Jump to content

Help please- computer overrun by Erika (playing random music)


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by PC-Home (administrator) on PC (03-04-2018 09:46:58)
Running from C:\Users\PC-\Downloads
Loaded Profiles: PC-Home (Available Profiles: PC-Home & Admin)
Platform: Windows 10 Pro Version 1607 14393.1198 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Samsung Electronics Co., Ltd.) C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Malwarebytes ) C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbam-setup.exe
() C:\Users\PC-\AppData\Local\Temp\is-D9V37.tmp\mbam-setup.tmp
(Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
() C:\Program Files (x86)\GLPCCamera\monitorpad.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
() C:\Program Files (x86)\brust\nonfunctioning.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Trend Micro Inc.) C:\Users\PC-\Downloads\HijackThis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GLSystray] => C:\Program Files (x86)\GLPCCamera\monitorpad.exe [69632 2014-03-11] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822528 2016-05-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1429248 2016-05-25] (Realtek Semiconductor)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281696 2015-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [assuaging] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] ()
HKLM\...\Run: [assuagingassuaging] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd)
HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [6215288 2012-10-15] (Telstra)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-04-05] (Seagate Technology LLC)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [RoxioEngineUtility] => C:\Program Files (x86)\Common Files\Roxio Shared\System\EngUtil.exe [69632 2003-01-13] (Roxio)
HKLM-x32\...\Run: [RoxAssistant] => C:\Program Files (x86)\Common Files\Roxio Shared\Upgrade\RoxAssist.exe [86016 2003-01-13] (Roxio)
HKLM-x32\...\Run: [RoxioDragToDisc] => C:\Program Files (x86)\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [757760 2003-01-13] (Roxio)
HKLM-x32\...\Run: [RoxioAudioCentral] => C:\Program Files (x86)\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [253952 2003-01-09] (Roxio, Inc.)
HKLM-x32\...\Run: [wolfram] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] ()
HKLM-x32\...\Run: [wolframwolfram] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3198752 2018-03-27] (Valve Corporation)
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2015-12-17] (Electronic Arts)
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-04-05] (Seagate Technology LLC)
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Google Update] => C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Google Photos Backup] => C:\Users\PC-\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-09] (Google, Inc)
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [wayout] => rundll32.exe "C:\Users\PC-\AppData\Local\wayout.dll",wayout <==== ATTENTION
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [terriers] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] ()
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [terriersterriers] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] ()
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [shook] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] ()
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [shookshook] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] ()
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [nonfunctioning] => C:\Program Files (x86)\brust\nonfunctioning.exe [66837 2018-04-02] ()
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [dozing] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] ()
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {2720b8a3-465d-11e5-825b-000272d49f2d} - "F:\setup.exe" 
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {53e89e93-20a7-11e7-8381-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {7655fdf0-c973-11e6-8350-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {7c566bfb-f0f3-11e6-836f-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {a15bfc82-f1ae-11e6-8370-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {e93fdcaf-f9cd-11e7-83d0-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newey.lnk [2018-04-02]
ShortcutTarget: newey.lnk -> C:\Program Files (x86)\Sandrock\Erika.exe ()
Startup: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut (2).lnk [2018-01-26]
ShortcutTarget: start - Shortcut (2).lnk -> C:\Survival___\start.bat ()
Startup: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut.lnk [2017-07-20]
ShortcutTarget: start - Shortcut.lnk -> C:\Oliver's server\start.bat ()
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{15b74de2-1a43-460f-9390-40d9aea884fb}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{77e0edf0-5c1a-4b02-ac72-e987d2c266d5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f9997c51-f1a9-4314-85f1-12b97f23564b}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-14] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-14] (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File

FireFox:
========
FF DefaultProfile: 4k8kw0sm.default
FF ProfilePath: C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default [2018-04-02]
FF user.js: detected! => C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default\user.js [2017-06-30]
FF Homepage: Mozilla\Firefox\Profiles\4k8kw0sm.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (AUSkey) - C:\Users\PC-\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@au.gov.abr.auskeyfirefox.xpi [2017-04-11]
FF Extension: (System Table) - C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default\Extensions\143734@modext.tech.xpi [2018-03-01]
FF Extension: (System Table) - C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default\Extensions\622127@modext.tech.xpi [2018-02-27]
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2017-01-09] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1802162536-2727602968-3184661257-1001: @tools.google.com/Google Update;version=3 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1802162536-2727602968-3184661257-1001: @tools.google.com/Google Update;version=9 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.com.au/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR Profile: C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-04-03]
CHR Extension: (Slides) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-07]
CHR Extension: (YouTube) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-07]
CHR Extension: (Adblock for Youtube™) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-15]
CHR Extension: (Word Search) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2017-05-07]
CHR Extension: (Cleanflight - Configurator) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\enacoimjcgeinfnnnpajinjgmkahmfgb [2017-07-31]
CHR Extension: (Sheets) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Kingdom Rush Frontiers) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fmfibdjbnmndigbklnlllakjbjheiopj [2017-05-07]
CHR Extension: (Google Docs Offline) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-07]
CHR Extension: (Adblocker for Youtube™) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjjkhfonangkojdpjcdhldbcicegaohc [2018-04-02]
CHR Extension: (Prodigy Math Game) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hndgjbjghbnahgfhcmhkkoibbgdemlia [2017-05-07]
CHR Extension: (Free Guitar Tuner) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iojcckkgkckfailcedaooonjlndpnoib [2017-05-07]
CHR Extension: (AUSkey for Chrome) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmegndhbalhkegdidohofafobbcabine [2017-09-13]
CHR Extension: (Betaflight - Configurator) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdaghagfopacdngbohiknlhcocjccjao [2017-12-13]
CHR Extension: (DuckDuckGo Home Page) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ljkalbbbffedallekgkdheknngopfhif [2017-05-07]
CHR Extension: (Baseflight - Configurator) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mppkgnedeapfejgfimkdoninnofofigk [2017-05-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: ( The scale of the universe) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ooidlchfdlimcgilcmpckfjleogaobka [2017-05-07]
CHR Extension: (Gmail) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-07]
CHR Extension: (Chrome Media Router) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25]
CHR HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jmegndhbalhkegdidohofafobbcabine] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (__MSG_appName__) - C:\Users\PC-\AppData\Roaming\Opera Software\Opera Stable\Extensions\epeomjakeffkfofnidikcpbacmfliolc [2018-04-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe [472456 2017-11-03] (AMD)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2017-10-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [218768 2016-05-25] (DTS)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-10] (EasyAntiCheat Ltd)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-26] (Paramount Software UK Ltd)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [28256 2015-09-04] (Samsung Electronics Co., Ltd.)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2016-07-24] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-04-05] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-04-05] (Seagate Technology LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-16] (Microsoft Corporation)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [326544 2012-06-04] (Sierra Wireless, Inc.)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-06] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-06] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [316120 2014-08-18] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmdag.sys [40034184 2017-11-03] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmpag.sys [536456 2017-11-03] (Advanced Micro Devices, Inc.)
U5 androidusb; C:\Windows\System32\Drivers\androidusb.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-05-08] ()
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [118960 2017-10-13] (Advanced Micro Devices)
S1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [10864 2012-04-24] (Corel Corporation)
S1 Cdr4_xp; C:\Windows\SysWow64\Drivers\Cdr4_xp.sys [64208 2003-01-13] (Roxio) [File not signed]
S1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [11376 2012-04-24] (Corel Corporation)
S1 Cdralw2k; C:\Windows\SysWow64\Drivers\Cdralw2k.sys [24839 2003-01-13] (Roxio) [File not signed]
S1 cdudf_xp; C:\Windows\SysWow64\Drivers\cdudf_xp.sys [249344 2003-01-13] (Roxio) [File not signed]
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
S3 dvd_2K; C:\Windows\SysWow64\Drivers\dvd_2K.sys [21654 2003-01-13] (Roxio) [File not signed]
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14944 2014-11-18] () [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] () [File not signed]
S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [42944 2017-05-29] (hxxp://libusb-win32.sourceforge.net)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47928 2017-01-27] (hxxp://libusb-win32.sourceforge.net)
S3 massfilter_lte; C:\WINDOWS\system32\drivers\massfilter_lte.sys [18456 2012-01-04] (HandSet Incorporated)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-04-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2018-04-03] (Malwarebytes)
S3 mmc_2K; C:\Windows\SysWow64\Drivers\mmc_2K.sys [22758 2003-01-13] (Roxio) [File not signed]
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NPF; C:\WINDOWS\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S1 pwd_2k; C:\Windows\SysWow64\Drivers\pwd_2k.sys [118422 2003-01-13] (Roxio) [File not signed]
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [271968 2015-09-04] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [110688 2015-09-04] (Samsung Electronics Co., Ltd.)
R0 SCMNdisP; C:\WINDOWS\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 swg3kser00; C:\WINDOWS\system32\DRIVERS\swg3kser00.sys [259328 2012-09-05] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\WINDOWS\System32\drivers\swiwdmbx64.sys [108800 2012-09-05] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\WINDOWS\System32\drivers\swnc8ua3.sys [300544 2012-09-05] (Sierra Wireless Inc.)
S1 UdfReadr_xp; C:\Windows\SysWow64\Drivers\UdfReadr_xp.sys [206464 2003-01-13] (Roxio) [File not signed]
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [40448 2017-04-28] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-06] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-06] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-06] (Microsoft Corporation)
S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]
S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-03 09:46 - 2018-04-03 09:47 - 000027693 _____ C:\Users\PC-\Downloads\FRST.txt
2018-04-03 09:46 - 2018-04-03 09:46 - 000000000 ____D C:\FRST
2018-04-03 09:45 - 2018-04-03 09:46 - 002403328 _____ (Farbar) C:\Users\PC-\Downloads\FRST64.exe
2018-04-03 09:40 - 2018-04-03 09:43 - 000388608 _____ (Trend Micro Inc.) C:\Users\PC-\Downloads\HijackThis.exe
2018-04-03 09:29 - 2018-04-03 09:29 - 006705178 _____ C:\Users\PC-\Downloads\mbam-chameleon-3.1.33.0 (1).zip
2018-04-03 09:29 - 2018-04-03 09:29 - 000000000 ____D C:\Users\PC-\Downloads\New Folder
2018-04-03 09:29 - 2018-04-03 09:29 - 000000000 ____D C:\Users\PC-\Downloads\cham
2018-04-03 09:20 - 2018-04-03 09:20 - 000000000 ____D C:\ProgramData\MB3Migration
2018-04-03 09:20 - 2018-04-03 09:20 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-04-03 09:18 - 2018-04-03 09:18 - 000000000 ____D C:\ProgramData\MB2Migration
2018-04-03 09:10 - 2018-04-03 09:10 - 000000000 ____D C:\Users\PC-\Downloads\mbam-chameleon-3.1.33.0
2018-04-03 09:09 - 2018-04-03 09:09 - 006705178 _____ C:\Users\PC-\Downloads\mbam-chameleon-3.1.33.0.zip
2018-04-03 01:19 - 2018-04-03 09:00 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-04-02 20:45 - 2018-04-02 20:45 - 000000258 __RSH C:\Users\PC-\ntuser.pol
2018-04-02 20:24 - 2018-04-03 09:38 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-02 20:24 - 2018-04-03 09:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-02 20:24 - 2018-04-03 09:03 - 000002101 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-02 20:24 - 2018-04-02 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-02 20:24 - 2018-04-02 20:24 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-02 20:24 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-02 20:23 - 2018-04-02 20:24 - 072135408 _____ (Malwarebytes ) C:\Users\PC-\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4576.exe
2018-04-02 20:11 - 2018-04-02 20:44 - 000000000 ____D C:\Users\PC-\AppData\Roaming\ttdyyfziyzp
2018-04-02 20:11 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\kn4epig0bfd
2018-04-02 20:11 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\bfmni1kmwjx
2018-04-02 20:03 - 2018-04-02 20:06 - 006968952 _____ (ESET spol. s r.o.) C:\Users\PC-\Downloads\esetonlinescanner_enu.exe
2018-04-02 19:55 - 2018-04-02 19:55 - 000000000 ____D C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\wxpz0gsme1e
2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\u1mv3fkt2f0
2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\njrwhwv0gz5
2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\efynkkjtu3n
2018-04-02 19:51 - 2018-04-02 20:45 - 000000000 ____D C:\ProgramData\385fb600e5
2018-04-02 19:49 - 2018-04-02 20:42 - 000000000 ____D C:\ProgramData\c93bffa3-1769-4f43-90d0-692655e2815d
2018-04-02 19:48 - 2018-04-02 20:42 - 000000000 ____D C:\ProgramData\10b45edb-3473-4b10-b57e-0ad402f4c858
2018-04-02 19:48 - 2018-04-02 19:55 - 000003634 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-04-02 19:48 - 2018-04-02 19:48 - 000000000 ____D C:\Program Files\My Program
2018-04-02 19:47 - 2018-04-02 20:39 - 000000000 ____D C:\Program Files (x86)\ProxyGate
2018-04-02 19:47 - 2018-04-02 19:54 - 000929792 _____ C:\Users\PC-\AppData\Local\sham.db
2018-04-02 19:47 - 2018-04-02 19:47 - 000140800 _____ C:\Users\PC-\AppData\Local\installer.dat
2018-04-02 19:47 - 2018-04-02 19:47 - 000000000 ____D C:\Users\PC-\AppData\Roaming\FastDataX
2018-04-02 19:46 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\vhjv50pfeb3
2018-04-02 19:45 - 2018-04-02 20:42 - 000000000 ____D C:\Program Files (x86)\astra
2018-04-02 19:44 - 2018-04-02 20:42 - 000000000 ___HD C:\Program Files (x86)\Buffo
2018-04-02 19:44 - 2018-04-02 20:42 - 000000000 ____D C:\Program Files (x86)\solidified
2018-04-02 19:44 - 2018-04-02 20:42 - 000000000 ____D C:\Program Files (x86)\chatelaine
2018-04-02 19:44 - 2018-04-02 19:44 - 000003972 _____ C:\WINDOWS\System32\Tasks\philby aides tamari
2018-04-02 19:44 - 2018-04-02 19:44 - 000003970 _____ C:\WINDOWS\System32\Tasks\leverrier_refunded
2018-04-02 19:44 - 2018-04-02 19:44 - 000003922 _____ C:\WINDOWS\System32\Tasks\incognita
2018-04-02 19:44 - 2018-04-02 19:44 - 000003844 _____ C:\WINDOWS\System32\Tasks\tsphilby aides tamariphilby aides tamari
2018-04-02 19:44 - 2018-04-02 19:44 - 000003840 _____ C:\WINDOWS\System32\Tasks\tsleverrier_refundedleverrier_refunded
2018-04-02 19:44 - 2018-04-02 19:44 - 000003774 _____ C:\WINDOWS\System32\Tasks\tsincognitaincognita
2018-04-02 19:44 - 2018-04-02 19:44 - 000000012 _____ C:\WINDOWS\b28870344
2018-04-02 19:44 - 2018-04-02 19:44 - 000000000 ___HD C:\Program Files (x86)\brust
2018-04-02 19:44 - 2018-04-02 19:44 - 000000000 ____D C:\Users\PC-\AppData\Local\AdvinstAnalytics
2018-04-02 19:44 - 2018-04-02 19:44 - 000000000 ____D C:\Program Files (x86)\Sandrock
2018-04-02 19:38 - 2018-04-03 09:05 - 000000000 ____D C:\Users\PC-\AppData\Roaming\AGData
2018-04-02 19:38 - 2018-04-03 09:05 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget
2018-04-02 19:38 - 2018-04-02 19:38 - 000194048 _____ C:\Users\PC-\AppData\Local\install.dll
2018-04-02 19:38 - 2018-04-02 19:38 - 000043520 _____ C:\Users\PC-\AppData\Local\wayout.dll
2018-04-02 19:38 - 2018-04-02 19:38 - 000003072 _____ C:\Users\PC-\AppData\Local\install_UEFIConfig.exe
2018-04-02 18:30 - 2018-04-02 18:30 - 000950803 _____ C:\Users\PC-\Desktop\What’s my favourite movie.pptx
2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ C:\WINDOWS\mouthful.exe
2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ C:\Users\PC-\AppData\Local\Erika.exe
2018-04-02 15:44 - 2018-04-02 15:44 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\Landfall West
2018-04-01 07:30 - 2018-04-01 07:30 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\NoBrakesGames
2018-03-31 21:59 - 2018-03-31 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
2018-03-31 21:59 - 2018-03-31 21:59 - 000000000 ____D C:\Program Files (x86)\DiskCheckup
2018-03-30 13:49 - 2018-03-30 13:49 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-03-21 00:20 - 2018-03-21 00:21 - 032465159 _____ C:\Users\PC-\Desktop\closed-loop-communication.wmv
2018-03-21 00:11 - 2018-03-21 01:20 - 035596460 _____ C:\Users\PC-\Desktop\ISBAR video removed.pptx
2018-03-19 00:15 - 2018-03-19 00:15 - 000000000 ____D C:\Users\PC-\AppData\Roaming\twitch-electron
2018-03-17 19:43 - 2018-03-17 19:44 - 002953376 _____ C:\Users\PC-\Downloads\ISBAR clinical governance1.potx
2018-03-11 18:49 - 2018-03-11 18:49 - 000000220 _____ C:\Users\PC-\Desktop\oliver homework todo list.txt
2018-03-10 17:48 - 2018-03-10 08:46 - 000000231 ___SH C:\Users\Public\Libraries.ini
2018-03-10 17:45 - 2018-03-10 17:45 - 000000000 ____D C:\Users\PC-\AppData\Local\NVIDIA Corporation
2018-03-10 17:44 - 2018-03-10 17:44 - 000000000 ____D C:\Users\PC-\AppData\Local\FortniteGame
2018-03-10 17:43 - 2018-03-10 17:44 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-03-10 17:43 - 2018-03-10 17:43 - 000000000 ____D C:\Users\PC-\AppData\Roaming\EasyAntiCheat
2018-03-10 12:34 - 2018-03-10 12:34 - 000000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-03-10 12:34 - 2018-03-10 12:34 - 000000000 ____D C:\Users\PC-\AppData\Local\UnrealEngineLauncher
2018-03-10 12:34 - 2018-03-10 12:34 - 000000000 ____D C:\Users\PC-\AppData\Local\EpicGamesLauncher
2018-03-10 12:33 - 2018-03-10 12:36 - 000000000 ____D C:\ProgramData\Epic
2018-03-10 12:32 - 2018-03-10 12:33 - 032256000 _____ C:\Users\PC-\Downloads\EpicInstaller-7.5.0-fortnite-69782c2860c74180b94f3bb45a917ebd.msi
2018-03-10 12:29 - 2018-03-10 12:29 - 000192512 _____ C:\Users\PC-\Desktop\rifflefrog.cld
2018-03-08 19:46 - 2018-03-08 19:46 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\VelociDrone
2018-03-08 19:22 - 2018-03-08 19:31 - 899305562 _____ C:\Users\PC-\Downloads\velocidrone-1-11-0-windows-trial.zip
2018-03-06 19:21 - 2018-03-06 19:21 - 000701863 _____ C:\Users\PC-\Downloads\betaflight_3.3.0_SPRACINGF3.hex
2018-03-06 19:17 - 2018-03-06 19:17 - 000032463 _____ C:\Users\PC-\Downloads\eachine 010.json
2018-03-06 19:17 - 2018-03-06 19:17 - 000032463 _____ C:\Users\PC-\Downloads\BTFL_backup_20180306_201734.json
2018-03-06 19:17 - 2018-03-06 19:17 - 000032454 _____ C:\Users\PC-\Downloads\BTFL_backup_20180306_201740.json
2018-03-06 07:33 - 2018-03-06 07:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-05 18:41 - 2018-03-08 14:53 - 000000000 ____D C:\Users\PC-\Desktop\Car CD
2018-03-05 17:57 - 2018-03-05 17:57 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\Denki
2018-03-05 17:54 - 2018-03-05 17:55 - 038289665 _____ C:\Users\PC-\Downloads\Autonauts_Version_21.2_Windows x64.zip
2018-03-05 06:59 - 2018-03-05 06:59 - 000812622 _____ C:\Users\PC-\Downloads\Statement20180302.pdf
2018-03-04 11:58 - 2018-03-15 15:58 - 000000000 ____D C:\Users\PC-\Desktop\Oliver's Homework

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-03 09:44 - 2016-10-01 23:43 - 003803466 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-03 09:37 - 2016-10-01 23:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-03 09:36 - 2016-12-12 23:05 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-04-03 09:36 - 2016-07-16 16:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-04-03 09:08 - 2017-03-01 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-04-03 09:08 - 2017-03-01 19:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-03 09:07 - 2016-07-16 21:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-03 08:21 - 2016-12-20 19:19 - 000000000 ____D C:\Users\PC-\AppData\Local\Adobe
2018-04-03 07:41 - 2015-12-03 23:45 - 000006680 __RSH C:\ProgramData\ntuser.pol
2018-04-03 07:35 - 2016-10-01 23:43 - 000000000 ____D C:\Users\PC-
2018-04-03 06:51 - 2016-07-16 21:47 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-03 06:51 - 2016-07-16 21:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-03 06:37 - 2016-10-01 23:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-03 00:17 - 2016-10-01 23:53 - 000003280 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3B04C3FB-2427-4C20-9023-0F335CF12761}
2018-04-02 20:49 - 2016-07-08 21:32 - 000000000 ____D C:\Users\PC-\AppData\Local\ESET
2018-04-02 20:44 - 2015-08-04 18:44 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-02 20:43 - 2017-06-06 07:07 - 000002336 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2018-04-02 20:43 - 2015-08-04 01:58 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-02 20:42 - 2016-07-16 16:04 - 000000000 ____D C:\Program Files\MB Registracting System
2018-04-02 20:20 - 2018-01-06 18:05 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\Mozilla
2018-04-02 20:10 - 2015-08-08 20:07 - 000000000 ____D C:\Users\PC-\AppData\Roaming\uTorrent
2018-04-02 19:53 - 2016-07-16 21:47 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-04-02 19:53 - 2016-05-23 19:47 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2018-04-02 19:50 - 2013-08-23 01:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-04-02 19:44 - 2018-01-27 15:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-04-02 18:30 - 2015-08-19 18:43 - 001142272 ___SH C:\Users\PC-\Desktop\Thumbs.db
2018-04-02 17:01 - 2018-02-25 13:37 - 000000000 ____D C:\Users\PC-\Desktop\Oliver's games
2018-04-02 15:42 - 2017-11-13 05:53 - 000000000 ____D C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-03-31 21:55 - 2017-06-30 07:31 - 000001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2018-03-31 21:55 - 2016-12-09 14:42 - 000003944 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1481258520
2018-03-31 21:55 - 2016-12-09 14:41 - 000000000 ____D C:\Program Files (x86)\Opera
2018-03-31 13:43 - 2015-08-04 19:18 - 000000000 ____D C:\Users\PC-\AppData\Roaming\.minecraft
2018-03-29 05:55 - 2017-01-16 14:22 - 000000000 ____D C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-03-26 07:10 - 2017-01-16 14:22 - 000000000 ____D C:\Users\PC-\AppData\Local\Roblox
2018-03-21 00:12 - 2015-08-02 22:58 - 000000000 ____D C:\Users\PC-\AppData\Local\Packages
2018-03-19 00:16 - 2018-02-24 17:07 - 000000000 ____D C:\Users\PC-\AppData\Roaming\Twitch
2018-03-12 20:51 - 2018-01-21 18:24 - 000000000 ____D C:\Users\PC-\Desktop\Daddy's Games
2018-03-10 17:44 - 2017-09-03 01:34 - 000000000 ____D C:\Users\PC-\AppData\Local\UnrealEngine
2018-03-10 14:52 - 2017-12-19 17:06 - 000000000 ____D C:\Users\PC-\AppData\Roaming\.pokepack 2
2018-03-10 12:36 - 2016-10-01 23:42 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-10 12:26 - 2016-07-16 21:47 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-03-10 10:40 - 2015-08-10 07:46 - 000000000 ____D C:\Users\PC-\AppData\Local\ElevatedDiagnostics
2018-03-06 21:35 - 2017-01-12 23:51 - 000000000 ____D C:\Users\PC-\AppData\Roaming\vlc
2018-03-06 07:43 - 2016-07-16 21:47 - 000000000 ___RD C:\Program Files\Windows Defender
2018-03-04 21:10 - 2017-07-12 14:07 - 000000000 ____D C:\Users\PC-\AppData\Roaming\dvdcss
2018-03-04 12:01 - 2018-03-03 23:22 - 000000000 ____D C:\Users\PC-\Documents\l10

==================== Files in the root of some directories =======

2016-04-03 23:17 - 2016-04-03 23:18 - 000004608 _____ () C:\Users\PC-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ () C:\Users\PC-\AppData\Local\Erika.exe
2018-04-02 19:38 - 2018-04-02 19:38 - 000194048 _____ () C:\Users\PC-\AppData\Local\install.dll
2018-04-02 19:47 - 2018-04-02 19:47 - 000140800 _____ () C:\Users\PC-\AppData\Local\installer.dat
2018-04-02 19:38 - 2018-04-02 19:38 - 000003072 _____ () C:\Users\PC-\AppData\Local\install_UEFIConfig.exe
2018-01-29 12:48 - 2018-01-29 12:48 - 000000017 _____ () C:\Users\PC-\AppData\Local\resmon.resmoncfg
2018-04-02 19:47 - 2018-04-02 19:54 - 000929792 _____ () C:\Users\PC-\AppData\Local\sham.db
2018-04-02 19:38 - 2018-04-02 19:38 - 000043520 _____ () C:\Users\PC-\AppData\Local\wayout.dll

Some files in TEMP:
====================
2017-08-16 23:34 - 2017-08-16 23:34 - 001177480 _____ () C:\Users\PC-\AppData\Local\Temp\AMDCleanupUtility.exe
2017-08-16 23:34 - 2017-08-16 23:34 - 000250248 _____ () C:\Users\PC-\AppData\Local\Temp\Cleanup.dll
2017-08-16 23:34 - 2017-08-16 23:34 - 000065536 _____ (Windows (R) Server 2003 DDK provider) C:\Users\PC-\AppData\Local\Temp\ddu.exe
2018-04-02 19:36 - 2018-04-02 19:36 - 001793310 _____ () C:\Users\PC-\AppData\Local\Temp\gimi.exe
2018-04-02 19:37 - 2018-04-02 19:37 - 004335290 _____ () C:\Users\PC-\AppData\Local\Temp\insifucan.exe
2017-11-19 18:38 - 2017-11-19 18:38 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1154735672996083300.dll
2017-11-19 20:18 - 2017-11-19 20:18 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1464764265914328830.dll
2017-11-13 21:09 - 2017-11-13 21:09 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1547810544809404639.dll
2017-11-19 19:30 - 2017-11-19 19:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1593254549717263245.dll
2017-11-19 18:55 - 2017-11-19 18:55 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1690539436159311693.dll
2018-03-04 06:30 - 2018-03-04 06:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-2482033594460382393.dll
2017-11-19 18:54 - 2017-11-19 18:54 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-2687753416721811457.dll
2017-11-19 19:30 - 2017-11-19 19:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-2932195214392308003.dll
2018-02-24 19:13 - 2018-02-24 19:13 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3044242924852044250.dll
2018-02-24 19:07 - 2018-02-24 19:07 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3065947850748833017.dll
2018-02-25 06:11 - 2018-02-25 06:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3090400866220708828.dll
2018-02-24 19:01 - 2018-02-24 19:01 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-331796050798688962.dll
2017-11-19 19:05 - 2017-11-19 19:05 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3333956312288007370.dll
2017-11-19 19:29 - 2017-11-19 19:29 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3338430850092768373.dll
2017-11-20 07:10 - 2017-11-20 07:10 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3436539544659961381.dll
2017-11-20 07:10 - 2017-11-20 07:10 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3817856707412600517.dll
2017-11-19 19:05 - 2017-11-19 19:05 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3843902266096510911.dll
2017-11-19 18:40 - 2017-11-19 18:40 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4250398577020638135.dll
2017-11-13 21:07 - 2017-11-13 21:07 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4524701280499665543.dll
2017-11-19 19:29 - 2017-11-19 19:29 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4688029176823173488.dll
2017-11-19 19:59 - 2017-11-19 19:59 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4709186475147128148.dll
2017-11-13 21:14 - 2017-11-13 21:14 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4875606554627998226.dll
2017-11-19 19:56 - 2017-11-19 19:56 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4932998981811555426.dll
2017-11-20 07:41 - 2017-11-20 07:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-50399607490293459.dll
2017-11-19 19:59 - 2017-11-19 19:59 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5123425577962716081.dll
2017-11-19 18:43 - 2017-11-19 18:43 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5249782763613723897.dll
2017-11-19 19:11 - 2017-11-19 19:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5358125278879503070.dll
2017-11-19 18:53 - 2017-11-19 18:53 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5574364129756514307.dll
2017-11-20 07:11 - 2017-11-20 07:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5828237950329362504.dll
2017-11-19 19:56 - 2017-11-19 19:56 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6122521847273254708.dll
2017-11-19 18:41 - 2017-11-19 18:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6181910552863925402.dll
2017-11-19 20:04 - 2017-11-19 20:04 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6286899380746404139.dll
2017-11-19 18:54 - 2017-11-19 18:54 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6515514210684840360.dll
2017-11-19 18:53 - 2017-11-19 18:53 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6716366613263652999.dll
2017-11-19 18:41 - 2017-11-19 18:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6800111260289939343.dll
2017-11-19 20:18 - 2017-11-19 20:18 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6951282655468735342.dll
2017-11-19 20:06 - 2017-11-19 20:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7115100588086859338.dll
2017-11-19 19:11 - 2017-11-19 19:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7208374827041395840.dll
2017-11-19 18:55 - 2017-11-19 18:55 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7254346936848756846.dll
2017-11-13 21:04 - 2017-11-13 21:04 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7401461684807603174.dll
2017-11-19 20:04 - 2017-11-19 20:04 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7941934255482740537.dll
2018-02-25 09:23 - 2018-02-25 09:23 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8132190790898914066.dll
2017-11-19 18:38 - 2017-11-19 18:38 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8223865945422888254.dll
2017-11-17 14:30 - 2017-11-17 14:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8362638309452189810.dll
2017-11-19 19:06 - 2017-11-19 19:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8509283534852200759.dll
2017-11-19 19:06 - 2017-11-19 19:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8615231387327955072.dll
2018-02-25 13:39 - 2018-02-25 13:39 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8756203341855063304.dll
2017-11-13 21:03 - 2017-11-13 21:03 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8998844724991135980.dll
2017-11-20 07:41 - 2017-11-20 07:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-9217592599316072740.dll
2018-04-02 19:52 - 2018-04-02 19:52 - 000719872 _____ () C:\Users\PC-\AppData\Local\Temp\movari.exe
2017-08-16 23:34 - 2017-08-16 23:34 - 000516096 _____ (Microsoft Corporation) C:\Users\PC-\AppData\Local\Temp\msvcm80.dll
2017-08-16 23:34 - 2017-08-16 23:34 - 001061376 _____ (Microsoft Corporation) C:\Users\PC-\AppData\Local\Temp\msvcp80.dll
2017-08-16 23:34 - 2017-08-16 23:34 - 000796672 _____ (Microsoft Corporation) C:\Users\PC-\AppData\Local\Temp\msvcr80.dll
2018-04-03 09:05 - 2018-04-02 19:38 - 000013824 _____ () C:\Users\PC-\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-26 07:02

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by PC-Home (03-04-2018 09:47:52)
Running from C:\Users\PC-\Downloads
Windows 10 Pro Version 1607 14393.1198 (X64) (2016-10-01 13:54:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-1802162536-2727602968-3184661257-1009 - Limited - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1802162536-2727602968-3184661257-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1802162536-2727602968-3184661257-503 - Limited - Disabled)
Guest (S-1-5-21-1802162536-2727602968-3184661257-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1802162536-2727602968-3184661257-1005 - Limited - Enabled)
PC-Home (S-1-5-21-1802162536-2727602968-3184661257-1001 - Administrator - Enabled) => C:\Users\PC-
quirk (S-1-5-21-1802162536-2727602968-3184661257-1010 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 15 (HKLM-x32\...\{FD45A9C9-02BE-4E62-8629-78DF29A10FF5}) (Version: 15.0 - Adobe Systems Incorporated)
AIDA64 Extreme v5.50 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.50 - FinalWire Ltd.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation)
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.1 - Arduino LLC)
AUSkey (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\AUSkey) (Version: 1.1.0 - Australian Taxation Office)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.12.160304 - )
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Borderlands - The Pre-Sequel (HKLM-x32\...\Borderlands - The Pre-Sequel_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: 1.8.4 - 2K Games)
Borderlands 2 GOTY version 1.8.2.0 (HKLM-x32\...\Borderlands 2 GOTY_is1) (Version: 1.8.2.0 - Mr DJ)
Call of Duty 4 - Modern Warfare (HKLM-x32\...\Call of Duty 4 - Modern Warfare_is1) (Version:  - )
Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version: v.1.18.1281374.0 - Decepticon)
Call of Duty Ghosts (HKLM-x32\...\Q2FsbG9mRHV0eUdob3N0cw==_is1) (Version: 1 - )
Call Of Duty World At War version 1.7.1263.0 (HKLM-x32\...\Call Of Duty World At War_is1) (Version: 1.7.1263.0 - Mr DJ)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty: Black Ops III (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - )
Call of Duty: Infinite Warfare (HKLM\...\Y2FsbG9mZHV0eWluZmluaXRld2FyZmFyZQ_is1) (Version: 1 - )
Call of Duty®: Black Ops 2 (HKLM-x32\...\Call of Duty®: Black Ops 2_is1) (Version: 1.0.5 - R.G. Revenants)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{15979E65-792E-474B-BC5D-42257709D4D9}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{D6ACA0E4-2488-AE52-E73D-24DB98F9AD65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B8C421E8-BDF9-F598-832C-659A513F79EB}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{DD3A9C85-51E9-854D-EB9B-F0AE8E5B2F7C}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A00A5425-8899-055A-404C-8F96C2EC647F}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{CB71E054-00CF-182D-6C78-F9D85D10B7BA}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{30B97DD0-3646-AD22-2E77-3792B11BB5E6}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{8342F234-A97E-D691-3C01-F060CB7DA175}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{CD47D86C-737D-4818-F059-CF8A53F37B76}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DB0E2806-DE62-D60E-9BD9-E3A89FB2A5A8}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{D4EF1657-8835-A5AE-DBA0-658EF2869048}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED71C4B4-4C00-F7C9-9151-60411373DC35}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{28FFCD28-01FF-9792-B1A9-B944D44FB37D}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{DAEF66AB-6EA7-B0A8-96FB-243A2F33B8B2}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{3DBC48E0-7DE6-295B-448E-5F53D1491AC3}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{CAF3DAD2-A7E8-5472-F8E3-D71E92B7FA65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E7666716-625F-9E54-ECB3-39CC3C7FFB14}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{30A5B188-80AB-2CF5-22D8-8E20D66907D4}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A38C8B57-D3E6-5748-F2D3-FDC383D1203A}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{1CD84FD4-26F3-08FC-32F5-17DA9E8A4ED7}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
CD-LabelPrint Packages (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\CD-LabelPrint Packages) (Version:  - ) <==== ATTENTION
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
CPUID CPU-Z 1.80 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.32 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.32 - )
CrystalDiskInfo 7.1.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.1.0 - Crystal Dew World)
CutList Plus Express (HKLM-x32\...\{13B966CF-C74E-4AAE-A6EE-29F3C9C92B27}) (Version: 1.1.10 - Bridgewood Design)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DB Browser for SQLite (HKLM-x32\...\DB Browser for SQLite) (Version: 3.9.1 - DB Browser for SQLite Team)
DiskCheckup v3.4 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.4.1003 - PassMark Software)
DJI driver version 2.02 (HKLM-x32\...\{EDFDE5EE-84C7-4936-804C-6563943E5754}_is1) (Version: 2.02 - DJI)
DJI Phantom 2 Vision Assistant version 3.8 (HKLM-x32\...\{EDCE7221-F31F-407A-B348-30D011ED3126}_is1) (Version: 3.8 - DJI)
Dotfuscator and Analytics Community Edition 5.19.1 (HKLM-x32\...\{2A7F99F6-88A4-4B44-B350-41C0B147A39C}) (Version: 5.19.1.3091 - PreEmptive Solutions) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
e5 Secure Download Manager (HKLM-x32\...\{7C4C779B-C315-4730-A7D2-E2DD138CBAE6}) (Version: 3.2.259.0 - Kivuto Solutions Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Easy CD & DVD Creator 6 (HKLM-x32\...\{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}) (Version: 6.0.0.171 - Roxio Inc.,)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Epic Games Launcher (HKLM-x32\...\{CA3B6D8B-2437-4C7C-84A3-97AF21EDBE20}) (Version: 1.1.144.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EPUB to MOBI (HKLM-x32\...\{C65AA5AE-8B80-46B6-ADFC-BBF1EFF2AD98}_is1) (Version:  - epubtomobi.com)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 6.18 - NCH Software)
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
GIGABYTE VGA @BIOS (HKLM-x32\...\{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}) (Version: 6.80 - GIGABYTE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
IKEA Home Planner (HKLM-x32\...\{B3276CB1-20B6-4AF9-AAEC-E72C83816495}) (Version: 2.0.3 - IKEA IT)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Macrium Reflect Free Edition (HKLM\...\{6085136C-5E0B-4516-BA48-2B909062778A}) (Version: 6.3.1835 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Micro-Measure (HKLM-x32\...\{75E1D518-6772-4073-A71C-354B71181391}) (Version: 1.0.0 - Brightwell)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 2 (HKLM-x32\...\{04fa3a35-1f49-4510-8051-819cdc1e6e01}) (Version: 14.0.25123.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minimal ADB and Fastboot version 1.3.1 (HKLM-x32\...\{26AC9666-A2C6-4D33-8370-A50F50F277C4}_is1) (Version: 1.3.1 - Sam Rodberg)
Mission Planner (HKLM-x32\...\{BCB89166-2874-4BBA-9249-22E658D46B96}) (Version: 1.3.34 - Michael Oborne)
Mobile Broadband Manager (HKLM-x32\...\{86077E92-2879-489B-9EB0-6957311B98A2}) (Version: 3.15.20905 - Telstra) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Firefox 58.0 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0 (x64 en-US)) (Version: 58.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{13FE8B50-B340-4FDA-BB6E-AA1F5FAB8205}) (Version: 14.0.25123 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.5 - NETGEAR)
NVIDIA PhysX (HKLM-x32\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation)
OpenTX Companion 2.2 (HKLM-x32\...\OpenTX Companion 2.2) (Version:  - OpenTX)
Opera Stable 52.0.2871.40 (HKLM-x32\...\Opera 52.0.2871.40) (Version: 52.0.2871.40 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.9.1.62656 - Electronic Arts, Inc.)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1037.0 - Passmark Software)
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
ProShow Gold (HKLM-x32\...\ProShow Gold) (Version:  - Photodex Corporation)
ProShow Gold version 8.0 (HKLM-x32\...\{DD0D5CC9-203C-4702-A196-74A9A8F2D2AD}_is1) (Version: 8.0 - Photodex)
Race Driver 3 (HKLM-x32\...\{0297C87B-CC40-446F-865A-031B4FC0CF22}) (Version: 1.00.0000 - Codemasters)
RAPID Mode (HKLM\...\{18DF567E-AA9B-434D-BE77-BFE2292712F6}) (Version: 1.0.1.96 - Samsung Electronics Co., Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 - Realtek Semiconductor Corp.)
Roblox Player for PC-Home (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Studio for PC-Home (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - Roblox Corporation)
Robot Updater Setup (HKLM-x32\...\{FD765C6E-0FC8-4432-A3DA-579D2734BCF8}) (Version: 1.28.5000 - Spinmaster)
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{96139D17-D4D8-3BE1-883A-F0201E15B84E}) (Version: 14.0.25130 - Microsoft Corporation) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.9.7 - Samsung Electronics)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.1902.0 - Seagate)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Snake Pass (HKLM-x32\...\Snake Pass_is1) (Version:  - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.4.28745 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 Update 2 (HKLM-x32\...\{7932CD6F-86D3-3EE4-8A02-B954404D1FFC}) (Version: 14.95.25118 - Microsoft) Hidden
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Telstra Mobile Broadband Manager (HKLM-x32\...\Mobile Broadband Manager) (Version: 3.15.20905 - Telstra)
TerraTech (HKLM-x32\...\1448625945_is1) (Version: 2.8.0.10 - GOG.com)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
TransMac version 11.2 (HKLM-x32\...\TransMac_is1) (Version: 11.2 - Acute Systems)
Twitch (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
TypeScript Power Tool (HKLM-x32\...\{60890089-588B-4362-B9C5-A9C11D6E5DD1}) (Version: 1.8.9.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{4AC64C61-A7EC-4E4E-8F28-F57EB3430334}) (Version: 1.8.31.0 - Microsoft Corporation) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.3.5f1 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (HKLM-x32\...\{6A878817-D626-305A-BE8D-94C93F70E27A}) (Version: 14.0.25123 - Microsoft Corporation) Hidden
vs_update2notification (HKLM-x32\...\{D4A78CC3-D7A0-345F-AB7D-9DA828558E4F}) (Version: 14.0.25130 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - 3D Robotics (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\75690F2C86F7BE1E9F51D6D0CC84D4D7C203E6B5) (Version: 01/01/2015 2.0.0.9 - 3D Robotics)
Windows Driver Package - 3D Robotics (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\E5BE0983C0C60432B42B39114C40C1931CE1AE00) (Version: 01/01/2015 2.0.0.9 - 3D Robotics)
Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\86FE9521DE7ABE24A00FABF1A36DFEA326A2B95B) (Version: 01/01/2015 2.0.0.9 - Arduino LLC (www.arduino.cc))
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - libusbK USBasp (04/28/2014 3.0.7.0) (HKLM\...\10E53F572A88913B4A453B98665A2C793D4F5527) (Version: 04/28/2014 3.0.7.0 - libusbK)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wolfenstein The Old Blood (HKLM-x32\...\Wolfenstein The Old Blood_is1) (Version:  - )
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
ZTE LTE Device USB Driver (HKLM\...\{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}) (Version:  - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncApi64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-05] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-15] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-15] (Elaborate Bytes AG)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-05] (Igor Pavlov)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-11-02] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-05] (Igor Pavlov)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1802162536-2727602968-3184661257-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers4_S-1-5-21-1802162536-2727602968-3184661257-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers5_S-1-5-21-1802162536-2727602968-3184661257-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03876411-2295-4097-9937-80AD4B349913} - System32\Tasks\{60F23C96-1CCF-4312-83F5-8A1C1FCD3AE7} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\ -c -auto
Task: {03CC38D3-A11E-44AF-B22A-B6DA388D0D52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation)
Task: {03FB0589-466F-4A4C-979F-CF1A32893383} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {064DCBB1-D3D1-4646-8DC7-1A25F20C452D} - System32\Tasks\{E7E0B43D-773F-41C6-B9F1-424FB1672ABC} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\
Task: {066EF6EC-A46D-4F6F-864E-D0C2BB513739} - System32\Tasks\{632FAEB9-90A2-413B-BBA5-0680A6B94A61} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\
Task: {0B99E979-37E7-490B-ADF4-74D493695D09} - System32\Tasks\tsleverrier_refundedleverrier_refunded => C:\Program Files (x86)\Buffo\Erika.exe [2018-04-02] ()
Task: {104D18DC-0380-4D1B-AA15-497A3DE17EDC} - System32\Tasks\tsincognitaincognita => C:\Program Files (x86)\Sandrock\Erika.exe [2018-04-02] ()
Task: {123AEDAD-DA29-4B70-AABB-D66953551857} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation)
Task: {1489D83A-8A03-4C2C-B30C-99B3F6169DCC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {16CE6728-168C-4530-9966-85B5F75B5472} - System32\Tasks\incognita => C:\Program Files (x86)\Sandrock\Erika.exe [2018-04-02] ()
Task: {1899AA56-C1DE-4BA7-9897-6BACF21CAD8A} - System32\Tasks\{BA42BC49-61A4-4B7C-8D7A-36909E2CD696} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {43115EA7-B074-42EE-96EC-1E77F1695F6C} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2016-05-13] (Samsung Electronics.)
Task: {44D47007-D187-4979-A5A8-7AC193EA9222} - System32\Tasks\{CFBC9378-0557-4F66-8C9E-0F6B926DE1BA} => C:\WINDOWS\system32\pcalua.exe -a "E:\downloads\USB microscope1\USB microscope1.5\Driver\setup.exe" -d "E:\downloads\USB microscope1\USB microscope1.5\Driver"
Task: {45221D7A-8EF7-44D3-AE98-6C24EA43DD07} - System32\Tasks\PC-Home => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-04-05] (Seagate Technology LLC)
Task: {4559514F-9C2F-4D2B-9C8E-7F49A157645D} - System32\Tasks\leverrier_refunded => C:\Program Files (x86)\Buffo\Erika.exe [2018-04-02] ()
Task: {46BE5CA5-1B4C-41FE-A48A-61F56BEB71FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1802162536-2727602968-3184661257-1001UA => C:\Users\PC-\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-11] (Google Inc.)
Task: {48BE282B-6AFB-4E18-A640-184F909219BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4ADEE42D-E335-4065-B135-CB469476645E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation)
Task: {4B725489-ADBA-405A-8715-E6291ECB75A1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4E5D00AE-65F8-41C9-9336-B26012F3B554} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4E6BD295-B4EB-446B-890D-07C0033EA996} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {534255CB-7C62-4443-B9EB-76EDDD684686} - System32\Tasks\AdobeGCInvoker-1.0-PC-PC-Home => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {58C01240-498D-4E41-8E09-043FBFCD2E47} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {5B598026-0B08-43B7-B800-6C49AA52D651} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {6B4350AB-F483-4C65-AB55-CBF93276D738} - System32\Tasks\Opera scheduled Autoupdate 1481258520 => C:\Program Files (x86)\Opera\launcher.exe [2018-03-28] (Opera Software)
Task: {6F9A3CFC-C5B5-4C89-B22E-130841AE946D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-04] (Piriform Ltd)
Task: {726BE6BF-CDBE-4E22-A33B-25F0719EDC08} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {78BC313D-5ADD-4198-9280-3F74F11E2134} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {800090B0-9ABB-4B28-A610-AA4DA7DF9E46} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation)
Task: {8443B11D-A8CC-40CA-8121-88B766F73928} - System32\Tasks\PC-Home Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-04-05] (Seagate Technology LLC)
Task: {9A2F3A4C-0C54-46EB-9029-0BA502C02BE1} - System32\Tasks\AdobeAAMUpdater-1.0-PC-PC-Home => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {A167D538-F3FC-4F4A-B148-E5673ACA1ACD} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-11-02] (Advanced Micro Devices, Inc.)
Task: {A71185F0-C844-406F-9618-4910108EBF96} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B64D8650-B24A-4ECF-A35A-9EA51FC91D19} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-03-22] (Microsoft Corporation)
Task: {B7FD0870-62F9-4504-86AA-4D50F6176F93} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1802162536-2727602968-3184661257-1001Core => C:\Users\PC-\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-11] (Google Inc.)
Task: {B999CA04-D675-4CA7-AED7-AD862376457A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CAAD45F9-0CBD-4494-A6E5-A2116946CF67} - System32\Tasks\{ABF7A772-ED4E-43B9-82C3-1BCF34F34EDB} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\ -c -auto
Task: {CC026503-5BA5-49CC-AD85-8FC3AF907B7E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {D7CF03C9-8FE1-4FA8-8610-1D5D5484A9EC} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-04-05] (Seagate Technology LLC)
Task: {DE510B07-A25B-40A6-8307-2906E0B7FE5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {EDCB60C2-C743-4761-8D49-ADE66D621A65} - System32\Tasks\philby aides tamari => C:\Users\PC-\AppData\Local\Erika.exe [2018-04-02] ()
Task: {F59B4BD9-AC87-474B-86ED-57A1931D0CA4} - \WPD\SqmUpload_S-1-5-21-1802162536-2727602968-3184661257-1001 -> No File <==== ATTENTION
Task: {F706E402-E307-4296-87AE-03C105BDFCCB} - System32\Tasks\PC-Home DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2016-04-05] (Seagate Technology LLC)
Task: {F7FE89D1-DF16-40BD-B238-0DBFB0EC9FC6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FA2F2247-B1B6-439A-AE21-FA1D80252532} - System32\Tasks\tsphilby aides tamariphilby aides tamari => C:\Users\PC-\AppData\Local\Erika.exe [2018-04-02] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\PC-\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut (2).lnk -> C:\Survival___\start.bat ()
Shortcut: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut.lnk -> C:\Oliver's server\start.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 21:42 - 2016-07-16 21:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-11 02:33 - 2017-04-28 10:49 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-28 07:34 - 2017-10-28 07:34 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2017-10-28 07:34 - 2014-04-24 14:29 - 001360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2017-01-09 20:13 - 2016-07-24 14:13 - 000186760 _____ () C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 000166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-12-06 00:23 - 2014-08-18 16:50 - 000316120 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2017-07-25 11:25 - 2017-07-25 11:25 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-25 11:25 - 2017-07-25 11:25 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-10-02 09:36 - 2016-10-02 09:36 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 06:32 - 2017-03-04 16:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 06:32 - 2017-03-04 16:12 - 009760768 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 06:32 - 2017-03-04 16:05 - 001401856 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 06:32 - 2017-03-04 16:05 - 000757248 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-11 02:33 - 2017-04-28 09:36 - 001033216 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-05-11 02:33 - 2017-04-28 09:36 - 002424320 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-11 02:33 - 2017-04-28 09:37 - 004853760 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2018-04-03 09:37 - 2018-04-03 09:37 - 001191200 _____ () C:\Users\PC-\AppData\Local\Temp\is-D9V37.tmp\mbam-setup.tmp
2016-06-07 22:02 - 2014-03-11 15:15 - 000069632 _____ () C:\Program Files (x86)\GLPCCamera\monitorpad.exe
2018-04-02 16:16 - 2018-04-02 16:16 - 000066837 _____ () C:\Program Files (x86)\brust\nonfunctioning.exe
2018-03-23 14:23 - 2018-03-20 16:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll
2018-03-23 14:23 - 2018-03-20 16:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll
2017-10-28 07:34 - 2015-05-08 14:26 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2015-12-06 00:23 - 2015-03-05 17:22 - 000380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2018-01-17 21:12 - 2016-05-13 00:35 - 000021600 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2018-04-02 19:38 - 2018-04-02 19:38 - 000043520 _____ () C:\Users\PC-\AppData\Local\wayout.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-02 19:44 - 2018-04-02 20:42 - 000000569 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "BigPondWirelessBroadbandCM"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKLM\...\StartupApproved\Run32: => "RoxAssistant"
HKLM\...\StartupApproved\Run32: => "RoxioDragToDisc"
HKLM\...\StartupApproved\Run32: => "RoxioAudioCentral"
HKLM\...\StartupApproved\Run32: => "RoxioEngineUtility"
HKLM\...\StartupApproved\Run32: => "LWS"
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "Google Photos Backup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{2BF510E9-F50A-4512-9441-F89CEBB63267}E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe] => (Block) E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe
FirewallRules: [TCP Query User{BE4D19C5-6BBE-42A2-9F5A-9B2FE772906E}E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe] => (Block) E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe
FirewallRules: [UDP Query User{92E8F8D7-0DA3-43B2-BF9A-1C21F5F9A6EE}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [TCP Query User{73148BB7-E9DD-4E8D-A29A-90DB877C3F68}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{A7C984B1-0D0B-4CC2-A72E-0A0BFED725E7}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{90FEE90F-243B-4F96-AD1F-BAE29B214AE7}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{BB6E3ADC-5E0D-4A3C-A489-492D22BA64C6}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{3926B879-8904-4EC7-B3AF-3BBC533FC2F8}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{1B090A48-6C97-474F-99C2-30D0A24131A6}] => (Allow) LPort=8888
FirewallRules: [UDP Query User{8FA93161-0D92-462F-B047-BC229705B491}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{BC257035-5BF2-47D1-BBEF-BB4BCA38F56A}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{EFBABF91-DED5-415B-B20C-9DCC3E20C4F4}] => (Allow) LPort=8888
FirewallRules: [UDP Query User{9C51F00D-4721-498C-A5AE-738C3E04001A}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [TCP Query User{9780C0B0-CD57-4C7B-BA65-40D1C1F2305A}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [UDP Query User{D99AF1D4-4777-4C58-ADBE-94529B2900DF}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{C6E9F2F0-485A-4F53-B9FE-2806E3A9D888}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [{E3953CDB-8714-4CCA-8FF9-4856721611A8}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [UDP Query User{AC0DCBD5-0E14-4A7B-977A-35476D48963B}C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{C32393A0-A223-4850-BFC6-94A591887545}C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{C7A0EF56-0347-44A1-A21A-4921848FE44F}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{6628366B-CBA0-46D6-9597-D30CDC40E70D}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{8E94AFC5-348B-4405-B0A1-5985E1A1CAF1}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{B24A2852-0819-471C-A961-1E74336F8DF6}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{16C8B196-82F0-49D3-992D-6102250363ED}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [TCP Query User{0C1CD70E-6ED1-4B3E-A3FE-690E03AFB992}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [UDP Query User{66EEF8D3-EA29-4D90-B0E3-F8283584D0A0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{963D3C7C-560A-42E5-AFD1-860F932C2F13}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7768489A-E32A-4566-8C7D-49BFEDBDE7DF}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe
FirewallRules: [TCP Query User{0D6A77AD-0F2D-4571-99FF-9B3BD7094D87}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe
FirewallRules: [{EB1150CE-A4CC-4C75-AFDD-0C986C1E4714}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{16753DCB-EDD9-4270-96E7-271221941CCA}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [UDP Query User{BE1BEDF2-B4AD-4E45-A855-D33D47192A68}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe
FirewallRules: [TCP Query User{BEE80F26-6232-4EE1-B92A-5217A0551BAF}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe
FirewallRules: [{C69DA563-BEA5-4FCD-99A4-C175F25FD5A4}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{5FCF9FA6-D88A-49C6-A0D1-8133EBBD1CB5}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{158B90D7-8CE3-4969-BAA4-040076465F9D}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F0725DDB-0AC9-455D-AE0B-5D830527ADE3}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E1CEEC3D-0816-42C6-8B31-E3E0010E7138}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3ABB99E6-4188-4646-B066-7E2F6E338156}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0A916694-C4D0-4D7B-A358-E14C83CEDE4E}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7F8A3E06-AA8A-4DC6-BD99-F05EECA4E3B1}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{74D27CA9-DE1A-4F21-98DB-128BD423B6F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{F67D41CD-1C93-4CA2-8047-9D849F3E8F4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{13054606-B407-4EC6-8F4E-0194F2389552}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2C2C7571-C281-45F7-A9BD-EB4A03EB44EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DA75EF4D-20F9-4746-B382-A91749DEF5DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DE611DA3-352B-4341-A8D8-16EF87D4056B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{28085ACE-FA2A-4EDA-ACEE-353B95FFFDBD}C:\program files (x86)\valve\portal 2\portal2.exe] => (Block) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{2401BB92-8476-41C8-B1B3-03E8F07A6FE9}C:\program files (x86)\valve\portal 2\portal2.exe] => (Block) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [TCP Query User{5EF17B59-D6F6-4D5B-B658-465D7040C6D0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{791ADA7B-DB09-46D7-A933-848C2F59F482}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{9572CFC9-B835-4BC9-A8DE-7ECCE25FB8CD}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{6C2CF78B-DA2B-49B4-8619-D80EF02494A2}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [{EBCC6B8F-5650-4AFD-B781-175C41101F96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0BE32DE6-7A07-4966-B0F6-2E23E1D627C9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{913AB778-9BEC-4838-BC9F-23323A2ABD53}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [UDP Query User{626F82E4-F4FA-4A80-B26E-FAFA4F65DCCD}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [TCP Query User{50D2FA59-4CE7-4F77-BD08-98CC92A56833}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe
FirewallRules: [UDP Query User{59127E00-3157-4D28-ADD2-E26B4254A1CD}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe
FirewallRules: [{24056517-7F6C-478C-A904-033FA4ADC62A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3F589188-EA62-4FEB-A859-4226C3CBCEF6}] => (Allow) LPort=2869
FirewallRules: [{E6421478-EB5D-409D-8893-7CD08E0D8F16}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{B372935E-B9D6-41E9-A618-ED116A78CC2E}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe
FirewallRules: [UDP Query User{30229F32-179E-4886-9AC0-2CC0503AAAE2}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe
FirewallRules: [TCP Query User{E43B7B7D-1ABE-4AA3-B051-600CEBD0F6F6}E:\games\black ops 2\call of duty - black ops 2\t6sp.exe] => (Block) E:\games\black ops 2\call of duty - black ops 2\t6sp.exe
FirewallRules: [UDP Query User{FA6DD97B-6751-4149-B773-0B217C39D7C9}E:\games\black ops 2\call of duty - black ops 2\t6sp.exe] => (Block) E:\games\black ops 2\call of duty - black ops 2\t6sp.exe
FirewallRules: [{12186A48-1ED8-4D89-B0F4-66C58B4977B3}] => (Allow) E:\Games\Mr DJ\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [{F8E41F69-6B93-4C56-98DF-D7F98625C688}] => (Allow) E:\Games\Mr DJ\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [{EDFF46D6-B7ED-4E40-A366-BA98D6DDD637}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B35404D2-2614-4FBD-B2AC-2407759D9FBD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{22375CBA-9741-4058-BC81-8402CFEB66A1}E:\gmaes\call of duty black ops iii\blackops3.exe] => (Block) E:\gmaes\call of duty black ops iii\blackops3.exe
FirewallRules: [UDP Query User{298F193F-3171-4387-A958-C2F5184074AF}E:\gmaes\call of duty black ops iii\blackops3.exe] => (Block) E:\gmaes\call of duty black ops iii\blackops3.exe
FirewallRules: [TCP Query User{E62A9E05-28E3-4FA8-9F95-DE00232B4340}E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Block) E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe
FirewallRules: [UDP Query User{2D2CE519-D42F-44BE-A977-BFEA314388E3}E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Block) E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe
FirewallRules: [TCP Query User{907E41D9-4498-4CC7-95D5-BC63C7E31689}E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe
FirewallRules: [UDP Query User{E6ACF7B6-673C-4E4C-A65F-5A7BEB83FC2C}E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe
FirewallRules: [{CCA86254-4F46-4E72-A5F4-810E55B737C7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CC9D8807-0478-4D2B-BBE1-986033BC8F46}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{EED8767A-B98E-46B3-9591-4CC9A32AC7E7}E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe
FirewallRules: [UDP Query User{DCC59A7F-3F4A-4B71-9563-52F37311920B}E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe
FirewallRules: [{5347E0A4-3595-4CE3-A239-9077F0A39688}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{95D21B68-AFF5-4D78-910C-99988691F7F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{B949D608-DF3E-4C89-BCFA-DDDB3F09F034}] => (Allow) LPort=25565
FirewallRules: [{3ADFCE03-1614-45BE-9744-9A14B5F93B7C}] => (Allow) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin
FirewallRules: [{B7E071BE-4274-4265-8E7F-C00724959973}] => (Allow) E:\Games\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [{A5B6B503-7D4D-418F-AAE2-3E78ABACBC95}] => (Allow) E:\Games\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [TCP Query User{04565DF2-19DF-4469-9276-6A8C58232253}E:\games\wolfenstein\wolfneworder_x64.exe] => (Block) E:\games\wolfenstein\wolfneworder_x64.exe
FirewallRules: [UDP Query User{AE810389-AFC3-4D8A-BF3F-A02A4030FBB4}E:\games\wolfenstein\wolfneworder_x64.exe] => (Block) E:\games\wolfenstein\wolfneworder_x64.exe
FirewallRules: [TCP Query User{7DA916B9-3B76-4B0A-BB67-1156ADCC3FEE}E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe] => (Block) E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe
FirewallRules: [UDP Query User{ECAE7D1D-D9A2-4D20-933C-1A5657F421BF}E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe] => (Block) E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe
FirewallRules: [{B42BCE0F-9CBA-4C35-B35D-DB9D49B994B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{15FB3418-ACEF-42D0-BF14-B897D755A696}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{0F60530E-2FEB-48B7-9653-F8EE5BC653AF}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_sp64_ship.exe
FirewallRules: [{07B654AC-506B-431F-9BBF-C0111079F80E}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_sp64_ship.exe
FirewallRules: [{12C44D2A-0B48-4A67-8707-C02A8603F05F}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Half-Life\hl.exe
FirewallRules: [{A4687783-AB9B-4D52-8827-F22206334F36}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{B4987BEF-FFB6-40CF-88F4-C03608BA861A}E:\games\borderlands 2\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{D2CDBD97-B714-4DB2-8077-7CBFFF81F6F8}E:\games\borderlands 2\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{7B532AC5-6F61-43F7-A0F9-AA97E7140EE6}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{87DA53C2-7FE4-48B0-9D32-1E5BA499324D}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{1A5F5951-ED70-4F77-8F7A-8AE26BC88513}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_mp64_ship.exe
FirewallRules: [{B091925F-37AA-4793-8BEF-A15CBAA5B799}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_mp64_ship.exe
FirewallRules: [{8F6DF36C-72F9-4003-B422-89EC52E6665F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Trail\TheTrail.exe
FirewallRules: [{D54DF1D7-8C89-4348-B654-272A7E3D8F9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Trail\TheTrail.exe
FirewallRules: [{5DFBC611-EEF0-49AB-BDD0-0AB94BA42E34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amazing Frog\AmazingFrog.exe
FirewallRules: [{EAAEA303-F633-4E6A-B4DA-F4340497E684}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amazing Frog\AmazingFrog.exe
FirewallRules: [{2537C76A-F04E-45DB-9A3D-2893C736CCC2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3766FC18-4255-4587-91DF-D427C8D5190A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2442A4FB-B935-4416-9793-6427646C26D2}C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe
FirewallRules: [UDP Query User{3AFC5F9E-D692-4E34-96AD-A47E1B0940DC}C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe
FirewallRules: [TCP Query User{5FD7E2B7-2A36-42E7-AC7D-923490804E8A}E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{C846738C-4F0D-4E74-A064-866757180C84}E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{22D39611-A145-4325-9C6E-14C96CBA5544}E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{6B34B628-0D5C-4AB4-B51D-FCA4DCB6BD0B}E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{E09511A2-6749-44D6-888B-AE165248ECE7}E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{2F639284-5538-409E-96B2-706E4D3D92FF}E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{051E3205-3235-4327-956A-CA4723D9E695}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.55\opera.exe
FirewallRules: [{C4420CE7-0984-44D4-B493-97749F1B33BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AnimalSuperSquad\GWGame\Binaries\Win64\ASS-Win64.exe
FirewallRules: [{AEC985CD-0E64-4899-8345-913636BB32B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AnimalSuperSquad\GWGame\Binaries\Win64\ASS-Win64.exe
FirewallRules: [{513E2D7F-E904-4DA8-B887-1F5D7E815409}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{264F0709-34F8-4571-8FF8-8D128D430E39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{560F51A1-9613-4256-9B2B-4979E2AD1684}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{B84B43E3-B66E-4404-BD8B-619032B121F9}] => (Allow) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
FirewallRules: [{154230D0-233E-4082-AB14-75627B298F36}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Human Fall Flat\Human.exe
FirewallRules: [{637A06B8-EF0C-4787-ABBF-347F13FBF88F}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Human Fall Flat\Human.exe
FirewallRules: [{43A4F369-4548-4589-BE9A-278D2AAA9412}] => (Allow) E:\Games\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe
FirewallRules: [{39AF439D-B39C-433D-9294-7E21B6D68C3C}] => (Allow) E:\Games\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe
FirewallRules: [{3B33B057-29A9-49BD-86EE-15C530A2430C}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{38DBF9CB-CA71-43BD-AD52-400EF4C85F5D}] => (Allow) C:\Program Files (x86)\Sandrock\Erika.exe
FirewallRules: [{76281E4E-6A2C-4D56-9C49-752A425CEA61}] => (Allow) C:\Program Files (x86)\Buffo\Erika.exe
FirewallRules: [{42A06B9F-26D5-4E27-830E-D56929AA2588}] => (Allow) C:\Program Files (x86)\chatelaine\tiberias.exe
FirewallRules: [{F0ABC415-82DC-4745-8B94-262001E1A18E}] => (Allow) C:\Program Files (x86)\Buffo\tiberias.exe
FirewallRules: [{F5E2CE77-898C-4BC0-91D3-2778ADB28A4C}] => (Allow) C:\WINDOWS\System32\rundll32.exe
FirewallRules: [{31A5A55A-DA4A-4A26-9A7E-C36A2ECC76F8}] => (Allow) C:\WINDOWS\System32\rundll32.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2018 09:38:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Erika.exe version 9.4.6.164 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 14fc

Start Time: 01d3cadb94b875ca

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Buffo\Erika.exe

Report Id: 0011bd70-36cf-11e8-8402-20cf303b5e2a

Faulting package full name: 

Faulting package-relative application ID:

Error: (04/03/2018 07:43:48 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected

Error: (04/03/2018 07:03:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Adobe\Adobe Premiere Elements 15\MPEGHDVExport.exe".
Dependent Assembly Plug-ins&#x5c;Common&#x5c;TSStrider,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/03/2018 07:01:37 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.

Error: (04/03/2018 06:50:26 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/03/2018 06:49:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1198, time stamp: 0x5902845a
Exception code: 0xe0434352
Fault offset: 0x000da9f2
Faulting process ID: 0x4c58
Faulting application start time: 0x01d3cac3fa80822f
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 85acae79-69ab-46bb-8f6c-c09ce8196ab9
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/03/2018 06:48:59 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (04/03/2018 06:37:41 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
    (HRESULT : 0x80040210) (0x80040210)


System errors:
=============
Error: (04/03/2018 09:48:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/03/2018 09:46:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/03/2018 09:38:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/03/2018 09:37:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/03/2018 09:37:30 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroupListener service terminated with the following service-specific error: 
%%2147944153 = There are no more endpoints available from the endpoint mapper.

Error: (04/03/2018 09:37:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\pwd_2k.SYS

Error: (04/03/2018 09:37:24 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\pwd_2k.SYS

Error: (04/03/2018 09:37:24 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cdudf_xp.SYS


Windows Defender:
===================================
Date: 2018-04-03 08:26:25.576
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {642280AA-91E0-4E09-84F1-3AF59003902D}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-04-02 19:48:52.972
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner.CY&threatid=2147726391&enterprise=0
Name: Trojan:Win32/CoinMiner.CY
ID: 2147726391
Severity: Severe
Category: Trojan
Path: clsid:_HKLM\SOFTWARE\CLASSES\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};file:_C:\WINDOWS\System32\mcicda64.dll;regkey:_HKLM\SOFTWARE\CLASSES\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shellexechook:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shellextapproved:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shelliconoverlayid:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\{BFD98515-CD74-48A4-98E2-13D209E3EE4F}
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\WINDOWS\explorer.exe
Signature Version: AV: 1.263.1903.0, AS: 1.263.1903.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-04-02 19:48:14.587
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner.CY&threatid=2147726391&enterprise=0
Name: Trojan:Win32/CoinMiner.CY
ID: 2147726391
Severity: Severe
Category: Trojan
Path: file:_C:\WINDOWS\System32\mcicda64.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\WINDOWS\explorer.exe
Signature Version: AV: 1.263.1903.0, AS: 1.263.1903.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-04-02 19:47:35.146
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Xadupi&threatid=2147709752&enterprise=0
Name: Trojan:Win32/Xadupi
ID: 2147709752
Severity: Severe
Category: Trojan
Path: file:_C:\Users\PC-\AppData\Local\Temp\PandaViewer\thumbnail.ico
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\PC-\AppData\Local\Temp\1522662408U2Ftmp.exe
Signature Version: AV: 1.263.1903.0, AS: 1.263.1903.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-04-02 11:43:59.392
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {008FDDA2-EC92-4291-AE49-337883242207}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-03 09:12:07.515
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.263.1966.0
Previous Signature Version: 1.263.1962.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.14600.4
Previous Engine Version: 1.1.14600.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. 

Date: 2018-04-03 09:12:07.515
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.263.1966.0
Previous Signature Version: 1.263.1962.0
Update Source: User
Signature Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.14600.4
Previous Engine Version: 1.1.14600.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. 

Date: 2018-04-03 07:53:42.501
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.1903.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 

Date: 2018-04-03 07:53:42.500
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.1903.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 

Date: 2018-04-03 07:53:34.297
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 
Update Source: User
Signature Type: 
Update Type: 
Current Engine Version: 
Previous Engine Version: 
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 

CodeIntegrity:
===================================

Date: 2018-03-06 08:43:47.353
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-06 08:43:47.352
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-21 16:35:56.596
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-21 16:35:56.590
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-25 01:10:58.705
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-23 02:38:33.870
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-22 07:25:44.569
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-19 11:11:24.110
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 55%
Total physical RAM: 8183.11 MB
Available physical RAM: 3665.09 MB
Total Virtual: 16887.11 MB
Available Virtual: 12342.27 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:223.03 GB) (Free:19.22 GB) NTFS
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:39.81 GB) NTFS
Drive g: (Raid Storage) (Fixed) (Total:1862.77 GB) (Free:1861.85 GB) NTFS

\\?\Volume{5975580d-3915-11e5-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{004090af-0000-0000-0000-50c837000000}\ () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 004090AF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DCC5820C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Replies 73
  • Created
  • Last Reply

Top Posters In This Topic

My issue continues - Opening the task manager reveals multiple copies of a program called "Erika" opening  (50+).

I just ran adwcleaner then restarted after it had 'cleaned' issues it found but the Erika issue continues (currently have 15 versions of it running) and cannot still start malwarebytes

 

# AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 03 00:30:29 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files (x86)\AnonymizerGadget
Deleted: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
Deleted: C:\Users\PC-\AppData\Local\AdvinstAnalytics
Deleted: C:\Users\PC-\AppData\Roaming\FastDataX
Deleted: C:\Program Files (x86)\ProxyGate
Deleted: C:\Windows\Temp\Smartbar


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Microleaves
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted: [Key] - HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted: [Key] - HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [3737 B] - [2016/4/5 9:40:34]
C:/AdwCleaner/AdwCleaner[S1].txt - [3208 B] - [2016/4/5 9:39:46]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

Link to post
Share on other sites

Reran adwcleaner after another round of Erika opened

# AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 03 00:38:17 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [3010 B] - [2016/4/5 9:40:34]
C:/AdwCleaner/AdwCleaner[S1].txt - [1242 B] - [2016/4/5 9:39:46]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

Link to post
Share on other sites

rebooted then ran first64

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by PC-Home (administrator) on PC (03-04-2018 10:41:09)
Running from C:\Users\PC-\Downloads
Loaded Profiles: PC-Home (Available Profiles: PC-Home & Admin)
Platform: Windows 10 Pro Version 1607 14393.1198 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Samsung Electronics Co., Ltd.) C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe
() C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe
() C:\Program Files (x86)\Sandrock\Erika.exe
() C:\Program Files (x86)\Buffo\Erika.exe
() C:\Users\PC-\AppData\Local\Erika.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
() C:\Program Files (x86)\Sandrock\Erika.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
() C:\Program Files (x86)\GLPCCamera\monitorpad.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
() C:\Program Files (x86)\Sandrock\Erika.exe
() C:\Program Files (x86)\Buffo\Erika.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Sandrock\Erika.exe
() C:\Program Files (x86)\Buffo\Erika.exe
() C:\Program Files (x86)\Sandrock\Erika.exe
() C:\Program Files (x86)\Buffo\Erika.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\brust\nonfunctioning.exe
() C:\Program Files (x86)\Sandrock\Erika.exe
() C:\Program Files (x86)\Sandrock\Erika.exe
() C:\Program Files (x86)\Sandrock\Erika.exe
(Microsoft Corporation) C:\WINDOWS\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
() C:\Program Files (x86)\Buffo\Erika.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_60\bin\java.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_60\bin\java.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
() C:\Program Files (x86)\Sandrock\Erika.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GLSystray] => C:\Program Files (x86)\GLPCCamera\monitorpad.exe [69632 2014-03-11] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822528 2016-05-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1429248 2016-05-25] (Realtek Semiconductor)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281696 2015-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [assuaging] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] ()
HKLM\...\Run: [assuagingassuaging] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd)
HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [6215288 2012-10-15] (Telstra)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-04-05] (Seagate Technology LLC)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [RoxioEngineUtility] => C:\Program Files (x86)\Common Files\Roxio Shared\System\EngUtil.exe [69632 2003-01-13] (Roxio)
HKLM-x32\...\Run: [RoxAssistant] => C:\Program Files (x86)\Common Files\Roxio Shared\Upgrade\RoxAssist.exe [86016 2003-01-13] (Roxio)
HKLM-x32\...\Run: [RoxioDragToDisc] => C:\Program Files (x86)\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [757760 2003-01-13] (Roxio)
HKLM-x32\...\Run: [RoxioAudioCentral] => C:\Program Files (x86)\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [253952 2003-01-09] (Roxio, Inc.)
HKLM-x32\...\Run: [wolfram] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] ()
HKLM-x32\...\Run: [wolframwolfram] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3198752 2018-03-27] (Valve Corporation)
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2015-12-17] (Electronic Arts)
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-04-05] (Seagate Technology LLC)
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Google Update] => C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Google Photos Backup] => C:\Users\PC-\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-09] (Google, Inc)
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [wayout] => rundll32.exe "C:\Users\PC-\AppData\Local\wayout.dll",wayout <==== ATTENTION
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [terriers] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] ()
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [terriersterriers] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] ()
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [shook] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] ()
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [shookshook] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] ()
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [nonfunctioning] => C:\Program Files (x86)\brust\nonfunctioning.exe [66837 2018-04-02] ()
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [dozing] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] ()
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {2720b8a3-465d-11e5-825b-000272d49f2d} - "F:\setup.exe" 
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {53e89e93-20a7-11e7-8381-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {7655fdf0-c973-11e6-8350-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {7c566bfb-f0f3-11e6-836f-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {a15bfc82-f1ae-11e6-8370-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {e93fdcaf-f9cd-11e7-83d0-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newey.lnk [2018-04-02]
ShortcutTarget: newey.lnk -> C:\Program Files (x86)\Sandrock\Erika.exe ()
Startup: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut (2).lnk [2018-01-26]
ShortcutTarget: start - Shortcut (2).lnk -> C:\Survival___\start.bat ()
Startup: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut.lnk [2017-07-20]
ShortcutTarget: start - Shortcut.lnk -> C:\Oliver's server\start.bat ()
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{15b74de2-1a43-460f-9390-40d9aea884fb}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{77e0edf0-5c1a-4b02-ac72-e987d2c266d5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f9997c51-f1a9-4314-85f1-12b97f23564b}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-14] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-14] (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File

FireFox:
========
FF DefaultProfile: 4k8kw0sm.default
FF ProfilePath: C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default [2018-04-02]
FF user.js: detected! => C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default\user.js [2017-06-30]
FF Homepage: Mozilla\Firefox\Profiles\4k8kw0sm.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (AUSkey) - C:\Users\PC-\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@au.gov.abr.auskeyfirefox.xpi [2017-04-11]
FF Extension: (System Table) - C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default\Extensions\143734@modext.tech.xpi [2018-03-01]
FF Extension: (System Table) - C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default\Extensions\622127@modext.tech.xpi [2018-02-27]
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2017-01-09] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1802162536-2727602968-3184661257-1001: @tools.google.com/Google Update;version=3 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1802162536-2727602968-3184661257-1001: @tools.google.com/Google Update;version=9 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.com.au/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR Profile: C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-04-03]
CHR Extension: (Slides) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-07]
CHR Extension: (YouTube) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-07]
CHR Extension: (Adblock for Youtube™) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-15]
CHR Extension: (Word Search) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2017-05-07]
CHR Extension: (Cleanflight - Configurator) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\enacoimjcgeinfnnnpajinjgmkahmfgb [2017-07-31]
CHR Extension: (Sheets) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Kingdom Rush Frontiers) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fmfibdjbnmndigbklnlllakjbjheiopj [2017-05-07]
CHR Extension: (Google Docs Offline) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-07]
CHR Extension: (Adblocker for Youtube™) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjjkhfonangkojdpjcdhldbcicegaohc [2018-04-02]
CHR Extension: (Prodigy Math Game) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hndgjbjghbnahgfhcmhkkoibbgdemlia [2017-05-07]
CHR Extension: (Free Guitar Tuner) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iojcckkgkckfailcedaooonjlndpnoib [2017-05-07]
CHR Extension: (AUSkey for Chrome) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmegndhbalhkegdidohofafobbcabine [2017-09-13]
CHR Extension: (Betaflight - Configurator) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdaghagfopacdngbohiknlhcocjccjao [2017-12-13]
CHR Extension: (DuckDuckGo Home Page) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ljkalbbbffedallekgkdheknngopfhif [2017-05-07]
CHR Extension: (Baseflight - Configurator) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mppkgnedeapfejgfimkdoninnofofigk [2017-05-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: ( The scale of the universe) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ooidlchfdlimcgilcmpckfjleogaobka [2017-05-07]
CHR Extension: (Gmail) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-07]
CHR Extension: (Chrome Media Router) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25]
CHR HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jmegndhbalhkegdidohofafobbcabine] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (__MSG_appName__) - C:\Users\PC-\AppData\Roaming\Opera Software\Opera Stable\Extensions\epeomjakeffkfofnidikcpbacmfliolc [2018-04-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe [472456 2017-11-03] (AMD)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2017-10-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [218768 2016-05-25] (DTS)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-10] (EasyAntiCheat Ltd)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-26] (Paramount Software UK Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [28256 2015-09-04] (Samsung Electronics Co., Ltd.)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2016-07-24] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-04-05] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-04-05] (Seagate Technology LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-16] (Microsoft Corporation)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [326544 2012-06-04] (Sierra Wireless, Inc.)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-06] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-06] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [316120 2014-08-18] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmdag.sys [40034184 2017-11-03] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmpag.sys [536456 2017-11-03] (Advanced Micro Devices, Inc.)
U5 androidusb; C:\Windows\System32\Drivers\androidusb.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-05-08] ()
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [118960 2017-10-13] (Advanced Micro Devices)
S1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [10864 2012-04-24] (Corel Corporation)
S1 Cdr4_xp; C:\Windows\SysWow64\Drivers\Cdr4_xp.sys [64208 2003-01-13] (Roxio) [File not signed]
S1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [11376 2012-04-24] (Corel Corporation)
S1 Cdralw2k; C:\Windows\SysWow64\Drivers\Cdralw2k.sys [24839 2003-01-13] (Roxio) [File not signed]
S1 cdudf_xp; C:\Windows\SysWow64\Drivers\cdudf_xp.sys [249344 2003-01-13] (Roxio) [File not signed]
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
S3 dvd_2K; C:\Windows\SysWow64\Drivers\dvd_2K.sys [21654 2003-01-13] (Roxio) [File not signed]
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14944 2014-11-18] () [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] () [File not signed]
S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [42944 2017-05-29] (hxxp://libusb-win32.sourceforge.net)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47928 2017-01-27] (hxxp://libusb-win32.sourceforge.net)
S3 massfilter_lte; C:\WINDOWS\system32\drivers\massfilter_lte.sys [18456 2012-01-04] (HandSet Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-04-03] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-04-03] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-04-03] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-03] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-04-03] (Malwarebytes)
S3 mmc_2K; C:\Windows\SysWow64\Drivers\mmc_2K.sys [22758 2003-01-13] (Roxio) [File not signed]
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NPF; C:\WINDOWS\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S1 pwd_2k; C:\Windows\SysWow64\Drivers\pwd_2k.sys [118422 2003-01-13] (Roxio) [File not signed]
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [271968 2015-09-04] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [110688 2015-09-04] (Samsung Electronics Co., Ltd.)
R0 SCMNdisP; C:\WINDOWS\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 swg3kser00; C:\WINDOWS\system32\DRIVERS\swg3kser00.sys [259328 2012-09-05] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\WINDOWS\System32\drivers\swiwdmbx64.sys [108800 2012-09-05] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\WINDOWS\System32\drivers\swnc8ua3.sys [300544 2012-09-05] (Sierra Wireless Inc.)
S1 UdfReadr_xp; C:\Windows\SysWow64\Drivers\UdfReadr_xp.sys [206464 2003-01-13] (Roxio) [File not signed]
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [40448 2017-04-28] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-06] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-06] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-06] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-03 20:14 - 2018-04-03 10:38 - 114294784 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-04-03 20:09 - 2018-04-03 20:14 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-04-03 10:26 - 2018-04-03 10:26 - 008222496 _____ (Malwarebytes) C:\Users\PC-\Downloads\adwcleaner_7.0.8.0.exe
2018-04-03 10:24 - 2018-04-03 10:24 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-04-03 10:22 - 2018-04-03 10:22 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\PC-\Downloads\rkill.exe
2018-04-03 10:22 - 2018-04-03 10:22 - 000002252 _____ C:\Users\PC-\Desktop\Rkill.txt
2018-04-03 10:20 - 2018-04-03 10:20 - 006705178 _____ C:\Users\PC-\Downloads\mbam-chameleon-3.1.33.0 (2).zip
2018-04-03 10:20 - 2018-04-03 10:20 - 000000000 ____D C:\cham
2018-04-03 10:19 - 2018-04-03 10:23 - 000002101 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-03 10:19 - 2018-04-03 10:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-03 09:57 - 2018-04-03 09:57 - 000000000 _____ C:\Users\PC-\Documents\hostsABC.txt
2018-04-03 09:47 - 2018-04-03 09:48 - 000098643 _____ C:\Users\PC-\Downloads\Addition.txt
2018-04-03 09:46 - 2018-04-03 10:41 - 000028698 _____ C:\Users\PC-\Downloads\FRST.txt
2018-04-03 09:46 - 2018-04-03 10:41 - 000000000 ____D C:\FRST
2018-04-03 09:45 - 2018-04-03 09:46 - 002403328 _____ (Farbar) C:\Users\PC-\Downloads\FRST64.exe
2018-04-03 09:40 - 2018-04-03 09:43 - 000388608 _____ (Trend Micro Inc.) C:\Users\PC-\Downloads\HijackThis.exe
2018-04-03 09:29 - 2018-04-03 09:29 - 006705178 _____ C:\Users\PC-\Downloads\mbam-chameleon-3.1.33.0 (1).zip
2018-04-03 09:29 - 2018-04-03 09:29 - 000000000 ____D C:\Users\PC-\Downloads\New Folder
2018-04-03 09:29 - 2018-04-03 09:29 - 000000000 ____D C:\Users\PC-\Downloads\cham
2018-04-03 09:20 - 2018-04-03 09:20 - 000000000 ____D C:\ProgramData\MB3Migration
2018-04-03 09:20 - 2018-04-03 09:20 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-04-03 09:18 - 2018-04-03 09:18 - 000000000 ____D C:\ProgramData\MB2Migration
2018-04-03 09:10 - 2018-04-03 09:10 - 000000000 ____D C:\Users\PC-\Downloads\mbam-chameleon-3.1.33.0
2018-04-03 09:09 - 2018-04-03 09:09 - 006705178 _____ C:\Users\PC-\Downloads\mbam-chameleon-3.1.33.0.zip
2018-04-03 01:19 - 2018-04-03 10:24 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-04-03 01:19 - 2018-04-03 10:23 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-04-03 01:19 - 2018-04-03 10:23 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-04-02 20:45 - 2018-04-02 20:45 - 000000258 __RSH C:\Users\PC-\ntuser.pol
2018-04-02 20:24 - 2018-04-03 10:23 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-02 20:24 - 2018-04-03 10:23 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-04-02 20:24 - 2018-04-03 09:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-02 20:24 - 2018-04-02 20:24 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-02 20:24 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-02 20:23 - 2018-04-02 20:24 - 072135408 _____ (Malwarebytes ) C:\Users\PC-\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4576.exe
2018-04-02 20:11 - 2018-04-02 20:44 - 000000000 ____D C:\Users\PC-\AppData\Roaming\ttdyyfziyzp
2018-04-02 20:11 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\kn4epig0bfd
2018-04-02 20:11 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\bfmni1kmwjx
2018-04-02 20:03 - 2018-04-02 20:06 - 006968952 _____ (ESET spol. s r.o.) C:\Users\PC-\Downloads\esetonlinescanner_enu.exe
2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\wxpz0gsme1e
2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\u1mv3fkt2f0
2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\njrwhwv0gz5
2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\efynkkjtu3n
2018-04-02 19:51 - 2018-04-02 20:45 - 000000000 ____D C:\ProgramData\385fb600e5
2018-04-02 19:49 - 2018-04-02 20:42 - 000000000 ____D C:\ProgramData\c93bffa3-1769-4f43-90d0-692655e2815d
2018-04-02 19:48 - 2018-04-02 20:42 - 000000000 ____D C:\ProgramData\10b45edb-3473-4b10-b57e-0ad402f4c858
2018-04-02 19:48 - 2018-04-02 19:55 - 000003634 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-04-02 19:48 - 2018-04-02 19:48 - 000000000 ____D C:\Program Files\My Program
2018-04-02 19:47 - 2018-04-02 19:54 - 000929792 _____ C:\Users\PC-\AppData\Local\sham.db
2018-04-02 19:47 - 2018-04-02 19:47 - 000140800 _____ C:\Users\PC-\AppData\Local\installer.dat
2018-04-02 19:46 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\vhjv50pfeb3
2018-04-02 19:45 - 2018-04-02 20:42 - 000000000 ____D C:\Program Files (x86)\astra
2018-04-02 19:44 - 2018-04-03 10:35 - 000000000 ___HD C:\Program Files (x86)\Buffo
2018-04-02 19:44 - 2018-04-02 20:42 - 000000000 ____D C:\Program Files (x86)\solidified
2018-04-02 19:44 - 2018-04-02 20:42 - 000000000 ____D C:\Program Files (x86)\chatelaine
2018-04-02 19:44 - 2018-04-02 19:44 - 000003972 _____ C:\WINDOWS\System32\Tasks\philby aides tamari
2018-04-02 19:44 - 2018-04-02 19:44 - 000003970 _____ C:\WINDOWS\System32\Tasks\leverrier_refunded
2018-04-02 19:44 - 2018-04-02 19:44 - 000003922 _____ C:\WINDOWS\System32\Tasks\incognita
2018-04-02 19:44 - 2018-04-02 19:44 - 000003844 _____ C:\WINDOWS\System32\Tasks\tsphilby aides tamariphilby aides tamari
2018-04-02 19:44 - 2018-04-02 19:44 - 000003840 _____ C:\WINDOWS\System32\Tasks\tsleverrier_refundedleverrier_refunded
2018-04-02 19:44 - 2018-04-02 19:44 - 000003774 _____ C:\WINDOWS\System32\Tasks\tsincognitaincognita
2018-04-02 19:44 - 2018-04-02 19:44 - 000000012 _____ C:\WINDOWS\b28870344
2018-04-02 19:44 - 2018-04-02 19:44 - 000000000 ___HD C:\Program Files (x86)\brust
2018-04-02 19:44 - 2018-04-02 19:44 - 000000000 ____D C:\Program Files (x86)\Sandrock
2018-04-02 19:38 - 2018-04-03 09:05 - 000000000 ____D C:\Users\PC-\AppData\Roaming\AGData
2018-04-02 19:38 - 2018-04-02 19:38 - 000194048 _____ C:\Users\PC-\AppData\Local\install.dll
2018-04-02 19:38 - 2018-04-02 19:38 - 000043520 _____ C:\Users\PC-\AppData\Local\wayout.dll
2018-04-02 19:38 - 2018-04-02 19:38 - 000003072 _____ C:\Users\PC-\AppData\Local\install_UEFIConfig.exe
2018-04-02 18:30 - 2018-04-02 18:30 - 000950803 _____ C:\Users\PC-\Desktop\What’s my favourite movie.pptx
2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ C:\WINDOWS\mouthful.exe
2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ C:\Users\PC-\AppData\Local\Erika.exe
2018-04-02 15:44 - 2018-04-02 15:44 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\Landfall West
2018-04-01 07:30 - 2018-04-01 07:30 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\NoBrakesGames
2018-03-31 21:59 - 2018-03-31 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
2018-03-31 21:59 - 2018-03-31 21:59 - 000000000 ____D C:\Program Files (x86)\DiskCheckup
2018-03-30 13:49 - 2018-03-30 13:49 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-03-21 00:20 - 2018-03-21 00:21 - 032465159 _____ C:\Users\PC-\Desktop\closed-loop-communication.wmv
2018-03-21 00:11 - 2018-03-21 01:20 - 035596460 _____ C:\Users\PC-\Desktop\ISBAR video removed.pptx
2018-03-19 00:15 - 2018-03-19 00:15 - 000000000 ____D C:\Users\PC-\AppData\Roaming\twitch-electron
2018-03-17 19:43 - 2018-03-17 19:44 - 002953376 _____ C:\Users\PC-\Downloads\ISBAR clinical governance1.potx
2018-03-11 18:49 - 2018-03-11 18:49 - 000000220 _____ C:\Users\PC-\Desktop\oliver homework todo list.txt
2018-03-10 17:48 - 2018-03-10 08:46 - 000000231 ___SH C:\Users\Public\Libraries.ini
2018-03-10 17:45 - 2018-03-10 17:45 - 000000000 ____D C:\Users\PC-\AppData\Local\NVIDIA Corporation
2018-03-10 17:44 - 2018-03-10 17:44 - 000000000 ____D C:\Users\PC-\AppData\Local\FortniteGame
2018-03-10 17:43 - 2018-03-10 17:44 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-03-10 17:43 - 2018-03-10 17:43 - 000000000 ____D C:\Users\PC-\AppData\Roaming\EasyAntiCheat
2018-03-10 12:34 - 2018-03-10 12:34 - 000000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-03-10 12:34 - 2018-03-10 12:34 - 000000000 ____D C:\Users\PC-\AppData\Local\UnrealEngineLauncher
2018-03-10 12:34 - 2018-03-10 12:34 - 000000000 ____D C:\Users\PC-\AppData\Local\EpicGamesLauncher
2018-03-10 12:33 - 2018-03-10 12:36 - 000000000 ____D C:\ProgramData\Epic
2018-03-10 12:32 - 2018-03-10 12:33 - 032256000 _____ C:\Users\PC-\Downloads\EpicInstaller-7.5.0-fortnite-69782c2860c74180b94f3bb45a917ebd.msi
2018-03-10 12:29 - 2018-03-10 12:29 - 000192512 _____ C:\Users\PC-\Desktop\rifflefrog.cld
2018-03-08 19:46 - 2018-03-08 19:46 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\VelociDrone
2018-03-08 19:22 - 2018-03-08 19:31 - 899305562 _____ C:\Users\PC-\Downloads\velocidrone-1-11-0-windows-trial.zip
2018-03-06 19:21 - 2018-03-06 19:21 - 000701863 _____ C:\Users\PC-\Downloads\betaflight_3.3.0_SPRACINGF3.hex
2018-03-06 19:17 - 2018-03-06 19:17 - 000032463 _____ C:\Users\PC-\Downloads\eachine 010.json
2018-03-06 19:17 - 2018-03-06 19:17 - 000032463 _____ C:\Users\PC-\Downloads\BTFL_backup_20180306_201734.json
2018-03-06 19:17 - 2018-03-06 19:17 - 000032454 _____ C:\Users\PC-\Downloads\BTFL_backup_20180306_201740.json
2018-03-06 07:33 - 2018-03-06 07:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-05 18:41 - 2018-03-08 14:53 - 000000000 ____D C:\Users\PC-\Desktop\Car CD
2018-03-05 17:57 - 2018-03-05 17:57 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\Denki
2018-03-05 17:54 - 2018-03-05 17:55 - 038289665 _____ C:\Users\PC-\Downloads\Autonauts_Version_21.2_Windows x64.zip
2018-03-05 06:59 - 2018-03-05 06:59 - 000812622 _____ C:\Users\PC-\Downloads\Statement20180302.pdf
2018-03-04 11:58 - 2018-03-15 15:58 - 000000000 ____D C:\Users\PC-\Desktop\Oliver's Homework

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-03 10:39 - 2016-10-01 23:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-03 10:38 - 2016-12-12 23:05 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-04-03 10:38 - 2016-07-16 16:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-04-03 10:36 - 2016-10-01 23:43 - 003829410 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-03 10:35 - 2016-04-05 19:35 - 000000000 ____D C:\AdwCleaner
2018-04-03 09:08 - 2017-03-01 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-04-03 09:08 - 2017-03-01 19:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-03 09:07 - 2016-07-16 21:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-03 08:21 - 2016-12-20 19:19 - 000000000 ____D C:\Users\PC-\AppData\Local\Adobe
2018-04-03 07:41 - 2015-12-03 23:45 - 000006680 __RSH C:\ProgramData\ntuser.pol
2018-04-03 07:35 - 2016-10-01 23:43 - 000000000 ____D C:\Users\PC-
2018-04-03 06:51 - 2016-07-16 21:47 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-03 06:51 - 2016-07-16 21:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-03 06:37 - 2016-10-01 23:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-03 00:17 - 2016-10-01 23:53 - 000003280 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3B04C3FB-2427-4C20-9023-0F335CF12761}
2018-04-02 20:49 - 2016-07-08 21:32 - 000000000 ____D C:\Users\PC-\AppData\Local\ESET
2018-04-02 20:44 - 2015-08-04 18:44 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-02 20:43 - 2017-06-06 07:07 - 000002336 _____ C:\Users\Admin\Desktop\Google Chrome.lnk
2018-04-02 20:43 - 2015-08-04 01:58 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-02 20:42 - 2016-07-16 16:04 - 000000000 ____D C:\Program Files\MB Registracting System
2018-04-02 20:20 - 2018-01-06 18:05 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\Mozilla
2018-04-02 20:10 - 2015-08-08 20:07 - 000000000 ____D C:\Users\PC-\AppData\Roaming\uTorrent
2018-04-02 19:53 - 2016-07-16 21:47 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-04-02 19:53 - 2016-05-23 19:47 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2018-04-02 19:50 - 2013-08-23 01:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-04-02 19:44 - 2018-01-27 15:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-04-02 18:30 - 2015-08-19 18:43 - 001142272 ___SH C:\Users\PC-\Desktop\Thumbs.db
2018-04-02 17:01 - 2018-02-25 13:37 - 000000000 ____D C:\Users\PC-\Desktop\Oliver's games
2018-04-02 15:42 - 2017-11-13 05:53 - 000000000 ____D C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-03-31 21:55 - 2017-06-30 07:31 - 000001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2018-03-31 21:55 - 2016-12-09 14:42 - 000003944 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1481258520
2018-03-31 21:55 - 2016-12-09 14:41 - 000000000 ____D C:\Program Files (x86)\Opera
2018-03-31 13:43 - 2015-08-04 19:18 - 000000000 ____D C:\Users\PC-\AppData\Roaming\.minecraft
2018-03-29 05:55 - 2017-01-16 14:22 - 000000000 ____D C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-03-26 07:10 - 2017-01-16 14:22 - 000000000 ____D C:\Users\PC-\AppData\Local\Roblox
2018-03-21 00:12 - 2015-08-02 22:58 - 000000000 ____D C:\Users\PC-\AppData\Local\Packages
2018-03-19 00:16 - 2018-02-24 17:07 - 000000000 ____D C:\Users\PC-\AppData\Roaming\Twitch
2018-03-12 20:51 - 2018-01-21 18:24 - 000000000 ____D C:\Users\PC-\Desktop\Daddy's Games
2018-03-10 17:44 - 2017-09-03 01:34 - 000000000 ____D C:\Users\PC-\AppData\Local\UnrealEngine
2018-03-10 14:52 - 2017-12-19 17:06 - 000000000 ____D C:\Users\PC-\AppData\Roaming\.pokepack 2
2018-03-10 12:36 - 2016-10-01 23:42 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-10 12:26 - 2016-07-16 21:47 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-03-10 10:40 - 2015-08-10 07:46 - 000000000 ____D C:\Users\PC-\AppData\Local\ElevatedDiagnostics
2018-03-06 21:35 - 2017-01-12 23:51 - 000000000 ____D C:\Users\PC-\AppData\Roaming\vlc
2018-03-06 07:43 - 2016-07-16 21:47 - 000000000 ___RD C:\Program Files\Windows Defender
2018-03-04 21:10 - 2017-07-12 14:07 - 000000000 ____D C:\Users\PC-\AppData\Roaming\dvdcss
2018-03-04 12:01 - 2018-03-03 23:22 - 000000000 ____D C:\Users\PC-\Documents\l10

==================== Files in the root of some directories =======

2016-04-03 23:17 - 2016-04-03 23:18 - 000004608 _____ () C:\Users\PC-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ () C:\Users\PC-\AppData\Local\Erika.exe
2018-04-02 19:38 - 2018-04-02 19:38 - 000194048 _____ () C:\Users\PC-\AppData\Local\install.dll
2018-04-02 19:47 - 2018-04-02 19:47 - 000140800 _____ () C:\Users\PC-\AppData\Local\installer.dat
2018-04-02 19:38 - 2018-04-02 19:38 - 000003072 _____ () C:\Users\PC-\AppData\Local\install_UEFIConfig.exe
2018-01-29 12:48 - 2018-01-29 12:48 - 000000017 _____ () C:\Users\PC-\AppData\Local\resmon.resmoncfg
2018-04-02 19:47 - 2018-04-02 19:54 - 000929792 _____ () C:\Users\PC-\AppData\Local\sham.db
2018-04-02 19:38 - 2018-04-02 19:38 - 000043520 _____ () C:\Users\PC-\AppData\Local\wayout.dll

Some files in TEMP:
====================
2017-08-16 23:34 - 2017-08-16 23:34 - 001177480 _____ () C:\Users\PC-\AppData\Local\Temp\AMDCleanupUtility.exe
2017-08-16 23:34 - 2017-08-16 23:34 - 000250248 _____ () C:\Users\PC-\AppData\Local\Temp\Cleanup.dll
2017-08-16 23:34 - 2017-08-16 23:34 - 000065536 _____ (Windows (R) Server 2003 DDK provider) C:\Users\PC-\AppData\Local\Temp\ddu.exe
2018-04-02 19:36 - 2018-04-02 19:36 - 001793310 _____ () C:\Users\PC-\AppData\Local\Temp\gimi.exe
2018-04-02 19:37 - 2018-04-02 19:37 - 004335290 _____ () C:\Users\PC-\AppData\Local\Temp\insifucan.exe
2017-11-19 18:38 - 2017-11-19 18:38 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1154735672996083300.dll
2017-11-19 20:18 - 2017-11-19 20:18 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1464764265914328830.dll
2017-11-13 21:09 - 2017-11-13 21:09 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1547810544809404639.dll
2017-11-19 19:30 - 2017-11-19 19:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1593254549717263245.dll
2017-11-19 18:55 - 2017-11-19 18:55 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1690539436159311693.dll
2018-03-04 06:30 - 2018-03-04 06:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-2482033594460382393.dll
2017-11-19 18:54 - 2017-11-19 18:54 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-2687753416721811457.dll
2017-11-19 19:30 - 2017-11-19 19:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-2932195214392308003.dll
2018-02-24 19:13 - 2018-02-24 19:13 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3044242924852044250.dll
2018-02-24 19:07 - 2018-02-24 19:07 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3065947850748833017.dll
2018-02-25 06:11 - 2018-02-25 06:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3090400866220708828.dll
2018-02-24 19:01 - 2018-02-24 19:01 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-331796050798688962.dll
2017-11-19 19:05 - 2017-11-19 19:05 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3333956312288007370.dll
2017-11-19 19:29 - 2017-11-19 19:29 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3338430850092768373.dll
2017-11-20 07:10 - 2017-11-20 07:10 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3436539544659961381.dll
2017-11-20 07:10 - 2017-11-20 07:10 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3817856707412600517.dll
2017-11-19 19:05 - 2017-11-19 19:05 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3843902266096510911.dll
2017-11-19 18:40 - 2017-11-19 18:40 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4250398577020638135.dll
2017-11-13 21:07 - 2017-11-13 21:07 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4524701280499665543.dll
2017-11-19 19:29 - 2017-11-19 19:29 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4688029176823173488.dll
2017-11-19 19:59 - 2017-11-19 19:59 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4709186475147128148.dll
2017-11-13 21:14 - 2017-11-13 21:14 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4875606554627998226.dll
2017-11-19 19:56 - 2017-11-19 19:56 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4932998981811555426.dll
2017-11-20 07:41 - 2017-11-20 07:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-50399607490293459.dll
2017-11-19 19:59 - 2017-11-19 19:59 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5123425577962716081.dll
2017-11-19 18:43 - 2017-11-19 18:43 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5249782763613723897.dll
2017-11-19 19:11 - 2017-11-19 19:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5358125278879503070.dll
2017-11-19 18:53 - 2017-11-19 18:53 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5574364129756514307.dll
2017-11-20 07:11 - 2017-11-20 07:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5828237950329362504.dll
2017-11-19 19:56 - 2017-11-19 19:56 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6122521847273254708.dll
2017-11-19 18:41 - 2017-11-19 18:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6181910552863925402.dll
2017-11-19 20:04 - 2017-11-19 20:04 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6286899380746404139.dll
2017-11-19 18:54 - 2017-11-19 18:54 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6515514210684840360.dll
2017-11-19 18:53 - 2017-11-19 18:53 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6716366613263652999.dll
2017-11-19 18:41 - 2017-11-19 18:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6800111260289939343.dll
2017-11-19 20:18 - 2017-11-19 20:18 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6951282655468735342.dll
2017-11-19 20:06 - 2017-11-19 20:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7115100588086859338.dll
2017-11-19 19:11 - 2017-11-19 19:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7208374827041395840.dll
2017-11-19 18:55 - 2017-11-19 18:55 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7254346936848756846.dll
2017-11-13 21:04 - 2017-11-13 21:04 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7401461684807603174.dll
2017-11-19 20:04 - 2017-11-19 20:04 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7941934255482740537.dll
2018-02-25 09:23 - 2018-02-25 09:23 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8132190790898914066.dll
2017-11-19 18:38 - 2017-11-19 18:38 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8223865945422888254.dll
2017-11-17 14:30 - 2017-11-17 14:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8362638309452189810.dll
2017-11-19 19:06 - 2017-11-19 19:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8509283534852200759.dll
2017-11-19 19:06 - 2017-11-19 19:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8615231387327955072.dll
2018-02-25 13:39 - 2018-02-25 13:39 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8756203341855063304.dll
2017-11-13 21:03 - 2017-11-13 21:03 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8998844724991135980.dll
2017-11-20 07:41 - 2017-11-20 07:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-9217592599316072740.dll
2018-04-02 19:52 - 2018-04-02 19:52 - 000719872 _____ () C:\Users\PC-\AppData\Local\Temp\movari.exe
2017-08-16 23:34 - 2017-08-16 23:34 - 000516096 _____ (Microsoft Corporation) C:\Users\PC-\AppData\Local\Temp\msvcm80.dll
2017-08-16 23:34 - 2017-08-16 23:34 - 001061376 _____ (Microsoft Corporation) C:\Users\PC-\AppData\Local\Temp\msvcp80.dll
2017-08-16 23:34 - 2017-08-16 23:34 - 000796672 _____ (Microsoft Corporation) C:\Users\PC-\AppData\Local\Temp\msvcr80.dll
2018-04-03 09:05 - 2018-04-02 19:38 - 000013824 _____ () C:\Users\PC-\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-26 07:02

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by PC-Home (03-04-2018 10:42:02)
Running from C:\Users\PC-\Downloads
Windows 10 Pro Version 1607 14393.1198 (X64) (2016-10-01 13:54:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-1802162536-2727602968-3184661257-1009 - Limited - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1802162536-2727602968-3184661257-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1802162536-2727602968-3184661257-503 - Limited - Disabled)
Guest (S-1-5-21-1802162536-2727602968-3184661257-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1802162536-2727602968-3184661257-1005 - Limited - Enabled)
PC-Home (S-1-5-21-1802162536-2727602968-3184661257-1001 - Administrator - Enabled) => C:\Users\PC-
quirk (S-1-5-21-1802162536-2727602968-3184661257-1010 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 15 (HKLM-x32\...\{FD45A9C9-02BE-4E62-8629-78DF29A10FF5}) (Version: 15.0 - Adobe Systems Incorporated)
AIDA64 Extreme v5.50 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.50 - FinalWire Ltd.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation)
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.1 - Arduino LLC)
AUSkey (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\AUSkey) (Version: 1.1.0 - Australian Taxation Office)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.12.160304 - )
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Borderlands - The Pre-Sequel (HKLM-x32\...\Borderlands - The Pre-Sequel_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: 1.8.4 - 2K Games)
Borderlands 2 GOTY version 1.8.2.0 (HKLM-x32\...\Borderlands 2 GOTY_is1) (Version: 1.8.2.0 - Mr DJ)
Call of Duty 4 - Modern Warfare (HKLM-x32\...\Call of Duty 4 - Modern Warfare_is1) (Version:  - )
Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version: v.1.18.1281374.0 - Decepticon)
Call of Duty Ghosts (HKLM-x32\...\Q2FsbG9mRHV0eUdob3N0cw==_is1) (Version: 1 - )
Call Of Duty World At War version 1.7.1263.0 (HKLM-x32\...\Call Of Duty World At War_is1) (Version: 1.7.1263.0 - Mr DJ)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty: Black Ops III (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - )
Call of Duty: Infinite Warfare (HKLM\...\Y2FsbG9mZHV0eWluZmluaXRld2FyZmFyZQ_is1) (Version: 1 - )
Call of Duty®: Black Ops 2 (HKLM-x32\...\Call of Duty®: Black Ops 2_is1) (Version: 1.0.5 - R.G. Revenants)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{15979E65-792E-474B-BC5D-42257709D4D9}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{D6ACA0E4-2488-AE52-E73D-24DB98F9AD65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B8C421E8-BDF9-F598-832C-659A513F79EB}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{DD3A9C85-51E9-854D-EB9B-F0AE8E5B2F7C}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A00A5425-8899-055A-404C-8F96C2EC647F}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{CB71E054-00CF-182D-6C78-F9D85D10B7BA}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{30B97DD0-3646-AD22-2E77-3792B11BB5E6}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{8342F234-A97E-D691-3C01-F060CB7DA175}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{CD47D86C-737D-4818-F059-CF8A53F37B76}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DB0E2806-DE62-D60E-9BD9-E3A89FB2A5A8}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{D4EF1657-8835-A5AE-DBA0-658EF2869048}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED71C4B4-4C00-F7C9-9151-60411373DC35}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{28FFCD28-01FF-9792-B1A9-B944D44FB37D}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{DAEF66AB-6EA7-B0A8-96FB-243A2F33B8B2}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{3DBC48E0-7DE6-295B-448E-5F53D1491AC3}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{CAF3DAD2-A7E8-5472-F8E3-D71E92B7FA65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E7666716-625F-9E54-ECB3-39CC3C7FFB14}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{30A5B188-80AB-2CF5-22D8-8E20D66907D4}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A38C8B57-D3E6-5748-F2D3-FDC383D1203A}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{1CD84FD4-26F3-08FC-32F5-17DA9E8A4ED7}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
CD-LabelPrint Packages (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\CD-LabelPrint Packages) (Version:  - ) <==== ATTENTION
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
CPUID CPU-Z 1.80 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.32 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.32 - )
CrystalDiskInfo 7.1.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.1.0 - Crystal Dew World)
CutList Plus Express (HKLM-x32\...\{13B966CF-C74E-4AAE-A6EE-29F3C9C92B27}) (Version: 1.1.10 - Bridgewood Design)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DB Browser for SQLite (HKLM-x32\...\DB Browser for SQLite) (Version: 3.9.1 - DB Browser for SQLite Team)
DiskCheckup v3.4 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.4.1003 - PassMark Software)
DJI driver version 2.02 (HKLM-x32\...\{EDFDE5EE-84C7-4936-804C-6563943E5754}_is1) (Version: 2.02 - DJI)
DJI Phantom 2 Vision Assistant version 3.8 (HKLM-x32\...\{EDCE7221-F31F-407A-B348-30D011ED3126}_is1) (Version: 3.8 - DJI)
Dotfuscator and Analytics Community Edition 5.19.1 (HKLM-x32\...\{2A7F99F6-88A4-4B44-B350-41C0B147A39C}) (Version: 5.19.1.3091 - PreEmptive Solutions) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
e5 Secure Download Manager (HKLM-x32\...\{7C4C779B-C315-4730-A7D2-E2DD138CBAE6}) (Version: 3.2.259.0 - Kivuto Solutions Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Easy CD & DVD Creator 6 (HKLM-x32\...\{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}) (Version: 6.0.0.171 - Roxio Inc.,)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Epic Games Launcher (HKLM-x32\...\{CA3B6D8B-2437-4C7C-84A3-97AF21EDBE20}) (Version: 1.1.144.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EPUB to MOBI (HKLM-x32\...\{C65AA5AE-8B80-46B6-ADFC-BBF1EFF2AD98}_is1) (Version:  - epubtomobi.com)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 6.18 - NCH Software)
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
GIGABYTE VGA @BIOS (HKLM-x32\...\{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}) (Version: 6.80 - GIGABYTE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
IKEA Home Planner (HKLM-x32\...\{B3276CB1-20B6-4AF9-AAEC-E72C83816495}) (Version: 2.0.3 - IKEA IT)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Macrium Reflect Free Edition (HKLM\...\{6085136C-5E0B-4516-BA48-2B909062778A}) (Version: 6.3.1835 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Micro-Measure (HKLM-x32\...\{75E1D518-6772-4073-A71C-354B71181391}) (Version: 1.0.0 - Brightwell)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 2 (HKLM-x32\...\{04fa3a35-1f49-4510-8051-819cdc1e6e01}) (Version: 14.0.25123.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minimal ADB and Fastboot version 1.3.1 (HKLM-x32\...\{26AC9666-A2C6-4D33-8370-A50F50F277C4}_is1) (Version: 1.3.1 - Sam Rodberg)
Mission Planner (HKLM-x32\...\{BCB89166-2874-4BBA-9249-22E658D46B96}) (Version: 1.3.34 - Michael Oborne)
Mobile Broadband Manager (HKLM-x32\...\{86077E92-2879-489B-9EB0-6957311B98A2}) (Version: 3.15.20905 - Telstra) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Firefox 58.0 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0 (x64 en-US)) (Version: 58.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{13FE8B50-B340-4FDA-BB6E-AA1F5FAB8205}) (Version: 14.0.25123 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.5 - NETGEAR)
NVIDIA PhysX (HKLM-x32\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation)
OpenTX Companion 2.2 (HKLM-x32\...\OpenTX Companion 2.2) (Version:  - OpenTX)
Opera Stable 52.0.2871.40 (HKLM-x32\...\Opera 52.0.2871.40) (Version: 52.0.2871.40 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.9.1.62656 - Electronic Arts, Inc.)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1037.0 - Passmark Software)
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
ProShow Gold (HKLM-x32\...\ProShow Gold) (Version:  - Photodex Corporation)
ProShow Gold version 8.0 (HKLM-x32\...\{DD0D5CC9-203C-4702-A196-74A9A8F2D2AD}_is1) (Version: 8.0 - Photodex)
Race Driver 3 (HKLM-x32\...\{0297C87B-CC40-446F-865A-031B4FC0CF22}) (Version: 1.00.0000 - Codemasters)
RAPID Mode (HKLM\...\{18DF567E-AA9B-434D-BE77-BFE2292712F6}) (Version: 1.0.1.96 - Samsung Electronics Co., Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 - Realtek Semiconductor Corp.)
Roblox Player for PC-Home (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Studio for PC-Home (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - Roblox Corporation)
Robot Updater Setup (HKLM-x32\...\{FD765C6E-0FC8-4432-A3DA-579D2734BCF8}) (Version: 1.28.5000 - Spinmaster)
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{96139D17-D4D8-3BE1-883A-F0201E15B84E}) (Version: 14.0.25130 - Microsoft Corporation) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.9.7 - Samsung Electronics)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.1902.0 - Seagate)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Snake Pass (HKLM-x32\...\Snake Pass_is1) (Version:  - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.4.28745 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 Update 2 (HKLM-x32\...\{7932CD6F-86D3-3EE4-8A02-B954404D1FFC}) (Version: 14.95.25118 - Microsoft) Hidden
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Telstra Mobile Broadband Manager (HKLM-x32\...\Mobile Broadband Manager) (Version: 3.15.20905 - Telstra)
TerraTech (HKLM-x32\...\1448625945_is1) (Version: 2.8.0.10 - GOG.com)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
TransMac version 11.2 (HKLM-x32\...\TransMac_is1) (Version: 11.2 - Acute Systems)
Twitch (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
TypeScript Power Tool (HKLM-x32\...\{60890089-588B-4362-B9C5-A9C11D6E5DD1}) (Version: 1.8.9.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{4AC64C61-A7EC-4E4E-8F28-F57EB3430334}) (Version: 1.8.31.0 - Microsoft Corporation) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.3.5f1 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (HKLM-x32\...\{6A878817-D626-305A-BE8D-94C93F70E27A}) (Version: 14.0.25123 - Microsoft Corporation) Hidden
vs_update2notification (HKLM-x32\...\{D4A78CC3-D7A0-345F-AB7D-9DA828558E4F}) (Version: 14.0.25130 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - 3D Robotics (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\75690F2C86F7BE1E9F51D6D0CC84D4D7C203E6B5) (Version: 01/01/2015 2.0.0.9 - 3D Robotics)
Windows Driver Package - 3D Robotics (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\E5BE0983C0C60432B42B39114C40C1931CE1AE00) (Version: 01/01/2015 2.0.0.9 - 3D Robotics)
Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports  (01/01/2015 2.0.0.9) (HKLM\...\86FE9521DE7ABE24A00FABF1A36DFEA326A2B95B) (Version: 01/01/2015 2.0.0.9 - Arduino LLC (www.arduino.cc))
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - libusbK USBasp (04/28/2014 3.0.7.0) (HKLM\...\10E53F572A88913B4A453B98665A2C793D4F5527) (Version: 04/28/2014 3.0.7.0 - libusbK)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wolfenstein The Old Blood (HKLM-x32\...\Wolfenstein The Old Blood_is1) (Version:  - )
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
ZTE LTE Device USB Driver (HKLM\...\{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}) (Version:  - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncApi64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-05] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-15] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-15] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-05] (Igor Pavlov)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-11-02] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-05] (Igor Pavlov)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1802162536-2727602968-3184661257-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers4_S-1-5-21-1802162536-2727602968-3184661257-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers5_S-1-5-21-1802162536-2727602968-3184661257-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03876411-2295-4097-9937-80AD4B349913} - System32\Tasks\{60F23C96-1CCF-4312-83F5-8A1C1FCD3AE7} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\ -c -auto
Task: {03CC38D3-A11E-44AF-B22A-B6DA388D0D52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation)
Task: {03FB0589-466F-4A4C-979F-CF1A32893383} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {064DCBB1-D3D1-4646-8DC7-1A25F20C452D} - System32\Tasks\{E7E0B43D-773F-41C6-B9F1-424FB1672ABC} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\
Task: {066EF6EC-A46D-4F6F-864E-D0C2BB513739} - System32\Tasks\{632FAEB9-90A2-413B-BBA5-0680A6B94A61} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\
Task: {0B99E979-37E7-490B-ADF4-74D493695D09} - System32\Tasks\tsleverrier_refundedleverrier_refunded => C:\Program Files (x86)\Buffo\Erika.exe [2018-04-02] ()
Task: {104D18DC-0380-4D1B-AA15-497A3DE17EDC} - System32\Tasks\tsincognitaincognita => C:\Program Files (x86)\Sandrock\Erika.exe [2018-04-02] ()
Task: {123AEDAD-DA29-4B70-AABB-D66953551857} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation)
Task: {1489D83A-8A03-4C2C-B30C-99B3F6169DCC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {16CE6728-168C-4530-9966-85B5F75B5472} - System32\Tasks\incognita => C:\Program Files (x86)\Sandrock\Erika.exe [2018-04-02] ()
Task: {1899AA56-C1DE-4BA7-9897-6BACF21CAD8A} - System32\Tasks\{BA42BC49-61A4-4B7C-8D7A-36909E2CD696} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {43115EA7-B074-42EE-96EC-1E77F1695F6C} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2016-05-13] (Samsung Electronics.)
Task: {44D47007-D187-4979-A5A8-7AC193EA9222} - System32\Tasks\{CFBC9378-0557-4F66-8C9E-0F6B926DE1BA} => C:\WINDOWS\system32\pcalua.exe -a "E:\downloads\USB microscope1\USB microscope1.5\Driver\setup.exe" -d "E:\downloads\USB microscope1\USB microscope1.5\Driver"
Task: {45221D7A-8EF7-44D3-AE98-6C24EA43DD07} - System32\Tasks\PC-Home => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-04-05] (Seagate Technology LLC)
Task: {4559514F-9C2F-4D2B-9C8E-7F49A157645D} - System32\Tasks\leverrier_refunded => C:\Program Files (x86)\Buffo\Erika.exe [2018-04-02] ()
Task: {46BE5CA5-1B4C-41FE-A48A-61F56BEB71FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1802162536-2727602968-3184661257-1001UA => C:\Users\PC-\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-11] (Google Inc.)
Task: {48BE282B-6AFB-4E18-A640-184F909219BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4ADEE42D-E335-4065-B135-CB469476645E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation)
Task: {4B725489-ADBA-405A-8715-E6291ECB75A1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4E5D00AE-65F8-41C9-9336-B26012F3B554} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4E6BD295-B4EB-446B-890D-07C0033EA996} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {534255CB-7C62-4443-B9EB-76EDDD684686} - System32\Tasks\AdobeGCInvoker-1.0-PC-PC-Home => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {58C01240-498D-4E41-8E09-043FBFCD2E47} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {5B598026-0B08-43B7-B800-6C49AA52D651} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {6B4350AB-F483-4C65-AB55-CBF93276D738} - System32\Tasks\Opera scheduled Autoupdate 1481258520 => C:\Program Files (x86)\Opera\launcher.exe [2018-03-28] (Opera Software)
Task: {6F9A3CFC-C5B5-4C89-B22E-130841AE946D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-04] (Piriform Ltd)
Task: {726BE6BF-CDBE-4E22-A33B-25F0719EDC08} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {78BC313D-5ADD-4198-9280-3F74F11E2134} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {800090B0-9ABB-4B28-A610-AA4DA7DF9E46} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation)
Task: {8443B11D-A8CC-40CA-8121-88B766F73928} - System32\Tasks\PC-Home Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-04-05] (Seagate Technology LLC)
Task: {9A2F3A4C-0C54-46EB-9029-0BA502C02BE1} - System32\Tasks\AdobeAAMUpdater-1.0-PC-PC-Home => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {A167D538-F3FC-4F4A-B148-E5673ACA1ACD} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-11-02] (Advanced Micro Devices, Inc.)
Task: {A71185F0-C844-406F-9618-4910108EBF96} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B64D8650-B24A-4ECF-A35A-9EA51FC91D19} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-03-22] (Microsoft Corporation)
Task: {B7FD0870-62F9-4504-86AA-4D50F6176F93} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1802162536-2727602968-3184661257-1001Core => C:\Users\PC-\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-11] (Google Inc.)
Task: {B999CA04-D675-4CA7-AED7-AD862376457A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CAAD45F9-0CBD-4494-A6E5-A2116946CF67} - System32\Tasks\{ABF7A772-ED4E-43B9-82C3-1BCF34F34EDB} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\ -c -auto
Task: {CC026503-5BA5-49CC-AD85-8FC3AF907B7E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {D7CF03C9-8FE1-4FA8-8610-1D5D5484A9EC} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-04-05] (Seagate Technology LLC)
Task: {DE510B07-A25B-40A6-8307-2906E0B7FE5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.)
Task: {EDCB60C2-C743-4761-8D49-ADE66D621A65} - System32\Tasks\philby aides tamari => C:\Users\PC-\AppData\Local\Erika.exe [2018-04-02] ()
Task: {F59B4BD9-AC87-474B-86ED-57A1931D0CA4} - \WPD\SqmUpload_S-1-5-21-1802162536-2727602968-3184661257-1001 -> No File <==== ATTENTION
Task: {F706E402-E307-4296-87AE-03C105BDFCCB} - System32\Tasks\PC-Home DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2016-04-05] (Seagate Technology LLC)
Task: {F7FE89D1-DF16-40BD-B238-0DBFB0EC9FC6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FA2F2247-B1B6-439A-AE21-FA1D80252532} - System32\Tasks\tsphilby aides tamariphilby aides tamari => C:\Users\PC-\AppData\Local\Erika.exe [2018-04-02] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\PC-\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut (2).lnk -> C:\Survival___\start.bat ()
Shortcut: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut.lnk -> C:\Oliver's server\start.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 21:42 - 2016-07-16 21:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-11 02:33 - 2017-04-28 10:49 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-28 07:34 - 2014-04-24 14:29 - 001360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2017-10-28 07:34 - 2017-10-28 07:34 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 000166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2017-01-09 20:13 - 2016-07-24 14:13 - 000186760 _____ () C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
2015-12-06 00:23 - 2014-08-18 16:50 - 000316120 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ () C:\Program Files (x86)\Sandrock\Erika.exe
2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ () C:\Program Files (x86)\Buffo\Erika.exe
2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ () C:\Users\PC-\AppData\Local\Erika.exe
2016-10-02 09:36 - 2016-10-02 09:36 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 06:32 - 2017-03-04 16:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 06:32 - 2017-03-04 16:12 - 009760768 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 06:32 - 2017-03-04 16:05 - 001401856 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 06:32 - 2017-03-04 16:05 - 000757248 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-11 02:33 - 2017-04-28 09:36 - 001033216 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-05-11 02:33 - 2017-04-28 09:36 - 002424320 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-11 02:33 - 2017-04-28 09:37 - 004853760 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2018-03-23 14:23 - 2018-03-20 16:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll
2018-03-23 14:23 - 2018-03-20 16:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll
2017-03-15 06:32 - 2017-03-04 16:04 - 000114176 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-06-07 22:02 - 2014-03-11 15:15 - 000069632 _____ () C:\Program Files (x86)\GLPCCamera\monitorpad.exe
2018-04-02 16:16 - 2018-04-02 16:16 - 000066837 _____ () C:\Program Files (x86)\brust\nonfunctioning.exe
2017-10-28 07:34 - 2015-05-08 14:26 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2015-12-06 00:23 - 2015-03-05 17:22 - 000380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2018-01-17 21:12 - 2016-05-13 00:35 - 000021600 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2018-04-02 19:38 - 2018-04-02 19:38 - 000043520 _____ () C:\Users\PC-\AppData\Local\wayout.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "BigPondWirelessBroadbandCM"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKLM\...\StartupApproved\Run32: => "RoxAssistant"
HKLM\...\StartupApproved\Run32: => "RoxioDragToDisc"
HKLM\...\StartupApproved\Run32: => "RoxioAudioCentral"
HKLM\...\StartupApproved\Run32: => "RoxioEngineUtility"
HKLM\...\StartupApproved\Run32: => "LWS"
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "Google Photos Backup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{2BF510E9-F50A-4512-9441-F89CEBB63267}E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe] => (Block) E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe
FirewallRules: [TCP Query User{BE4D19C5-6BBE-42A2-9F5A-9B2FE772906E}E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe] => (Block) E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe
FirewallRules: [UDP Query User{92E8F8D7-0DA3-43B2-BF9A-1C21F5F9A6EE}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [TCP Query User{73148BB7-E9DD-4E8D-A29A-90DB877C3F68}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{A7C984B1-0D0B-4CC2-A72E-0A0BFED725E7}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{90FEE90F-243B-4F96-AD1F-BAE29B214AE7}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{BB6E3ADC-5E0D-4A3C-A489-492D22BA64C6}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{3926B879-8904-4EC7-B3AF-3BBC533FC2F8}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{1B090A48-6C97-474F-99C2-30D0A24131A6}] => (Allow) LPort=8888
FirewallRules: [UDP Query User{8FA93161-0D92-462F-B047-BC229705B491}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{BC257035-5BF2-47D1-BBEF-BB4BCA38F56A}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{EFBABF91-DED5-415B-B20C-9DCC3E20C4F4}] => (Allow) LPort=8888
FirewallRules: [UDP Query User{9C51F00D-4721-498C-A5AE-738C3E04001A}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [TCP Query User{9780C0B0-CD57-4C7B-BA65-40D1C1F2305A}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [UDP Query User{D99AF1D4-4777-4C58-ADBE-94529B2900DF}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{C6E9F2F0-485A-4F53-B9FE-2806E3A9D888}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [{E3953CDB-8714-4CCA-8FF9-4856721611A8}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [UDP Query User{AC0DCBD5-0E14-4A7B-977A-35476D48963B}C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{C32393A0-A223-4850-BFC6-94A591887545}C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{C7A0EF56-0347-44A1-A21A-4921848FE44F}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{6628366B-CBA0-46D6-9597-D30CDC40E70D}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{8E94AFC5-348B-4405-B0A1-5985E1A1CAF1}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{B24A2852-0819-471C-A961-1E74336F8DF6}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{16C8B196-82F0-49D3-992D-6102250363ED}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [TCP Query User{0C1CD70E-6ED1-4B3E-A3FE-690E03AFB992}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe
FirewallRules: [UDP Query User{66EEF8D3-EA29-4D90-B0E3-F8283584D0A0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{963D3C7C-560A-42E5-AFD1-860F932C2F13}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7768489A-E32A-4566-8C7D-49BFEDBDE7DF}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe
FirewallRules: [TCP Query User{0D6A77AD-0F2D-4571-99FF-9B3BD7094D87}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe
FirewallRules: [{EB1150CE-A4CC-4C75-AFDD-0C986C1E4714}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{16753DCB-EDD9-4270-96E7-271221941CCA}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [UDP Query User{BE1BEDF2-B4AD-4E45-A855-D33D47192A68}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe
FirewallRules: [TCP Query User{BEE80F26-6232-4EE1-B92A-5217A0551BAF}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe
FirewallRules: [{C69DA563-BEA5-4FCD-99A4-C175F25FD5A4}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{5FCF9FA6-D88A-49C6-A0D1-8133EBBD1CB5}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{158B90D7-8CE3-4969-BAA4-040076465F9D}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F0725DDB-0AC9-455D-AE0B-5D830527ADE3}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E1CEEC3D-0816-42C6-8B31-E3E0010E7138}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3ABB99E6-4188-4646-B066-7E2F6E338156}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0A916694-C4D0-4D7B-A358-E14C83CEDE4E}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7F8A3E06-AA8A-4DC6-BD99-F05EECA4E3B1}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{74D27CA9-DE1A-4F21-98DB-128BD423B6F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{F67D41CD-1C93-4CA2-8047-9D849F3E8F4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{13054606-B407-4EC6-8F4E-0194F2389552}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2C2C7571-C281-45F7-A9BD-EB4A03EB44EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DA75EF4D-20F9-4746-B382-A91749DEF5DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DE611DA3-352B-4341-A8D8-16EF87D4056B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{28085ACE-FA2A-4EDA-ACEE-353B95FFFDBD}C:\program files (x86)\valve\portal 2\portal2.exe] => (Block) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{2401BB92-8476-41C8-B1B3-03E8F07A6FE9}C:\program files (x86)\valve\portal 2\portal2.exe] => (Block) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [TCP Query User{5EF17B59-D6F6-4D5B-B658-465D7040C6D0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{791ADA7B-DB09-46D7-A933-848C2F59F482}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{9572CFC9-B835-4BC9-A8DE-7ECCE25FB8CD}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{6C2CF78B-DA2B-49B4-8619-D80EF02494A2}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [{EBCC6B8F-5650-4AFD-B781-175C41101F96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0BE32DE6-7A07-4966-B0F6-2E23E1D627C9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{913AB778-9BEC-4838-BC9F-23323A2ABD53}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [UDP Query User{626F82E4-F4FA-4A80-B26E-FAFA4F65DCCD}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [TCP Query User{50D2FA59-4CE7-4F77-BD08-98CC92A56833}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe
FirewallRules: [UDP Query User{59127E00-3157-4D28-ADD2-E26B4254A1CD}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe
FirewallRules: [{24056517-7F6C-478C-A904-033FA4ADC62A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3F589188-EA62-4FEB-A859-4226C3CBCEF6}] => (Allow) LPort=2869
FirewallRules: [{E6421478-EB5D-409D-8893-7CD08E0D8F16}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{B372935E-B9D6-41E9-A618-ED116A78CC2E}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe
FirewallRules: [UDP Query User{30229F32-179E-4886-9AC0-2CC0503AAAE2}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe
FirewallRules: [TCP Query User{E43B7B7D-1ABE-4AA3-B051-600CEBD0F6F6}E:\games\black ops 2\call of duty - black ops 2\t6sp.exe] => (Block) E:\games\black ops 2\call of duty - black ops 2\t6sp.exe
FirewallRules: [UDP Query User{FA6DD97B-6751-4149-B773-0B217C39D7C9}E:\games\black ops 2\call of duty - black ops 2\t6sp.exe] => (Block) E:\games\black ops 2\call of duty - black ops 2\t6sp.exe
FirewallRules: [{12186A48-1ED8-4D89-B0F4-66C58B4977B3}] => (Allow) E:\Games\Mr DJ\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [{F8E41F69-6B93-4C56-98DF-D7F98625C688}] => (Allow) E:\Games\Mr DJ\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [{EDFF46D6-B7ED-4E40-A366-BA98D6DDD637}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B35404D2-2614-4FBD-B2AC-2407759D9FBD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{22375CBA-9741-4058-BC81-8402CFEB66A1}E:\gmaes\call of duty black ops iii\blackops3.exe] => (Block) E:\gmaes\call of duty black ops iii\blackops3.exe
FirewallRules: [UDP Query User{298F193F-3171-4387-A958-C2F5184074AF}E:\gmaes\call of duty black ops iii\blackops3.exe] => (Block) E:\gmaes\call of duty black ops iii\blackops3.exe
FirewallRules: [TCP Query User{E62A9E05-28E3-4FA8-9F95-DE00232B4340}E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Block) E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe
FirewallRules: [UDP Query User{2D2CE519-D42F-44BE-A977-BFEA314388E3}E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Block) E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe
FirewallRules: [TCP Query User{907E41D9-4498-4CC7-95D5-BC63C7E31689}E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe
FirewallRules: [UDP Query User{E6ACF7B6-673C-4E4C-A65F-5A7BEB83FC2C}E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe
FirewallRules: [{CCA86254-4F46-4E72-A5F4-810E55B737C7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CC9D8807-0478-4D2B-BBE1-986033BC8F46}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{EED8767A-B98E-46B3-9591-4CC9A32AC7E7}E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe
FirewallRules: [UDP Query User{DCC59A7F-3F4A-4B71-9563-52F37311920B}E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe
FirewallRules: [{5347E0A4-3595-4CE3-A239-9077F0A39688}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{95D21B68-AFF5-4D78-910C-99988691F7F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{B949D608-DF3E-4C89-BCFA-DDDB3F09F034}] => (Allow) LPort=25565
FirewallRules: [{3ADFCE03-1614-45BE-9744-9A14B5F93B7C}] => (Allow) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin
FirewallRules: [{B7E071BE-4274-4265-8E7F-C00724959973}] => (Allow) E:\Games\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [{A5B6B503-7D4D-418F-AAE2-3E78ABACBC95}] => (Allow) E:\Games\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [TCP Query User{04565DF2-19DF-4469-9276-6A8C58232253}E:\games\wolfenstein\wolfneworder_x64.exe] => (Block) E:\games\wolfenstein\wolfneworder_x64.exe
FirewallRules: [UDP Query User{AE810389-AFC3-4D8A-BF3F-A02A4030FBB4}E:\games\wolfenstein\wolfneworder_x64.exe] => (Block) E:\games\wolfenstein\wolfneworder_x64.exe
FirewallRules: [TCP Query User{7DA916B9-3B76-4B0A-BB67-1156ADCC3FEE}E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe] => (Block) E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe
FirewallRules: [UDP Query User{ECAE7D1D-D9A2-4D20-933C-1A5657F421BF}E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe] => (Block) E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe
FirewallRules: [{B42BCE0F-9CBA-4C35-B35D-DB9D49B994B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{15FB3418-ACEF-42D0-BF14-B897D755A696}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{0F60530E-2FEB-48B7-9653-F8EE5BC653AF}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_sp64_ship.exe
FirewallRules: [{07B654AC-506B-431F-9BBF-C0111079F80E}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_sp64_ship.exe
FirewallRules: [{12C44D2A-0B48-4A67-8707-C02A8603F05F}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Half-Life\hl.exe
FirewallRules: [{A4687783-AB9B-4D52-8827-F22206334F36}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{B4987BEF-FFB6-40CF-88F4-C03608BA861A}E:\games\borderlands 2\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{D2CDBD97-B714-4DB2-8077-7CBFFF81F6F8}E:\games\borderlands 2\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{7B532AC5-6F61-43F7-A0F9-AA97E7140EE6}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{87DA53C2-7FE4-48B0-9D32-1E5BA499324D}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{1A5F5951-ED70-4F77-8F7A-8AE26BC88513}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_mp64_ship.exe
FirewallRules: [{B091925F-37AA-4793-8BEF-A15CBAA5B799}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_mp64_ship.exe
FirewallRules: [{8F6DF36C-72F9-4003-B422-89EC52E6665F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Trail\TheTrail.exe
FirewallRules: [{D54DF1D7-8C89-4348-B654-272A7E3D8F9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Trail\TheTrail.exe
FirewallRules: [{5DFBC611-EEF0-49AB-BDD0-0AB94BA42E34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amazing Frog\AmazingFrog.exe
FirewallRules: [{EAAEA303-F633-4E6A-B4DA-F4340497E684}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amazing Frog\AmazingFrog.exe
FirewallRules: [{2537C76A-F04E-45DB-9A3D-2893C736CCC2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3766FC18-4255-4587-91DF-D427C8D5190A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2442A4FB-B935-4416-9793-6427646C26D2}C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe
FirewallRules: [UDP Query User{3AFC5F9E-D692-4E34-96AD-A47E1B0940DC}C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe
FirewallRules: [TCP Query User{5FD7E2B7-2A36-42E7-AC7D-923490804E8A}E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{C846738C-4F0D-4E74-A064-866757180C84}E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{22D39611-A145-4325-9C6E-14C96CBA5544}E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{6B34B628-0D5C-4AB4-B51D-FCA4DCB6BD0B}E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{E09511A2-6749-44D6-888B-AE165248ECE7}E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{2F639284-5538-409E-96B2-706E4D3D92FF}E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{051E3205-3235-4327-956A-CA4723D9E695}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.55\opera.exe
FirewallRules: [{C4420CE7-0984-44D4-B493-97749F1B33BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AnimalSuperSquad\GWGame\Binaries\Win64\ASS-Win64.exe
FirewallRules: [{AEC985CD-0E64-4899-8345-913636BB32B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AnimalSuperSquad\GWGame\Binaries\Win64\ASS-Win64.exe
FirewallRules: [{513E2D7F-E904-4DA8-B887-1F5D7E815409}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{264F0709-34F8-4571-8FF8-8D128D430E39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{560F51A1-9613-4256-9B2B-4979E2AD1684}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{B84B43E3-B66E-4404-BD8B-619032B121F9}] => (Allow) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
FirewallRules: [{154230D0-233E-4082-AB14-75627B298F36}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Human Fall Flat\Human.exe
FirewallRules: [{637A06B8-EF0C-4787-ABBF-347F13FBF88F}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Human Fall Flat\Human.exe
FirewallRules: [{43A4F369-4548-4589-BE9A-278D2AAA9412}] => (Allow) E:\Games\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe
FirewallRules: [{39AF439D-B39C-433D-9294-7E21B6D68C3C}] => (Allow) E:\Games\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe
FirewallRules: [{3B33B057-29A9-49BD-86EE-15C530A2430C}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{38DBF9CB-CA71-43BD-AD52-400EF4C85F5D}] => (Allow) C:\Program Files (x86)\Sandrock\Erika.exe
FirewallRules: [{76281E4E-6A2C-4D56-9C49-752A425CEA61}] => (Allow) C:\Program Files (x86)\Buffo\Erika.exe
FirewallRules: [{42A06B9F-26D5-4E27-830E-D56929AA2588}] => (Allow) C:\Program Files (x86)\chatelaine\tiberias.exe
FirewallRules: [{F0ABC415-82DC-4745-8B94-262001E1A18E}] => (Allow) C:\Program Files (x86)\Buffo\tiberias.exe
FirewallRules: [{F5E2CE77-898C-4BC0-91D3-2778ADB28A4C}] => (Allow) C:\WINDOWS\System32\rundll32.exe
FirewallRules: [{31A5A55A-DA4A-4A26-9A7E-C36A2ECC76F8}] => (Allow) C:\WINDOWS\System32\rundll32.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2018 10:30:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Adobe\Adobe Premiere Elements 15\MPEGHDVExport.exe".
Dependent Assembly Plug-ins&#x5c;Common&#x5c;TSStrider,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/03/2018 10:30:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.

Error: (04/03/2018 10:08:41 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.

Error: (04/03/2018 09:38:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Erika.exe version 9.4.6.164 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 14fc

Start Time: 01d3cadb94b875ca

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Buffo\Erika.exe

Report Id: 0011bd70-36cf-11e8-8402-20cf303b5e2a

Faulting package full name: 

Faulting package-relative application ID:

Error: (04/03/2018 07:43:48 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected

Error: (04/03/2018 07:03:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Adobe\Adobe Premiere Elements 15\MPEGHDVExport.exe".
Dependent Assembly Plug-ins&#x5c;Common&#x5c;TSStrider,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/03/2018 07:01:37 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.

Error: (04/03/2018 06:50:26 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (04/03/2018 10:39:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/03/2018 10:39:06 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroupListener service terminated with the following service-specific error: 
%%2147944153 = There are no more endpoints available from the endpoint mapper.

Error: (04/03/2018 10:39:05 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/03/2018 10:39:04 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/03/2018 10:39:01 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\pwd_2k.SYS

Error: (04/03/2018 10:38:59 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\pwd_2k.SYS

Error: (04/03/2018 10:38:59 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cdudf_xp.SYS

Error: (04/03/2018 10:38:59 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\UdfReadr_xp.SYS


Windows Defender:
===================================
Date: 2018-04-03 10:08:37.478
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {0A44AB37-BFB2-429F-AE1F-A2DC122DCF9F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-03 08:26:25.576
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {642280AA-91E0-4E09-84F1-3AF59003902D}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-04-02 19:48:52.972
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner.CY&threatid=2147726391&enterprise=0
Name: Trojan:Win32/CoinMiner.CY
ID: 2147726391
Severity: Severe
Category: Trojan
Path: clsid:_HKLM\SOFTWARE\CLASSES\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};file:_C:\WINDOWS\System32\mcicda64.dll;regkey:_HKLM\SOFTWARE\CLASSES\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shellexechook:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shellextapproved:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shelliconoverlayid:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\{BFD98515-CD74-48A4-98E2-13D209E3EE4F}
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\WINDOWS\explorer.exe
Signature Version: AV: 1.263.1903.0, AS: 1.263.1903.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-04-02 19:48:14.587
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner.CY&threatid=2147726391&enterprise=0
Name: Trojan:Win32/CoinMiner.CY
ID: 2147726391
Severity: Severe
Category: Trojan
Path: file:_C:\WINDOWS\System32\mcicda64.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\WINDOWS\explorer.exe
Signature Version: AV: 1.263.1903.0, AS: 1.263.1903.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-04-02 19:47:35.146
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Xadupi&threatid=2147709752&enterprise=0
Name: Trojan:Win32/Xadupi
ID: 2147709752
Severity: Severe
Category: Trojan
Path: file:_C:\Users\PC-\AppData\Local\Temp\PandaViewer\thumbnail.ico
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\PC-\AppData\Local\Temp\1522662408U2Ftmp.exe
Signature Version: AV: 1.263.1903.0, AS: 1.263.1903.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-04-03 09:12:07.515
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.263.1966.0
Previous Signature Version: 1.263.1962.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.14600.4
Previous Engine Version: 1.1.14600.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. 

Date: 2018-04-03 09:12:07.515
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.263.1966.0
Previous Signature Version: 1.263.1962.0
Update Source: User
Signature Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.14600.4
Previous Engine Version: 1.1.14600.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. 

Date: 2018-04-03 07:53:42.501
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.1903.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 

Date: 2018-04-03 07:53:42.500
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.1903.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 

Date: 2018-04-03 07:53:34.297
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 
Update Source: User
Signature Type: 
Update Type: 
Current Engine Version: 
Previous Engine Version: 
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 

CodeIntegrity:
===================================

Date: 2018-03-06 08:43:47.353
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-06 08:43:47.352
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-21 16:35:56.596
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-21 16:35:56.590
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-25 01:10:58.705
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-23 02:38:33.870
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-22 07:25:44.569
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-19 11:11:24.110
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 63%
Total physical RAM: 8183.11 MB
Available physical RAM: 3014.39 MB
Total Virtual: 16887.11 MB
Available Virtual: 9542.91 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:223.03 GB) (Free:19.21 GB) NTFS
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:39.81 GB) NTFS
Drive g: (Raid Storage) (Fixed) (Total:1862.77 GB) (Free:1861.85 GB) NTFS

\\?\Volume{5975580d-3915-11e5-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{004090af-0000-0000-0000-50c837000000}\ () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 004090AF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DCC5820C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Thanks for the service everyone provides here.

Sorry if I am jumping the gun - anxiety levels high as my son is wanting to use the computer to transfer his homework to USB but I am not letting him until this is resolved.     I'm wondering if I could just write a note to say a Dog some malware ate his homework?

Link to post
Share on other sites

I also ran a Hijack this scan (in case it is of any benefit)

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:48:38 AM, on 3/04/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)

FIREFOX: 41.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\GLPCCamera\monitorpad.exe
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\Program Files (x86)\brust\nonfunctioning.exe
C:\Users\PC-\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe
O4 - HKLM\..\Run: [EaseUS EPM Tray Agent] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe"
O4 - HKLM\..\Run: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files (x86)\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxAssistant] "C:\Program Files (x86)\Common Files\Roxio Shared\Upgrade\RoxAssist.exe" /s
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files (x86)\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [wolfram] "C:\Program Files (x86)\Sandrock\Erika.exe" mvu
O4 - HKLM\..\Run: [wolframwolfram] "C:\Program Files (x86)\Buffo\Erika.exe" mvu
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [OneDrive] "C:\Users\PC-\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [Google Update] C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [Google Photos Backup] "C:\Users\PC-\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
O4 - HKCU\..\Run: [wayout] rundll32.exe "C:\Users\PC-\AppData\Local\wayout.dll",wayout
O4 - HKCU\..\Run: [terriers] "C:\Program Files (x86)\Sandrock\Erika.exe" mvu
O4 - HKCU\..\Run: [terriersterriers] "C:\Program Files (x86)\Buffo\Erika.exe" mvu
O4 - HKCU\..\Run: [shook] "C:\Program Files (x86)\Sandrock\Erika.exe" mvu
O4 - HKCU\..\Run: [shookshook] "C:\Program Files (x86)\Buffo\Erika.exe" mvu
O4 - HKCU\..\Run: [nonfunctioning] "C:\Program Files (x86)\brust\nonfunctioning.exe" mvu
O4 - HKCU\..\Run: [dozing] "C:\Program Files (x86)\Sandrock\Erika.exe" mvu
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Startup: newey.lnk = ?
O4 - Startup: start - Shortcut (2).lnk = C:\Survival___\start.bat
O4 - Startup: start - Shortcut.lnk = C:\Oliver's server\start.bat
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{15b74de2-1a43-460f-9390-40d9aea884fb}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{f9997c51-f1a9-4314-85f1-12b97f23564b}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{15b74de2-1a43-460f-9390-40d9aea884fb}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: DTSAudioService - DTS - C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Macrium Service (MacriumService) - Paramount Software UK Ltd - C:\Program Files\Macrium\Common\MacriumService.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Samsung RAPID Mode Service (SamsungRapidSvc) - Unknown owner - C:\WINDOWS\system32\RAPID\SamsungRapidSvc.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
O23 - Service: Seagate MobileBackup Service - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNDA3100v2 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

--
End of file - 12917 bytes
 

Link to post
Share on other sites

Please help...I've just had a mad panic and tried to remove what I thought was malware but may have made things worse.

I have a windows 10 computer that had windows defender running with regular scans.    I tried to install some software last night and since then my computer has slowed down, the windows defender was disabled and I cannot install malwarebytes antimalware (or uninstall it now).
I tried following the malwarebytes instructions to run chameleon but that also has failed (keeps saying the computer needs to reboot to complete an update but then won't update).

I had a look in task manager and saw about 30 programs called ERIKA running plus some programs like bitcoin miner.

my web searches in google are opening to random (?) websites (some of very questionable content).

 

All this whilst my 10 year old son is asking to get his homework off the computer.

 

I did post this in another post but realise I jumped the gun and tried to fix things myself.   

 

Thanks in advance

Link to post
Share on other sites

I've managed to uninstall Malwarebytes and install it via the chameleon.

Due to the difficulties I encountered earlier I ran the scan without a full update (that is where it hung last time)

Txt logs  following the MWB threat scan and farbar

 

New symptom:  when I alt tab I now have about 12 programs called FMVUB running

and malwarebytes has disappeared!!

 

 

 

malwarebytes.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

Is no big deal, yes your system is severely infected. Lets see how we go, run the following;

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:
    Scan for Rootkits
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Let me see those logs in your reply..

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Try this:

Totally Remove Malwarebytes from your system:

Download the latest version of MB-Clean by clicking this link: https://downloads.malwarebytes.com/file/mb_clean save to your Desktop, or a folder of your choice.
 
  • Close all open applications
  • Double-click and run mb-clean.exe
  • A prompt with an option to clean up the system will appear:


Yes - will proceed with backing up the license key (Malwarebytes 3.x only) and initiating the cleanup process. (Recommended)
No - will exit the utility

Once the cleanup process is completed, a prompt will appear:

Yes – will proceed and post reboot you will be prompted to continue with the downloading, installation and activation of latest version of Malwarebytes 3.x (Recommended)
No – will exit the utility and you will not be prompted (post reboot) to download, reinstall and re-activate (Not Recommended)

We recommend rebooting immediately. Additionally, stopping at this step is not recommended and will most likely not resolve your issue(s).

Upon reboot, a prompt will appear:

Yes - will download, install and activate the latest version of Malwarebytes 3.x (Recommended)
No - will exit the utility and the cleanup process is complete...

A log file ("mb-clean-results.txt") will be on your desktop

Next,

Open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:
    Scan for Rootkits
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
Link to post
Share on other sites

OK...by the time I came back to the computer (after talking to the Boss - Mrs Quirkymac) MWB-AMW had actually opened.  I've started the threat scan with the parameters you specified above.  Am I ok to run the threat scan or do you want me to stop it and still go through the clean and reinstall?

I suspect my computer was on a massive go slow (which it has been doing). Let me know what I should do.

Edited by Quirkymac
Link to post
Share on other sites

With Malwarebytes Anti-Malware open do the following:
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:
    Scan for Rootkits
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
Link to post
Share on other sites

Hello Quirkymac,

Couple more scans to complete:

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin...

 

Link to post
Share on other sites

# AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 03 20:57:20 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

Plugin deleted: System Table - 


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [1335 B] - [2016/4/5 9:40:34]
C:/AdwCleaner/AdwCleaner[S1].txt - [1104 B] - [2016/4/5 9:39:46]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

Link to post
Share on other sites

Microsoft Windows Malicious Software Removal Tool v5.58, March 2018 (build 5.58.14622.1)
Started On Wed Apr 04 07:02:08 2018

Engine: 1.1.14600.4
Signatures: 1.263.2.0
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 04 07:05:44 2018


Return code: 0 (0x0)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.