/16 10:31:51 | 000,000,000 | R--D | C] -- C:\Users\LaPuglia\Music
[2020/06/16 08:36:39 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Local\Temp
[2020/06/16 08:25:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2020/06/16 06:55:48 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Desktop\aomei Search and Remove
[2020/06/16 06:38:22 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Desktop\Find Delete
[2020/06/15 16:01:44 | 000,255,928 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\3657669D.sys
[2020/06/15 11:30:14 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Desktop\Desktop Transfer
[2020/06/15 11:22:00 | 177,281,464 | ---- | C] (AO Kaspersky Lab) -- C:\Users\LaPuglia\Desktop\Kaspersky Virus Removal Tool (KVRT).exe
[2020/06/15 09:16:38 | 177,281,464 | ---- | C] (AO Kaspersky Lab) -- C:\Users\LaPuglia\Kaspersky Virus Removal Tool (KVRT).exe
[2020/06/15 06:29:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2020/06/15 00:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Hasleo
[2020/06/15 00:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOMEI PE Builder 2.0
[2020/06/15 00:16:14 | 153,976,416 | ---- | C] (AOMEI Technology Co., Ltd.                                  ) -- C:\Users\LaPuglia\Desktop\PEBuilder.exe
[2020/06/14 18:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\drivers
[2020/06/14 11:25:29 | 000,255,928 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\9532A4F6.sys
[2020/06/14 11:14:14 | 000,957,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\dda.dll
[2020/06/14 09:02:20 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Desktop\Crack
[2020/06/14 08:48:22 | 000,000,000 | ---D | C] -- C:\KVRT_Data
[2020/06/14 07:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2020/06/14 06:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\934425099447735
[2020/06/14 02:14:49 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2020/06/13 21:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2020/06/13 21:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2020/06/13 21:28:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2020/06/13 15:27:47 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Desktop\ADS
[2020/06/13 07:35:04 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Desktop\Iphone Ringtones
[2020/06/13 06:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carifred
[2020/06/13 05:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI
[2020/06/12 23:11:17 | 000,000,000 | ---D | C] -- C:\Desktop Quick Access Toolbar
[2020/06/12 15:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOMEI mBackupper
[2020/06/11 16:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Sidebar
[2020/06/11 16:15:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2020/06/11 16:15:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2020/06/11 16:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2020/06/11 16:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2020/06/11 16:14:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2020/06/11 16:14:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2020/06/10 12:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oracle
[2020/06/09 18:20:08 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Documents\LaPuglia Fix Logs
[2020/06/08 22:04:21 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Roaming\WSCC4
[2020/06/08 21:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows System Control Center
[2020/06/08 21:55:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sysinternals Suite
[2020/06/08 21:49:00 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\NirSoft
[2020/06/08 14:25:55 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.8
[2020/06/07 18:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2020/06/07 18:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2020/06/07 18:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2020/06/07 16:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2020/06/07 16:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2020/06/07 10:55:17 | 000,255,928 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\4123E143.sys
[2020/06/07 05:25:22 | 000,035,928 | ---- | C] (Adobe Systems Incorporated.) -- C:\Windows\SysNative\AdobePDF64.dll
[2020/06/07 04:17:50 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Roaming\InstallShield
[2020/06/06 16:29:47 | 000,000,000 | ---D | C] -- C:\SFCFix
[2020/06/06 05:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2020/06/06 05:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IObit
[2020/06/06 05:06:11 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2020/06/06 05:05:40 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Roaming\IObit
[2020/06/06 05:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2020/06/06 03:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2020/06/06 03:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2020/06/06 00:46:56 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Documents\Misc
[2020/06/06 00:23:30 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\regi bak
[2020/06/05 07:47:56 | 000,047,600 | ---- | C] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-stable.sys
[2020/06/05 07:47:56 | 000,047,600 | ---- | C] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-dev.sys
[2020/06/05 07:47:56 | 000,047,600 | ---- | C] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-canary.sys
[2020/06/05 06:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
[2020/06/04 02:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
[2020/06/04 02:06:27 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Roaming\AIMP
[2020/06/04 02:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIMP
[2020/06/03 18:02:43 | 000,846,336 | ---- | C] (Christian Werner Software & Consulting) -- C:\Windows\SysNative\sqlite3odbc.dll
[2020/06/03 18:02:43 | 000,078,848 | ---- | C] (Christian Werner Software & Consulting) -- C:\Windows\SysNative\sqlite3_mod_blobtoxy.dll
[2020/06/03 18:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQLite ODBC Driver for Win64
[2020/06/03 18:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\SQLite ODBC Driver for Win64
[2020/06/01 23:54:18 | 000,000,000 | R--D | C] -- C:\Users\LaPuglia\Desktop\PS3
[2020/06/01 04:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mBackupper
[2020/06/01 04:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AomeiMB
[2020/06/01 01:13:48 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Documents\MAP
[2020/06/01 00:48:16 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDCleaner
[2020/06/01 00:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\HDCleaner
[2020/05/31 05:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Assessment and Planning Toolkit
[2020/05/31 05:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2020/05/31 05:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Assessment and Planning Toolkit
[2020/05/31 04:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Application Compatibility Toolkit
[2020/05/31 04:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Compatibility Toolkit
[2020/05/31 04:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK
[2020/05/31 04:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Imaging
[2020/05/31 04:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows AIK
[2020/05/31 04:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2020/05/31 04:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2020/05/31 04:03:47 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Documents\My ISO Files
[2020/05/30 20:41:54 | 000,000,000 | R--D | C] -- C:\Users\LaPuglia\My Music
[2020/05/30 18:49:45 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\.idlerc
[2020/05/30 18:19:12 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\acad_temp
[2020/05/30 17:18:10 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Roaming\HDCleaner
[2020/05/30 17:10:29 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Local\Package Cache
[2020/05/27 22:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2020/05/27 22:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2020/05/27 22:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2020/05/27 22:40:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2020/05/27 22:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2020/05/27 22:39:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2020/05/27 22:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2020/05/27 22:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2020/05/27 22:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2020/05/27 20:02:55 | 000,000,000 | ---D | C] -- C:\tenorshare
[2020/05/27 19:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PassFab
[2020/05/27 16:59:52 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2020/05/26 18:07:30 | 000,000,000 | ---D | C] -- C:\MATS
[2020/05/25 17:16:33 | 000,000,000 | R--D | C] -- C:\Users\LaPuglia\cloud
[2020/05/25 17:14:36 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Documents\MEGAsync
[2020/05/25 17:04:37 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Local\Mega Limited
[2020/05/25 17:04:22 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
[2020/05/25 17:04:07 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Local\MEGAsync
[2020/05/24 22:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2020/05/23 06:35:10 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Local\Opera Software
[2020/05/23 06:34:18 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Roaming\Opera Software
[2020/05/23 05:51:26 | 000,028,936 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\drivers\GUBootStartup.sys
[2020/05/23 05:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 5
[2020/05/23 02:38:20 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\Documents\Registry Back-Ups
[2020/05/22 17:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC App Store
[2020/05/22 15:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO64
[2020/05/22 06:48:26 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel
[2020/05/22 02:48:23 | 000,651,264 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2020/05/22 02:48:01 | 000,564,224 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe
[2020/05/22 02:48:00 | 000,438,784 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl
[2020/05/22 02:47:52 | 004,594,176 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2020/05/22 02:47:52 | 000,524,800 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2020/05/22 02:47:43 | 000,220,160 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll
[2020/05/21 07:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2020/05/21 06:29:27 | 005,900,288 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNGUI.exe
[2020/05/21 06:29:27 | 003,069,952 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNHP.dll
[2020/05/21 06:29:27 | 000,968,192 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNX.dll
[2020/05/21 06:29:27 | 000,211,968 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNJ.exe
[2020/05/21 06:29:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2020/05/21 06:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2020/05/21 06:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Realtek
[2020/05/21 06:14:19 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsPStorIcon.dll
[2020/05/21 06:14:19 | 000,329,832 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsPStor.sys
[2020/05/21 05:39:14 | 000,146,048 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\drivers\AESTAu64.sys
[2020/05/21 04:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2020/05/21 00:57:13 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Local\Sharpened_Productions
[2020/05/21 00:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KC Softwares
[2020/05/20 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Local\HP
[2020/05/20 14:58:22 | 000,030,960 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorF.sys
[2020/05/20 14:58:20 | 000,646,408 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorA.sys
[2020/05/20 14:43:03 | 000,600,280 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwampfl.sys
[2020/05/20 14:42:55 | 000,172,760 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\bcbtums.sys
[2020/05/20 12:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\factormystic.net
[2020/05/20 08:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2020/05/20 06:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2020/05/20 05:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2020/05/20 00:03:16 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Local\DivX
[2020/05/19 22:18:57 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Roaming\KC Softwares
[2020/05/19 09:22:06 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Roaming\DiskDefrag
[2020/05/18 18:15:17 | 000,221,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wofadk.sys
[2020/05/18 17:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dism++10.1.1001.10
[2020/05/18 14:35:39 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Local\DivXConverter
[2020/05/18 14:35:12 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\.MCTranscodingSDK
[2020/05/18 09:57:23 | 000,000,000 | ---D | C] -- C:\Users\LaPuglia\AppData\Local\factormystic.net
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2020/06/17 08:23:14 | 000,073,368 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2020/06/17 08:22:58 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2020/06/17 08:22:52 | 000,196,456 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2020/06/17 08:22:51 | 000,120,432 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2020/06/17 08:22:49 | 000,214,496 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2020/06/17 08:22:47 | 000,248,968 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2020/06/17 08:21:56 | 000,153,312 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbae64.sys
[2020/06/17 07:54:39 | 000,029,712 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2020/06/17 07:54:39 | 000,029,712 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2020/06/17 07:53:06 | 000,980,326 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2020/06/17 07:53:06 | 000,804,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2020/06/17 07:53:06 | 000,174,262 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2020/06/17 07:49:29 | 000,000,441 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2020/06/17 07:48:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2020/06/17 07:48:30 | 1988,513,791 | -HS- | M] () -- C:\hiberfil.sys
[2020/06/17 07:12:22 | 000,467,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2020/06/17 06:47:41 | 000,028,272 | ---- | M] () -- C:\Windows\SysNative\drivers\truesight.sys
[2020/06/17 04:50:43 | 000,016,718 | ---- | M] () -- C:\Windows\GA_OF.dat
[2020/06/17 04:50:43 | 000,001,024 | ---- | M] () -- C:\AMTAG.BIN
[2020/06/17 04:50:42 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\AOMEI Partition Assistant Technician Edition 8.6.lnk
[2020/06/17 03:10:14 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2020/06/17 02:37:14 | 003,782,360 | ---- | M] (                                                            ) -- C:\Users\LaPuglia\Desktop\uiso9_pe_2762032630.exe
[2020/06/17 02:35:51 | 004,646,240 | ---- | M] (EZB Systems, Inc.                                           ) -- C:\Users\LaPuglia\Desktop\uiso9_pe.exe
[2020/06/17 00:47:47 | 000,000,795 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2020/06/16 19:52:29 | 000,020,692 | ---- | M] () -- C:\Users\LaPuglia\Desktop\malwarebytes.jpg
[2020/06/16 16:46:37 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\QuickCPUx64.job
[2020/06/16 15:28:52 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2020/06/16 15:28:52 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2020/06/16 15:21:28 | 774,045,696 | ---- | M] () -- C:\Users\LaPuglia\Desktop\ampe (1).iso
[2020/06/16 10:40:32 | 000,255,928 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\655A4AEB.sys
[2020/06/16 09:33:31 | 000,000,154 | ---- | M] () -- C:\Users\LaPuglia\Documents\acad.err
[2020/06/16 08:49:36 | 000,014,125 | ---- | M] () -- C:\Users\LaPuglia\Desktop\System Info.htm
[2020/06/15 16:01:44 | 000,255,928 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\3657669D.sys
[2020/06/15 09:50:59 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\AOMEI PE Builder 2.0.lnk
[2020/06/15 05:30:03 | 000,007,632 | ---- | M] () -- C:\Users\LaPuglia\AppData\Local\Resmon.ResmonCfg
[2020/06/15 00:17:11 | 153,976,416 | ---- | M] (AOMEI Technology Co., Ltd.                                  ) -- C:\Users\LaPuglia\Desktop\PEBuilder.exe
[2020/06/14 19:03:05 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2020/06/14 14:06:58 | 000,001,639 | ---- | M] () -- C:\Users\LaPuglia\THE_ARCHITECT.lnk
[2020/06/14 14:06:16 | 000,000,000 | ---- | M] () -- C:\Users\LaPuglia\Documents\Default.rdp
[2020/06/14 11:25:30 | 000,255,928 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\9532A4F6.sys
[2020/06/14 05:57:47 | 000,000,512 | ---- | M] () -- C:\Users\LaPuglia\Documents\MBR.dat
[2020/06/14 02:14:49 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2020/06/13 22:43:18 | 000,001,540 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2020/06/13 16:29:54 | 177,281,464 | ---- | M] (AO Kaspersky Lab) -- C:\Users\LaPuglia\Kaspersky Virus Removal Tool (KVRT).exe
[2020/06/13 16:29:54 | 177,281,464 | ---- | M] (AO Kaspersky Lab) -- C:\Users\LaPuglia\Desktop\Kaspersky Virus Removal Tool (KVRT).exe
[2020/06/13 14:19:50 | 000,000,208 | ---- | M] () -- C:\Windows\SysWow64\AbBakConfig.dat
[2020/06/13 14:19:50 | 000,000,150 | ---- | M] () -- C:\Windows\SysWow64\winsevr.dat
[2020/06/11 16:20:19 | 000,916,138 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2020/06/11 16:19:39 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2020/06/11 03:02:32 | 000,001,024 | ---- | M] () -- C:\SYSTAG.BIN
[2020/06/10 12:39:56 | 000,129,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2020/06/10 12:37:50 | 000,114,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2020/06/09 17:58:40 | 000,842,296 | ---- | M] (Adobe) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2020/06/09 17:58:40 | 000,175,160 | ---- | M] (Adobe) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2020/06/07 10:55:17 | 000,255,928 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\4123E143.sys
[2020/06/07 05:52:04 | 000,016,612 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2020/06/06 03:19:28 | 000,002,112 | ---- | M] () -- C:\Users\LaPuglia\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft FLAC Converter.lnk
[2020/06/05 07:47:56 | 000,047,600 | ---- | M] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-stable.sys
[2020/06/05 07:47:56 | 000,047,600 | ---- | M] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-dev.sys
[2020/06/05 07:47:56 | 000,047,600 | ---- | M] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-canary.sys
[2020/06/05 06:46:49 | 000,001,104 | ---- | M] () -- C:\Users\LaPuglia\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk
[2020/06/03 18:02:44 | 000,000,191 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2020/06/03 18:02:44 | 000,000,145 | ---- | M] () -- C:\Windows\ODBC.INI
[2020/05/28 01:24:44 | 000,218,208 | ---- | M] () -- C:\Windows\SysNative\mlfcache.dat
[2020/05/27 06:55:15 | 000,002,632 | ---- | M] () -- C:\Users\LaPuglia\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook (1).lnk
[2020/05/27 06:54:04 | 000,002,632 | ---- | M] () -- C:\Users\LaPuglia\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook.lnk
[2020/05/25 22:35:19 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2016.lnk
[2020/05/25 17:18:12 | 000,000,985 | ---- | M] () -- C:\Users\LaPuglia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\MEGAsync.lnk
[2020/05/23 06:35:05 | 000,001,330 | ---- | M] () -- C:\Users\LaPuglia\Desktop\Opera.lnk
[2020/05/23 05:51:26 | 000,028,936 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\drivers\GUBootStartup.sys
[2020/05/22 03:06:08 | 000,042,307 | ---- | M] () -- C:\Users\LaPuglia\AppData\Local\Perfmon.PerfmonCfg
[2020/05/21 04:14:10 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2020/05/20 15:19:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01011.Wdf
[2020/05/20 05:25:51 | 000,018,944 | ---- | M] () -- C:\Users\LaPuglia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2020/05/20 00:44:16 | 000,000,296 | ---- | M] () -- C:\Windows\SysWow64\cpuz.ini
[2020/05/18 17:05:26 | 000,221,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wofadk.sys
[2020/05/18 13:39:18 | 000,002,642 | ---- | M] () -- C:\Users\LaPuglia\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Drive (2).lnk
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2020/06/17 08:22:58 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2020/06/17 04:50:42 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\AOMEI Partition Assistant Technician Edition 8.6.lnk
[2020/06/17 03:10:13 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2020/06/17 02:37:11 | 003,782,360 | ---- | C] (                                                            ) -- C:\Users\LaPuglia\Desktop\uiso9_pe_2762032630.exe
[2020/06/17 02:27:26 | 000,054,048 | ---- | C] () -- C:\Users\LaPuglia\Desktop\checksurlau.exe
[2020/06/16 22:52:05 | 000,028,272 | ---- | C] () -- C:\Windows\SysNative\drivers\truesight.sys
[2020/06/16 19:52:29 | 000,020,692 | ---- | C] () -- C:\Users\LaPuglia\Desktop\malwarebytes.jpg
[2020/06/16 16:46:37 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\QuickCPUx64.job
[2020/06/16 16:10:55 | 000,001,960 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
[2020/06/16 15:27:04 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2020/06/16 15:27:04 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2020/06/16 15:18:07 | 774,045,696 | ---- | C] () -- C:\Users\LaPuglia\Desktop\ampe (1).iso
[2020/06/16 09:33:31 | 000,000,154 | ---- | C] () -- C:\Users\LaPuglia\Documents\acad.err
[2020/06/16 08:49:36 | 000,014,125 | ---- | C] () -- C:\Users\LaPuglia\Desktop\System Info.htm
[2020/06/15 00:21:54 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\AOMEI PE Builder 2.0.lnk
[2020/06/14 21:39:56 | 001,298,584 | ---- | C] () -- C:\Windows\ddmmain.exe
[2020/06/14 21:39:56 | 000,035,760 | ---- | C] () -- C:\Windows\SysNative\ddmdrv.sys
[2020/06/14 21:39:56 | 000,033,200 | ---- | C] () -- C:\Windows\SysWow64\ddmdrv.sys
[2020/06/14 21:37:35 | 002,179,160 | ---- | C] () -- C:\Windows\ampa.exe
[2020/06/14 21:37:35 | 000,038,320 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys
[2020/06/14 21:37:35 | 000,038,320 | ---- | C] () -- C:\Windows\SysNative\ampa.sys
[2020/06/14 19:03:05 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2020/06/14 14:24:56 | 000,016,718 | ---- | C] () -- C:\Windows\GA_OF.dat
[2020/06/14 14:06:58 | 000,001,639 | ---- | C] () -- C:\Users\LaPuglia\THE_ARCHITECT.lnk
[2020/06/14 14:06:16 | 000,000,000 | ---- | C] () -- C:\Users\LaPuglia\Documents\Default.rdp
[2020/06/14 05:57:47 | 000,000,512 | ---- | C] () -- C:\Users\LaPuglia\Documents\MBR.dat
[2020/06/13 22:43:18 | 000,001,540 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2020/06/13 18:22:52 | 000,144,760 | ---- | C] () -- C:\Users\LaPuglia\Desktop\Show icons.exe
[2020/06/13 07:32:41 | 000,251,166 | ---- | C] () -- C:\Users\LaPuglia\Desktop\687e45df9a5981f2b019e329012844a504f96.mp4
[2020/06/08 22:04:18 | 000,001,202 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WSCC.lnk
[2020/06/06 15:40:07 | 000,171,952 | ---- | C] () -- C:\Windows\SysNative\ammntdrv.sys
[2020/06/06 15:40:07 | 000,051,120 | ---- | C] () -- C:\Windows\SysNative\ambakdrv.sys
[2020/06/06 15:40:07 | 000,038,320 | ---- | C] () -- C:\Windows\SysNative\amwrtdrv.sys
[2020/06/06 03:19:28 | 000,002,112 | ---- | C] () -- C:\Users\LaPuglia\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft FLAC Converter.lnk
[2020/06/05 06:46:49 | 000,001,104 | ---- | C] () -- C:\Users\LaPuglia\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk
[2020/06/03 18:02:44 | 000,000,145 | ---- | C] () -- C:\Windows\ODBC.INI
[2020/06/03 18:02:43 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\sqlite3_mod_fts3.dll
[2020/06/03 18:02:43 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\sqlite3_mod_zipfile.dll
[2020/06/03 18:02:43 | 000,062,464 | ---- | C] () -- C:\Windows\SysNative\sqlite3_mod_csvtable.dll
[2020/06/03 18:02:43 | 000,059,904 | ---- | C] () -- C:\Windows\SysNative\sqlite3_mod_extfunc.dll
[2020/06/03 18:02:43 | 000,059,392 | ---- | C] () -- C:\Windows\SysNative\sqlite3_mod_rtree.dll
[2020/06/03 18:02:43 | 000,057,344 | ---- | C] () -- C:\Windows\SysNative\sqlite3_mod_impexp.dll
[2020/06/03 18:02:43 | 000,000,191 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2020/06/03 10:46:45 | 000,016,593 | ---- | C] () -- C:\Users\LaPuglia\zune.cat
[2020/05/28 01:24:44 | 000,218,208 | ---- | C] () -- C:\Windows\SysNative\mlfcache.dat
[2020/05/27 20:01:10 | 000,001,276 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Password Recovery Tool.lnk
[2020/05/27 06:55:15 | 000,002,632 | ---- | C] () -- C:\Users\LaPuglia\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook (1).lnk
[2020/05/27 06:54:04 | 000,002,632 | ---- | C] () -- C:\Users\LaPuglia\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook.lnk
[2020/05/25 17:18:12 | 000,000,985 | ---- | C] () -- C:\Users\LaPuglia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\MEGAsync.lnk
[2020/05/23 06:35:05 | 000,001,330 | ---- | C] () -- C:\Users\LaPuglia\Desktop\Opera.lnk
[2020/05/23 06:35:05 | 000,001,330 | ---- | C] () -- C:\Users\LaPuglia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
[2020/05/23 05:51:37 | 000,001,092 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
[2020/05/22 03:06:07 | 000,042,307 | ---- | C] () -- C:\Users\LaPuglia\AppData\Local\Perfmon.PerfmonCfg
[2020/05/20 15:19:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01011.Wdf
[2020/05/20 00:44:14 | 000,000,296 | ---- | C] () -- C:\Windows\SysWow64\cpuz.ini
[2020/05/18 13:39:18 | 000,002,642 | ---- | C] () -- C:\Users\LaPuglia\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Drive (2).lnk
[2020/05/11 00:35:06 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\AbBakConfig.dat
[2020/05/11 00:35:03 | 000,000,150 | ---- | C] () -- C:\Windows\SysWow64\winsevr.dat
[2020/05/09 05:49:18 | 000,000,987 | ---- | C] () -- C:\Windows\unins000.dat
[2020/05/08 13:09:54 | 000,069,940 | ---- | C] () -- C:\ProgramData\agent.uninstall.1588957611.bdinstall.v2.bin
[2020/04/28 11:55:49 | 000,083,552 | ---- | C] () -- C:\ProgramData\agent.update.1588089287.bdinstall.v2.bin
[2020/04/24 14:40:18 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2020/04/19 18:27:20 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2020/04/05 21:08:55 | 000,104,432 | ---- | C] () -- C:\ProgramData\agent.1586135329.bdinstall.v2.bin
[2020/04/05 06:00:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2020/04/01 17:47:29 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2020/03/30 23:30:15 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2020/01/14 09:21:09 | 000,171,952 | ---- | C] () -- C:\Windows\SysWow64\ammntdrv.sys
[2020/01/14 09:21:09 | 000,051,120 | ---- | C] () -- C:\Windows\SysWow64\ambakdrv.sys
[2020/01/14 09:21:09 | 000,038,320 | ---- | C] () -- C:\Windows\SysWow64\amwrtdrv.sys
[2015/03/21 11:22:39 | 000,007,632 | ---- | C] () -- C:\Users\LaPuglia\AppData\Local\Resmon.ResmonCfg
[2015/02/23 21:44:31 | 000,038,428 | ---- | C] () -- C:\Users\LaPuglia\AppData\Roaming\Comma Separated Values (DOS).ADR
[2013/03/01 17:51:42 | 000,018,944 | ---- | C] () -- C:\Users\LaPuglia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\sysnative\shell32.dll -- [2019/05/24 20:04:16 | 014,185,984 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2019/05/24 19:59:03 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\sysnative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2020/06/16 10:31:24 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\AIMP
[2020/05/22 10:12:25 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\Autodesk
[2015/01/12 20:51:29 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\BackupTrans
[2011/06/19 19:25:45 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\Blio
[2020/05/19 21:24:02 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\DiskDefrag
[2020/04/16 03:45:01 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\freac
[2020/05/22 23:27:31 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\GlarySoft
[2020/05/15 20:46:17 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\gsmartcontrol
[2020/05/30 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\HDCleaner
[2020/04/28 13:54:26 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\IDM
[2020/04/13 21:21:14 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\IDT
[2020/06/06 05:07:38 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\IObit
[2020/05/22 10:00:03 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\KC Softwares
[2020/05/22 21:12:45 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\kingsoft
[2020/04/15 19:33:21 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\MultipleRebootScheduler
[2020/05/23 06:34:18 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\Opera Software
[2020/06/15 14:05:59 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\qBittorrent
[2011/10/19 18:56:31 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\rinsebyreal
[2020/06/07 16:40:14 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\Synaptics
[2020/04/05 05:41:43 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\Tunngle
[2020/06/08 22:12:11 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\WSCC4
[2013/02/26 14:54:12 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\Xilisoft
[2020/04/15 14:45:44 | 000,000,000 | ---D | M] -- C:\Users\LaPuglia\AppData\Roaming\ZumoDrive
 
========== Purity Check ==========
 
 

OTL Extras logfile created on: 6/17/2020 9:40:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\LaPuglia\Desktop\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.19596)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.80 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 47.20% Memory free
19.50 Gb Paging File | 14.62 Gb Available in Paging File | 74.97% Paging File free
Paging file location(s): c:\pagefile.sys 11983 11983 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.97 Gb Total Space | 97.92 Gb Free Space | 21.76% Space Free | Partition Type: NTFS
Drive D: | 15.50 Gb Total Space | 1.16 Gb Free Space | 7.46% Space Free | Partition Type: NTFS
Drive F: | 103.02 Mb Total Space | 69.34 Mb Free Space | 67.30% Space Free | Partition Type: NTFS
 
Computer Name: THE_ARCHITECT | User Name: LaPuglia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.scr [@ = AutoCADScriptFile] -- C:\Windows\SysWow64\notepad.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google LLC)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google LLC)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- "%SystemRoot%\system32\NOTEPAD.EXE" %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- "%SystemRoot%\system32\NOTEPAD.EXE" %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- "C:\Windows\System32\WScript.exe" "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- "%SystemRoot%\system32\NOTEPAD.EXE" %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Force Delete] -- "C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe" "%1" (Carifred.com)
Directory [RunAs] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google LLC)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google LLC)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- "%SystemRoot%\system32\NOTEPAD.EXE" %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- "%SystemRoot%\system32\NOTEPAD.EXE" %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- "C:\Windows\System32\WScript.exe" "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- "%SystemRoot%\system32\NOTEPAD.EXE" %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Force Delete] -- "C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe" "%1" (Carifred.com)
Directory [RunAs] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21C83567-9E5E-4861-A7DF-1D1B7E8BAF05}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5C30BDF9-A88E-41B4-95CD-37BA3900D0E4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{80B769C1-28C2-40F2-976F-CEA2FA54DAC1}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{8B8804F9-0435-43F4-825B-C176363960EC}" = lport=5353 | protocol=17 | dir=in | app=c:\users\lapuglia\appdata\local\programs\opera\68.0.3618.165\opera.exe | 
"{980CFD3A-6275-46A1-8A91-864AE01CD37C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{BA6B1C81-ACC8-47E5-84AF-8CE0C160EF1D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C77B1E42-0679-4613-8694-2A54F4BD540C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{ED37A3DF-5DBA-432F-8444-0A0EAD4F150A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FA2697C7-980A-409D-8A25-C8A3AF388A7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0590FC2D-2A3C-408F-A93D-E651A411C8D9}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srmanager.exe | 
"{13B82D43-9EF0-46F1-9D97-E993DDF88519}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4CE99E9E-C7F7-4E82-BACA-873F628570BE}" = protocol=17 | dir=in | app=c:\program files (x86)\aomei\abservice.exe | 
"{6E98EC23-9F99-4A12-AFC4-6A97F97527BC}" = protocol=6 | dir=in | app=c:\program files (x86)\aomei\abservice.exe | 
"{8F4D3BEA-FEA1-499D-98E1-D5F22089C2F5}" = protocol=58 | dir=in | [email protected],-148 | 
"{92ECE66D-CEBA-482F-9C0A-1FB68D41890B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{1414F276-4727-4EF4-B07C-0DFADB24D35E}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"TCP Query User{61333015-10A2-4032-B31D-819CA5F5C0F3}C:\program files (x86)\windows system control center\wscc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows system control center\wscc.exe | 
"TCP Query User{78A3A425-E4A5-457D-9D7C-8ADCBD0E5F2C}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"TCP Query User{A3EBEDA8-E338-440F-97FA-E426E18C7F9F}C:\program files\qbittorrent\qbittorrent.exe" = protocol=6 | dir=in | app=c:\program files\qbittorrent\qbittorrent.exe | 
"UDP Query User{15BE56AC-551A-47BA-897E-FF16C5300EEF}C:\program files\qbittorrent\qbittorrent.exe" = protocol=17 | dir=in | app=c:\program files\qbittorrent\qbittorrent.exe | 
"UDP Query User{1C2A79F7-07CD-475C-A5A6-6C5F5865235B}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"UDP Query User{56278ABF-E1A6-4D97-86F5-4B11DCBBE08A}C:\program files (x86)\windows system control center\wscc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows system control center\wscc.exe | 
"UDP Query User{ADE9359D-7729-4858-BF50-4DD38FF6DE33}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013DB423-A8DE-4423-9E50-D45ED1041789}" = iTunes
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23026
"{0FB154FE-B6B3-4C4F-9DE1-DD9D5D3670A5}" = Outlook File Drag
"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB 
"{16735AF7-1D8D-3681-94A5-C578A61EC832}" = Microsoft .NET Framework 4.8
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{245A2BD7-1E51-448C-810D-356286B18BA8}" = Python 3.8.3 Executables (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F64180241F0}" = Java 8 Update 241 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F64180251F0}" = Java 8 Update 251 (64-bit)
"{27DEA29A-222C-45F8-B70D-0A7B303FC71B}" = Intel® Rapid Storage Technology
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2AA3C13E-0531-41B8-AE48-AE28C940A809}" = Microsoft Security Client
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{3373D4A7-69A1-42BE-A6F4-A196FB681F60}" = Quick CPU x64
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes version 4.1.0.56
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{36A0F2D4-0139-44F3-9712-A2FE04742021}" = Intel Processor Diagnostic Tool 64bit
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{381E4487-0C58-447D-A3F7-7EC5902DDAF4}" = Python 3.8.3 Test Suite (64-bit)
"{3E010818-0B52-4BCD-994D-D321F25ABAEC}" = Python 3.8.3 Standard Library (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4713fdb0-2117-4d26-9e12-bbb11350a47f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BEE127E-95C4-434D-ABAC-65155192BB24}" = Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{519DA1AF-03AD-4CEA-813F-F47B4B14DF3F}" = Python 3.8.3 Documentation (64-bit)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{5783F2D7-0111-0409-0110-0060B0CE6BBA}" = Autodesk CAD Manager Tools
"{5783F2D7-F001-0000-0102-0060B0CE6BBA}" = AutoCAD 2016
"{5783F2D7-F001-0000-3102-0060B0CE6BBA}" = ACAD Private
"{5783F2D7-F001-0409-1102-0060B0CE6BBA}" = AutoCAD 2016 Language Pack - English
"{5783F2D7-F001-0409-2102-0060B0CE6BBA}" = AutoCAD 2016 - English
"{5783F2D7-F004-0000-5102-0060B0CE6BBA}" = ACA & MEP 2016 Object Enabler
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{698BFA23-9AF5-43B1-A08E-293477F8FD9B}" = Python 3.8.3 pip Bootstrap (64-bit)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{70F55D70-7E5F-6291-4924-2F7640F19BFE}" = AMD Catalyst Install Manager
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7FD17CEE-EE81-4241-96B1-EA4BE139AA38}" = Python 3.8.3 Tcl/Tk Support (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{85C8CF1F-9994-4AEC-971F-EFA81DDC96D9}" = Microsoft Assessment and Planning Toolkit
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91ECF664-C305-44DD-A08E-0319EAD11534}" = Python 3.8.3 Development Libraries (64-bit)
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.8
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A0258B41-0D21-496B-A342-B8BCCB8F2B8D}" = Python 3.8.3 Core Interpreter (64-bit)
"{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}" = Autodesk Content Service
"{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}" = Autodesk Content Service Language Pack
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF4FC66A-D11F-4270-B93C-F556D565E32C}" = Python 3.8.3 Utility Scripts (64-bit)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23026
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C4EBFDFD-0C55-3E5F-A919-E3C54949024A}" = Google Chrome
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C788AE25-3D4E-4D18-811B-3219F778487E}" = Apple Mobile Device Support
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D39B163A-9E12-442C-95E9-33FA5746AB21}" = Apple Application Support (64-bit)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F6FD1651-0000-1033-0102-387BAF9B3B0A}" = Autodesk ReCap 2016
"3B10B182703FB1E32FC2AC67FE61C96FB4BF34C1" = Windows Driver Package - Intel (NETwNs64) net  (02/20/2012 15.1.0.18)
"AutoCAD 2016 - English" = Autodesk AutoCAD 2016 - English
"AutoCAD 2016 Hotfix 7" = Autodesk AutoCAD 2016.0.11
"AutoCAD 2016 SP1" = Autodesk AutoCAD 2016 SP 1
"Autodesk Advance Steel Object Enabler 2016" = Autodesk Advance Steel Object Enabler 2016
"Autodesk Content Service" = Autodesk Content Service
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CD88F0FADE1395C9F91302912FD35B13CF75C196" = Windows Driver Package - Intel (NETwNs64) net  (01/22/2012 14.3.2.1)
"DivX Setup" = DivX Setup
"EA1C8ECD4E416637C38F0079F98C8C7B0A112265" = Windows Driver Package - Intel (NETwLv64) net  (10/07/2010 13.4.0.139)
"HDCleaner" = HDCleaner
"HitmanPro38" = HitmanPro 3.8
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"SynTPDeinstKey" = Synaptics TouchPad Driver
"UVK - Ultra virus killer" = UVK - Ultra Virus Killer
"WSCC4 (x64)_is1" = WSCC4 (x64) 4.0.5.1
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1" = AOMEI Partition Assistant Standard Edition 8.8
"{036E9748-4D3C-4D4C-AC34-1C8B43065AA0}" = Drawing Purge
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{05A6F765-D749-45E6-A157-2E5ADE8F8FF0}" = sensorsamples
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{085AC6CC-3716-4C62-8965-FF94296BCC26}" = vistalibs_x64fre
"{091DDD71-FA98-4FF6-8E6F-07C9D09E29B8}" = wdftools_ia64fre
"{099218A5-A723-43DC-8DB5-6173656A1E94}" = Dropbox Update Helper
"{0A026ED9-D774-4008-B62C-7565E5626371}" = networklibraries_ia64fre
"{0A049327-DE93-4098-B573-AAC71E0E6FA4}" = toastermetadatapackagesample
"{0A68FF18-07E3-4D28-BFDC-8F51ECE8A011}" = infsample_x64fre
"{0AD94592-05F9-4E96-9418-D50FEE317342}" = networklibraries_x86fre
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C4575B-4B32-44D2-A097-D59A00BA60DE}" = Apple Application Support (32-bit)
"{1231849C-2D95-46C5-BC1B-A7A4481A279F}" = dsfsamples
"{1321CC95-FB73-4437-8F77-B179432F8857}" = setupsamples
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{17349339-D8E7-4394-805E-E2346C19BA82}" = setuptools_x64fre
"{1947A404-E56C-44B9-99BD-7A22D3B30C0A}" = Microsoft System Center 2016 MP for Windows Defender
"{197AB90B-2CE8-4098-B8DC-A8C7ACBBEAD9}" = imagingtools_x86fre
"{198C0A8A-5E8D-4CF5-BE66-9D0E1FFBC217}" = pnptools_x64fre
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E8FC55E-F212-4B80-A0F7-A0D178C2FE4A}" = powermanagement_ia64fre
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F20DE69-167B-4F69-8D99-10DA59D92D10}" = headers
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F32180251F0}" = Java 8 Update 251
"{26A24AE4-039D-4CA4-87B4-2F83218045F0}" = Java 8 Update 45
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28E0E806-0461-4E12-B272-465766FF94FB}" = bluetoothsamples
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{290790FE-0D04-4E3D-B1C9-6CDCF64B1E04}" = wdtfbinaries_x64fre
"{29A7D6EC-63C2-42FD-8143-5812ABD2923F}" = Autodesk Material Library 2016
"{2ADD318F-B560-4D64-9A2B-0196FCF103BD}" = audiosamples
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{315A928B-2B99-4E22-A066-14CD901F9C0B}" = generaltools_ia64fre
"{329335E6-0A4B-42B9-9230-5CAC83B04649}" = vistalibs_ia64fre
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{34600C75-5EF7-476C-A897-531078A304C3}" = buildtools_x86fre
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35546EB8-2D2F-4AAD-9FE5-9574520F4AD8}" = offreg_ia64fre
"{37E0996B-CD8D-46C9-A801-9EE67276DF9A}" = tracingtool_x64fre
"{384DB786-E488-45CC-AB4A-E6ABE11B0905}" = tools_ia64fre
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{38AD20B9-0433-45D5-86D6-C76BAE151892}" = printtools_ia64fre
"{39EA6AA6-F891-4D70-867D-839DA49948D2}" = Adobe Shockwave Player 12.2
"{3A2F0C18-0F0B-44BF-80F0-CB4204565573}" = printtools_x64fre
"{3B31D97A-7CF4-4ED2-8593-535AE7C0FB92}" = toolindex
"{3C9E736F-8436-41D2-87F3-1468A59CA866}" = tracingtool_ia64fre
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3ECC5DE9-FF75-4EDD-8D46-6E4A59603E16}" = debugfiles_win7
"{4077C73A-C623-40B9-8D0A-B9D501AF3046}" = tracingtool_x86fre
"{41A9BB87-60B8-47C3-BB79-6EC186827EC7}" = Python Launcher
"{4649A430-BC01-4C9E-9846-50FC56A9D00E}" = generalsamples
"{48402841-6F46-464D-8FA1-3A4460C8399D}" = toastersample
"{4908FC86-4753-40EB-99CD-1F1EB30E6F84}" = fireflysample
"{493028C3-0EC5-4FBF-B3D3-F4A934AB8801}" = eventsample
"{49B35B72-04FF-478D-842E-DBC7A5E68285}" = biometricsamples
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3B13F6-7CA2-47FD-9A47-C542BA730EF7}" = libs_x64fre
"{4C9C47E8-C79E-4A3B-BD87-5088916F67BC}" = imagingtools_ia64fre
"{4DD3FE4D-1D81-44F4-9FCC-BB8F861C6E21}" = pfd_x64fre
"{4DD6CC58-ED0B-46F1-8A23-4661D7DA60DD}" = wnetlibs_x64fre
"{4DF9AF39-93A8-45BD-AB41-6577969C4AE0}" = cancelsample
"{4E20873D-BC20-495C-AFD9-B18877B7F9BB}" = Autodesk AutoCAD Performance Feedback Tool 1.2.4
"{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}" = Autodesk App Manager 2016
"{4FBF748A-AF57-487E-8A74-A32710938A7C}" = bluetoothtools_x64fre
"{5008655B-381C-4C45-BF2F-E1998DDED2C5}" = chkinftool_x86fre
"{502A382B-6A1F-41C3-A370-A085182EEA91}" = wdftools_x86fre
"{5058FE9A-CF62-48B5-9AA2-48C536827880}" = sideshowsamples
"{5193B1FC-FC33-4CBA-9B9F-85F3D8F7CD87}" = readme
"{53C53D37-CA3C-4C32-B1B5-3BCC594144C2}" = networksamples
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B66B4F6-D913-4D8D-B997-2E208ABECA73}" = portiosample
"{5B86F724-E2A0-47B6-805A-88D873175EFB}" = biometrictools_x86fre
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{5BE72DAD-15B7-4B1D-808D-9C66DF8E691D}" = storagesamples
"{5BF31BC3-EA1C-4905-9FF1-0FFBE5C4099B}" = bussamples
"{5E38A4B3-E50B-4E05-AC66-CDA806B12D10}" = smartcardsamples
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{624ba875-fdfc-4efa-9c66-b170dfebc3ec}" = Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27033
"{62BEC6D1-0287-4272-BFC4-C7C1A422B718}" = avstreamtools_x86fre
"{63B405FD-A763-4F88-8844-1673AA5F00AB}" = wnetlibs_ia64fre
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65B89385-7BC3-4B25-A2A7-A621D149D298}" = wdtfbinaries_ia64fre
"{66D6D87F-D616-408F-9AD1-70D4D744DC29}" = irsamples
"{670CAF31-78EA-4A8B-9F8D-32EC018B1345}" = pnptools_x86fre
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}" = Autodesk Material Library Base Resolution Image Library 2016
"{6F1B3EC0-1182-4AA6-9E08-C4D7A05E1B7C}" = streammediasamples
"{6F9AD5EF-EF6A-4548-B797-2543F0D1F28F}" = offreg_x86fre
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E96A45-FE54-4AF6-B208-A3F860EF1063}" = usbsamples
"{725943A7-97C3-4E7D-841E-7E6FBAABF64B}" = drvtools_ia64fre
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CA89ADF-C212-4D5A-85EC-79BAA250A656}" = infsample_x86fre
"{7DD52F48-C19E-4FD8-8B25-429F96321003}" = Microsoft Windows Driver Kit Documentation 7600.091201
"{7ED7AA72-49BE-40FB-89C4-F1DBAAC16F01}" = dfx_ia64fre
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 3.5.0.2
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80CFB54B-2C2C-4513-9B90-923F7F850074}" = evntdrvsample
"{82B341CB-D57D-4286-BE54-FB86BAAD23EB}" = pfd_x86fre
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85701256-4CFE-4144-A831-4D03DB2C830A}" = wpdtools_x86fre
"{86DE5D5D-7F44-4D9E-803C-4298732C16A3}" = dfx_x86fre
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88D1025F-45D0-45C6-9EDB-379C2EE07AD7}" = Microsoft Visual C++ 2017 X86 Additional Runtime - 14.16.27033
"{8AFD8D85-FF4D-4DA7-B1A0-14C6A1BA1F59}" = setuptools_x86fre
"{8B62890F-E903-42BA-B1F7-7868432BCC4A}" = tools_x64fre
"{8BF161B5-1065-4457-8C7C-76366914033A}" = drvtools_x86fre
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9096B2CA-170B-4696-AB43-AF5DD8D539E6}" = hid_inputsamples
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{9269E4BE-0607-488B-9BFD-9E54FEADB17B}" = ioctlsample
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94AD53E7-493B-4291-8714-7A3B761D2783}" = Autodesk Advanced Material Library Image Library 2016
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{984AD1E9-A775-40F8-9A43-70908593B247}" = hidsampleinput
"{984E6987-6A7E-4F2D-AF7F-68BBB3BD68AD}" = dfx_x64fre
"{9936A6C2-0C21-49D8-8AB1-92384259D214}" = powermanagement_x86fre
"{99870CAE-4D57-42F2-9427-AC88F33FC8C3}" = buildsamples
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A444847-CF56-404A-8815-2E41259CB224}" = wdtfbinaries_x86fre
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D668C99-AEED-472A-98C0-65D8865150F6}" = wxplibs_x86fre
"{9E6C6A09-A71E-45A4-8DBE-68C64DFC451B}" = generaltools_x64fre
"{A072218B-9353-4FAA-A969-64E64568B431}" = umdfsamples
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3985C05-7386-411F-A4BF-32A73F37EB44}" = Apple Software Update
"{A541122D-7159-40B6-991D-A8A89006DB91}" = displaysamples
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A74123D0-28F2-431A-8C9A-864CD6F2F900}" = infsample_ia64fre
"{A83692F5-3E9B-4E95-9E7E-B5DF5566909D}_is1" = AOMEI PE Builder 2.0
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB99CA8E-0BA0-4AE7-A9AF-26D97D70A570}" = bluetoothtools_x86fre
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{ACAF97EB-7C5B-4C13-84E2-656FD8F2AE08}" = imagingtools_x64fre
"{AEDC22CF-1590-4095-8053-4B724A5BA7A8}" = wsdtool_x86fre
"{B086FEC7-E6B5-4E03-B7DC-60D5D0787174}" = drvtools_x64fre
"{B121B2B4-867E-4389-AC58-0AEC72C37F47}" = wpdsamples
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2B60AF9-E82A-453D-AB79-B4103614FF7E}" = setuptools_ia64fre
"{B4665EAE-6733-4978-8757-629C7D8DD6A5}" = powermanagement_x64fre
"{B533A27C-3B5D-42AB-B397-A817F154CC22}" = printtools_x86fre
"{B66819C1-8FA4-4456-A12C-E8C6555DC2E2}" = libs_x86fre
"{B66D9EAC-DDAE-4477-93B2-A946438D97B6}" = wmisamples
"{B7C5EA94-B96A-41F5-BE95-25D78B486678}" = Splashtop Streamer
"{B875D436-48A7-42CE-A105-23A7F65B9A60}" = avstreamtools_ia64fre
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD33DB46-D5EE-4529-8854-7161F4A87720}" = avstreamtools_x64fre
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BEC25D5C-2CD4-4518-8061-4D97D61C710F}" = pnpportssample
"{BFBDD199-81A2-4BFA-9581-D2EA1716B546}" = DSF-KitSetup
"{C0742F98-1E35-4755-A32D-9F9DAE97CBF3}" = ifssamples
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1620364-5718-43DD-B6B7-104A0A41EACC}" = swtuner
"{C521D5BA-BAE4-43E7-9250-6436E0502948}" = hidsamples
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}" = SketchUp Import 2016
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CBE08674-3776-4578-9992-46FAEF528F15}" = oacr_x86fre
"{CC2FB3DD-C2DD-4D35-911C-042F3532EE79}" = tools_x86fre
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D058CD28-634C-4EF1-A47D-669FD6BE0C55}" = generaltools_x86fre
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1ABCCBA-5525-48B2-9D13-F6D4B6CE4749}" = buildtools_ia64fre
"{d23ef847-2a5d-49ad-a6b5-7ffc8f255179}" = Intel Processor Diagnostic Tool 64bit
"{D42F37CD-9AF9-4435-A474-B387C5BB6B47}" = Autodesk Featured Apps 2016
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E7A54A-4124-49A7-835B-F3BB3B501475}" = libs_ia64fre
"{D5AEE36E-4771-4F65-BDB6-8C59077BFBE4}" = Microsoft Visual C++ 2017 X86 Minimum Runtime - 14.16.27033
"{D721152B-35EB-44F3-AB58-D0AE8882813F}" = sdv
"{D80B8A95-3DC7-428C-B216-70251A4296DD}" = wnetlibs_x86fre
"{D982C565-EE25-4E1D-8581-95ABDF637032}" = pfd_ia64fre
"{DC0B9B4B-3198-4F0F-8A2D-1235ED539D53}" = biometrictools_x64fre
"{DC6B7F7C-20F7-4D40-9735-957752CE5F53}" = pnptools_ia64fre
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1423BD0-AAAE-4291-B220-863AEDF873D7}" = printsamples
"{E35466C4-2C85-4718-801E-761E18ACDD91}" = avstreamsamples
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e46eca4f-393b-40df-9f49-076faf788d83}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
"{e50120f0-0908-4fcb-9c14-cdeaaa38f0fa}" = Microsoft Assessment and Planning Toolkit
"{E5052212-DAF0-4BD2-A28E-EF9B9A1D3D81}" = buildtools_x64fre
"{E6343838-6EFE-4528-90ED-8D9258CA4584}" = installhelp
"{E6847FF6-C825-4739-814D-8758A9B30A9A}" = modemtools
"{E6E836AB-EC50-48EA-9208-374A982F28F2}" = bluetoothtools_ia64fre
"{E754BD2E-5F64-4D38-A1C6-8B8143A09985}" = offreg_x64fre
"{E761E173-81A4-4C12-A28D-322952C4F31B}" = wpdtools_x64fre
"{E7CF0F14-8C1D-41F3-85ED-579C108262C7}" = Splashtop Personal
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBD729CC-602A-4D12-896B-4FBEBE1B6C4F}" = wcoinstallers
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDE33D47-848D-4BAE-8399-01D4457D8F64}" = wsdtool_ia64fre
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE1E82F8-E538-4B5A-952B-6252DEFA5D06}" = wsdtool_x64fre
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F573FC3C-4149-4FE7-B189-7E5DD3281927}" = networklibraries_x64fre
"{F5F16DEF-5F74-46C8-95E3-AC2FEB04A9DD}" = wdftools_x64fre
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FB2EEF6E-00A7-4863-A44A-227EB927A589}" = vistalibs_x86fre
"{FCFE5318-77F7-4661-A526-418C431A48B5}" = wpdtools_ia64fre
"{FDAA0CD7-930D-4E16-B3A2-66FAA2EEF3AD}" = pcidrvsample
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}" = QuickTime 7
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{WindowsPasswordRecoveryTool}_is1" = Windows Password Recovery Tool
"7-Zip" = 7-Zip 19.00
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 32 ActiveX
"Adobe Flash Player PPAPI" = Adobe Flash Player 32 PPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.3
"AIMP" = AIMP
"Cisco Connect" = Cisco Connect
"Glary Utilities 5" = Glary Utilities PRO 5.143
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"KitSetup Registration {B4285279-1846-49B4-B8FD-B9EAF0FF17DA}:{68656B6B-555E-5459-5E5D-6363635E5F61}" = Microsoft Windows Driver Kit 7.1.0.7600
"MEGAsync" = MEGAsync
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"My HP Game Console" = HP Game Console
"qBittorrent" = qBittorrent 4.2.5
"SQLite ODBC Driver for Win64" = SQLite ODBC Driver for Win64 (remove only)
"UltraISO_is1" = UltraISO Premium V9.72
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"Xilisoft FLAC Converter" = Xilisoft FLAC Converter
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{f7b3255c-a01a-4595-8768-ff8f6613898c}" = Python 3.8.3 (64-bit)
"CCAD Steel Shapes 5.0" = CCAD Steel Shapes 5.0
"CCAD Weldsym 3.1" = CCAD Weldsym 3.1
"Opera 68.0.3618.165" = Opera Stable 68.0.3618.165
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/17/2020 4:38:01 AM | Computer Name = The_Architect | Source = Schedule | ID = 0
Description = 
 
Error - 6/17/2020 6:39:19 AM | Computer Name = The_Architect | Source = PerfNet | ID = 2004
Description = 
 
Error - 6/17/2020 6:39:19 AM | Computer Name = The_Architect | Source = PerfNet | ID = 2002
Description = 
 
Error - 6/17/2020 6:46:49 AM | Computer Name = The_Architect | Source = Schedule | ID = 0
Description = 
 
Error - 6/17/2020 7:16:09 AM | Computer Name = The_Architect | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
 correctly. The malformed string is 26336. The first DWORD in the Data section contains
 the index value to the malformed string while the second and third DWORDs in the
 Data section contain the last valid index values.
 
Error - 6/17/2020 7:16:09 AM | Computer Name = The_Architect | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 6/17/2020 7:16:12 AM | Computer Name = The_Architect | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
 correctly. The malformed string is 26336. The first DWORD in the Data section contains
 the index value to the malformed string while the second and third DWORDs in the
 Data section contain the last valid index values.
 
Error - 6/17/2020 7:43:44 AM | Computer Name = The_Architect | Source = Application Hang | ID = 1002
Description = The program UVK_en64.exe version 10.16.4.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1374    Start
 Time: 01d6449b263483a0    Termination Time: 0    Application Path: C:\Program Files\UVK
 - Ultra Virus Killer\UVK_en64.exe    Report Id: c203db95-b08f-11ea-9188-e02a829b1a29
 
 
Error - 6/17/2020 7:45:42 AM | Computer Name = The_Architect | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.23537 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 90c    Start
 Time: 01d6449a3d862009    Termination Time: 0    Application Path: C:\Windows\Explorer.EXE
 
Report
 Id: 09fe57be-b090-11ea-9188-e02a829b1a29  
 
Error - 6/17/2020 8:15:27 AM | Computer Name = The_Architect | Source = MBAMInstallerService | ID = 0
Description = 
 
[ Media Center Events ]
Error - 6/4/2020 11:18:59 AM | Computer Name = The_Architect | Source = MCUpdate | ID = 0
Description = 
 
Error - 6/4/2020 1:41:13 PM | Computer Name = The_Architect | Source = MCUpdate | ID = 0
Description = 
 
Error - 6/4/2020 3:47:03 PM | Computer Name = The_Architect | Source = MCUpdate | ID = 0
Description = 
 
Error - 6/4/2020 6:31:50 PM | Computer Name = The_Architect | Source = MCUpdate | ID = 0
Description = 
 
Error - 6/4/2020 9:40:24 PM | Computer Name = The_Architect | Source = MCUpdate | ID = 0
Description = 
 
Error - 6/7/2020 3:28:31 AM | Computer Name = The_Architect | Source = MCUpdate | ID = 0
Description = 
 
Error - 6/8/2020 9:51:57 AM | Computer Name = The_Architect | Source = MCUpdate | ID = 0
Description = 
 
Error - 6/9/2020 5:40:42 AM | Computer Name = The_Architect | Source = MCUpdate | ID = 0
Description = 
 
Error - 6/10/2020 3:54:23 AM | Computer Name = The_Architect | Source = MCUpdate | ID = 0
Description = 
 
Error - 6/11/2020 3:23:12 AM | Computer Name = The_Architect | Source = MCUpdate | ID = 0
Description = 
 
[ Microsoft-Windows-Diagnostics-Performance/Operational Events ]
Error - 6/14/2020 9:59:32 PM | Computer Name = The_Architect | Source = Microsoft-Windows-Diagnostics-Performance | ID = 351
Description = 
 
Error - 6/14/2020 11:36:07 PM | Computer Name = The_Architect | Source = Microsoft-Windows-Diagnostics-Performance | ID = 201
Description = 
 
Error - 6/14/2020 11:36:08 PM | Computer Name = The_Architect | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100
Description = 
 
Error - 6/15/2020 9:43:22 AM | Computer Name = The_Architect | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100
Description = 
 
Error - 6/15/2020 12:05:04 PM | Computer Name = The_Architect | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100
Description = 
 
Error - 6/15/2020 12:23:43 PM | Computer Name = The_Architect | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100
Description = 
 
Error - 6/16/2020 8:52:28 AM | Computer Name = The_Architect | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100
Description = 
 
Error - 6/16/2020 2:40:50 PM | Computer Name = The_Architect | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100
Description = 
 
Error - 6/16/2020 3:16:05 PM | Computer Name = The_Architect | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100
Description = 
 
Error - 6/17/2020 7:50:48 AM | Computer Name = The_Architect | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100
Description = 
 
[ System Events ]
Error - 6/17/2020 8:07:56 AM | Computer Name = The_Architect | Source = Service Control Manager | ID = 7000
Description = The Windows Modules Installer service failed to start due to the following
 error:   %%193
 
Error - 6/17/2020 8:07:56 AM | Computer Name = The_Architect | Source = Service Control Manager | ID = 7000
Description = The Windows Modules Installer service failed to start due to the following
 error:   %%193
 
Error - 6/17/2020 8:07:56 AM | Computer Name = The_Architect | Source = Service Control Manager | ID = 7000
Description = The Windows Modules Installer service failed to start due to the following
 error:   %%193
 
Error - 6/17/2020 8:07:56 AM | Computer Name = The_Architect | Source = Service Control Manager | ID = 7000
Description = The Windows Modules Installer service failed to start due to the following
 error:   %%193
 
Error - 6/17/2020 8:07:56 AM | Computer Name = The_Architect | Source = Service Control Manager | ID = 7000
Description = The Windows Modules Installer service failed to start due to the following
 error:   %%193
 
Error - 6/17/2020 8:48:43 AM | Computer Name = The_Architect | Source = ipnathlp | ID = 31004
Description = 
 
Error - 6/17/2020 9:46:39 AM | Computer Name = The_Architect | Source = DCOM | ID = 10005
Description = 
 
Error - 6/17/2020 9:46:39 AM | Computer Name = The_Architect | Source = Service Control Manager | ID = 7000
Description = The Windows Modules Installer service failed to start due to the following
 error:   %%193
 
Error - 6/17/2020 10:04:47 AM | Computer Name = The_Architect | Source = ipnathlp | ID = 30013
Description = 
 
Error - 6/17/2020 10:25:31 AM | Computer Name = The_Architect | Source = Service Control Manager | ID = 7000
Description = The Windows Modules Installer service failed to start due to the following
 error:   %%193
 
 
< End of report >
 
 
< End of report >

Edited by joe_rockstar, 17 June 2020 - 08:41 AM.

  • 0

Advertisements

#2
RKinner
Posted 17 June 2020 - 03:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Need your FRST logs:

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Smart Screen, Windows Defender and Avast have all been blocking FRST recently.  It's a false positive so pause your antivirus when downloading or running FRST.  If you get a message saying Smart Screen has blocked it you can click on More Info and you will see an option to Run Anyway.




 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: TROJAN, REGEDIT WONT OPEN, GROUP POLICIES HIJACK, PRETTY MUCH EVERYTHING!, WIN32.EXE DONT RUN

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP