Jump to content

Recommended Posts

Hello,  My computer is already infected.  I am unable to run Malware bytes.  It "cannot connect to the service".  I ran the anti rootkit tool.  I gave me the "DDA Driver was not installed error". I downloaded the FARBAR toolkit, executed it, and it has created the attached 'FRST.txt' and the 'addition.txt file'.

Please note that FARBAR crashed , so the .TXT files may not be complete.

Please help!

 

Thanks,

 

Mike

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Hi MikeMurphy :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Please give me a few hours to review your logs and get back at you.

Link to post
Share on other sites

Thank you for waiting.

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

  • Driver Updater


If you have an issue when uninstalling a program, please let me know.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

fixlist.txt

Link to post
Share on other sites
1 hour ago, Aura said:

Thank you for waiting.

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

  • Driver Updater


If you have an issue when uninstalling a program, please let me know.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

 

fixlisttxt

 

Link to post
Share on other sites

How do I download 'fixlist.txt'.  I tried double clicking to open, right clicking to save it etc.  I dragged to the desktop and it is just a link to this web address.  Is there some easy functionality within this forum? 

Link to post
Share on other sites

It seems that if I try opening it in a separate tab, it does it and then that tab shuts right away.  It seems its the virus?  Perhaps you can copy and paste the TXT into a post and I cann then copy/paste into a txt?  Is there a PM functionality in the site? 

Link to post
Share on other sites

You can create the fixlist.txt yourself, yes. Create a new text file, save it as fixlist.txt and copy/paste the following inside it:

CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [gplyra] => C:\Users\murph\AppData\Roaming\gplyra\gplyra\start.cmd <===== ATTENTION
HKLM\...\RunOnce: [DESKTOP-3FHNIRL] => C:\Windows\TEMP\gD07F.tmp.exe [239104 2017-06-24] () <===== ATTENTION
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <======= ATTENTION
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\Run: [fade4cca898c41f1d25eea0bcf1504f0] => "D:\Downloads\BO3Multihack\BO3Multihack\Bo3Multihack.exe" ..
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\Run: [Ca013i5M8Y.exe] => C:\Program Files\Microsoft Silverlight\OC4XLBAI903JFMRV631PM1UZSW3\Ca013i5M8Y.exe -r1_5 -r2_1
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\Run: [msiql] => C:\Users\murph\AppData\Local\Temp\is-Q5PT3.tmp\PopWnd.exe /RUNNING <===== ATTENTION
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe /autostart <===== ATTENTION
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\Policies\Explorer: [] 

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\murph\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\murph\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\murph\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [JzShlobj] -> {9A0700D2-920A-4E52-8697-9B5230C92612} => C:\Program Files (x86)\Maoha\JiSuZip\JZipExt.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\murph\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\murph\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\murph\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131155763316509832&GUID=5CCC036A-E22B-4D4F-93BD-6D145DFAFF28
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKLM -> DefaultScope {57141A7D-6572-4F7E-A846-93ECD94127E0} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1523608283-3295547807-88052705-1001 -> DefaultScope {57141A7D-6572-4F7E-A846-93ECD94127E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1523608283-3295547807-88052705-1001 -> Yahoo URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=oberhp&type=pogogamestoolbar
SearchScopes: HKU\S-1-5-21-1523608283-3295547807-88052705-1001 -> {21496AA1-4961-428D-B41E-AA3A67596070} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H5Kzbcnbl1AU,fa77f059-d30a-477c-9b95-63a6d5d82df7,
SearchScopes: HKU\S-1-5-21-1523608283-3295547807-88052705-1001 -> {57141A7D-6572-4F7E-A846-93ECD94127E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File

FF DefaultSearchEngine: Mozilla\Firefox\Profiles\4j9chsr5.default -> Поиск@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4j9chsr5.default -> Поиск@Mail.Ru

CHR Extension: (Search Optimization) - C:\Users\murph\AppData\Local\jiobodfkmdffkcajblpbomgodflafoph [2017-06-18]
CHR HKU\S-1-5-21-1523608283-3295547807-88052705-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\murph\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx

S2 AdBlockerService; C:\Program Files (x86)\AdBlocker\AdBlockerService.exe [X]
S2 JszipService; C:\Program Files (x86)\Maoha\JiSuZip\JszipSvc.exe [X] <==== ATTENTION
S2 Recover; C:\Program Files\Internet Explorer\R39OTQDEXSL21NSI8\jAW8vEx'aL.exe [X]
S3 WsAppService; "C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe" [X]
R1 JszipProtect; C:\Program Files (x86)\Maoha\JiSuZip\JsZipProtect64.sys [39256 2016-12-26] () <==== ATTENTION
R2 Auhardwaregl; C:\Windows\SysWow64\Auhardwaregl.dll [454440 2017-05-20] ()
S3 MFE_RR; C:\Users\murph\AppData\Local\Temp\mfe_rr.sys [24120 2017-06-24] (McAfee, Inc.) <==== ATTENTION
R1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [907160 2017-05-20] () <==== ATTENTION
R2 Uefochubsrv; C:\WINDOWS\system32\drivers\Uefochubsrv.sys [196640 2017-05-20] () <==== ATTENTION
R1 WiserIso; C:\Windows\System32\Drivers\vcdrom.sys [25432 2016-12-26] () <==== ATTENTION
in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DriverUpdate (x32 Version: 2.7.3 - Slimware Utilities Holdings, Inc.) Hidden

CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{00F064D8-FEC3-48ac-B07D-39C314D1727B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4A01BB76E5BF}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{13009989-EFB5-48C9-8BD2-943E0392BD71}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\RxAppCtrl.Ocx => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD LT 2016\acadlt.exe => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{18A21864-E37B-42b9-9612-2C1E8C450A29}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{21DB88B0-BFBF-11D4-8DE6-0010B541CAA8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\iDrop.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{2F8377FC-50C1-44EF-AB7A-8FF1BB8EA277}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{3FC94EB5-AEBD-4f3f-A2A4-B6CE57113C01}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\RxAppDocView.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{45122C53-8483-4b62-B15A-EAA9FE5FC3D5}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{49E0BE0A-39E0-4932-B7BE-F249D56ACD31}\InprocServer32 -> csp16.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{4C80573A-9150-11d2-B772-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\RxAppDocView.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{4E6F2E83-E7F0-4333-9772-875EB733C820}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\RxTest.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{644190AE-BD8F-493F-B63D-C79404AC5E07}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{6FDE7A70-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtBridge.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{6FDE7A71-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtBridge.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{6FDE7A72-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtBridge.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{6FDE7A73-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtBridge.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{6FDE7A74-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtBridge.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{6FDE7A77-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtCp.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{72EC5CC5-88F3-45B1-A865-0A327DF58CC8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD LT 2016\en-US\acadltficn.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{81D07C3D-0350-11D3-B7C2-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\RxAppCtrl.Ocx => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{8421A29C-54B8-11D1-9837-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\SolidObject.Dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{846217D0-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\UCxTextBtn.Ocx => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{846217D1-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\UCxTextBtn.Ocx => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{8B0E6BD9-610C-11D1-9842-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\SolidObject.Dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{B6B5DC40-96E3-11d2-B774-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\Inventor.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{B8E7214B-25CA-4116-84CB-E86FB9625B36}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{BE54741D-E02B-4572-93D6-105AF4EDE777}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{C343ED84-A129-11d3-B799-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\RxApprenticeServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{C92F8F8C-8B2C-11d4-B872-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtBridge.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{CFEE2BAF-14F9-4D23-853D-B6E2BCC14263}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{D7A1987D-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ColorButton.Ocx => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{D7A1987E-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ColorButton.Ocx => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{DA1F437C-9BD9-11d4-B87C-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtBridge.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\AcInetUI.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{DCA7356C-FF94-4b20-AE04-7AA6A8E14117}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{DDA9A20F-5B56-49F5-9465-CE82FC199352}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{DE6B563C-B074-4BF1-A8A0-B3FED8703E99}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{E1C85E9F-60B2-4007-80C3-2C5E09474C3B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\RxInventorUtilities.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{F13E75B9-6AF6-49CB-80B3-6D2FF6E09932}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{F2D4F4E5-EEA1-46FF-A83B-A270C92DAE4B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DTInterop.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{F61064CC-DBFB-47ee-9BC8-CA5A1CBDF0DA}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\InvResc.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{FA62F626-EBD5-4dc5-B970-D9E81E0E20E0}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{FB469644-3F14-4403-ACCA-6B13486FF7BD}\localserver32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\InvTXTStack.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{FD703B01-4362-423E-9BDB-91BDCB16C1C9}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DTInterop.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll => No File

Task: {077E3C4F-972E-434B-A290-AD017860927C} - System32\Tasks\InfoPad => Rundll32.exe "C:\Program Files\InfoPad\InfoPad.dll",ewgUnbslk <==== ATTENTION
Task: {09742866-4ADE-4D42-B9B4-A641897E135C} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe <==== ATTENTION
Task: {0ACF952F-D18A-46BD-A26C-A7B3AD396B6A} - System32\Tasks\Wajaireedno => C:\ProgramData\Wajaireedno\1.0.5.1\ifiahcru.exe
Task: {0C0326DF-2CDA-4341-9A55-52C6981B57E7} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {1668FFC4-86DB-486B-93DC-0D973795CCAB} - System32\Tasks\IBUpd2 => C:\Users\murph\AppData\Local\BrowserAir\48.0.0.0\updater.exe <==== ATTENTION
Task: {18147676-3D0D-4CFB-8565-3BE0D70BA77C} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {259AD275-9EBB-448E-81F5-0EA5C902F8D8} - System32\Tasks\{23204B2F-7B4A-4E71-83D9-E3B69E70EADA} => pcalua.exe -a "C:\Program Files (x86)\Smwyyntm1ndi1zdz\uninstall.exe"
Task: {3429EE32-D98E-49E8-AB66-BCBB39F289AD} - System32\Tasks\{D5071363-1856-4F75-BB4D-966F9730E586} => launchwinapp.exe hxxp://ui.skype.com/ui/0/7.26.64.101/en/abandoninstall?page=tsProgressBar
Task: {44B2C703-0CB8-4C3D-8563-31B75B62A5A7} - System32\Tasks\{3ECF5351-882B-4135-A6BC-B6DE7263C8C5} => pcalua.exe -a C:\Users\murph\Downloads\forge-1.7.10-10.13.4.1492-1.7.10-installer-win.exe -d C:\Users\murph\Downloads
Task: {4C3B60C6-1EBB-4F95-9923-8BF6F5DCFCC8} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {4F33D1A1-6EF1-4601-83DC-499C1B4C7611} - \Easy Driver Pro Schedule -> No File <==== ATTENTION
Task: {5BBFC88B-06A8-4173-B339-4825D67A66E1} - System32\Tasks\{7983EF6C-D44C-4E74-A809-B7B8F46D4D41} => pcalua.exe -a C:\Users\murph\AppData\Local\Roblox\Versions\version-2cc7e2256bc843db\RobloxPlayerLauncher.exe -c -uninstall
Task: {5ECC6B6C-52DC-471A-953A-8715A570C535} - System32\Tasks\{F469336F-E70F-468A-ABB6-3A59F4AB73E7} => pcalua.exe -a "C:\Program Files (x86)\sushileads\uninstall.exe"
Task: {6AD0B701-ADAA-49DC-933A-AF731FD96299} - System32\Tasks\{529E8ED2-010D-4229-9791-B7CC8B362C14} => pcalua.exe -a C:\Users\murph\AppData\Local\Roblox\Versions\version-398bf2b17c844b38\RobloxPlayerLauncher.exe -c -uninstall
Task: {72065239-CADD-4F26-89F1-56B2E4C200A0} - System32\Tasks\Global Updates AT - necwbgrvogi3ytj => C:\Users\murph\AppData\Local\necwbgrvogi3ytj\nhuwcgrkoge3ddj.exe
Task: {9B7F6307-F182-466C-8C6D-C02BE1CCCBAB} - System32\Tasks\RunAtStartup => C:\Users\murph\AppData\Roaming\Event Monitor\em.exe <==== ATTENTION
Task: {9E44052D-90ED-4FD2-992D-DD1E56E4956D} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: {B4C91266-2C82-44DE-93D6-2576962C1110} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\VideoMemoryDiagnostic => C:\\ProgramData\\VideoMemoryDiagnostic\\vmdiag.exe [2017-05-06] () <==== ATTENTION
Task: {C170B28A-E367-47B0-9A9B-C83EEE45F396} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-05-21] (t ) <==== ATTENTION
Task: {CC1D6B8E-C301-4BAD-922D-66EE4E4064CF} - System32\Tasks\{E42FC41E-B790-482D-AC90-D4E84EF3AFE2} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe"
Task: {E36E4EB2-506F-48F8-9662-2F349253CB41} - System32\Tasks\HXFJNVPGVLOPBOYW => C:\ProgramData\Service1104\Service1104.exe <==== ATTENTION
Task: {EBFD68E8-E30C-4D40-BE06-220832B8ABEB} - System32\Tasks\{21CBA90D-EEF1-49F5-9968-13494DD8256E} => pcalua.exe -a "C:\Users\murph\Downloads\[1.7.10][1.7.10] MC Heli-Installer.exe" -d C:\Users\murph\Downloads
Task: {ED2CE3F2-420B-4901-9546-6E13FB071A5B} - System32\Tasks\{CAC355BA-83F3-4F24-97BE-F8A953705B55} => pcalua.exe -a C:\Users\murph\AppData\Local\4C4C4544-1442134040-3110-8037-B7C04F563532\Uninstall.exe
Task: {FB4CE890-5422-4A38-94D7-F75F39EF1150} - System32\Tasks\Pritc => C:\Users\murph\AppData\Local\Temp\is-52QH8.tmp\Setup.exe [2017-05-19] (Setup) <==== ATTENTION
Task: {FEE006C2-D0B1-45E2-98D4-F72D56042F61} - System32\Tasks\F6EC1557-AA2D-45C1-833A-108CBFCC5 => C:\Users\murph\AppData\Local\F6EC1557-AA2D-45C1-833A-108CBFCC5\F6EC1557-AA2D-45C1-833A-108CBFCC5.exe <==== ATTENTION
Task: C:\Windows\Tasks\HXFJNVPGVLOPBOYW.job => C:\ProgramData\Service1104\Service1104.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\RunDLC.job => cmd /c sc start Dell Help Support WORKGROUP DESKTOP 3FHNIRL
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION

WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION

ShortcutWithArgument: C:\Users\murph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=h5kzbcnbl1au,fa77f059-d30a-477c-9b95-63a6d5d82df7,
ShortcutWithArgument: C:\Users\murph\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\murph\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=h5kzbcnbl1au,fa77f059-d30a-477c-9b95-63a6d5d82df7,"

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

C:\Program Files (x86)\AdBlocker
C:\Program Files (x86)\Maoha
C:\Program Files (x86)\Microleaves
C:\Program Files (x86)\SoftUpgrade
C:\Program Files (x86)\Smwyyntm1ndi1zdz
C:\Program Files (x86)\sushileads
C:\Program Files (x86)\YeaDesktop
C:\Program Files\InfoPad
C:\Program Files\Internet Explorer\R39OTQDEXSL21NSI8
C:\Program Files\Microsoft Silverlight\OC4XLBAI903JFMRV631PM1UZSW3
2017-06-10 01:13 - 2017-06-10 01:13 - 00000000 ____D C:\ProgramData\aa50c1d8-7013-0
2017-06-10 01:13 - 2017-06-10 01:13 - 00000000 ____D C:\ProgramData\aa50c1d8-3223-1
2017-06-09 19:13 - 2017-06-09 19:13 - 00000000 ____D C:\ProgramData\aa50c1d8-7c35-1
2017-06-09 19:13 - 2017-06-09 19:13 - 00000000 ____D C:\ProgramData\aa50c1d8-6165-0
2017-06-09 13:13 - 2017-06-09 13:13 - 00000000 ____D C:\ProgramData\aa50c1d8-6667-0
2017-06-09 13:13 - 2017-06-09 13:13 - 00000000 ____D C:\ProgramData\aa50c1d8-2e01-1
2017-06-09 07:13 - 2017-06-09 07:13 - 00000000 ____D C:\ProgramData\aa50c1d8-3965-1
2017-06-09 07:13 - 2017-06-09 07:13 - 00000000 ____D C:\ProgramData\aa50c1d8-0471-0
2017-06-09 01:13 - 2017-06-09 01:13 - 00000000 ____D C:\ProgramData\aa50c1d8-4f87-1
2017-06-09 01:13 - 2017-06-09 01:13 - 00000000 ____D C:\ProgramData\aa50c1d8-1d13-0
2017-06-08 19:13 - 2017-06-08 19:13 - 00000000 ____D C:\ProgramData\aa50c1d8-71c5-1
2017-06-08 19:13 - 2017-06-08 19:13 - 00000000 ____D C:\ProgramData\aa50c1d8-32b5-0
2017-06-08 13:13 - 2017-06-08 13:13 - 00000000 ____D C:\ProgramData\aa50c1d8-66e3-0
2017-06-08 13:13 - 2017-06-08 13:13 - 00000000 ____D C:\ProgramData\aa50c1d8-3071-1
2017-06-08 07:13 - 2017-06-08 07:13 - 00000000 ____D C:\ProgramData\aa50c1d8-1d37-1
2017-06-08 07:13 - 2017-06-08 07:13 - 00000000 ____D C:\ProgramData\aa50c1d8-1861-0
2017-06-08 01:13 - 2017-06-08 01:13 - 00000000 ____D C:\ProgramData\aa50c1d8-38b7-0
2017-06-08 01:13 - 2017-06-08 01:13 - 00000000 ____D C:\ProgramData\aa50c1d8-2441-1
2017-06-07 19:13 - 2017-06-07 19:13 - 00000000 ____D C:\ProgramData\aa50c1d8-7811-1
2017-06-07 19:13 - 2017-06-07 19:13 - 00000000 ____D C:\ProgramData\aa50c1d8-6b43-0
2017-06-02 07:08 - 2017-06-07 13:41 - 00000000 ____D C:\ProgramData\aa50c1d8-4e35-0
2017-06-02 07:08 - 2017-06-07 13:41 - 00000000 ____D C:\ProgramData\aa50c1d8-3c13-1
2017-06-02 07:08 - 2017-06-07 13:41 - 00000000 ____D C:\ProgramData\{17997b93-112c-1}
2017-06-02 07:08 - 2017-06-07 12:39 - 00000000 ____D C:\ProgramData\{78306204-612c-0}
2017-06-07 13:41 - 2017-06-07 13:41 - 00000000 ____D C:\ProgramData\{1087006a-612c-0}
2017-06-07 12:39 - 2017-06-07 12:39 - 00000000 ____D C:\ProgramData\{456e4246-412c-0}
C:\ProgramData\Service1104
C:\ProgramData\VideoMemoryDiagnostic
C:\ProgramData\Wajaireedno
C:\ProgramData\smp2.exe
2015-09-14 20:11 - 2015-09-14 20:14 - 0001392 _____ () C:\ProgramData\tempimage.bmp
2015-08-14 18:35 - 2015-08-14 18:35 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-08-14 18:33 - 2015-08-14 18:33 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-08-14 18:34 - 2015-08-14 18:35 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-08-14 18:33 - 2015-08-14 18:34 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log
C:\Users\murph\AppData\Local\F6EC1557-AA2D-45C1-833A-108CBFCC5
C:\Users\murph\AppData\Local\BrowserAir
C:\Users\murph\AppData\Local\jiobodfkmdffkcajblpbomgodflafoph
C:\Users\murph\AppData\Local\necwbgrvogi3ytj
C:\Users\murph\AppData\Local\Zorphgaigh
C:\Users\murph\AppData\Local\nav.tools
C:\Users\murph\AppData\Roaming\529a69ceb29432c1695814ee7094a5302
C:\Users\murph\AppData\Roaming\Event Monitor
C:\Users\murph\AppData\Roaming\gplyra
C:\Windows\netboostmasterHelp.dll
C:\Windows\Temp\gD080.tmp.exe
C:\Windows\Temp\gD081.tmp.exe
C:\Windows\System32\Drivers\050E5FD3.sys
C:\Windows\System32\Drivers\0E9D620C.sys
C:\Windows\System32\Drivers\13996127.sys
C:\Windows\System32\Drivers\280460C5.sys
C:\Windows\System32\Drivers\2F0B5FD7.sys
C:\Windows\System32\Drivers\32B863C4.sys
C:\Windows\System32\Drivers\3D95612A.sys
C:\Windows\System32\Drivers\3EF9638A.sys
C:\Windows\System32\Drivers\515A6331.sys
C:\Windows\System32\Drivers\520160C8.sys
C:\Windows\System32\Drivers\5C75622F.sys
C:\Windows\System32\Drivers\64A16208.sys
C:\Windows\System32\Drivers\7B566335.sys
C:\WINDOWS\system32\drivers\NetUtils2016.sys
C:\WINDOWS\system32\drivers\Uefochubsrv.sys
C:\Windows\System32\Drivers\vcdrom.sys
C:\Windows\SysWow64\Auhardwaregl.dll
D:\Downloads\BO3Multihack

Hosts:
EmptyTemp:

 

Link to post
Share on other sites

Hi Aura,  When this all started a few weeks ago, there were two new programs installed that appear to use the Mandarin keyboard.  Here's a Print Screen showing them.  I forgot to mention this to you earlier.  Sorry.

Print Screen.png

Link to post
Share on other sites

Alright it seems that it went through this time. You can boot back normally, and now you should be able to install and run Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

Link to post
Share on other sites

Done.  The Computer did go through the reboot process.  when rebooted, Malware Bytes was not on.  I double clicked to activate and could only find this 'Scan Report" and not a "Export Summary" log.  Hope it's the same thing!

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/26/17
Scan Time: 1:58 PM
Logfile: MB Scan Report.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.2235
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-3FHNIRL\murph

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 479958
Time Elapsed: 0 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 27
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\CONSOLE\TASKENG.EXE, Quarantined, [9436], [408199],1.0.2235
PUP.Optional.BrowserAir, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\BrowserairExec.exe, Quarantined, [1563], [335429],1.0.2235
PUP.Optional.InterStat, HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\APPLICATIONS\interstat.exe, Quarantined, [1426], [261503],1.0.2235
PUP.Optional.HDWallPaper, HKLM\SOFTWARE\HDWallpaper, Quarantined, [133], [404734],1.0.2235
PUP.Optional.SpeeDownloader, HKLM\SOFTWARE\Speedownloader0099, Quarantined, [9005], [384272],1.0.2235
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application, Quarantined, [563], [360190],1.0.2235
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application, Quarantined, [563], [317312],1.0.2235
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [563], [339688],1.0.2235
Adware.DNSUnlocker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564, Quarantined, [407], [405303],1.0.2235
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [563], [398592],1.0.2235
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ccfifbojenkenpkmnbnndeadpfdiffof, Quarantined, [12], [405529],1.0.2235
PUP.Optional.PCCleanPlus, HKLM\SOFTWARE\WOW6432NODE\PC\CLEAN\Plus, Quarantined, [44], [256464],1.0.2235
PUP.Optional.InterStat, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\SOFTWARE\InterStat, Quarantined, [1426], [260518],1.0.2235
PUP.Optional.MaohaWiFi, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\SOFTWARE\JiSuZip, Quarantined, [720], [406943],1.0.2235
PUP.Optional.OneSystemCare, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\SOFTWARE\One System Care, Quarantined, [477], [311038],1.0.2235
PUP.Optional.YeaDesktop, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\SOFTWARE\YeaDesktop, Quarantined, [1554], [391400],1.0.2235
PUP.Optional.AppTrailers, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\SOFTWARE\APPDATALOW\SOFTWARE\AppTrailers, Quarantined, [869], [324090],1.0.2235
PUP.Optional.BrowserAir, HKLM\SOFTWARE\WOW6432NODE\BrowserAir, Quarantined, [1563], [186506],1.0.2235
Adware.Jawego, HKLM\SOFTWARE\WOW6432NODE\Jawego, Quarantined, [8919], [383598],1.0.2235
PUP.Optional.SpeeDownloader, HKLM\SOFTWARE\WOW6432NODE\Speedownloader0099, Quarantined, [9005], [384272],1.0.2235
PUP.Optional.BrowserAir, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\BrowserairExec.exe, Quarantined, [1563], [335431],1.0.2235
PUP.Optional.PSScriptLoad.SHHKRST, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarantined, [9484], [410614],1.0.2235
PUP.Optional.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\gplyra, Quarantined, [199], [317317],1.0.2235
PUP.Optional.YeaDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\yeadesktop_RASAPI32, Quarantined, [1554], [409418],1.0.2235
PUP.Optional.BrowserAir, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\SOFTWARE\CLIENTS\STARTMENUINTERNET\BrowserAir.U7T23XJHDBFVPYPM5GKQHNRYPI, Quarantined, [1563], [246846],1.0.2235
PUP.Optional.PCCleanPlus, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\SOFTWARE\PC\CLEAN\Plus, Quarantined, [44], [256462],1.0.2235
PUP.Optional.SystemHealer, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\SOFTWARE\SYSTEM HEALER, Quarantined, [997], [261796],1.0.2235

Registry Value: 10
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarantined, [9436], [408199],1.0.2235
PUP.Optional.AppTrailers, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|68, Quarantined, [869], [393166],1.0.2235
PUP.Optional.AppTrailers, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|69, Quarantined, [869], [393166],1.0.2235
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|CONTACT, Quarantined, [563], [333852],1.0.2235
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|URLINFOABOUT, Quarantined, [563], [321304],1.0.2235
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarantined, [9436], [408201],1.0.2235
PUP.Optional.BrowserAir, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\SOFTWARE\REGISTEREDAPPLICATIONS|BROWSERAIR.U7T23XJHDBFVPYPM5GKQHNRYPI, Quarantined, [1563], [258424],1.0.2235
PUP.Optional.PSScriptLoad.SHHKRST, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarantined, [9484], [410614],1.0.2235
PUP.Optional.YeaDesktop.ClnShrt, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|YEADESKTOP.EXE, Quarantined, [1375], [396226],1.0.2235
PUP.Optional.SystemHealer, HKU\S-1-5-21-1523608283-3295547807-88052705-1001\SOFTWARE\SYSTEM HEALER|CARTURL, Quarantined, [997], [261796],1.0.2235

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 26
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\77f4a3d7-4ae1-1, Quarantined, [9253], [407181],1.0.2235
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\77f4a3d7-58f5-0, Quarantined, [9253], [407181],1.0.2235
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\b9033da3-1da5-1, Quarantined, [9253], [407181],1.0.2235
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\b9033da3-5b47-0, Quarantined, [9253], [407181],1.0.2235
Adware.OnlineIO, C:\ProgramData\Microleaves\Online Application\updates, Quarantined, [9469], [399763],1.0.2235
Adware.OnlineIO, C:\ProgramData\Microleaves\Online Application, Quarantined, [9469], [399763],1.0.2235
Adware.OnlineIO, C:\PROGRAMDATA\Microleaves, Quarantined, [9469], [399763],1.0.2235
Adware.OnlineIO, C:\Users\murph\AppData\Roaming\Microleaves\Online Application 2.6.0\install\CFCBAA1, Quarantined, [9469], [399763],1.0.2235
Adware.OnlineIO, C:\Users\murph\AppData\Roaming\Microleaves\Online Application 2.6.0\install, Quarantined, [9469], [399763],1.0.2235
Adware.OnlineIO, C:\Users\murph\AppData\Roaming\Microleaves\Online Application 2.6.0, Quarantined, [9469], [399763],1.0.2235
Adware.OnlineIO, C:\USERS\MURPH\APPDATA\ROAMING\Microleaves, Quarantined, [9469], [399763],1.0.2235
PUP.Optional.Elex.ClnShrt, C:\USERS\MURPH\APPDATA\LOCAL\kemgadeojglibflomicgnfeopkdfflnk, Quarantined, [1373], [328066],1.0.2235
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [563], [391425],1.0.2235
PUP.Optional.BrowserAir, C:\USERS\MURPH\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\BROWSERAIR, Quarantined, [1563], [180783],1.0.2235
PUP.Optional.InternetMonitor, C:\Users\murph\AppData\Local\CrashRpt\UnsentCrashReports\BandwidthStat_389\Logs, Quarantined, [13032], [182462],1.0.2235
PUP.Optional.InternetMonitor, C:\USERS\MURPH\APPDATA\LOCAL\CRASHRPT\UNSENTCRASHREPORTS\BandwidthStat_389, Quarantined, [13032], [182462],1.0.2235
PUP.Optional.FastSearch, C:\USERS\MURPH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4J9CHSR5.DEFAULT\EXTENSIONS\AMCONTEXTMENU@LOUCYPHER, Quarantined, [1159], [329326],1.0.2235
PUP.Optional.InterStat, C:\Users\murph\AppData\Local\CrashRpt\UnsentCrashReports\Interstatnogui_389\Logs, Quarantined, [1426], [373566],1.0.2235
PUP.Optional.InterStat, C:\USERS\MURPH\APPDATA\LOCAL\CRASHRPT\UNSENTCRASHREPORTS\Interstatnogui_389, Quarantined, [1426], [373566],1.0.2235
PUP.Optional.Goobzo.BITSRST, C:\PROGRAM FILES\COMMON FILES\Noobzo, Quarantined, [9004], [384282],1.0.2235
PUP.Optional.YeaDesktop, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\YEADESKTOP, Quarantined, [1554], [391395],1.0.2235
PUP.Optional.Goobzo, C:\PROGRAMDATA\SEARCHMODULE, Quarantined, [350], [189917],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\index-dir, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Local Storage, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\USERS\MURPH\APPDATA\LOCAL\APPTRAILERS, Quarantined, [869], [324095],1.0.2235

File: 119
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\b9033da3-1da5-1\BIT944F.tmp, Quarantined, [9253], [407181],1.0.2235
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\b9033da3-5b47-0\BIT947F.tmp, Quarantined, [9253], [407181],1.0.2235
Adware.OnlineIO, C:\ProgramData\Microleaves\Online Application\updates\basic_updates.aiu, Quarantined, [9469], [399763],1.0.2235
PUP.Optional.Elex.ClnShrt, C:\Users\murph\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\close_white.png, Quarantined, [1373], [328066],1.0.2235
PUP.Optional.Elex.ClnShrt, C:\Users\murph\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\content_script.js, Quarantined, [1373], [328066],1.0.2235
PUP.Optional.Elex.ClnShrt, C:\Users\murph\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\icon.png, Quarantined, [1373], [328066],1.0.2235
PUP.Optional.Elex.ClnShrt, C:\Users\murph\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\jquery-1.8.3.min.js, Quarantined, [1373], [328066],1.0.2235
PUP.Optional.Elex.ClnShrt, C:\Users\murph\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\jquery.js, Quarantined, [1373], [328066],1.0.2235
PUP.Optional.Elex.ClnShrt, C:\Users\murph\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\manifest.json, Quarantined, [1373], [328066],1.0.2235
PUP.Optional.Elex.ClnShrt, C:\Users\murph\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\popup.html, Quarantined, [1373], [328066],1.0.2235
PUP.Optional.Elex.ClnShrt, C:\Users\murph\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk\popup.js, Quarantined, [1373], [328066],1.0.2235
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [563], [391425],1.0.2235
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [563], [391425],1.0.2235
PUP.Optional.BrowserAir, C:\Users\murph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir\BrowserAir.lnk, Quarantined, [1563], [180783],1.0.2235
PUP.Optional.FastSearch, C:\Users\murph\AppData\Roaming\Mozilla\Firefox\Profiles\4j9chsr5.default\extensions\amcontextmenu@loucypher\0024397e, Quarantined, [1159], [329326],1.0.2235
PUP.Optional.YeaDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop\Uninstall YeaDesktop.lnk, Quarantined, [1554], [391395],1.0.2235
PUP.Optional.YeaDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop\YeaDesktop.lnk, Quarantined, [1554], [391395],1.0.2235
PUP.Optional.Goobzo, C:\PROGRAMDATA\SEARCHMODULE\SMHE.JS, Quarantined, [350], [189917],1.0.2235
PUP.Optional.BrowserAir, C:\USERS\MURPH\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\BROWSERAIR.LNK, Quarantined, [1563], [186505],1.0.2235
PUP.Optional.Goobzo.BITSRST, C:\WINDOWS\SYSTEM32\BI3.EXE, Quarantined, [9004], [384278],1.0.2235
PUP.Optional.AppTrailers, C:\USERS\MURPH\APPDATA\LOCAL\APPTRAILERS\WEB DATA, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\index-dir\the-real-index, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\02cdb733b079655d_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\03aaed705acccd25_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\08b837b14d8218cc_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\08bc571418449ead_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\0e81b8ca739fd4c8_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\0ed73590870cfbd2_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\0ed7399215f555d7_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\0ef50d324e1bc502_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\0fc3db66b9cbe75d_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\66e510668b4796e9_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\6f4f7519af57d736_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\7e92e13dd1f7b2bc_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\8326a92c0f293bc4_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\83a226c1379f7a18_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\8d9b27c428a8f6a3_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\8e86714e0eac1f63_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\8f60e69a4afd6f60_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\8fa1b83958d62913_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\b3edef432256edd5_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\b5278b785f291640_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\bd48447363dfb226_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\be189d201694bf89_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\bfbe9938bbb38577_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\c0584297f688114e_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\c1257795007bdb90_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\c188bca037f9c189_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\c3329b5e71fb9773_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\317051006588faad_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\325c5635318a3cc4_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\35c4edc43432066e_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\38e33bb1bd911ef8_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\3a977894dc0fcd39_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\3c0a87873222db88_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\434433e6be31dddd_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\442182c02ee0a243_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\ddc9322c11c989c3_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\e0014de2058fb1bb_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\e63f5bc023a4b93f_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\ec05505395a4fd7f_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\eef197e99b9422a4_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\f552ab47376f113e_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\f6f9d04e245b41d0_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\f74a8c1655500d73_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\f7b4e8641fae46a9_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\fddd11ea475c5135_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\index, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\90b41a5adbd386b5_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\945c59636f75b4e1_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\9ab069da12c6f7cd_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\9cbde96546f624d1_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\9e12b0434ab20ee0_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\a1f309cd5a3eb6fa_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\a30b43a63e0219be_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\a6f29d74ef9a9c1a_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\a9423296c2c84f57_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\ab6bc8112cf834f6_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\15102e1fa0485514_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\3082972055161e5d_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\486189d52268f247_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\6418071a5a8b607b_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\902790b2feff6cb4_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\b3986aa6d1a5b1ca_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\c487316b1c7eb401_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\dc7c883ebdb4ce43_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\15335d1f278dcf91_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\198ac16932783652_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\1b72c2d37a2af109_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\1dff67c9badf383d_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\2025113059e1f43d_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\234986793e71f265_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\26968e7a0c71776d_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\2819c5233c1f77b4_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\c6cf943b3d6c7806_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\c8b0ae44d7e5cdd7_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\d02e816cfb2f6bd9_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\d0d85ae8ecd18438_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\d19a15ac54bfa3ba_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\d4828277431ff818_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\d48a903ae25fb25c_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\d91470973717d8e1_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\4ea8fca2fa3409fc_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\5125b9f58b582f46_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\52dad56aff91a0a2_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\5317f7f0b0bcadb9_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\56bf1901a2000606_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\590e23e6a898c0fc_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\5ede7465ad814101_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Cache\6407604f84430b55_0, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Local Storage\file__0.localstorage, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Local Storage\file__0.localstorage-journal, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Local Storage\http_www.imdb.com_0.localstorage, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Local Storage\http_www.imdb.com_0.localstorage-journal, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\cookies, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\cookies-journal, Quarantined, [869], [324095],1.0.2235
PUP.Optional.AppTrailers, C:\Users\murph\AppData\Local\AppTrailers\Web Data-journal, Quarantined, [869], [324095],1.0.2235
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [563], [391431],1.0.2235
PUP.Optional.HDWallPaper, C:\WINDOWS\SYSTEM32\NETUTILS2016.DLL, Quarantined, [133], [392467],1.0.2235

Physical Sector: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

It works, yes :) Now we'll run a sweep with AdwCleaner and JRT.

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

Your next reply(ies) should therefore contain:

  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted JRT log;

Link to post
Share on other sites

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by murph (Administrator) on Mon 26/06/17 at 17:40:03.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 7

Successfully deleted: C:\ProgramData\19a87fa1ec024bbcbb41931263354405 (Folder)
Successfully deleted: C:\ProgramData\browser (Folder)
Successfully deleted: C:\ProgramData\esellerate (Folder)
Successfully deleted: C:\Users\murph\AppData\Local\{0F376500-DFBE-47DE-A1F0-B86761A82BF2} (Empty Folder)
Successfully deleted: C:\Users\murph\AppData\Local\nico mak computing (Folder)
Successfully deleted: C:\Users\Public\thunder network (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)

Deleted the following from C:\Users\murph\AppData\Roaming\Mozilla\Firefox\Profiles\4j9chsr5.default\prefs.js
user_pref(extensions.search@mail.ru.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7BB5EDEDB9-EFB4-4375-816A-2B0DBA2973EA%7D&install_id=%7B49E13966-5212-41DD-935
user_pref(extensions.search@mail.ru.install_id, {49E13966-5212-41DD-9356-B967C2DDF81F});
user_pref(extensions.search@mail.ru.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7BB5EDEDB9-EFB4-4375-816A-2B0DBA2973EA%
user_pref(extensions.search@mail.ru.partner_product_online_url, hxxp://ec2-54-229-84-172.eu-west-1.compute.amazonaws.com/affect?guid={guid}&sid=16045&homesearch=1&label=811
user_pref(extensions.search@mail.ru.product_id, {B5EDEDB9-EFB4-4375-816A-2B0DBA2973EA});
user_pref(extensions.search@mail.ru.product_type, ff_xtndse);
user_pref(extensions.search@mail.ru.rfr, 811037);

 

Registry: 0

 

Link to post
Share on other sites

Good :) Now please run a new scan with FRST and provide me the FRST.txt and Addition.txt logs so I can check for remnants.

Link to post
Share on other sites

OK here it is

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by murph (26-06-2017 19:47:23)
Running from C:\Users\murph\Desktop\fix
Windows 10 Home Version 1703 (X64) (2017-05-14 19:50:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1523608283-3295547807-88052705-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1523608283-3295547807-88052705-503 - Limited - Disabled)
Guest (S-1-5-21-1523608283-3295547807-88052705-501 - Limited - Disabled)
murph (S-1-5-21-1523608283-3295547807-88052705-1001 - Administrator - Enabled) => C:\Users\murph

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
Age of Conan: Unchained (HKLM\...\Steam App 217750) (Version:  - Funcom)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Autodesk AutoCAD Utility Design 2016 - English (HKLM\...\AutoCAD Utility Design 2016 - English) (Version:  - )
Call of Duty: Black Ops III – Mod Tools (HKLM\...\Steam App 455130) (Version:  - Treyarch)
Call of Duty: Black Ops III (HKLM\...\Steam App 311210) (Version:  - Treyarch)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.)
Dell Help & Support (Version: 2.3.22.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{5F641343-FA40-4084-855A-7FA3251783DC}) (Version: 2.0.2.1840 - Dell Inc.)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{27276DC1-66AA-4B16-918D-5AB1EEDF09C6}) (Version: 6.0.5 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{29388fa1-af6a-4a46-8c5e-69cab61379d8}) (Version: 18.11.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 8 Update 92 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180920}) (Version: 8.0.920.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Macromedia Flash Player 8 Plugin (HKLM-x32\...\{91057632-CA70-413C-B628-2D3CDBBB906B}) (Version: 8.0.22.0 - Macromedia)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.6168.1 - Waves Audio Ltd.) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0 R13 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8201.2102 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{D68E6605-F852-4936-AB64-04B80E0C85AD}) (Version: 2.2.0.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
Oracle VM VirtualBox 4.3.12_ZZZZ (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Product Registration (Version: 3.0.127.0 - Dell Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
Universal CRT Redistributable (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E65EDBCC-C437-45DF-96BE-46B672317F41}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.15 (HKLM-x32\...\{28a123e5-1799-4f20-9bd8-7c46f30eb7bf}) (Version: 10.1.10586.15 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1523608283-3295547807-88052705-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0947EAB8-1F11-4399-ACA2-767B19DD5C2A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-18] ()
Task: {0A24D4D0-C179-4224-A1EE-1DFE9C7522F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {178C3895-C82F-47C3-8AB0-7F8C406988B1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: {223F847C-0B20-455E-89F4-80C302A49F07} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: {3E6F2A7D-B75F-4BB6-9B45-86CA596CDF85} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.)
Task: {4B42E385-F49D-432C-A203-9F13FF9A54B4} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-22] (McAfee, Inc.)
Task: {6DC90FC0-7B73-478F-A583-4E05732CD9D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {71194591-46DF-4DC1-9F6F-07D143AC4C2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {7CE116DA-C108-44B7-B0D8-5795D494D2C2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {7D66881A-79E6-4ABE-9BCB-D4C56A9BCEDE} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {8667127E-3E9F-4CCF-990E-47C4953A00E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {8C4519CB-0929-4D3B-8544-17AE130011CD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {9D77F86C-7AAC-42A1-9C4E-5FF2471C782F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-18] (Microsoft Corporation)
Task: {9F7188B4-11D4-407A-832F-1D229B3A0747} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-18] ()
Task: {9F97135E-2258-4213-9A07-782264DC4B26} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe
Task: {A3EC8BAC-4692-4F69-9A00-BFA972BAD49C} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-02-22] (McAfee, Inc.)
Task: {A688D906-9C40-479B-86B0-13CC1F19B286} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-18] (Microsoft Corporation)
Task: {BB422B9E-F1DC-476E-9BA2-2C14DB180D0B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-18] (Microsoft Corporation)
Task: {C84CEEE9-B2EF-4A0E-9AA5-2110CF61E4BC} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {CE012BC5-0FFD-4A58-8179-6728E67A06DD} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-murphy@travel-net.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {DA9DF1E7-DA11-4E0F-875F-4A46E79AF6BF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-18] (Microsoft Corporation)
Task: {E58BE898-1E43-454C-8F88-18D2C0BAC4FE} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {EA087B05-A1E9-45C9-9A80-2E8CB393E3EF} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2017-03-27] (Adobe Systems Incorporated)
Task: {FCCB90A4-3691-4E03-9767-EFA403F2DD3C} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-22] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-09-07 14:37 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-24 12:57 - 2017-04-13 15:52 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-24 12:58 - 2017-04-13 15:52 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-12-12 21:50 - 2017-06-18 17:34 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-17 16:18 - 2010-07-29 18:19 - 00293888 _____ () C:\Program Files (x86)\Total Video Converter\TVCShellExtx64.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-20 20:38 - 2017-06-20 20:42 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-24 00:14 - 2017-06-24 00:14 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-24 00:14 - 2017-06-24 00:14 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-06-24 00:14 - 2017-06-24 00:14 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-06-24 00:13 - 2017-06-24 00:14 - 13207232 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.40985.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-06-24 00:13 - 2017-06-24 00:14 - 01199816 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.40985.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2016-12-21 11:24 - 2016-12-21 11:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-23 19:26 - 2015-06-23 19:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-06-24 04:07 - 2015-06-24 04:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1523608283-3295547807-88052705-1001\Software\Classes\.scr: AutoCADLTScriptFile =>

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\aeriagames.com -> hxxp://aeriagames.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 07:04 - 2017-06-26 13:30 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1523608283-3295547807-88052705-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\murph\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg
DNS Servers: 24.226.1.93 - 24.226.10.193
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: CDPUserSvc_49e8a =>
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: MessagingService_49e8a =>
MSCONFIG\Services: OneSyncSvc_49e8a =>
HKLM\...\StartupApproved\StartupFolder: => "Ginger.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\StartupApproved\Run: => "SmartSwitchPDLR.exe"
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\StartupApproved\Run: => "PCCleaner"
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\StartupApproved\Run: => "SkypeVoiceChanger"
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\StartupApproved\Run: => "Ca013i5M8Y.exe"
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\StartupApproved\Run: => "WindowsUpdate"
HKU\S-1-5-21-1523608283-3295547807-88052705-1001\...\StartupApproved\Run: => "fade4cca898c41f1d25eea0bcf1504f0"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E07CB711-5EC2-4115-B611-59FF8E8F09C3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A22C0D40-B15A-4C1A-A458-F62645B4F9D3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B2A19FE9-7667-4807-96D5-2A40C4CA2E02}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{AA4D86A6-E184-4C0A-B969-5EBC1E5F4A50}] => (Allow) D:\Chris\SteamLibrary\steamapps\common\Age of Conan\ConanPatcher.exe
FirewallRules: [{D7941EF6-3CCC-49DC-9EAA-28883B155846}] => (Allow) D:\Chris\SteamLibrary\steamapps\common\Age of Conan\ConanPatcher.exe
FirewallRules: [{2DAD1377-FB9A-4EB5-AF7F-8F0C0DC76283}] => (Allow) D:\Chris\SteamLibrary\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{E3E5822E-1330-471A-AE70-B76A00901CDA}] => (Allow) D:\Chris\SteamLibrary\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{CD0ED768-3689-4406-9945-A090549C1805}] => (Allow) D:\Chris\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{C863E80B-2AA2-47CE-B5ED-FEDFD533D86A}] => (Allow) D:\Chris\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{68913FAA-448B-448A-BA69-30F07417186D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StarMade\StarMade-starter.exe
FirewallRules: [{7CF0429A-9C0A-4C20-8214-17746992AB37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StarMade\StarMade-starter.exe
FirewallRules: [{106CA344-CCBD-4425-B84B-D90D8BD0C974}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StarMade\starmade-launcher.exe
FirewallRules: [{AD4F16EA-ED43-4831-B18B-D14E45562FF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StarMade\starmade-launcher.exe
FirewallRules: [{0261BAA4-46B7-4398-9851-AC6120558325}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A62DCAD5-A1E4-4CDC-8CF9-86AFBD5C7B29}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F9DB859F-6D88-4978-BFD3-12542DBB7F7B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5B10DE85-0166-4766-8F9A-D7931922FEC8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{81DA241F-BFF8-4B2F-BF66-5FC37B9D2CE5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{55A5D427-B9F6-4D82-8856-A5E603685646}] => (Allow) C:\Users\murph\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [UDP Query User{D9726B46-6960-4967-B113-35BEBB3E0C6C}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [TCP Query User{B88F9FC9-B664-4165-B72A-E94E6592BB3C}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [{5AB25F33-9F01-4019-B2AD-1E85A344FB9E}] => (Allow) C:\Program Files\Oracle\VirtualBox\vboxheadless.exe
FirewallRules: [{96CB293D-0B64-401F-A199-E1446804A906}] => (Allow) C:\Program Files (x86)\Droid4X\download\MiniThunderPlatform.exe
FirewallRules: [{00182BCA-3F68-4C34-8B84-CED14145CBA7}] => (Allow) C:\Program Files (x86)\Droid4X\download\MiniThunderPlatform.exe
FirewallRules: [{72E96B9D-4F73-43DC-9AF1-A3003207483C}] => (Allow) C:\Program Files (x86)\Droid4X\Droid4X.exe
FirewallRules: [{0558AE2C-A373-4D17-AED1-33B07B6A3027}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{821C2C54-9DA3-4156-8AB0-BA18392A3456}] => (Allow) LPort=1900
FirewallRules: [{08AB3741-0414-47DC-912B-8B38CD2860FD}] => (Allow) LPort=2869
FirewallRules: [{C5AB5DEA-6E1E-4E79-ADB6-248E3EBA2BBE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F153F251-F5B9-42F4-928D-7ABFCBDDB0BB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{EDAD0EE7-559B-41AA-96C4-83F847E17C09}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [TCP Query User{65B2586D-E47E-4D92-BBAD-FE89D0D67E73}C:\users\murph\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\murph\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{ACE216FA-D8A1-46D6-9A26-6BDEF9E14CA8}C:\users\murph\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\murph\appdata\local\akamai\netsession_win.exe
FirewallRules: [{D2520006-6E77-4414-9D92-36A38DD240EA}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{82AA2CF0-AB8D-4E44-B04F-116177A499D0}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{6CECB619-8E96-454D-9B3E-3D1B04041AF7}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{14982DF3-A5E0-4F81-B030-D14A82A61B20}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{82BF7437-424C-4D05-A16D-5E68D3AABF12}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{E6DE731B-403E-4E1A-A8EB-7DCF6C073055}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{7D264EEE-A6DB-4116-B29C-978C9AD977AD}] => (Allow) D:\Unity\Editor\Unity.exe
FirewallRules: [{9238FDDE-22E0-46C9-B738-9FD261397CBA}] => (Allow) C:\Users\murph\Downloads\ProductDetection.exe
FirewallRules: [{6A725394-F786-4781-9670-273981CF0BDA}] => (Allow) C:\Users\murph\Downloads\ProductDetection.exe
FirewallRules: [{D7039F5D-E891-4A70-AA71-D339AA0C4006}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{936513FE-F723-4C6A-958A-E43ED850705E}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{FA26D9E2-4FD2-4F6A-BD0C-EEEF0CD66FFA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6FFA2547-EDA4-4016-9983-DA747EC2DF7E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5275F6BC-38A1-42DA-B8E3-ED3B6870A016}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BE626962-5228-4303-833A-5FCAC54B5E52}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9BD3F7AD-7906-40AC-9C27-4B545BCF235B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{9E34866B-9DC4-4A63-9119-E4BFD69D933B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{0C236438-80EE-4574-86BD-098150FA8381}] => (Allow) C:\Users\murph\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{8E172064-1168-45F0-A9F8-719CD560A87E}C:\users\murph\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\murph\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{ABFB0768-055C-4386-A10D-781DD5D81C3A}C:\users\murph\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\murph\appdata\local\logmein client\lmiignition.exe
FirewallRules: [{B76E4C7D-090E-436B-8108-20EF208B0D20}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FCF61CB4-BB74-48EC-A617-3D3DA8348142}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2A70AC8-C9FD-4375-A40C-5CA4070C2C24}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E9BFCE7-1D56-4E10-9FAF-1291BEDA5ADC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{21ADD971-4A43-4DB6-BABF-E2B95B076C6E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{45E87A96-5E71-422B-A720-D3D9C9E19A22}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{8FD2739A-0D29-4F63-B686-DDF668D80742}C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe] => (Allow) C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe
FirewallRules: [UDP Query User{34843BAD-8B6C-48C8-B7D6-EC962D2E3B0B}C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe] => (Allow) C:\program files (x86)\athtek\voice changer for skype\skypevoicechanger.exe
FirewallRules: [{50624228-8B1B-4D15-BF07-0C4C1D651AE4}] => (Allow) D:\Steam2\Steam.exe
FirewallRules: [{F2C02954-FAFB-4836-A989-4FAF9267456B}] => (Allow) D:\Steam2\Steam.exe
FirewallRules: [{83659F5A-7CEF-436C-99FC-74E68672FB31}] => (Allow) D:\Steam2\bin\steamwebhelper.exe
FirewallRules: [{BB4A431B-B308-44B8-AA71-34FD48344215}] => (Allow) D:\Steam2\bin\steamwebhelper.exe
FirewallRules: [{10AC658C-C9EF-43F3-9C3E-4D620684CB16}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{07EFF5EE-762F-4AC2-AE0E-F23AEC446C3C}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{49AEF82B-3F05-4A67-8257-0DDDDF7DA24E}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{C174E38A-D670-4CFF-86EC-D6F941817B2A}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{4D36C6D5-2261-4C05-9D65-A1217C23D1EC}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [TCP Query User{53CB337F-92C9-456E-8D2D-A074A3B96D8B}C:\users\murph\appdata\local\temp\rarsfx1\rsync.exe] => (Allow) C:\users\murph\appdata\local\temp\rarsfx1\rsync.exe
FirewallRules: [UDP Query User{6AD58E3A-7E47-451F-86E4-D2D22FB16A7A}C:\users\murph\appdata\local\temp\rarsfx1\rsync.exe] => (Allow) C:\users\murph\appdata\local\temp\rarsfx1\rsync.exe
FirewallRules: [TCP Query User{4F4B304D-61E1-4B79-A4B1-B1846E169392}C:\program files\java\jdk1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_60\bin\java.exe
FirewallRules: [UDP Query User{3A0C5EF6-709F-4D35-87F4-89946A539C59}C:\program files\java\jdk1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_60\bin\java.exe
FirewallRules: [TCP Query User{C73C5307-6A5F-4CFD-AF34-AD67DFE7005C}C:\program files\esri\cityengine2016.1\cityengine.exe] => (Allow) C:\program files\esri\cityengine2016.1\cityengine.exe
FirewallRules: [UDP Query User{9DDADE94-9B19-41F5-A832-7660F4135E69}C:\program files\esri\cityengine2016.1\cityengine.exe] => (Allow) C:\program files\esri\cityengine2016.1\cityengine.exe
FirewallRules: [{5543C3C2-40D8-49FC-8D40-2DDDB0D16955}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{955743ED-44B0-44DE-ABE2-A1C183DE5283}] => (Allow) D:\SimCity\SimCity\SimCity.exe
FirewallRules: [{732E8AE8-AE09-4C91-BC03-72A46EA6585F}] => (Allow) D:\SimCity\SimCity\SimCity.exe
FirewallRules: [{77D1A871-6FFE-4A80-A7EA-EA67ADE553AE}] => (Allow) D:\SimCity 2013\SimCity 2013 Offline\SimCity\SimCity.exe
FirewallRules: [{22BE5A2B-D776-4F1F-8DD2-A6837A9C5312}] => (Allow) D:\SimCity 2013\SimCity 2013 Offline\SimCity\SimCity.exe
FirewallRules: [{EDD7ABA0-5F8E-4026-ACC3-75382805B251}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{F0FD86E8-C125-44E8-B0B3-9656A854B565}] => (Allow) C:\Users\murph\AppData\Local\BrowserAir\Application\BrowserairExec.exe
FirewallRules: [{3760EE25-21F9-4D7D-9D52-C467B1354B97}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{2738871C-A98D-47C7-85AC-CF56FAC0904B}C:\users\murph\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\murph\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{17BB3131-ED78-4031-9C5E-EC171261839B}C:\users\murph\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\murph\appdata\local\logmein client\lmiignition.exe
FirewallRules: [{CF7A5ADD-9EFC-43C9-A18E-26D4CA5C668E}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{22B27506-D1B6-42B5-A7B4-80CCCB12E718}] => (Allow) C:\Windows\System32\rundll32.exe

==================== Restore Points =========================

25-06-2017 18:05:34 Windows Update
26-06-2017 17:40:04 JRT Pre-Junkware Removal
26-06-2017 18:23:05 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2017 07:46:58 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (06/26/2017 07:45:02 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (06/26/2017 06:35:06 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (06/26/2017 06:34:56 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (06/26/2017 06:34:44 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (06/26/2017 06:30:29 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (06/26/2017 06:29:58 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (06/26/2017 06:29:51 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (06/26/2017 06:26:46 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:

Error: (06/26/2017 06:25:08 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:


System errors:
=============
Error: (06/26/2017 06:22:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/26/2017 06:22:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/26/2017 06:22:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/26/2017 06:22:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (06/26/2017 06:21:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (06/26/2017 06:21:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (06/26/2017 06:21:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (06/26/2017 06:21:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Security Assist service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/26/2017 06:21:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/26/2017 06:21:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-06-26 18:28:51.564
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-26 18:27:15.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-26 18:26:42.376
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-26 18:26:42.257
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-26 18:26:42.129
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-26 18:17:57.376
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-26 18:16:30.777
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-26 18:07:21.072
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-26 18:06:50.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-26 18:06:10.459
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 14%
Total physical RAM: 24527.2 MB
Available physical RAM: 20971.87 MB
Total Virtual: 28111.2 MB
Available Virtual: 24548.51 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:224.72 GB) (Free:34.31 GB) NTFS
Drive d: (DATA) (Fixed) (Total:1862.89 GB) (Free:1657.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: FDBC25E1)

Partition: GPT.

========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: FDBC25B1)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.