Jump to content

Infections will NOT go away. Regenerating?


Recommended Posts

Hi, I NEVER thought I had viruses, but when I do scans with more extensive tools such as malwarebytes, and avira, I find so many viruses, each one finding VERY similar ones(exact names and paths), so I'm not conerned with that many false positives. But I would like some help on getting rid of them, you see, whenever Avira quarantines something, and disables it, its quarantined again. Malwarebytes is also stuck on analyics, too scared to try whitelisting it in other antiviruses incase that gets infected by antivirus targetting viruses.

 

Some viruses I think I have:

Archer, Winsnare, GubedZL, ELIX.G, IsafeTray(it's been opening random files of mine so I think its infected), jansi

I find random files in the quarantines, like %Appdata%\Local\Temp\jansi-64-4534534642654.dll            C:\Windows\Temp\nsciC0CF\GubedZL.dll

C:\Program Files (x86)\Winsnare(4.0.8) and (4.4.3)

 

Currently scanning using Avira, Malwarebytes, AVG, Microsoft Security Essentials. Any help is appreciated. I won't restart and clean it etc unless told here. Thanks.

Link to post
Share on other sites

Just adding on, AFTER making this post, I booted to safe mode, and went through all the files and stuff, I deleted all WinSnare files I could find in C:\Program Files (x86), and in Temp files (C:\Windows\Temp and this file I forgot the exact location, but if I did %appdata%, and go back a file I'd get to the local file, and in there is a Temp file). Also deleted Archer files, WINSNARE service is disabled, its home files seems to be "svchost.exe -k WINSNARE". They haven't come back up. Another thing after rebooting is some adware adding dependencies to the Themes service. Easily countered with cmd. Just now while writing this, Avira also noticed a few files trying to modify reg files. It has advised a full system scan, so I'm running that right now, because I have no other anti-virus that has detected such things. Security Essentials notices a few things every now and then, Avira is picking these files up left and right, and with the dirs where I had found traces. You may wonder Why I deleted the files, well I know as a fact that those were infected. Tell me a random file in temp that has "WINSNARE.dll" and "69.json". Seems obvious enough, as well as the json file containing settings to mess up chrome, such as the start page links that were the most annoying thing. Yes, this post is long, but I don't want any detail to be missed out.. I also cleaned out malwarebytes's quarantine. I also wonder why it quarantined a file mbam, isn't it malwarebytes files? With avira protection, It seems to be very extensive at real time, and malwarebytes is detecting alot during scans.
 

Link to post
Share on other sites

Just adding on, AFTER making this post, I booted to safe mode, and went through all the files and stuff, I deleted all WinSnare files I could find in C:\Program Files (x86), and in Temp files (C:\Windows\Temp and this file I forgot the exact location, but if I did %appdata%, and go back a file I'd get to the local file, and in there is a Temp file). Also deleted Archer files, WINSNARE service is disabled, its home files seems to be "svchost.exe -k WINSNARE". They haven't come back up. Another thing after rebooting is some adware adding dependencies to the Themes service. Easily countered with cmd. Just now while writing this, Avira also noticed a few files trying to modify reg files. It has advised a full system scan, so I'm running that right now, because I have no other anti-virus that has detected such things. Security Essentials notices a few things every now and then, Avira is picking these files up left and right, and with the dirs where I had found traces. You may wonder Why I deleted the files, well I know as a fact that those were infected. Tell me a random file in temp that has "WINSNARE.dll" and "69.json". Seems obvious enough, as well as the json file containing settings to mess up chrome, such as the start page links that were the most annoying thing. Yes, this post is long, but I don't want any detail to be missed out.. I also cleaned out malwarebytes's quarantine. I also wonder why it quarantined a file mbam, isn't it malwarebytes files? With avira protection, It seems to be very extensive at real time, and malwarebytes is detecting alot during scans. Later on: Ok, writing this the next day. I uninstalled Avira, why you may ask? It was literally eating my CPU apart.(Yes I'm a tech savvy. Suck at malware stuff though). It opened about 4 Avira Scan processes, each consuming somewhere atleast 20% of my cpu each. And I couldn't even launch chrome etc. Not even CONTROL PANEL. And then of course because malware could rookit, Avira had its priority set to severe, making it unable to be forced to close.
 

Link to post
Share on other sites

Hello MrSpike and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Hello,

Should I keep the hidden files on? I've turned them off for now, Not sure if Malware can effect hidden files. Anyway, here are my logs, a rare type that I don't understand.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Ray (administrator) on RAY-PC (04-04-2017 16:08:29)
Running from C:\Users\Ray\Desktop
Loaded Profiles: Ray (Available Profiles: Ray)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\System32\GFNEXSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(GameHouse) C:\Program Files (x86)\GameHouse Games\aminstantservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Imperative Software Pty Ltd) C:\Program Files (x86)\Input Director\IDWinService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe
(Copyright (c) 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Tenorshare Co,Ltd) C:\Users\Ray\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Imperative Software Pty Ltd) C:\Program Files (x86)\Input Director\InputDirector.exe
(Mega Limited) C:\Users\Ray\AppData\Local\MEGAsync\MEGAsync.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\SymcPCCULaunchSvc.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{5BCA750E-B6E8-4833-8DDD-42D485FFB7D6}\57.0.2987.133_56.0.2924.87_chrome_updater.exe
(Google Inc.) C:\Windows\Temp\CR_7E101.tmp\setup.exe
(Google Inc.) C:\Windows\Temp\CR_7E101.tmp\setup.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Google\Update\Install\{5F024FCB-2A84-469B-BF0D-AE0681C90D2C}\59.0.3061.0_chrome_installer.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Temp\CR_4289E.tmp\setup.exe
(Google Inc.) C:\Users\Ray\AppData\Local\Temp\CR_4289E.tmp\setup.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17195.214\QQPCTRAY.EXE" /regrun /qqrepair
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-03-31] (Copyright (c) 2017 Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-29] (Raptr, Inc)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-09-06] (VMware, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\...\Run: [InputDirector] => C:\Program Files (x86)\Input Director\InputDirector.exe [1747136 2016-07-31] (Imperative Software Pty Ltd)
HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe
HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\...\Run: [Google Update] => C:\Users\Ray\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-18] (Google Inc.)
HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3334528 2017-01-07] (Echobit LLC)
HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\...\MountPoints2: {04184496-1b26-11e6-b960-005056c00008} - E:\setup.exe
HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\...\MountPoints2: {05fbef8b-27db-11e6-8aa4-005056c00008} - F:\Setup.exe
HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\...\Winlogon: [Shell] C:\windows\explorer.exe [3229696 2016-08-30] (Microsoft Corporation) <==== ATTENTION
IFEO\MRT.exe: [Debugger] c:\programdata\winsapsvc\winsap_update\Gubed.exe -Yrrehs
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ray\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ray\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ray\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17195.214\QMGCShellExt64.dll -> No File
ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ray\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ray\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ray\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] ()
Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-05-15]
Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-06-17]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Ray\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{27003C2A-B6E9-40C0-A5D6-C7EEEE29EC7C}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{3F7C2D1A-E0DA-47EA-8F82-0271E5AFBC9E}: [DhcpNameServer] 192.168.59.1
Tcpip\..\Interfaces\{EC2E8F82-4B5E-4B33-8686-C7D6EE1336CA}: [DhcpNameServer] 192.168.2.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131355520546296712&GUID=FF392272-2BA8-4229-B961-4CF6FFD9009A
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131355520546296712&GUID=FF392272-2BA8-4229-B961-4CF6FFD9009A
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#/?show_is=1&source=art
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1470125001&z=69c3dfbc9cee5313b4e6e31gdzam1e1gao4wde6e9z&from=che0802&uid=ST500LT012-1DG142_W3PFAPRPXXXXW3PFAPRP
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1470125001&z=69c3dfbc9cee5313b4e6e31gdzam1e1gao4wde6e9z&from=che0802&uid=ST500LT012-1DG142_W3PFAPRPXXXXW3PFAPRP
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#/?show_is=1&source=art
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#/?show_is=1&source=art
HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1471248915&z=b7198597c2d9a5f31001fc8gaz5m3g0o4z4b7t9gfm&from=wpm0616&uid=ST500LT012-1DG142_W3PFAPRPXXXXW3PFAPRP&q={searchTerms}
HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131355520546306712&GUID=FF392272-2BA8-4229-B961-4CF6FFD9009A
HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#/?show_is=1&source=art
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-06] (Oracle Corporation)
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17195.214\TSWebMon64.dat => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-16] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-06] (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-04] (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-16] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-04] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-16] (Google Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-16] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: ksaau225.default
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\qlrm6fu0.default [2017-04-01]
FF user.js: detected! => C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\qlrm6fu0.default\user.js [2016-08-09]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\qlrm6fu0.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\qlrm6fu0.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\qlrm6fu0.default -> hxxp://www.nicesearches.com?type=hp&ts=1470709956&from=ff060805&uid=st500lt012-1dg142_w3pfaprpxxxxw3pfaprp&z=ce83c42db2cbc6b0daff508gezfm8e0m5e3tft7w2m
FF NewTab: Mozilla\Firefox\Profiles\qlrm6fu0.default -> hxxp://www.nicesearches.com?type=hp&ts=1470709956&from=ff060805&uid=st500lt012-1dg142_w3pfaprpxxxxw3pfaprp&z=ce83c42db2cbc6b0daff508gezfm8e0m5e3tft7w2m
FF Extension: (xRocket Toolbar) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\qlrm6fu0.default\Extensions\arthurj8283@gmail.com [2016-06-30] [not signed]
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\qlrm6fu0.default\searchplugins\8bz61c16.xml [2016-06-25]
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\qlrm6fu0.default\searchplugins\nice.xml [2016-06-30]
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\qlrm6fu0.default\searchplugins\nuesearch.xml [2016-08-02]
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\qlrm6fu0.default\searchplugins\startpageing123.xml [2017-03-31]
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Profiles\obl8jjnm.default [2016-06-30]
FF user.js: detected! => C:\Users\Ray\AppData\Roaming\Profiles\obl8jjnm.default\user.js [2016-06-30]
FF SelectedSearchEngine: Profiles\obl8jjnm.default -> Trovi
FF Homepage: Profiles\obl8jjnm.default -> hxxp://www.nicesearches.com?type=hp&ts=1470709956&from=ff060805&uid=st500lt012-1dg142_w3pfaprpxxxxw3pfaprp&z=ce83c42db2cbc6b0daff508gezfm8e0m5e3tft7w2m
FF NewTab: Profiles\obl8jjnm.default -> hxxp://www.nicesearches.com?type=hp&ts=1470709956&from=ff060805&uid=st500lt012-1dg142_w3pfaprpxxxxw3pfaprp&z=ce83c42db2cbc6b0daff508gezfm8e0m5e3tft7w2m
FF Extension: (GsearchFinder) - C:\Users\Ray\AppData\Roaming\Profiles\obl8jjnm.default\Extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi [2016-06-07]
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Profiles\obl8jjnm.default\searchplugins\nice.xml [2016-06-30]
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Profiles\obl8jjnm.default\searchplugins\noq5b6ge.xml [2016-06-08]
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Profiles\obl8jjnm.default\searchplugins\trovi.xml [2016-06-30]
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Profiles\ksaau225.default [2017-03-25]
FF NewTab: Profiles\ksaau225.default -> hxxp://www.youndoo.com/?z=1d43188687bf6336af8acfdgcz2qdq3b7z6z5qdmfz&from=wak&uid=ST500LT012-1DG142_W3PFAPRPXXXXW3PFAPRP&type=hp
FF DefaultSearchEngine: Profiles\ksaau225.default -> youndoo
FF DefaultSearchEngine.US: Profiles\ksaau225.default -> data:text/plain,browser.search.defaultenginename.US=youndoo
FF SearchEngineOrder.1: Profiles\ksaau225.default -> nice
FF SelectedSearchEngine: Profiles\ksaau225.default -> nice
FF Homepage: Profiles\ksaau225.default -> hxxp://www.nuesearch.com/?type=hp&ts=1471248915&z=b7198597c2d9a5f31001fc8gaz5m3g0o4z4b7t9gfm&from=wpm0616&uid=ST500LT012-1DG142_W3PFAPRPXXXXW3PFAPRP
FF Keyword.URL: Profiles\ksaau225.default -> hxxp://www.youndoo.com/search/?z=1d43188687bf6336af8acfdgcz2qdq3b7z6z5qdmfz&from=wak&uid=ST500LT012-1DG142_W3PFAPRPXXXXW3PFAPRP&type=sp&q=
FF Extension: (GsearchFinder) - C:\Users\Ray\AppData\Roaming\Profiles\ksaau225.default\Extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi [2016-06-24]
FF Extension: (GsearchFinder) - C:\Users\Ray\AppData\Roaming\Profiles\ksaau225.default\Extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi [2016-06-07]
FF Extension: (SimilarWeb) - C:\Users\Ray\AppData\Roaming\Profiles\ksaau225.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-01-19] [not signed]
FF Extension: (FF Adr) - C:\Users\Ray\AppData\Roaming\Profiles\ksaau225.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2016-08-12] [not signed]
FF Extension: (Avira Browser Safety) - C:\Users\Ray\AppData\Roaming\Profiles\ksaau225.default\Extensions\abs@avira.com [2017-04-01]
FF Extension: (English (US) Language Pack) - C:\Users\Ray\AppData\Roaming\Profiles\ksaau225.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-02-04]
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Profiles\ksaau225.default\searchplugins\8bz61c16.xml [2016-06-25]
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Profiles\ksaau225.default\searchplugins\nice.xml [2016-06-30]
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Profiles\ksaau225.default\searchplugins\noq5b6ge.xml [2016-06-08]
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Profiles\ksaau225.default\searchplugins\searchinme.xml [2016-08-03]
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Firefox\Firefox\Profiles\qlrm6fu0.default [2016-06-30]
FF user.js: detected! => C:\Users\Ray\AppData\Roaming\Firefox\Firefox\Profiles\qlrm6fu0.default\user.js [2016-06-30]
FF NewTab: Firefox\Firefox\Profiles\qlrm6fu0.default -> hxxp://www.youndoo.com/?z=1d43188687bf6336af8acfdgcz2qdq3b7z6z5qdmfz&from=wak&uid=ST500LT012-1DG142_W3PFAPRPXXXXW3PFAPRP&type=hp
FF DefaultSearchEngine: Firefox\Firefox\Profiles\qlrm6fu0.default -> youndoo
FF SelectedSearchEngine: Firefox\Firefox\Profiles\qlrm6fu0.default -> youndoo
FF Homepage: Firefox\Firefox\Profiles\qlrm6fu0.default -> hxxp://www.youndoo.com/?z=1d43188687bf6336af8acfdgcz2qdq3b7z6z5qdmfz&from=wak&uid=ST500LT012-1DG142_W3PFAPRPXXXXW3PFAPRP&type=hp
FF Extension: (xRocket Toolbar) - C:\Users\Ray\AppData\Roaming\Firefox\Firefox\Profiles\qlrm6fu0.default\Extensions\arthurj8283@gmail.com [2016-06-30] [not signed]
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Firefox\Firefox\Profiles\qlrm6fu0.default\searchplugins\8bz61c16.xml [2016-06-25]
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Firefox\Firefox\Profiles\qlrm6fu0.default\searchplugins\nice.xml [2016-06-30]
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Firefox\Firefox\Profiles\qlrm6fu0.default\searchplugins\nuesearch.xml [2016-08-02]
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\qlrm6fu0.default\extensions\arthurj8283@gmail.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-17] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-17] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin HKU\S-1-5-21-3849293026-3514586367-1009552341-1000: @nsroblox.roblox.com/launcher -> C:\Users\Ray\AppData\Local\Roblox\Versions\version-398bf2b17c844b38\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3849293026-3514586367-1009552341-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Ray\AppData\Local\Roblox\Versions\version-398bf2b17c844b38\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3849293026-3514586367-1009552341-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ray\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3849293026-3514586367-1009552341-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ray\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3849293026-3514586367-1009552341-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ray\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3849293026-3514586367-1009552341-1000: jpl.nasa.gov/NASAEyes -> C:\Users\Ray\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-01-26] (Jet Propulsion Laboratory)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR DefaultProfile: ulodomnalucultarhacult
CHR HomePage: ulodomnalucultarhacult -> hxxp://www.nicesearches.com?type=hp&ts=1477364402&from=e2dd1024&uid=st500lt012-1dg142_w3pfaprpxxxxw3pfaprp&z=ec228cbeff656e54fac423dg8zdm0m6cfq8zfz3e7c
CHR StartupUrls: ulodomnalucultarhacult -> "hxxp://www.nicesearches.com?type=hp&ts=1477364402&from=e2dd1024&uid=st500lt012-1dg142_w3pfaprpxxxxw3pfaprp&z=ec228cbeff656e54fac423dg8zdm0m6cfq8zfz3e7c"
CHR DefaultSearchURL: ulodomnalucultarhacult -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1478575802&from=ead80003&uid=st500lt012-1dg142_w3pfaprpxxxxw3pfaprp&z=47d178bd4b051b9e8b570b9g7z2m5b0wfm2w4bcecc&q={searchTerms}
CHR DefaultSearchKeyword: ulodomnalucultarhacult -> nice
CHR Profile: C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult [2017-04-03] <==== ATTENTION
CHR Extension: (Polycraft @ turbulenz.com) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\agmbldmkkdelpflgfadnegaapddjekee [2016-04-08]
CHR Extension: (Tower of Sages) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\akkgehcpjooeigdldnepmibfibkgckdi [2016-04-08]
CHR Extension: (Forge of Empires) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\anaphblkfplenhkephgneolhnmjminjg [2016-04-08]
CHR Extension: (Tribal Wars) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\bfcoihkppmlaldchalnpmolekhkmdoej [2016-04-08]
CHR Extension: (MEGA) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-02-07]
CHR Extension: (Isle of Tune) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\bljldflafhmbedhjnlncilbhfcnfabgb [2016-04-08]
CHR Extension: (YouTube) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-16]
CHR Extension: (The Legend of Equip Pants) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\deapnbacjblgohibnbjjceoikngpepcp [2016-04-08]
CHR Extension: (Kingdoms Of Camelot) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\dkadejngfdiifodimfhejphllfecigmm [2016-04-08]
CHR Extension: (Little Alchemy light) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\dlinaifoeodggjcfoonifcjppkklkdkd [2016-06-11]
CHR Extension: (Business tycoon online) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\eeefnffdgpdaooefdijbmpplolpoklln [2016-04-08]
CHR Extension: (Gmail Offline) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-04-08]
CHR Extension: (Team Tanks) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\fanaoobcoplmfmebhjddichbapochmad [2016-04-22]
CHR Extension: (Wasted Youth, Part 1) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\feojnbojfdcndlgcnakibbnckmfmlocm [2016-04-08]
CHR Extension: (Avira Browser Safety) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-04-03]
CHR Extension: (AdBlock) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-07]
CHR Extension: (DuckLife 4) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\hdfbmneejapngnopenfcmnpnbohncpdo [2016-04-08]
CHR Extension: (Crazy Chicken) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\hffidhkjaeimpicfoicgkhkokcbiaaka [2016-04-08]
CHR Extension: (Tank War) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\hkipgdkiiakngplejfflcinkaggbmdio [2016-04-08]
CHR Extension: (Illyriad - Grand Strategy MMO) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\hnfbcdoedgikkjokbgejbgkgijnoaanb [2016-04-08]
CHR Extension: (Arcane Legends) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2016-10-13]
CHR Extension: (Age of War 2) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\ifindceaegcjdkfjikmcogkgcemfigch [2016-04-08]
CHR Extension: (1100AD: Domination) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\jegickiknfggboklmifmeikkhnppbnha [2016-04-08]
CHR Extension: (Territory War 3) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\jfknmahjfliijedjbhonlmjenllgjhgj [2016-04-08]
CHR Extension: (Chrome extension source viewer) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\jifpbeccnghkjeaalbbjmodiffmgedin [2017-04-03]
CHR Extension: (Rise Of the Tower) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\jnhdfikkiighlicpokggnfklodfmiaph [2016-04-08]
CHR Extension: (KingsRoad) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\kbcbablgmkkdnioiekpgjfacejkfomlg [2016-04-08]
CHR Extension: (TANX) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\khalolpadgppinfmjajjbdgljhcameji [2016-04-08]
CHR Extension: (Little Alchemy) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-04-08]
CHR Extension: (Artillery Tower Protector) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\ldgcejmkikbadghamaadggncnbfekdik [2016-04-08]
CHR Extension: (Freeciv) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\ldhdjhmbapbeafmhdoobnlldhfopfcgh [2016-04-08]
CHR Extension: (Drakensang Online) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\lgloifppaepihckkhiocnodicehjdoof [2016-04-08]
CHR Extension: (Hacker Vs Hacker) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\liagglcdcopmflkgefpaifbbmnfpbpdd [2016-04-08]
CHR Extension: (War Commander) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\llmmanebcflnklopeacnlgkpiehfacmd [2016-04-08]
CHR Extension: (Frontline Defense 2 HD) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\nincmkjomngcmklpdkmdkioemlhdieim [2016-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-25]
CHR Extension: (Gmail) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-16]
CHR Extension: (Chrome Media Router) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-22]
CHR Extension: (Chither.com - insane slither io bots !) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\ulodomnalucultarhacult\Extensions\pmedcepkcjldmmkmfkeniapbaedjlfic [2017-01-25]
CHR Extension: (Extutil) - C:\Users\Ray\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2016-06-30]
CHR Extension: (Managera) - C:\Users\Ray\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2016-06-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AMInstantService; C:\Program Files (x86)\GameHouse Games\aminstantservice.exe [2041776 2016-10-26] (GameHouse)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2017-02-11] ()
S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [245544 2016-03-27] (EasyAntiCheat Ltd)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2017-01-07] (Echobit LLC)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-11] (Hi-Rez Studios) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-29] ()
R2 InputDirector; C:\Program Files (x86)\Input Director\IDWinService.exe [78016 2016-07-31] (Imperative Software Pty Ltd)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-22] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-22] (Intel Corporation)
R2 Kuaizip Update Checker; C:\Program Files (x86)\KuaiZip\X86\kuaizipUpdateChecker.dll [216704 2016-11-02] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\SymcPCCULaunchSvc.exe [123320 2011-09-14] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe [126392 2011-09-14] (Symantec Corporation)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-03-31] (Copyright (c) 2017 Plays.tv, LLC)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2017-01-05] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-09-06] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 CFUACProxy_boxsoftware; "C:\ProgramData\Clickfree\BoxSoftware\UACProxy.exe" -s "-pC:\ProgramData\Clickfree\BoxSoftware"
S2 FirefoxU; "C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe" [X]
S2 Gubed_WMI; C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe -s [X]
S2 GubZL; C:\Program Files (x86)\Gub\GubZL.dll [X]
S2 InterHop; "C:\Program Files (x86)\InterHop\InterHop.exe" {2C8E8C85-942B-451C-8243-97A089265577} [X]
S2 MSCFG_SVR; C:\ProgramData\Microsoft\Office\office_update.dll [X]
S4 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17195.214\QQPCRtp.exe" -r [X]
R2 TenorshareWinAdService; C:\Users\Ray\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService [X]
S4 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
S2 UncheckitSvc; C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe [X]
S2 WeatherChiknSrvr; C:\Program Files (x86)\WeatherChickn\WeatherChickn.exe [X]
S2 WinSAPSvc; C:\Users\Ray\AppData\Roaming\WinSAPSvc\WinSAP.dll [X]
S2 WINSNARE; C:\Users\Ray\AppData\Roaming\WINSNARE\WinSnare.dll [X] <==== ATTENTION
S2 ZwcHstsrv; "C:\Program Files (x86)\Ziwecultkorus\ZwcHstsrv.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dtultrascsibus; C:\windows\System32\DRIVERS\dtultrascsibus.sys [30264 2016-05-20] (Disc Soft Ltd)
S3 dtultrausbbus; C:\windows\System32\DRIVERS\dtultrausbbus.sys [47672 2016-05-20] (Disc Soft Ltd)
S3 EsgScanner; C:\windows\System32\DRIVERS\EsgScanner.sys [22704 2017-04-01] ()
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
R2 KuaiZipDrive2; C:\windows\system32\drivers\KuaiZipDrive2.sys [93072 2016-11-02] (WinMount International Inc) <==== ATTENTION
R2 MBAMChameleon; C:\windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-01] (Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\drivers\farflt.sys [111544 2017-04-03] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\drivers\mbam.sys [43968 2017-04-03] (Malwarebytes)
R0 MBAMSwissArmy; C:\windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-03] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\drivers\mwac.sys [82720 2017-04-03] (Malwarebytes)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 Tosrfcom; no ImagePath
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.)
S1 VBoxNetAdp; C:\windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
R1 VBoxNetLwf; C:\windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation)
R1 vmkbd3; C:\windows\System32\DRIVERS\vmkbd.sys [52288 2016-09-06] (VMware, Inc.)
R0 vsock; C:\windows\System32\DRIVERS\vsock.sys [93248 2016-09-02] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
R1 XQHDrv; C:\windows\System32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
S1 acujtqff; \??\C:\windows\system32\drivers\acujtqff.sys [X]
S1 aegasiyk; \??\C:\windows\system32\drivers\aegasiyk.sys [X]
S1 ajfrnmkc; \??\C:\windows\system32\drivers\ajfrnmkc.sys [X]
S1 akpobmwb; \??\C:\windows\system32\drivers\akpobmwb.sys [X]
S1 alxtxasl; \??\C:\windows\system32\drivers\alxtxasl.sys [X]
S1 aoijevdz; \??\C:\windows\system32\drivers\aoijevdz.sys [X]
S1 aqnzshvp; \??\C:\windows\system32\drivers\aqnzshvp.sys [X]
S1 asljqjmf; \??\C:\windows\system32\drivers\asljqjmf.sys [X]
S1 avhggwmc; \??\C:\windows\system32\drivers\avhggwmc.sys [X]
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
R4 avusbflt; System32\Drivers\avusbflt.sys [X]
S1 bbhanucx; \??\C:\windows\system32\drivers\bbhanucx.sys [X]
S1 bdnzokqy; \??\C:\windows\system32\drivers\bdnzokqy.sys [X]
S1 bfeisnta; \??\C:\windows\system32\drivers\bfeisnta.sys [X]
S1 bidlejge; \??\C:\windows\system32\drivers\bidlejge.sys [X]
S1 bjblbisf; \??\C:\windows\system32\drivers\bjblbisf.sys [X]
S1 bjelfemm; \??\C:\windows\system32\drivers\bjelfemm.sys [X]
S1 bmgihqcf; \??\C:\windows\system32\drivers\bmgihqcf.sys [X]
S1 buljdxjp; \??\C:\windows\system32\drivers\buljdxjp.sys [X]
S1 bwxrctxl; \??\C:\windows\system32\drivers\bwxrctxl.sys [X]
S1 bwzwktkb; \??\C:\windows\system32\drivers\bwzwktkb.sys [X]
S1 cakveset; \??\C:\windows\system32\drivers\cakveset.sys [X]
S1 cfbqggxa; \??\C:\windows\system32\drivers\cfbqggxa.sys [X]
S1 cgrlyciy; \??\C:\windows\system32\drivers\cgrlyciy.sys [X]
S1 cnscjrbe; \??\C:\windows\system32\drivers\cnscjrbe.sys [X]
S1 cpjqglpk; \??\C:\windows\system32\drivers\cpjqglpk.sys [X]
S1 cpsutpak; \??\C:\windows\system32\drivers\cpsutpak.sys [X]
S1 cptevyan; \??\C:\windows\system32\drivers\cptevyan.sys [X]
S1 csdcqfyc; \??\C:\windows\system32\drivers\csdcqfyc.sys [X]
S1 ctlvyrch; \??\C:\windows\system32\drivers\ctlvyrch.sys [X]
S1 ctnvivfr; \??\C:\windows\system32\drivers\ctnvivfr.sys [X]
S1 cwnlxkjy; \??\C:\windows\system32\drivers\cwnlxkjy.sys [X]
S1 cwtemgeo; \??\C:\windows\system32\drivers\cwtemgeo.sys [X]
S1 cwvdheqx; \??\C:\windows\system32\drivers\cwvdheqx.sys [X]
S1 czjugtfu; \??\C:\windows\system32\drivers\czjugtfu.sys [X]
S1 czrsljuv; \??\C:\windows\system32\drivers\czrsljuv.sys [X]
S1 dbthywnx; \??\C:\windows\system32\drivers\dbthywnx.sys [X]
S1 hekbrhkw; \??\C:\windows\system32\drivers\hekbrhkw.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X]
S1 MpKsl8d85e2bd; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA555480-EAD7-48CE-8CC7-B2E1B055E2A4}\MpKsl8d85e2bd.sys [X]
S1 qlencwrl; \??\C:\windows\system32\drivers\qlencwrl.sys [X]
S1 rsjnongs; \??\C:\windows\system32\drivers\rsjnongs.sys [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17195.214\TsDefenseBT64.sys [X]
S1 UCGuard; system32\DRIVERS\ucguard.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-04 16:08 - 2017-04-04 16:09 - 00046836 _____ C:\Users\Ray\Desktop\FRST.txt
2017-04-04 16:01 - 2017-04-04 16:01 - 00000000 ___DC C:\FRST
2017-04-04 16:00 - 2017-04-04 16:01 - 02424832 _____ (Farbar) C:\Users\Ray\Desktop\FRST64.exe
2017-04-02 08:27 - 2017-04-02 08:27 - 00000000 ____D C:\ProgramData\dbg
2017-04-01 20:05 - 2017-04-01 20:05 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-04-01 19:12 - 2017-04-03 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-04-01 19:12 - 2017-04-01 19:12 - 00001219 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-04-01 19:09 - 2017-04-03 16:52 - 00000000 ____D C:\ProgramData\Avira
2017-04-01 19:09 - 2017-04-01 19:51 - 00000000 ____D C:\Program Files (x86)\Avira
2017-04-01 17:14 - 2017-04-01 17:24 - 00003248 _____ C:\windows\System32\Tasks\SpyHunter4Startup
2017-04-01 17:14 - 2017-04-01 17:14 - 00001098 _____ C:\Users\Ray\Desktop\SpyHunter.lnk
2017-04-01 17:14 - 2017-04-01 17:14 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2017-04-01 17:14 - 2017-04-01 17:14 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Enigma Software Group
2017-04-01 17:14 - 2017-04-01 17:14 - 00000000 ____C C:\autoexec.bat
2017-04-01 17:13 - 2017-04-01 17:14 - 00000000 ___DC C:\sh4ldr
2017-04-01 17:11 - 2017-04-01 17:11 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2017-04-01 17:10 - 2017-04-01 17:10 - 00000000 ____D C:\Program Files\Enigma Software Group
2017-04-01 16:56 - 2017-04-01 16:56 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Tenorshare
2017-04-01 16:56 - 2017-04-01 16:56 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery Professional
2017-04-01 16:56 - 2017-04-01 16:56 - 00000000 ____D C:\Program Files (x86)\RAR Password Recovery Professional
2017-04-01 13:02 - 2017-04-01 13:02 - 00000000 ____D C:\Program Files (x86)\JetSQLConsole
2017-04-01 10:09 - 2017-04-03 20:58 - 00082720 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-04-01 10:09 - 2017-04-03 16:46 - 00111544 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-04-01 10:09 - 2017-04-03 16:46 - 00043968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-04-01 10:09 - 2017-04-03 16:45 - 00251832 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-01 10:09 - 2017-04-01 18:48 - 00186304 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMChameleon.sys
2017-04-01 10:08 - 2017-04-01 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-01 10:08 - 2017-04-01 10:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-01 10:08 - 2017-04-01 10:08 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-01 10:08 - 2017-03-24 03:10 - 00077440 _____ C:\windows\system32\Drivers\mbae64.sys
2017-04-01 10:04 - 2017-04-01 11:16 - 00000000 ____D C:\Users\Ray\Desktop\AntiVirus Stuff
2017-03-29 16:50 - 2017-03-29 16:50 - 00002607 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2017-03-29 16:50 - 2017-03-29 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
2017-03-29 16:50 - 2017-02-21 08:29 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\TURegOpt.exe
2017-03-29 16:50 - 2017-02-21 08:25 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\authuitu.dll
2017-03-29 16:50 - 2017-02-21 08:25 - 00042256 _____ (AVG Technologies CZ, s.r.o.) C:\windows\SysWOW64\authuitu.dll
2017-03-26 14:14 - 2017-03-29 18:41 - 00001360 _____ C:\Users\Ray\Desktop\ROBLOX Player.lnk
2017-03-25 12:41 - 2017-03-25 12:41 - 00000000 ____D C:\Users\Ray\AppData\Local\.IdentityService
2017-03-25 12:40 - 2017-03-25 12:55 - 00000000 ____D C:\Users\Ray\Documents\Visual Studio 2017
2017-03-25 11:06 - 2017-03-25 11:06 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2017-03-25 11:01 - 2017-03-26 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-03-25 11:01 - 2017-03-25 11:01 - 00000000 ____D C:\Program Files\Application Verifier
2017-03-25 11:01 - 2017-03-25 11:01 - 00000000 ____D C:\Program Files (x86)\Application Verifier
2017-03-25 08:42 - 2017-03-25 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-03-25 08:29 - 2017-03-25 08:29 - 00000000 ____D C:\Users\Ray\AppData\Local\ServiceHub
2017-03-25 08:28 - 2017-03-26 20:56 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Visual Studio Setup
2017-03-25 08:28 - 2017-03-25 08:29 - 00000000 ____D C:\Users\Ray\AppData\Roaming\vstelemetry
2017-03-25 08:27 - 2017-03-26 17:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-03-24 17:55 - 2017-03-24 17:55 - 00000000 ____D C:\Users\Ray\AppData\LocalLow\Dapper Penguin Studios
2017-03-24 17:22 - 2017-03-24 17:22 - 00000000 ____D C:\Users\Ray\AppData\LocalLow\Mind Leak
2017-03-24 14:35 - 2017-03-24 14:35 - 00000000 ____D C:\Users\Ray\AppData\LocalLow\BitTorrent
2017-03-23 18:13 - 2017-03-23 18:23 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Bitcoin
2017-03-22 21:03 - 2017-03-22 21:03 - 00549304 ____C C:\SoftwareLog.dll
2017-03-21 18:57 - 2017-03-23 18:12 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Litecoin
2017-03-21 18:29 - 2017-03-21 18:32 - 00000000 ____D C:\Users\Ray\Desktop\BitCoinMining
2017-03-18 11:39 - 2017-03-31 20:05 - 00000000 ____D C:\Program Files (x86)\deskapp
2017-03-17 16:29 - 2017-03-18 09:52 - 00000000 ____D C:\Users\Ray\Documents\From The Depths
2017-03-17 15:28 - 2017-03-18 08:39 - 00000000 ____D C:\Program Files\wwchromek4
2017-03-16 15:52 - 2017-04-02 10:09 - 00000000 ____D C:\Program Files (x86)\BikaQRss
2017-03-16 15:52 - 2017-03-31 20:04 - 00000000 ____D C:\Program Files (x86)\n1
2017-03-16 15:52 - 2017-03-18 08:39 - 00003206 _____ C:\windows\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-03-16 15:52 - 2017-03-16 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-03-15 16:22 - 2017-03-05 05:24 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-03-15 16:22 - 2017-03-05 04:39 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-03-15 16:22 - 2017-03-04 20:20 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-03-15 16:22 - 2017-03-04 20:01 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-03-15 16:22 - 2017-03-04 19:59 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-03-15 16:22 - 2017-03-04 19:51 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-03-15 16:22 - 2017-03-04 19:45 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-03-15 16:22 - 2017-03-04 19:36 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-03-15 16:22 - 2017-03-04 19:23 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 16:22 - 2017-03-04 19:21 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-03-15 16:22 - 2017-03-04 19:13 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-03-15 16:22 - 2017-03-04 19:11 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-03-15 16:22 - 2017-03-04 18:55 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-03-15 16:22 - 2017-03-04 18:54 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-03-15 16:22 - 2017-03-04 18:12 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-03-15 16:22 - 2017-03-04 16:18 - 20281856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-03-15 16:22 - 2017-03-03 06:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-03-15 16:22 - 2017-03-03 06:01 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-03-15 16:22 - 2017-03-03 06:01 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-03-15 16:22 - 2017-03-03 05:55 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-03-15 16:22 - 2017-03-03 05:54 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-03-15 16:22 - 2017-03-03 05:53 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-03-15 16:22 - 2017-03-03 05:51 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-03-15 16:22 - 2017-03-03 05:50 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-03-15 16:22 - 2017-03-03 05:49 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-03-15 16:22 - 2017-03-03 05:49 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-03-15 16:22 - 2017-03-03 05:41 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-03-15 16:22 - 2017-03-03 05:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 16:22 - 2017-03-03 05:35 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-03-15 16:22 - 2017-03-03 05:31 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-03-15 16:22 - 2017-03-03 05:29 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-03-15 16:22 - 2017-03-03 05:28 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-03-15 16:22 - 2017-03-03 05:19 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-03-15 16:22 - 2017-03-03 05:17 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-03-15 16:22 - 2017-03-03 05:11 - 13654528 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-03-15 16:22 - 2017-03-03 04:50 - 01312768 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-03-15 16:22 - 2017-03-03 04:50 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-03-15 16:21 - 2017-03-04 20:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-03-15 16:21 - 2017-03-04 20:02 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-03-15 16:21 - 2017-03-04 20:01 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-03-15 16:21 - 2017-03-04 20:01 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-03-15 16:21 - 2017-03-04 20:01 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-03-15 16:21 - 2017-03-04 19:52 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-03-15 16:21 - 2017-03-04 19:48 - 25746944 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-03-15 16:21 - 2017-03-04 19:46 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-03-15 16:21 - 2017-03-04 19:45 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-03-15 16:21 - 2017-03-04 19:45 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-03-15 16:21 - 2017-03-04 19:44 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-03-15 16:21 - 2017-03-04 19:32 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-03-15 16:21 - 2017-03-04 19:31 - 06045696 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-03-15 16:21 - 2017-03-04 19:16 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-03-15 16:21 - 2017-03-04 19:16 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-03-15 16:21 - 2017-03-04 18:57 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-03-15 16:21 - 2017-03-04 18:52 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-03-15 16:21 - 2017-03-04 18:52 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-03-15 16:21 - 2017-03-04 18:26 - 15259648 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-03-15 16:21 - 2017-03-04 18:25 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-03-15 16:21 - 2017-03-04 18:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-03-15 16:21 - 2017-03-03 06:16 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-03-15 16:21 - 2017-03-03 06:01 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-03-15 16:21 - 2017-03-03 06:00 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-03-15 16:21 - 2017-03-03 05:32 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-03-15 16:21 - 2017-03-03 05:22 - 04604416 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-03-15 16:21 - 2017-03-03 05:21 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-03-15 16:21 - 2017-03-03 05:17 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-03-15 16:21 - 2017-03-03 04:53 - 02767360 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-03-15 16:21 - 2017-02-12 03:58 - 00462848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2017-03-15 16:21 - 2017-02-12 03:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2017-03-15 16:21 - 2017-02-12 03:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2017-03-15 16:21 - 2017-02-11 04:32 - 00803328 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2017-03-15 16:21 - 2017-02-11 04:32 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-03-15 16:21 - 2017-02-11 04:17 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2017-03-15 16:21 - 2017-02-11 04:17 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-03-15 16:21 - 2017-02-11 02:33 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2017-03-15 16:21 - 2017-02-10 04:36 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-03-15 16:21 - 2017-02-10 04:35 - 05548264 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-03-15 16:21 - 2017-02-10 04:35 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-03-15 16:21 - 2017-02-10 04:35 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-03-15 16:21 - 2017-02-10 04:35 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-03-15 16:21 - 2017-02-10 04:33 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00040960 _____ (Microsoft Corporation) C:\windows\system32\WcsPlugInService.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2017-03-15 16:21 - 2017-02-10 04:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00625664 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\icm32.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:19 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2017-03-15 16:21 - 2017-02-10 04:19 - 03945192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2017-03-15 16:21 - 2017-02-10 04:16 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00481792 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00215040 _____ (Microsoft Corporation) C:\windows\SysWOW64\icm32.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 04:03 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-03-15 16:21 - 2017-02-10 04:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-03-15 16:21 - 2017-02-10 04:03 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-03-15 16:21 - 2017-02-10 04:02 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-03-15 16:21 - 2017-02-10 04:00 - 03220480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-03-15 16:21 - 2017-02-10 03:59 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2017-03-15 16:21 - 2017-02-10 03:58 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-03-15 16:21 - 2017-02-10 03:55 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-03-15 16:21 - 2017-02-10 03:55 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-03-15 16:21 - 2017-02-10 03:55 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-03-15 16:21 - 2017-02-10 03:54 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-03-15 16:21 - 2017-02-10 03:54 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-03-15 16:21 - 2017-02-10 03:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-03-15 16:21 - 2017-02-10 03:51 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WcsPlugInService.dll
2017-03-15 16:21 - 2017-02-10 03:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2017-03-15 16:21 - 2017-02-10 03:50 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2017-03-15 16:21 - 2017-02-10 03:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2017-03-15 16:21 - 2017-02-10 03:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2017-03-15 16:21 - 2017-02-10 03:49 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-03-15 16:21 - 2017-02-10 03:49 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 03:49 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 03:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 03:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 16:21 - 2017-02-10 02:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2017-03-15 16:21 - 2017-02-10 02:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2017-03-15 16:21 - 2017-02-07 04:14 - 00733696 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2017-03-15 16:21 - 2017-01-14 06:00 - 00976896 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2017-03-15 16:21 - 2017-01-14 06:00 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2017-03-15 16:21 - 2017-01-14 05:45 - 00741888 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2017-03-15 16:21 - 2017-01-14 05:45 - 00084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\INETRES.dll
2017-03-15 16:21 - 2017-01-12 06:01 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2017-03-15 16:21 - 2017-01-12 06:01 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2017-03-15 16:21 - 2017-01-12 05:43 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2017-03-15 16:21 - 2017-01-12 05:43 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2017-03-15 16:21 - 2017-01-07 06:00 - 01574912 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2017-03-15 16:21 - 2017-01-07 05:44 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2017-03-15 16:19 - 2017-02-23 11:42 - 00084712 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2017-03-15 16:19 - 2017-02-23 11:37 - 01285632 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2017-03-15 16:19 - 2017-02-19 02:05 - 01609216 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2017-03-15 16:19 - 2017-02-19 02:05 - 00646656 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2017-03-11 17:54 - 2017-03-11 17:54 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Poedit
2017-03-11 17:53 - 2017-03-11 17:53 - 00001048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poedit.lnk
2017-03-11 17:53 - 2017-03-11 17:53 - 00000000 ____D C:\Program Files (x86)\Poedit
2017-03-08 20:42 - 2017-03-08 20:42 - 00000000 ____D C:\Users\Ray\AppData\Roaming\LolClient
2017-03-07 20:40 - 2017-03-13 19:54 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-07 20:34 - 2017-03-31 20:04 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-07 18:09 - 2017-03-07 18:09 - 00000000 ____D C:\ProgramData\Riot Games
2017-03-07 18:00 - 2017-03-07 18:00 - 00001613 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-03-07 18:00 - 2017-03-07 18:00 - 00000000 ____D C:\Riot Games
2017-03-07 18:00 - 2017-03-07 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-03-07 17:49 - 2017-03-07 17:49 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Riot Games
2017-03-06 16:12 - 2017-01-01 03:36 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2017-03-06 16:12 - 2017-01-01 03:36 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2017-03-06 16:12 - 2017-01-01 03:36 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2017-03-06 16:12 - 2017-01-01 03:36 - 00233984 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2017-03-06 16:12 - 2017-01-01 03:36 - 00133632 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-04 15:56 - 2016-11-02 17:15 - 00000452 _____ C:\windows\Tasks\UCBrowserUpdater.job
2017-04-04 15:56 - 2016-04-21 09:51 - 00000384 _____ C:\windows\Tasks\update-sys.job
2017-04-04 15:56 - 2016-04-21 09:51 - 00000384 _____ C:\windows\Tasks\update-S-1-5-21-3849293026-3514586367-1009552341-1000.job
2017-04-03 21:11 - 2016-07-16 17:27 - 00006626 _____ C:\Users\Ray\Desktop\c0des.txt
2017-04-03 19:49 - 2016-03-16 13:47 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-04-03 17:10 - 2016-03-24 20:14 - 00000000 ____D C:\Users\Ray\AppData\Local\CrashDumps
2017-04-03 17:10 - 2016-03-18 17:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-03 17:06 - 2009-07-14 16:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-03 17:06 - 2009-07-14 16:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-03 16:48 - 2016-06-12 12:42 - 00000000 ____D C:\Users\Ray\AppData\Roaming\PlaysTV
2017-04-03 16:48 - 2016-06-12 12:37 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Raptr
2017-04-03 16:43 - 2016-11-07 16:38 - 00000288 _____ C:\windows\Tasks\UCBrowserUpdaterCore.job
2017-04-03 16:43 - 2016-10-12 18:50 - 00000000 ____D C:\ProgramData\VMware
2017-04-03 16:43 - 2016-04-01 19:01 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-04-03 16:43 - 2016-03-16 13:47 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-04-03 16:41 - 2009-07-14 17:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-04-03 16:36 - 2016-04-22 16:40 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Curse Client
2017-04-02 18:56 - 2016-10-26 19:54 - 00000000 ____D C:\Program Files (x86)\amuleC
2017-04-02 09:14 - 2017-01-16 08:59 - 00000000 ____D C:\Users\Ray\Desktop\RBLX
2017-04-02 08:52 - 2016-09-13 20:04 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-04-02 08:50 - 2017-01-10 18:01 - 00000000 ____D C:\ProgramData\wintools
2017-04-02 08:50 - 2016-05-15 21:11 - 00000000 _RSHD C:\ProgramData\563465
2017-04-02 08:49 - 2016-03-16 14:14 - 00002607 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-02 08:48 - 2016-06-29 17:34 - 01125624 _____ C:\windows\ntbtlog.txt
2017-04-02 08:28 - 2009-07-14 17:13 - 00006852 _____ C:\windows\system32\PerfStringBackup.INI
2017-04-02 08:27 - 2017-02-04 18:31 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-04-02 08:27 - 2016-03-15 18:46 - 00001053 _____ C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-01 20:28 - 2016-09-20 21:38 - 00003600 _____ C:\windows\System32\Tasks\AVG EUpdate Task
2017-04-01 19:41 - 2016-06-30 12:47 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-04-01 19:14 - 2016-11-18 19:42 - 00000000 ____D C:\ProgramData\gjdgj
2017-04-01 19:14 - 2016-11-08 19:00 - 00000000 ____D C:\ProgramData\ehadh
2017-04-01 19:10 - 2016-11-11 18:46 - 00000000 ____D C:\ProgramData\behbe
2017-04-01 19:07 - 2016-03-19 18:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-01 19:06 - 2016-10-29 11:35 - 00000000 ____D C:\ProgramData\cficf
2017-04-01 19:06 - 2016-10-22 12:09 - 00000000 ____D C:\ProgramData\fibei
2017-04-01 17:57 - 2016-06-18 20:38 - 00000000 ____D C:\Users\Ray\Desktop\IGG-Games
2017-04-01 17:13 - 2016-06-08 19:01 - 00000000 ____D C:\AdwCleaner
2017-04-01 13:04 - 2016-10-23 16:55 - 00000000 ____D C:\Users\Ray\Documents\Visual Studio 2015
2017-04-01 10:37 - 2017-01-22 19:53 - 00000000 ____D C:\Program Files (x86)\MIO
2017-04-01 10:03 - 2016-12-21 21:17 - 00003476 _____ C:\windows\System32\Tasks\UCBrowserSecureUpdater
2017-04-01 07:41 - 2016-04-02 15:56 - 00000000 ____D C:\Users\Ray\AppData\Roaming\obs-studio
2017-03-31 20:05 - 2017-03-04 08:12 - 00000000 _____ C:\windows\SysWOW64\4
2017-03-31 20:05 - 2017-03-04 08:12 - 00000000 _____ C:\windows\SysWOW64\3
2017-03-31 20:05 - 2017-01-22 19:53 - 00003586 _____ C:\windows\System32\Tasks\Milimili
2017-03-31 20:05 - 2016-04-02 21:02 - 00002015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-31 07:08 - 2010-11-21 15:27 - 00513192 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2017-03-29 20:28 - 2016-03-31 12:27 - 00000000 ____D C:\Users\Ray\AppData\Roaming\SoftGrid Client
2017-03-29 18:41 - 2016-10-21 16:49 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-03-29 18:41 - 2016-10-18 16:47 - 00001179 _____ C:\Users\Ray\Desktop\ROBLOX Studio.lnk
2017-03-29 17:07 - 2009-07-14 15:20 - 00000000 ____D C:\windows\inf
2017-03-29 16:49 - 2016-03-16 11:06 - 00000000 ____D C:\ProgramData\Avg
2017-03-29 16:49 - 2016-03-16 11:06 - 00000000 ____D C:\Program Files (x86)\AVG
2017-03-29 16:49 - 2016-03-16 11:00 - 00000000 ____D C:\Users\Ray\AppData\Local\AvgSetupLog
2017-03-29 16:49 - 2016-03-16 11:00 - 00000000 ____D C:\Users\Ray\AppData\Local\Avg
2017-03-29 16:18 - 2016-12-01 15:21 - 00007603 _____ C:\Users\Ray\AppData\Local\resmon.resmoncfg
2017-03-28 16:49 - 2016-06-08 18:15 - 00000000 ____D C:\Users\Ray\AppData\Roaming\BitTorrent
2017-03-26 20:50 - 2009-07-14 17:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-03-26 20:38 - 2016-03-19 18:45 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-03-26 20:13 - 2016-03-19 18:58 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-03-26 20:05 - 2016-03-19 19:42 - 00000000 ____D C:\Program Files (x86)\NuGet
2017-03-26 17:42 - 2016-03-19 18:58 - 00000000 ____D C:\windows\SysWOW64\1033
2017-03-26 17:42 - 2016-03-19 18:46 - 00000000 ____D C:\windows\system32\1033
2017-03-26 14:14 - 2016-03-16 17:26 - 00000250 _____ C:\Users\Ray\AppData\LocalLow\rbxcsettings.rbx
2017-03-26 14:12 - 2016-10-18 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2017-03-26 12:36 - 2016-03-31 12:38 - 00022736 _____ C:\Users\Ray\Documents\121 Church Street Income.xlsx
2017-03-26 12:21 - 2016-03-31 12:38 - 00020610 _____ C:\Users\Ray\Documents\20 Wallace PLace Expense.xlsx
2017-03-26 11:49 - 2016-03-31 12:38 - 00015476 _____ C:\Users\Ray\Documents\121 Church Street Expense.xlsx
2017-03-26 10:18 - 2016-10-16 16:05 - 00000000 ____D C:\Users\Ray\AppData\Local\Roblox
2017-03-25 12:51 - 2016-10-23 16:43 - 00000000 ____D C:\Users\Ray\AppData\Roaming\NuGet
2017-03-25 11:01 - 2016-03-19 18:45 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2017-03-25 08:24 - 2016-11-26 10:36 - 00000000 ____D C:\Users\Ray\AppData\LocalLow\Mozilla
2017-03-24 17:40 - 2016-12-28 08:31 - 00000000 ____D C:\Program Files (x86)\Gubed
2017-03-24 17:22 - 2016-04-23 19:00 - 00000000 ____D C:\Users\Ray\AppData\Roaming\SmartSteamEmu
2017-03-24 17:22 - 2016-04-01 19:02 - 00000000 ____D C:\Users\Ray\Documents\My Games
2017-03-24 16:07 - 2016-03-31 12:38 - 00017570 _____ C:\Users\Ray\Documents\732 Pioneer Highway Expense.xlsx
2017-03-23 16:26 - 2016-03-19 15:39 - 00000000 ____D C:\Users\Ray\AppData\Roaming\.minecraft
2017-03-23 15:34 - 2009-07-14 15:20 - 00000000 ____D C:\windows\system32\NDF
2017-03-22 18:47 - 2017-02-25 07:58 - 00000000 ____D C:\Users\Ray\AppData\LocalLow\DefaultCompany
2017-03-22 15:56 - 2009-07-14 16:45 - 04933752 _____ C:\windows\system32\FNTCACHE.DAT
2017-03-22 15:52 - 2016-03-16 10:47 - 00000000 ____D C:\windows\system32\appraiser
2017-03-22 15:52 - 2009-07-14 17:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-21 20:11 - 2017-01-17 21:26 - 00000772 _____ C:\windows\SysWOW64\ping.cfg
2017-03-21 15:54 - 2016-03-16 08:21 - 138634176 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-03-19 16:18 - 2016-03-31 12:37 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-03-17 17:44 - 2017-01-19 09:39 - 00004442 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-17 17:44 - 2017-01-19 09:39 - 00004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-03-17 17:44 - 2012-04-10 15:56 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-03-17 17:44 - 2012-04-10 15:56 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-17 17:44 - 2012-04-10 15:56 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-03-17 17:44 - 2012-04-10 15:56 - 00000000 ____D C:\windows\system32\Macromed
2017-03-17 15:44 - 2016-04-01 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-17 15:41 - 2016-04-01 15:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-17 15:41 - 2016-04-01 15:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-13 19:54 - 2016-10-26 19:54 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2017-03-13 19:54 - 2016-09-23 20:55 - 00000000 ____D C:\Users\Ray\AppData\Roaming\aMule
2017-03-12 09:33 - 2009-07-14 15:20 - 00000000 ____D C:\windows\rescache
2017-03-12 09:32 - 2016-04-02 20:26 - 00000000 ____D C:\Users\Ray\AppData\Local\ElevatedDiagnostics
2017-03-11 19:35 - 2017-02-11 12:49 - 00000000 ____D C:\Users\Ray\AppData\Roaming\Avorion
2017-03-11 19:33 - 2017-02-11 12:49 - 00000000 _____ C:\Users\Ray\AppData\Roaming\avoriontestfile
2017-03-11 11:22 - 2016-03-16 14:14 - 00002562 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-11 09:02 - 2016-12-27 18:03 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-03-10 15:27 - 2016-03-31 12:38 - 00018758 _____ C:\Users\Ray\Documents\348 Broadway Ave Expense.xlsx
2017-03-10 15:20 - 2016-03-31 12:38 - 00014385 _____ C:\Users\Ray\Documents\348 Broadway ave income.xlsx
2017-03-10 15:16 - 2016-03-31 12:38 - 00015041 _____ C:\Users\Ray\Documents\346 broadway ave income.xlsx
2017-03-10 15:08 - 2016-03-31 12:38 - 00020588 _____ C:\Users\Ray\Documents\728 Pioneer Highway Expense.xlsx
2017-03-10 14:59 - 2016-03-31 12:38 - 00017092 _____ C:\Users\Ray\Documents\726 Pioneer Highway Expense.xlsx
2017-03-10 14:57 - 2016-03-31 12:38 - 00016522 _____ C:\Users\Ray\Documents\724 Pioneer Highway Expense.xlsx
2017-03-10 14:48 - 2016-03-31 12:38 - 00015782 _____ C:\Users\Ray\Documents\39 Franklin Ave Expense.xlsx
2017-03-10 14:37 - 2016-04-21 20:16 - 00011075 _____ C:\Users\Ray\Documents\Raman R Income Expense.xlsx
2017-03-06 18:47 - 2016-06-01 19:10 - 00016539 _____ C:\Users\Ray\Documents\starburn.txt
2017-03-06 16:15 - 2016-03-16 10:47 - 00000000 ___SD C:\windows\system32\CompatTel
2017-03-05 16:34 - 2016-03-15 18:43 - 00000000 ____D C:\Users\Ray

==================== Files in the root of some directories =======

2016-03-15 19:12 - 2016-03-15 19:13 - 6871040 _____ () C:\Program Files (x86)\GUT9E14.tmp
2017-02-04 18:31 - 2017-02-04 18:31 - 0000000 _____ () C:\Program Files (x86)\metadata
2017-02-04 18:31 - 2017-04-02 08:27 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2017-02-11 12:49 - 2017-03-11 19:33 - 0000000 _____ () C:\Users\Ray\AppData\Roaming\avoriontestfile
2016-06-08 18:33 - 2016-06-08 18:33 - 0005120 _____ () C:\Users\Ray\AppData\Roaming\GiftBag.db
2016-05-15 21:11 - 2016-03-27 03:58 - 0410114 ___SH () C:\Users\Ray\AppData\Local\CSIDL_
2016-05-15 21:11 - 2016-03-27 03:58 - 0410114 ___SH () C:\Users\Ray\AppData\Local\CSIDL_X
2016-12-01 15:21 - 2017-03-29 16:18 - 0007603 _____ () C:\Users\Ray\AppData\Local\resmon.resmoncfg
2016-04-21 09:51 - 2016-04-21 09:51 - 0000003 _____ () C:\Users\Ray\AppData\Local\updater.log
2016-04-21 09:51 - 2016-08-07 09:23 - 0000424 _____ () C:\Users\Ray\AppData\Local\UserProducts.xml
2016-05-15 21:11 - 2016-05-15 21:11 - 0000006 ____S () C:\ProgramData\fb12f43acf7063d6d8d431376ca20dce41311432
2016-05-15 21:12 - 2016-05-15 21:12 - 0001576 _____ () C:\ProgramData\XML

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 08:18

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Ray (04-04-2017 16:10:10)
Running from C:\Users\Ray\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-03-15 06:43:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3849293026-3514586367-1009552341-500 - Administrator - Disabled)
Guest (S-1-5-21-3849293026-3514586367-1009552341-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3849293026-3514586367-1009552341-1002 - Limited - Enabled)
Ray (S-1-5-21-3849293026-3514586367-1009552341-1000 - Administrator - Enabled) => C:\Users\Ray

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
amuleC (HKLM-x32\...\{0F7B5011-72EC-493D-A7BF-546591047E8E}) (Version: 1.0.2 - amuleC) <==== ATTENTION
amuleC (HKLM-x32\...\{19539992-061C-4E8B-9053-07B175303AF4}) (Version: 1.0.1 - amuleC) <==== ATTENTION
amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC) <==== ATTENTION
aMuleCustom (HKLM-x32\...\{58C69614-BB4F-4E55-BF6B-AFCB0B7377DB}) (Version: 1.0.1 - walalala co) <==== ATTENTION
amulesw (HKLM-x32\...\{13D7C2E9-08E7-4889-94FF-87E707184E53}) (Version: 1.0.7 - amules) <==== ATTENTION
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{D25C9EDD-984F-444C-9229-5A58130C6B10}) (Version: 4.3.60226.3 - Microsoft Corporation)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.0.0.12 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.74.1 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.1.831 - AVG Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BikaQ Rss (HKLM-x32\...\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}) (Version: 2.0.16 - BikaQ) <==== ATTENTION
BitTorrent (HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\...\BitTorrent) (Version: 7.9.9.43389 - BitTorrent Inc.)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
Bloons TD Battles (HKLM\...\Steam App 444640) (Version:  - Ninja Kiwi)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.00(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.)
Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deskapp (HKLM-x32\...\{6AD06984-E21B-436F-9341-11053320B994}) (Version: 1.1.4 - deskapp)
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Galaxy Control: 3D Strategy (HKLM\...\Steam App 435440) (Version:  - FX Games Media)
GameHouse Games (HKLM-x32\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\...\Google Chrome SxS) (Version: 59.0.3061.0 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.1.2003.1856 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.5.5 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Input Director v1.4  (HKLM-x32\...\Input Director) (Version: 1.4 - Imperative Software Pty Ltd)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
InterHop (HKLM-x32\...\{A0275D4F-FFAB-4A42-9874-B871B1C4CA3D}) (Version: 1.0.0 - InterHop)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java(TM) 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
Java(TM) SE Development Kit 6 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160450}) (Version: 1.6.0.450 - Oracle)
JetSQLConsole 1.0 (HKLM-x32\...\JetSQLConsole) (Version:  - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
MachineCraft (HKLM\...\Steam App 397100) (Version:  - G2CREW)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 SDK (HKLM-x32\...\{39BEF607-44E6-472B-90C1-BD62AA2B7A3F}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (HKLM-x32\...\{C07B4BC7-A37D-46A8-B2A3-620CC569D149}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{4B2B6F4B-9B09-46ED-935E-A84A669D2DC9}) (Version: 2.8.2.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 1 (HKLM-x32\...\{1d03ad7c-fa27-4517-91b0-410bb49f94d9}) (Version: 14.0.24720.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
mIRC (HKLM-x32\...\mIRC) (Version: 7.45 - mIRC Co. Ltd.)
Monopoly Here & Now Edition (HKLM-x32\...\Monopoly Here & Now Edition) (Version:  - Spintop Media, Inc)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
mSLDev (HKLM-x32\...\{D464FB04-3A73-41B6-903A-7529598C99B8}) (Version: 0.3.1 - ZigWap)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Node.js (HKLM\...\{B16C1D48-9655-4121-BA6A-A5230D3F7459}) (Version: 7.4.0 - Node.js Foundation)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.15.77 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 5.0.4 (HKLM\...\{FC191F32-1A67-4231-91D0-0059A57C99A8}) (Version: 5.0.4 - Oracle Corporation)
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.30.1190.2 - Hi-Rez Studios)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.21.0-r121815-release - Plays.tv, LLC)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.20 - Portforward, LLC)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
RAR Password Recovery Professional  (HKLM-x32\...\RAR Password Recovery Professional) (Version:  - SmartKey, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6597 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Reflector 2 (HKLM\...\{B78C26E0-35DE-4A78-8F96-8A71EDA23ED7}) (Version: 2.6.1.0 - Squirrels)
ROBLOX Player for Ray (HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Ray (HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Robocraft (HKLM\...\Steam App 301520) (Version:  - Freejam)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24730 - Microsoft Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Splashtop Remote Client (HKLM-x32\...\InstallShield_{FF63D930-9D4B-4481-BB90-9F3FC22CD0DB}) (Version: 1.1.5.0 - Splashtop Inc.)
Splashtop Remote Client (x32 Version: 1.1.5.0 - Splashtop Inc.) Hidden
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 1.7.0.3 - Splashtop Inc.)
Splashtop Streamer (x32 Version: 1.7.0.3 - Splashtop Inc.) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.25.6.4782 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 2.1.17.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}) (Version: 8.0.43 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Peak Shift Control (HKLM\...\{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}) (Version: 3.00.07.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
Trove (HKLM\...\Steam App 304050) (Version:  - Trion Worlds)
TypeScript Power Tool (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
Unity (HKLM-x32\...\Unity) (Version: 5.5.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VMware Workstation (HKLM\...\{5FCB317B-2ABC-4AB1-871D-1675492F9A68}) (Version: 12.5.0 - VMware, Inc.)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{3BE62AA1-60B9-42EA-99BC-1A46B31C7E0C}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.795 (HKLM-x32\...\{5eb6fbea-73ee-4a8e-9042-110704768d7f}) (Version: 10.1.14393.795 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinSnare (HKLM-x32\...\{3E2BA91E-4812-478B-B594-9876A8081CCD}) (Version: 4.4.3 - WinSnare) <==== ATTENTION
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.20-0 - Bitnami)
XSplit Gamecaster (HKLM-x32\...\{D3C9DBAA-5395-4971-A962-553C7DBEA423}) (Version: 2.8.1605.2355 - SplitmediaLabs)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
YellowSend (HKLM-x32\...\YSPackage) (Version:  - CMI Limited) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Ray\AppData\Roaming\wardmain\ryseas.dll => No File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ray\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ray\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ray\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ray\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Ray\AppData\Local\Roblox\Versions\version-398bf2b17c844b38\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ray\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01F102C9-06D0-49FF-BE30-33CE35A11DE4} - System32\Tasks\{C108D82C-DAE5-4FD3-80E4-ADC4B99AD43F} => Chrome.exe hxxp://ui.skype.com/ui/0/7.27.0.101/en/abandoninstall?page=tsProgressBar
Task: {0939E29C-259D-470B-A547-A819AC19F39A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3849293026-3514586367-1009552341-1000Core => C:\Users\Ray\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-25] (Google Inc.)
Task: {0DE2BD3F-422E-488E-BDD3-11C8A1B129FD} - System32\Tasks\{3BE7C291-B92C-44BC-AB9E-698D9DD59D97} => Chrome.exe hxxp://ui.skype.com/ui/0/7.27.0.101/en/abandoninstall?page=tsProgressBar
Task: {12E58353-3309-4F7A-9409-2304E1127076} - \JamjobUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {18EDFAE1-6AC9-43E2-A038-12D6C084E93D} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe  <==== ATTENTION
Task: {19EF9270-3B84-4455-9FE5-438532F67079} - \EastmyUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {1EBF3D20-549E-4EE3-BF89-34520B47BB84} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-10-25] (TOSHIBA CORPORATION)
Task: {1FEF2848-B467-4DAA-915E-DE2426758C80} - System32\Tasks\{F5D42941-CFA4-4AF3-9431-56B776510305} => pcalua.exe -a C:\Users\Ray\Desktop\IGG-Games\Terraria.v1.3.3.3\Redist\vcredist_x86.exe -d C:\Users\Ray\Desktop\IGG-Games\Terraria.v1.3.3.3\Redist
Task: {2195F490-49E6-4126-835E-8998EF7709BB} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {268C0E7D-DC42-4EE6-8345-4F4FE528E20A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-17] (Adobe Systems Incorporated)
Task: {2D8A0526-5158-4A76-B1C6-EDEF6B675BFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-15] (Google Inc.)
Task: {31D1913D-130D-4560-8DA7-CF0B951D4654} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\TXQQBrowser\Update\53A523DE78A45F1A3F1789E9544C5AAF\Update\BrowserUpdate.exe  <==== ATTENTION
Task: {39E6FCFF-07C0-447D-80DD-16C3B24B1358} - \EastmyUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {3F7BBE79-2CF7-4F15-951D-FE7BE5EF4E46} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-15] (Google Inc.)
Task: {49B4F497-5E6A-441C-B840-724D84A17526} - System32\Tasks\System Monitor => C:\ProgramData\563465\sysmon.exe 
Task: {52D090AB-8FA5-46A8-B1BF-11A443EFB6FB} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {543217C0-EE0A-4FA9-9022-35CDD0D8CB3B} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe  <==== ATTENTION
Task: {5442C993-D571-418C-9562-7DF2629A3DAD} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe 
Task: {65D349F7-3BEB-45DA-A340-417AD83E3A3B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3849293026-3514586367-1009552341-1000UA => C:\Users\Ray\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-25] (Google Inc.)
Task: {771A9AEA-DEE0-43E1-BE89-7A7B7AA2649E} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {97CDE040-896E-4305-9A8C-1393865F6A04} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {98637AF0-789A-4664-AA5F-995919AB6698} - System32\Tasks\KuaiZip_Update => X86\Update.exe  <==== ATTENTION
Task: {98B08F48-D132-4A77-B836-971B20A3DA87} - System32\Tasks\{ED676C37-31B2-40A6-8EF2-5EDCEA5D2683} => Chrome.exe hxxp://ui.skype.com/ui/0/7.27.0.101/en/abandoninstall?page=tsProgressBar
Task: {A35A8F91-DA17-42F1-A052-86D3771A0430} - \JambenUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {A667EBC5-9FFE-43B1-9AB3-5D6B47D574F4} - \JambenUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {B1AD33F8-1F02-4B02-962B-9027879F7F93} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== ATTENTION
Task: {B30E152B-2BCC-4A42-908B-B66C1AA035F9} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe 
Task: {B6EEB6B6-05B3-4E52-AB26-1BE4564116BE} - \JamjobUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {BBC8EB57-4DFF-456F-A54F-9CF64134D5BB} - System32\Tasks\WinTOOL => C:\ProgramData\wintools\WintoolUprI.exe 
Task: {BD2D1EDB-1445-4DA7-966D-EA36A610A8CB} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe 
Task: {C50B04CD-3698-4944-94D7-5E244E7DAE9A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-17] (Adobe Systems Incorporated)
Task: {CE49FE55-1A37-44AD-A6E3-883F6EA70C3C} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe  <==== ATTENTION
Task: {CEE15C1F-480C-4A3D-B89B-BB52ECB4E67F} - System32\Tasks\update-S-1-5-21-3849293026-3514586367-1009552341-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {D05FA850-9FA6-4008-AA09-336A8045727B} - \UncheckitUpdateTaskC -> No File <==== ATTENTION
Task: {EA51F3AE-049C-4578-96F4-93E0F6FCCC4D} - System32\Tasks\{94521977-6410-4CFC-9836-7FBB34D1EEA5} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
Task: {F051651E-D48A-42E8-9B78-35BB1109F823} - \UncheckitTaskMN -> No File <==== ATTENTION
Task: {F81BA4E1-F821-4571-9801-CE987C929885} - \UncheckitUpdateTaskDB -> No File <==== ATTENTION
Task: {FCBFFA06-BD8E-4652-BE81-7C6DBA5E160A} - \Bazkservse Agent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\windows\Tasks\update-S-1-5-21-3849293026-3514586367-1009552341-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9ba4829f748cfaeb\TANX.lnk -> C:\Users\Ray\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1480478314&z=44f1002f0620451816feabag7zab8e0z4mbbcc0gdw&from=archer1028&uid=ST500LT012-1DG142_W3PFAPRPXXXXW3PFAPRP
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1480478314&z=44f1002f0620451816feabag7zab8e0z4mbbcc0gdw&from=archer1028&uid=ST500LT012-1DG142_W3PFAPRPXXXXW3PFAPRP

==================== Loaded Modules (Whitelisted) ==============

2016-03-16 14:02 - 2010-09-10 12:26 - 00162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2016-03-31 12:37 - 2013-06-29 03:28 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-07-31 01:24 - 2016-07-31 01:24 - 00521920 _____ () C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
2016-03-16 13:47 - 2012-02-22 07:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-05-02 02:13 - 2016-11-14 16:58 - 00592384 _____ () C:\Users\Ray\AppData\Local\MEGAsync\ShellExtX64.dll
2017-04-01 10:08 - 2017-03-24 03:09 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-01 10:08 - 2017-03-24 03:10 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-09-06 18:29 - 2016-09-06 18:29 - 12472904 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2011-12-24 05:24 - 2011-12-24 05:24 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2017-04-02 12:46 - 2017-04-01 21:20 - 02879832 _____ () C:\Users\Ray\AppData\Local\Google\Chrome SxS\Application\59.0.3059.0\libglesv2.dll
2017-04-02 12:46 - 2017-04-01 21:20 - 00100696 _____ () C:\Users\Ray\AppData\Local\Google\Chrome SxS\Application\59.0.3059.0\libegl.dll
2016-11-02 17:15 - 2016-11-02 17:15 - 00216704 _____ () c:\program files (x86)\kuaizip\x86\kuaizipupdatechecker.dll
2017-03-31 06:38 - 2017-03-31 06:38 - 00033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2017-03-31 06:38 - 2017-03-31 06:38 - 00103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2017-03-31 06:38 - 2017-03-31 06:38 - 00111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll
2017-03-31 06:38 - 2017-03-31 06:38 - 00041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2017-03-31 06:38 - 2017-03-31 06:38 - 00405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll
2017-03-31 06:38 - 2017-03-31 06:38 - 00173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2017-03-31 06:38 - 2017-03-31 06:38 - 01934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2017-03-31 06:38 - 2017-03-31 06:38 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2017-03-31 06:38 - 2017-03-31 06:38 - 01780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2017-03-31 06:38 - 2017-03-31 06:38 - 00505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2017-03-31 06:38 - 2017-03-31 06:38 - 03812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2016-09-06 18:29 - 2016-09-06 18:29 - 00199752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2016-09-06 18:29 - 2016-09-06 18:29 - 00396872 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2016-09-06 18:29 - 2016-09-06 18:29 - 00173128 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2016-11-29 15:44 - 2016-11-29 15:41 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2016-07-21 11:43 - 2016-07-21 11:43 - 00482304 _____ () C:\Users\Ray\AppData\Local\MEGAsync\libsodium.dll
2010-11-23 10:56 - 2010-11-23 10:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2010-11-23 10:56 - 2010-11-23 10:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2010-11-23 10:56 - 2010-11-23 10:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2014-05-14 11:26 - 2014-05-14 11:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-14 11:26 - 2014-05-14 11:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2014-05-14 11:26 - 2014-05-14 11:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-14 11:26 - 2014-05-14 11:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 10:57 - 2010-11-23 10:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2010-11-23 10:56 - 2010-11-23 10:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2010-11-23 10:56 - 2010-11-23 10:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2010-11-23 10:56 - 2010-11-23 10:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2010-11-23 10:57 - 2010-11-23 10:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2010-11-23 10:57 - 2010-11-23 10:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2010-11-23 10:56 - 2010-11-23 10:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-16 06:17 - 2011-02-16 06:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2010-11-23 10:57 - 2010-11-23 10:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2014-05-14 11:26 - 2014-05-14 11:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 10:56 - 2010-11-23 10:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2010-11-23 10:56 - 2010-11-23 10:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-10-22 08:29 - 2015-10-22 08:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-10-22 08:29 - 2015-10-22 08:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2010-11-23 10:56 - 2010-11-23 10:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2010-11-23 10:56 - 2010-11-23 10:56 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pythoncom26.dll
2010-11-23 10:57 - 2010-11-23 10:57 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32com.shell.shell.pyd
2016-09-29 09:53 - 2016-09-29 09:53 - 02620112 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\ltc_host_ex.DLL
2015-06-27 11:09 - 2015-06-27 11:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2010-11-23 10:57 - 2010-11-23 10:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-20 05:08 - 2016-04-20 05:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-16 06:17 - 2011-02-16 06:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2010-11-23 11:06 - 2010-11-23 11:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2013-05-10 11:52 - 2013-05-10 11:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-10 11:52 - 2013-05-10 11:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2013-05-10 11:52 - 2013-05-10 11:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-04 06:57 - 2013-05-04 06:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-04 06:56 - 2013-05-04 06:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-04 06:56 - 2013-05-04 06:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-04 06:57 - 2013-05-04 06:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2013-05-04 06:56 - 2013-05-04 06:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-04 06:57 - 2013-05-04 06:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2013-05-04 06:57 - 2013-05-04 06:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-04 06:57 - 2013-05-04 06:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-04 06:57 - 2013-05-04 06:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2016-03-16 13:47 - 2012-02-22 07:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-03-18 18:02 - 2017-03-10 12:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-03-18 18:02 - 2016-09-01 13:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-03-18 18:02 - 2016-09-01 13:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-03-18 18:02 - 2016-09-01 13:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-03-18 18:02 - 2017-03-23 12:52 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2016-03-18 18:02 - 2016-01-27 19:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-03-18 18:02 - 2016-01-27 19:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-03-18 18:02 - 2016-01-27 19:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-03-18 18:02 - 2016-01-27 19:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-03-18 18:02 - 2016-01-27 19:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-03-18 18:02 - 2017-03-31 10:46 - 00848672 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-18 18:02 - 2016-07-05 10:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-24 08:49 - 2017-01-31 09:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-03-18 18:02 - 2017-03-23 12:52 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2011-08-16 15:12 - 2011-08-16 15:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2011-08-16 15:15 - 2011-08-16 15:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-18 11:41 - 2011-08-18 11:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-18 11:48 - 2011-08-18 11:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-11-26 08:29 - 2011-11-26 08:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-16 15:12 - 2011-08-16 15:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-18 11:48 - 2011-08-18 11:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-16 14:23 - 2011-08-16 14:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2011-11-26 08:28 - 2011-11-26 08:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2011-11-26 08:42 - 2011-11-26 08:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2011-11-26 08:26 - 2011-11-26 08:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2011-07-20 11:05 - 2011-07-20 11:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-07-20 11:04 - 2011-07-20 11:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2011-08-16 15:17 - 2011-08-16 15:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\windows\system32\drivers:x64 [1498914]
AlternateDataStreams: C:\windows\system32\drivers:x86 [1223458]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\...\roblox.com -> hxxp://www.roblox.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 14:34 - 2017-03-18 14:38 - 00000077 ____N C:\windows\system32\Drivers\etc\hosts

35.156.90.191 authserver.mojang.com
35.156.90.191 sessionserver.mojang.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3849293026-3514586367-1009552341-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\windows\pss\HandyAndy.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SRS Premium Sound HD => "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPSCMain => %ProgramFiles%\TOSHIBA\PeakShift\TPSCMain.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3B4CA29A-2811-4132-85DA-6CA78FF19F81}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6EA69414-6F52-4C99-AF8F-81556114054B}] => (Allow) LPort=2869
FirewallRules: [{65DB4554-BBA4-4E65-884A-590319ABB5CB}] => (Allow) LPort=1900
FirewallRules: [{55880EC4-FAB2-446C-AEC7-A11BB7853202}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9B2F8D4E-85D9-4B79-B356-6DACC7F924D0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{D1F7FE82-8542-41E5-8316-35796D777DF1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{A46B4A39-44FC-4DD6-AF92-EBF42503257B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{D7D67F1B-E2D8-4A44-AFD6-F1EC10E13652}C:\users\ray\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\ray\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{03790354-AFE1-43E2-B6C5-BCDDF61B79EC}C:\users\ray\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\ray\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{56EB283F-30D6-45FE-B60E-CEBF0313DFFE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{87EEA7B3-1366-43BE-B424-F905B06AA23D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DC7D42B3-24C2-4B4E-9169-68A7802BC85A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FD832184-3BE6-458B-BFDD-50D71056B2A9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{BB8F162F-C342-4EEB-AB9A-3FB7713EB6B4}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{9EE8A888-4B12-42B0-BCCF-4F171C0E87FD}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{EA97768E-7A5A-4F4A-B597-280C9EB9675A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{FF9A292F-EDD3-4C96-91C0-53CF91F3B4E8}C:\program files\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\java.exe
FirewallRules: [UDP Query User{813CB641-B1F6-4521-B05F-AA888507EA31}C:\program files\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\java.exe
FirewallRules: [{D8587AAF-307B-484F-8174-81E2DABDAE6B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6B9BB69A-B225-428C-8C6B-D820970ED6EA}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{51994CAC-09FB-435A-B045-96AEB6EDB9B6}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [{9AB8E068-19F6-45FB-BE69-CD57A5A15D0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{255046DF-78F7-40BD-80C4-D0AF465B7A62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{48852E68-7A7F-42CD-9254-3C40712B4C57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{76E0BC31-576C-49E8-BF8C-A7E2340F3833}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5AA8D100-472D-487F-B08F-E4150E98AF7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MachineCraft\McnCraft.exe
FirewallRules: [{C37B557B-E6C8-4640-A4B0-7C85E5E04086}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MachineCraft\McnCraft.exe
FirewallRules: [TCP Query User{18678AF1-3482-484C-8843-CDC94731C6C3}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{72F51C3D-27D9-40D0-96C8-7BC90A57CD63}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{5706F0D4-D676-4BD9-9841-6B029F809BB5}C:\program files\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\java.exe
FirewallRules: [UDP Query User{B137DB6A-1FA0-420B-A72E-6D75994F2A5A}C:\program files\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\java.exe
FirewallRules: [TCP Query User{0F013932-1BFB-4B65-9B4C-509647905C25}F:\igg-software.inc.v8.9.2\software inc.exe] => (Allow) F:\igg-software.inc.v8.9.2\software inc.exe
FirewallRules: [UDP Query User{F4EA5399-D791-4580-8205-C89D50996372}F:\igg-software.inc.v8.9.2\software inc.exe] => (Allow) F:\igg-software.inc.v8.9.2\software inc.exe
FirewallRules: [TCP Query User{0EAB6377-F523-459D-8CC8-130F83767A08}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [UDP Query User{52F92767-26DB-412A-A8AC-9801FD998E8A}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [TCP Query User{689F170B-01B2-497A-A38C-C312C054843C}C:0\igg-software.inc.v8.9.2\software inc.exe] => (Allow) C:0\igg-software.inc.v8.9.2\software inc.exe
FirewallRules: [UDP Query User{B06E1FEC-9038-4162-A022-3B3236E568B5}C:0\igg-software.inc.v8.9.2\software inc.exe] => (Allow) C:0\igg-software.inc.v8.9.2\software inc.exe
FirewallRules: [TCP Query User{E875C3AD-8BE3-45A8-99E6-018F8C059814}C:3\igg-software.inc.v8.9.2\software inc.exe] => (Allow) C:3\igg-software.inc.v8.9.2\software inc.exe
FirewallRules: [UDP Query User{73DFC0B1-3322-470A-93CD-ADF79598CF13}C:3\igg-software.inc.v8.9.2\software inc.exe] => (Allow) C:3\igg-software.inc.v8.9.2\software inc.exe
FirewallRules: [TCP Query User{0EDF1294-5050-4B03-AA7E-2B35A66CB556}C:\users\ray\appdata\local\roblox\versions\version-0866fa22561d45e3\robloxstudiobeta.exe] => (Allow) C:\users\ray\appdata\local\roblox\versions\version-0866fa22561d45e3\robloxstudiobeta.exe
FirewallRules: [UDP Query User{50AA46E4-C6AC-40A5-8693-CB4FD46C9122}C:\users\ray\appdata\local\roblox\versions\version-0866fa22561d45e3\robloxstudiobeta.exe] => (Allow) C:\users\ray\appdata\local\roblox\versions\version-0866fa22561d45e3\robloxstudiobeta.exe
FirewallRules: [{09C425F6-6F71-4054-B255-CFDA55CDEC0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{E10ADC25-7847-436B-9EEC-9D9D50209274}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [TCP Query User{40776379-60F7-4138-AA8A-EFA83955002A}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{945913D5-D70D-4E7A-BB51-0C8F7BEB8106}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [TCP Query User{0481418B-9B2E-4436-B822-F67F501ABA12}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{1A84086D-B60F-4554-9D2D-043A07687074}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{493CA268-6D0C-451D-A466-323FD73149E5}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{33B73CD2-70EF-47F7-AEF6-F6CDD99C3284}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{7C12E7A3-1556-4F18-A6CE-5F924E651644}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{83B53801-7076-4A6E-9904-D8A3B1769F21}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{63BD8B2D-5A79-42AD-B766-B15F089FC6C9}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{FE875C81-EAEB-49D6-9ABC-977AED283865}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{F9125903-9DAD-46D8-B31A-F67AC3D25398}C:\program files (x86)\psyonix\rocket.league.v1.06.steam-rip\binaries\win32\rocketleague.exe] => (Allow) C:\program files (x86)\psyonix\rocket.league.v1.06.steam-rip\binaries\win32\rocketleague.exe
FirewallRules: [UDP Query User{08C3611B-B663-4B79-97F7-71823DEC4A9C}C:\program files (x86)\psyonix\rocket.league.v1.06.steam-rip\binaries\win32\rocketleague.exe] => (Allow) C:\program files (x86)\psyonix\rocket.league.v1.06.steam-rip\binaries\win32\rocketleague.exe
FirewallRules: [{4D809EED-2DBC-4627-A87C-CB2B800F5457}] => (Allow) C:\Users\Ray\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D1B120F9-40B8-457C-BD76-01D0EF9DF4F1}] => (Allow) C:\Users\Ray\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6535B888-C9C8-4EB3-AED1-4A89AB3FF8C1}] => (Allow) C:\Users\Ray\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{512F39A4-F76B-4FA8-8708-91E2854DC066}] => (Allow) C:\Users\Ray\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E4A01025-00BC-4F4C-8969-84D3267864A7}] => (Allow) C:\Users\Ray\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F1DEA4A4-BE4B-44F8-A951-E43B59F2130D}] => (Allow) C:\Users\Ray\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2366B3E3-AACF-4E5F-BCC4-83D8C0383CA5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{069B976A-5C84-41E0-9400-C2715639CC3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62E87B6E-597F-44E8-81C2-5D3E51EF88F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0ED7E41E-C2E5-48CA-9D7B-641B0FD75C3D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{999B2E2D-148C-44F8-BF62-766F632483C0}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{36EF3415-1C77-4B25-A079-743F6800B358}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{AE784DFC-B031-494E-8127-597AD09E3548}C:\program files (x86)\star conflict\launcher.exe] => (Allow) C:\program files (x86)\star conflict\launcher.exe
FirewallRules: [UDP Query User{C5E1ABC8-556E-4892-98F5-2EC3A5C1F491}C:\program files (x86)\star conflict\launcher.exe] => (Allow) C:\program files (x86)\star conflict\launcher.exe
FirewallRules: [TCP Query User{2DD4618F-5CC5-498A-B83A-DF42357A009F}C:\users\ray\desktop\igg-games\igg-golf.with.friends.v0.0.9\golf with your friends.exe] => (Allow) C:\users\ray\desktop\igg-games\igg-golf.with.friends.v0.0.9\golf with your friends.exe
FirewallRules: [UDP Query User{9FFE6BCD-4875-4D08-ADE8-CCA9D949FC69}C:\users\ray\desktop\igg-games\igg-golf.with.friends.v0.0.9\golf with your friends.exe] => (Allow) C:\users\ray\desktop\igg-games\igg-golf.with.friends.v0.0.9\golf with your friends.exe
FirewallRules: [{2B2D0A42-226D-4776-862B-151C874676AF}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{6C01D357-963F-4A53-A409-005F06A25BA7}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{4EAF6815-4DB9-4DD5-BC80-2201735C8415}] => (Allow) C:\Users\Ray\AppData\Local\Temp\Uninstall.exe
FirewallRules: [{70A34947-54F9-4D38-B56B-BC73A3101FB0}] => (Allow) C:\Users\Ray\AppData\Local\Temp\Uninstall.exe
FirewallRules: [{5672FB35-F485-4B8C-93DB-5D095727AB49}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{917BDF27-921A-4BE6-A335-387C1FA86DDE}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{052A066C-92B4-4E33-B7D1-199D3DE2CE57}] => (Allow) C:\Users\Ray\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{AF3E314A-2375-4BE6-9573-0EE026B9B4AD}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{81E271E7-67BA-4355-9633-BAE67B23E67E}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{FB7747DF-92E5-4DE9-99E3-83C0AA46B458}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{DE8256AA-8853-43CE-9739-BDA941387E91}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{B134632B-527C-40AC-ABA0-A5F164664E30}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{510B19A9-A51A-4810-84D3-B9084D9C001C}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{4DBD17F5-30F9-40D0-9582-211B46291FCC}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{33985685-75A9-4F4D-8314-E57FF6C83886}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{16BB1B08-7E85-4EA1-B526-E59EC12D2C97}] => (Allow) C:\Users\Ray\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{E00316B7-B42E-414F-915A-D72DC72630A5}] => (Allow) C:\Users\Ray\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{6ED8D461-0031-4C4A-92C6-6773689CD9E3}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [TCP Query User{DC518389-2BBA-4953-A161-B28F4121E208}C:\users\ray\desktop\igg-carrrrmechanicsimulator.2015.v1.0.7.6\cms2015.exe] => (Allow) C:\users\ray\desktop\igg-carrrrmechanicsimulator.2015.v1.0.7.6\cms2015.exe
FirewallRules: [UDP Query User{6574F942-43C5-4C75-86A8-A23BEBD1C987}C:\users\ray\desktop\igg-carrrrmechanicsimulator.2015.v1.0.7.6\cms2015.exe] => (Allow) C:\users\ray\desktop\igg-carrrrmechanicsimulator.2015.v1.0.7.6\cms2015.exe
FirewallRules: [TCP Query User{84758FF0-7894-459C-8DC0-3076B71E4A33}C:\users\ray\desktop\igg-games\igg-carrrrmechanicsimulator.2015.v1.0.7.6\cms2015.exe] => (Allow) C:\users\ray\desktop\igg-games\igg-carrrrmechanicsimulator.2015.v1.0.7.6\cms2015.exe
FirewallRules: [UDP Query User{A1FB6EFC-49F2-46BB-991E-541B8976C50B}C:\users\ray\desktop\igg-games\igg-carrrrmechanicsimulator.2015.v1.0.7.6\cms2015.exe] => (Allow) C:\users\ray\desktop\igg-games\igg-carrrrmechanicsimulator.2015.v1.0.7.6\cms2015.exe
FirewallRules: [{6711A7FB-72B6-4DAC-BE03-A51E2EAA4C77}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe
FirewallRules: [TCP Query User{08F28956-CB34-45C5-95E8-C76986385084}C:\users\ray\desktop\igg-games\igg-slime.rancher.v0.3.0b\x64\slimerancher.exe] => (Allow) C:\users\ray\desktop\igg-games\igg-slime.rancher.v0.3.0b\x64\slimerancher.exe
FirewallRules: [UDP Query User{68665E46-4BE9-4040-B7B2-9598B63B8DD9}C:\users\ray\desktop\igg-games\igg-slime.rancher.v0.3.0b\x64\slimerancher.exe] => (Allow) C:\users\ray\desktop\igg-games\igg-slime.rancher.v0.3.0b\x64\slimerancher.exe
FirewallRules: [TCP Query User{E09ACBFF-2D6B-4A37-9463-1EC9AC53EB4B}C:\users\ray\desktop\igg-games\igg-scrap.mechanic.v0.1.31\release\scrapmechanic.exe] => (Allow) C:\users\ray\desktop\igg-games\igg-scrap.mechanic.v0.1.31\release\scrapmechanic.exe
FirewallRules: [UDP Query User{8713C277-A3B7-4DC8-9BF7-20C7C020790F}C:\users\ray\desktop\igg-games\igg-scrap.mechanic.v0.1.31\release\scrapmechanic.exe] => (Allow) C:\users\ray\desktop\igg-games\igg-scrap.mechanic.v0.1.31\release\scrapmechanic.exe
FirewallRules: [TCP Query User{E4156320-D551-40A7-AD54-927614DF93D7}C:\users\ray\desktop\igg-games\igg-turmoil.v1.1u1\turmoilsteam.exe] => (Allow) C:\users\ray\desktop\igg-games\igg-turmoil.v1.1u1\turmoilsteam.exe
FirewallRules: [UDP Query User{00754B49-0B03-4597-8B8B-B40D574822CE}C:\users\ray\desktop\igg-games\igg-turmoil.v1.1u1\turmoilsteam.exe] => (Allow) C:\users\ray\desktop\igg-games\igg-turmoil.v1.1u1\turmoilsteam.exe
FirewallRules: [TCP Query User{6EBEA29C-7333-425B-83C2-9A695474A5DB}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Block) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [UDP Query User{6D360F7B-D7B1-4127-9B78-02213F751451}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Block) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [TCP Query User{927CF75A-43BC-41E2-AE6F-FD83C22BBA94}C:\program files (x86)\r.g. mechanics\farming simulator 15\x86\farmingsimulator2015game.exe] => (Allow) C:\program files (x86)\r.g. mechanics\farming simulator 15\x86\farmingsimulator2015game.exe
FirewallRules: [UDP Query User{254F0EB6-CA08-4D1E-AC2E-2FA8AA64B9E4}C:\program files (x86)\r.g. mechanics\farming simulator 15\x86\farmingsimulator2015game.exe] => (Allow) C:\program files (x86)\r.g. mechanics\farming simulator 15\x86\farmingsimulator2015game.exe
FirewallRules: [TCP Query User{251F602B-2746-40D1-A510-1DD919BB6AD0}C:\users\ray\desktop\igg-games\software.inc.v8.11.24\software inc.exe] => (Allow) C:\users\ray\desktop\igg-games\software.inc.v8.11.24\software inc.exe
FirewallRules: [UDP Query User{E28AE2F7-021D-422B-A191-24A24DC7CDF3}C:\users\ray\desktop\igg-games\software.inc.v8.11.24\software inc.exe] => (Allow) C:\users\ray\desktop\igg-games\software.inc.v8.11.24\software inc.exe
FirewallRules: [{5816CDE8-AB05-46D9-B812-1A379152D9AE}] => (Allow) C:\ProgramData\Jamjob\Jamjob.exe
FirewallRules: [{50D0B6B2-3E50-4049-907A-BE9F60F269BF}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{30889796-1E4E-430F-A939-4EE35D217162}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{7EE000F2-CB65-4FB9-B7B5-AC7AAA20C9A1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{EC32B1DA-0775-4FE0-AE58-9E2B54854D2B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{57EF4A36-836A-4C9A-AFE1-A4A5E1C36FED}C:\program files (x86)\bangboat\application\chrome.exe] => (Block) C:\program files (x86)\bangboat\application\chrome.exe
FirewallRules: [UDP Query User{9A372454-3770-4ABA-A456-2C9054891B52}C:\program files (x86)\bangboat\application\chrome.exe] => (Block) C:\program files (x86)\bangboat\application\chrome.exe
FirewallRules: [{4646ACAA-BFC4-4A11-BF9A-77B3D4A74FD5}] => (Allow) C:\Program Files (x86)\Input Director\InputDirector.exe
FirewallRules: [{C680F71F-E9A5-4A6F-A52A-EB6301DBA701}] => (Allow) C:\Program Files (x86)\Input Director\InputDirector.exe
FirewallRules: [{A3AC544D-F35C-4B65-A28A-76EA9A1A7235}] => (Allow) C:\Program Files (x86)\Input Director\InputDirector.exe
FirewallRules: [{7C716A8E-8916-48CC-9BB6-A8F2D823C4E9}] => (Allow) C:\Program Files (x86)\Input Director\InputDirector.exe
FirewallRules: [{EEA3536D-21FE-417C-A4F7-C8D606F35AE1}] => (Allow) C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
FirewallRules: [{A34BBE47-E4CE-45A5-A804-D6E85EF77322}] => (Allow) C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
FirewallRules: [{9C5F0ABF-FB59-4792-AEB2-7E2661220F94}] => (Allow) C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
FirewallRules: [{05B9C88B-4EFF-4F73-88EC-BC0DB195B010}] => (Allow) C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
FirewallRules: [{6F8E9EBF-2BFF-4630-A2CD-B1E346793089}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{A3703ECA-83CD-4EE0-BA68-57C54EFC1470}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{33CF921B-886E-48D7-A92B-549271C4D083}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{2711BDF7-3EA1-4C95-BC3D-36A7DB7CB03A}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{2BB759B7-2681-4F5B-A444-2DB7D1468B9B}C:\users\ray\desktop\igg-games\from.the.depths.v1.95888\from_the_depths.exe] => (Allow) C:\users\ray\desktop\igg-games\from.the.depths.v1.95888\from_the_depths.exe
FirewallRules: [UDP Query User{392F772C-7C8A-4197-8FFF-97C98A951CA9}C:\users\ray\desktop\igg-games\from.the.depths.v1.95888\from_the_depths.exe] => (Allow) C:\users\ray\desktop\igg-games\from.the.depths.v1.95888\from_the_depths.exe
FirewallRules: [{418A971C-FA4B-4B6F-9114-5952E35F1DF0}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{7EF4668C-7DC5-4FE1-8680-1D6CEEB5559A}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{401D93D8-171A-4ACA-8572-149253F44570}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [TCP Query User{8B140A83-B29C-4411-A775-613416F99BFB}C:\games\slime rancher v0.4.0\x64\slimerancher.exe] => (Allow) C:\games\slime rancher v0.4.0\x64\slimerancher.exe
FirewallRules: [UDP Query User{666E48AF-FA1A-4F25-AFBD-835A0DE89348}C:\games\slime rancher v0.4.0\x64\slimerancher.exe] => (Allow) C:\games\slime rancher v0.4.0\x64\slimerancher.exe
FirewallRules: [{38D6B826-424E-4442-8EDD-61FF45D1BC67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galaxy Control 3D Strategy\gc.exe
FirewallRules: [{C035C143-44E2-4375-B6D3-3D79D732E0A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Galaxy Control 3D Strategy\gc.exe
FirewallRules: [TCP Query User{F6C581F3-E4A2-4F58-A6C0-8EADAB375F96}C:\users\ray\desktop\astroneer.pre-alpha.v0.2.108.0\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\users\ray\desktop\astroneer.pre-alpha.v0.2.108.0\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [UDP Query User{EBC95F94-D649-4351-93AB-B433724F420A}C:\users\ray\desktop\astroneer.pre-alpha.v0.2.108.0\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\users\ray\desktop\astroneer.pre-alpha.v0.2.108.0\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [{EC7E8C88-4773-4BCF-AE7E-D508C1A9A35A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3F9C1EDC-4FF6-48DA-AAA7-0B7700CE54E6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{366CFB79-4A42-4A10-BCDA-83E55067B572}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C2704F55-F613-442A-BEB6-5AF7C9784A8E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{E9E709C4-59CC-4B85-8E57-1085FDEF4734}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{9855E145-1C99-42F7-A6D4-1EEECB0F765E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{DB4CDA35-E2E5-4819-8BC0-27AB675F38B2}] => (Allow) C:\Program Files\Reflector 2\Reflector2.exe
FirewallRules: [TCP Query User{062FFB4E-70A5-4183-933F-278EA906581E}C:\program files\factorio\bin\x64\factorio.exe] => (Allow) C:\program files\factorio\bin\x64\factorio.exe
FirewallRules: [UDP Query User{9C8EF40E-654A-41AD-BF11-ED3D897FD295}C:\program files\factorio\bin\x64\factorio.exe] => (Allow) C:\program files\factorio\bin\x64\factorio.exe
FirewallRules: [{74526C34-94C5-48C5-B8C5-965ADCE52D0B}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{FB6FF88F-31FB-4D63-B352-4101F96884DB}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{78E56BDE-2A5A-45AC-A5FD-5DD4CCF1BB15}C:\users\ray\desktop\igg-games\astroneer.pre-alpha.v0.2.108.0\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\users\ray\desktop\igg-games\astroneer.pre-alpha.v0.2.108.0\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [UDP Query User{7A75F0D2-0C3F-44FE-97F3-D138DE13780A}C:\users\ray\desktop\igg-games\astroneer.pre-alpha.v0.2.108.0\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\users\ray\desktop\igg-games\astroneer.pre-alpha.v0.2.108.0\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [{F5AE6CB5-F3AA-446F-8F1E-63D0336991BB}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{D96183B9-4DD5-49CD-AEC1-C50CE50E5A72}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{30D3A004-59EB-4FD4-96C2-F517F93DE1A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{F55084F8-FD8A-4A9C-B218-391104F666D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{7136C8D7-5079-4374-9D7E-39CD65448896}] => (Allow) C:\Program Files (x86)\MIO\loader\st500lt012-1dg142_w3pfaprpxxxxw3pfaprp.exe
FirewallRules: [{2C311803-AF75-418B-AEEA-E251107F35B8}] => (Allow) C:\Program Files (x86)\MIO\loader\st500lt012-1dg142_w3pfaprpxxxxw3pfaprp.exe
FirewallRules: [{DB1EC5CD-5D17-4FE9-BA82-BE13ED1CEBC2}] => (Allow) C:\Program Files (x86)\Antper\Application\chrome.exe
FirewallRules: [{F0D241D3-A777-4F14-9734-7059577AC67D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{212FD425-2C02-468B-8498-13FBF12FCC64}C:\users\ray\desktop\igg-games\software.inc.alpha.9.1.3\software inc.exe] => (Allow) C:\users\ray\desktop\igg-games\software.inc.alpha.9.1.3\software inc.exe
FirewallRules: [UDP Query User{16D817CC-8939-4569-81BC-33CB12E4E206}C:\users\ray\desktop\igg-games\software.inc.alpha.9.1.3\software inc.exe] => (Allow) C:\users\ray\desktop\igg-games\software.inc.alpha.9.1.3\software inc.exe
FirewallRules: [TCP Query User{87C670BB-C2BE-4C98-BAAC-05BD32143C7E}C:\users\ray\desktop\igg-games\avorion.v0.10.2.r7448\bin\avorion.exe] => (Allow) C:\users\ray\desktop\igg-games\avorion.v0.10.2.r7448\bin\avorion.exe
FirewallRules: [UDP Query User{3E5D15FB-8CBD-4790-B6EA-E0D464D61F66}C:\users\ray\desktop\igg-games\avorion.v0.10.2.r7448\bin\avorion.exe] => (Allow) C:\users\ray\desktop\igg-games\avorion.v0.10.2.r7448\bin\avorion.exe
FirewallRules: [TCP Query User{B7ED60FE-545B-4D02-B08A-D108FFCC984D}C:\users\ray\desktop\igg-games\avorion.v0.10.2.r7448\bin\avorionserver.exe] => (Allow) C:\users\ray\desktop\igg-games\avorion.v0.10.2.r7448\bin\avorionserver.exe
FirewallRules: [UDP Query User{50EE8B4B-1381-4BE4-AE8A-5093732FF58E}C:\users\ray\desktop\igg-games\avorion.v0.10.2.r7448\bin\avorionserver.exe] => (Allow) C:\users\ray\desktop\igg-games\avorion.v0.10.2.r7448\bin\avorionserver.exe
FirewallRules: [{E4E06D61-D155-4115-8D49-3422A653C50C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{97AB1A03-3E3D-4865-9AEA-D72F5CADC4F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{88DF55C6-2AC7-4476-B47C-F27B76D825B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{6370599C-9AF3-4B3B-BE0C-40118910A469}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [TCP Query User{54471C8B-ADB2-4328-BAF8-65EF28EDE1E6}C:\users\ray\desktop\igg-games\oxygen.not.included.v206776\oxygennotincluded.exe] => (Allow) C:\users\ray\desktop\igg-games\oxygen.not.included.v206776\oxygennotincluded.exe
FirewallRules: [UDP Query User{4DD4F51B-289B-427B-B883-7B8AA637BC3A}C:\users\ray\desktop\igg-games\oxygen.not.included.v206776\oxygennotincluded.exe] => (Allow) C:\users\ray\desktop\igg-games\oxygen.not.included.v206776\oxygennotincluded.exe
FirewallRules: [TCP Query User{7C139197-5236-4FD0-BCE7-66E897709394}C:\users\ray\desktop\igg-games\software.inc.alpha.9.4.2\software inc.exe] => (Allow) C:\users\ray\desktop\igg-games\software.inc.alpha.9.4.2\software inc.exe
FirewallRules: [UDP Query User{F6CA6A79-E5C7-4D16-82EE-544A7529CEAB}C:\users\ray\desktop\igg-games\software.inc.alpha.9.4.2\software inc.exe] => (Allow) C:\users\ray\desktop\igg-games\software.inc.alpha.9.4.2\software inc.exe
FirewallRules: [TCP Query User{44A6CFF3-A096-4B38-B2E2-45728A17E783}C:\users\ray\desktop\igg-games\avorion.v0.10.5\bin\avorion.exe] => (Block) C:\users\ray\desktop\igg-games\avorion.v0.10.5\bin\avorion.exe
FirewallRules: [UDP Query User{9872BBE4-23D4-4C58-8996-EEA4E4626288}C:\users\ray\desktop\igg-games\avorion.v0.10.5\bin\avorion.exe] => (Block) C:\users\ray\desktop\igg-games\avorion.v0.10.5\bin\avorion.exe
FirewallRules: [TCP Query User{79A4C602-A144-4146-AF7B-1BD16E8DC19C}C:\users\ray\desktop\igg-games\avorion.v0.10.5\bin\avorionserver.exe] => (Allow) C:\users\ray\desktop\igg-games\avorion.v0.10.5\bin\avorionserver.exe
FirewallRules: [UDP Query User{B46A5697-9A34-4903-A4B3-4865D0880057}C:\users\ray\desktop\igg-games\avorion.v0.10.5\bin\avorionserver.exe] => (Allow) C:\users\ray\desktop\igg-games\avorion.v0.10.5\bin\avorionserver.exe
FirewallRules: [TCP Query User{698C01CE-560F-4200-92DF-777227AEDF52}C:\users\ray\desktop\igg-games\oxygen.not.included.v208689\oxygennotincluded.exe] => (Allow) C:\users\ray\desktop\igg-games\oxygen.not.included.v208689\oxygennotincluded.exe
FirewallRules: [UDP Query User{0C91555B-C8DE-47A9-BA40-92A8041FFC0C}C:\users\ray\desktop\igg-games\oxygen.not.included.v208689\oxygennotincluded.exe] => (Allow) C:\users\ray\desktop\igg-games\oxygen.not.included.v208689\oxygennotincluded.exe
FirewallRules: [TCP Query User{91A2495B-D4D0-4B15-823C-9D3975D99D5B}C:\users\ray\desktop\igg-games\oxygen.not.included.v208689\oxygennotincluded.exe] => (Allow) C:\users\ray\desktop\igg-games\oxygen.not.included.v208689\oxygennotincluded.exe
FirewallRules: [UDP Query User{BBD68EB9-FF62-43CF-9C96-1EB55778D795}C:\users\ray\desktop\igg-games\oxygen.not.included.v208689\oxygennotincluded.exe] => (Allow) C:\users\ray\desktop\igg-games\oxygen.not.included.v208689\oxygennotincluded.exe
FirewallRules: [TCP Query User{077CCE73-1082-4556-BB1E-D3A5B3C6DC1B}C:\users\ray\desktop\igg-games\from.the.depths.v1.966\from_the_depths.exe] => (Allow) C:\users\ray\desktop\igg-games\from.the.depths.v1.966\from_the_depths.exe
FirewallRules: [UDP Query User{3122A9F6-7A38-4AA9-8005-DB7C91B4518F}C:\users\ray\desktop\igg-games\from.the.depths.v1.966\from_the_depths.exe] => (Allow) C:\users\ray\desktop\igg-games\from.the.depths.v1.966\from_the_depths.exe
FirewallRules: [TCP Query User{F694EC23-9B47-47C7-A7E8-FC2623E23351}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{B4B1EE19-7302-4DE9-9914-A0DB986C3448}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{A431241B-698F-493C-8B8D-260BFBF7B02B}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{34362E68-D171-42F5-84B7-A3105F187AF3}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{CC4E6CDA-DF2D-4262-869E-4D6F8DEEC81C}C:\users\ray\desktop\igg-games\factory.engineer.v1.0.1\factory engineer.exe] => (Block) C:\users\ray\desktop\igg-games\factory.engineer.v1.0.1\factory engineer.exe
FirewallRules: [UDP Query User{DC181A8B-5645-4B68-B442-0C9C0FE9F71D}C:\users\ray\desktop\igg-games\factory.engineer.v1.0.1\factory engineer.exe] => (Block) C:\users\ray\desktop\igg-games\factory.engineer.v1.0.1\factory engineer.exe
FirewallRules: [TCP Query User{E44EA403-E3E6-4DD2-92BE-E821DE92DE0D}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{754377B0-7929-43C3-9F27-C646B3F1F9EB}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [{E199FE45-413B-4D2F-9ABE-71FBC0391EE8}] => (Allow) C:\Program Files (x86)\MIO\loader\st500lt012-1dg142_w3pfaprpxxxxw3pfaprp.dat
FirewallRules: [{22528440-4591-4D1F-94C4-201A60191D66}] => (Allow) C:\Program Files (x86)\MIO\loader\st500lt012-1dg142_w3pfaprpxxxxw3pfaprp.dat
FirewallRules: [{B67B90F2-DE25-4918-99BB-45501E821900}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{A2DA51ED-EC81-4945-AC75-9C621540095F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe

==================== Restore Points =========================

30-03-2017 20:28:31 Windows Update
02-04-2017 08:08:20 Free Antivirus - 2/04/2017 8:08
03-04-2017 17:09:33 Windows Update

==================== Faulty Device Manager Devices =============

Name: TOSHIBA Web Camera
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: MpKsl8d85e2bd
Description: MpKsl8d85e2bd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl8d85e2bd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: YAC NDIS Driver
Description: YAC NDIS Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: iSafeNetFilter
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter #2
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TsDefenseBt
Description: TsDefenseBt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: TSDefenseBt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: UCGuard
Description: UCGuard
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: UCGuard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2017 04:07:32 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (04/04/2017 04:07:32 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (04/04/2017 04:07:32 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (04/04/2017 04:07:32 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (04/04/2017 04:07:21 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (04/04/2017 04:07:21 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (04/04/2017 04:07:21 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (04/04/2017 04:07:21 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (04/04/2017 04:07:12 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (04/04/2017 04:07:12 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)


System errors:
=============
Error: (04/04/2017 04:16:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 48 time(s).

Error: (04/04/2017 04:16:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
The system cannot find the file specified.

Error: (04/04/2017 04:16:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 47 time(s).

Error: (04/04/2017 04:16:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
The system cannot find the file specified.

Error: (04/04/2017 04:16:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 46 time(s).

Error: (04/04/2017 04:16:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
The system cannot find the file specified.

Error: (04/04/2017 04:16:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 45 time(s).

Error: (04/04/2017 04:16:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
The system cannot find the file specified.

Error: (04/04/2017 04:16:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 44 time(s).

Error: (04/04/2017 04:16:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
The system cannot find the file specified.


CodeIntegrity:
===================================
  Date: 2017-03-30 16:15:36.379
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-30 16:15:35.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-30 16:15:35.911
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-30 16:15:35.833
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-17 16:26:28.940
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-17 16:26:28.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-17 16:26:28.690
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-17 16:26:28.628
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-13 16:42:05.742
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-13 16:42:04.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 57%
Total physical RAM: 6887.8 MB
Available physical RAM: 2913.19 MB
Total Virtual: 13773.79 MB
Available Virtual: 9325.1 MB

==================== Drives ================================

Drive c: (S3A9565D003) (Fixed) (Total:451.67 GB) (Free:216.44 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: C02FA5FE)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=451.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.6 GB) - (Type=17)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Thanks for those logs, continue with the following:

Uninstall the following if shown in installed programs list:

BikaQ Rss
WinSnare
YAC(Yet Another Cleaner!)
YellowSend


Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Please download Junkware Removal Tool to your desktop.
 
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin...

fixlist.txt

Edited by kevinf80
typing error
Link to post
Share on other sites

After a scan I found 35,000 infected files from malwarebytes, the only issue is the time, after 6000 or so files were quarantined, and by then I was going to go to bed, so I shut down my computer, now malwarebytes neglects to open. Edit: it works fine now. I'll scan again and deal with them.

MalwareLog.txt

Edited by MrSpike
Link to post
Share on other sites

  • 2 weeks later...

Thanks for the help, but sadly Its no longer needed. I restarted my pc, and well apparently my master reboot was deleted. Only way was for a factory reset. So that fixes the viruses. I recovered the very core files I needed using recuva. Thanks for the help anyway though.

- MrSpike

Edited by MrSpike
spelling
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.