Quirkymac Posted April 2, 2018 ID:1229298 Share Posted April 2, 2018 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018 Ran by PC-Home (administrator) on PC (03-04-2018 09:46:58) Running from C:\Users\PC-\Downloads Loaded Profiles: PC-Home (Available Profiles: PC-Home & Admin) Platform: Windows 10 Pro Version 1607 14393.1198 (X64) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe (AMD) C:\WINDOWS\System32\atieclxx.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe (DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe () C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Samsung Electronics Co., Ltd.) C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Malwarebytes ) C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbam-setup.exe () C:\Users\PC-\AppData\Local\Temp\is-D9V37.tmp\mbam-setup.tmp (Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe () C:\Program Files (x86)\GLPCCamera\monitorpad.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe () C:\Program Files (x86)\brust\nonfunctioning.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe (Trend Micro Inc.) C:\Users\PC-\Downloads\HijackThis.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [GLSystray] => C:\Program Files (x86)\GLPCCamera\monitorpad.exe [69632 2014-03-11] () HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822528 2016-05-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1429248 2016-05-25] (Realtek Semiconductor) HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281696 2015-09-04] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated) HKLM\...\Run: [assuaging] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] () HKLM\...\Run: [assuagingassuaging] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] () HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd) HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [6215288 2012-10-15] (Telstra) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd) HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] () HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-04-05] (Seagate Technology LLC) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.) HKLM-x32\...\Run: [RoxioEngineUtility] => C:\Program Files (x86)\Common Files\Roxio Shared\System\EngUtil.exe [69632 2003-01-13] (Roxio) HKLM-x32\...\Run: [RoxAssistant] => C:\Program Files (x86)\Common Files\Roxio Shared\Upgrade\RoxAssist.exe [86016 2003-01-13] (Roxio) HKLM-x32\...\Run: [RoxioDragToDisc] => C:\Program Files (x86)\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [757760 2003-01-13] (Roxio) HKLM-x32\...\Run: [RoxioAudioCentral] => C:\Program Files (x86)\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [253952 2003-01-09] (Roxio, Inc.) HKLM-x32\...\Run: [wolfram] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] () HKLM-x32\...\Run: [wolframwolfram] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] () HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3198752 2018-03-27] (Valve Corporation) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2015-12-17] (Electronic Arts) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-04-05] (Seagate Technology LLC) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Google Update] => C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Google Photos Backup] => C:\Users\PC-\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-09] (Google, Inc) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [wayout] => rundll32.exe "C:\Users\PC-\AppData\Local\wayout.dll",wayout <==== ATTENTION HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [terriers] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] () HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [terriersterriers] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] () HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [shook] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] () HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [shookshook] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] () HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [nonfunctioning] => C:\Program Files (x86)\brust\nonfunctioning.exe [66837 2018-04-02] () HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [dozing] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] () HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {2720b8a3-465d-11e5-825b-000272d49f2d} - "F:\setup.exe" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {53e89e93-20a7-11e7-8381-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {7655fdf0-c973-11e6-8350-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {7c566bfb-f0f3-11e6-836f-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {a15bfc82-f1ae-11e6-8370-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {e93fdcaf-f9cd-11e7-83d0-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries) Startup: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newey.lnk [2018-04-02] ShortcutTarget: newey.lnk -> C:\Program Files (x86)\Sandrock\Erika.exe () Startup: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut (2).lnk [2018-01-26] ShortcutTarget: start - Shortcut (2).lnk -> C:\Survival___\start.bat () Startup: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut.lnk [2017-07-20] ShortcutTarget: start - Shortcut.lnk -> C:\Oliver's server\start.bat () GroupPolicy: Restriction - Chrome <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{15b74de2-1a43-460f-9390-40d9aea884fb}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{77e0edf0-5c1a-4b02-ac72-e987d2c266d5}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f9997c51-f1a9-4314-85f1-12b97f23564b}: [NameServer] 8.8.8.8,8.8.4.4 Internet Explorer: ================== HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-14] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-14] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-14] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-14] (Oracle Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File FireFox: ======== FF DefaultProfile: 4k8kw0sm.default FF ProfilePath: C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default [2018-04-02] FF user.js: detected! => C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default\user.js [2017-06-30] FF Homepage: Mozilla\Firefox\Profiles\4k8kw0sm.default -> hxxps://www.malwarebytes.org/restorebrowser/ FF Extension: (AUSkey) - C:\Users\PC-\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@au.gov.abr.auskeyfirefox.xpi [2017-04-11] FF Extension: (System Table) - C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default\Extensions\143734@modext.tech.xpi [2018-03-01] FF Extension: (System Table) - C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default\Extensions\622127@modext.tech.xpi [2018-02-27] FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-14] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-14] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2017-01-09] ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Plugin HKU\S-1-5-21-1802162536-2727602968-3184661257-1001: @tools.google.com/Google Update;version=3 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin HKU\S-1-5-21-1802162536-2727602968-3184661257-1001: @tools.google.com/Google Update;version=9 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) Chrome: ======= CHR DefaultProfile: Profile 1 CHR HomePage: Profile 1 -> hxxp://www.google.com.au/ CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/" CHR Profile: C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-04-03] CHR Extension: (Slides) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Docs) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-07] CHR Extension: (YouTube) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-07] CHR Extension: (Adblock for Youtube™) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-15] CHR Extension: (Word Search) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2017-05-07] CHR Extension: (Cleanflight - Configurator) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\enacoimjcgeinfnnnpajinjgmkahmfgb [2017-07-31] CHR Extension: (Sheets) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Kingdom Rush Frontiers) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fmfibdjbnmndigbklnlllakjbjheiopj [2017-05-07] CHR Extension: (Google Docs Offline) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-07] CHR Extension: (Adblocker for Youtube™) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjjkhfonangkojdpjcdhldbcicegaohc [2018-04-02] CHR Extension: (Prodigy Math Game) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hndgjbjghbnahgfhcmhkkoibbgdemlia [2017-05-07] CHR Extension: (Free Guitar Tuner) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iojcckkgkckfailcedaooonjlndpnoib [2017-05-07] CHR Extension: (AUSkey for Chrome) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmegndhbalhkegdidohofafobbcabine [2017-09-13] CHR Extension: (Betaflight - Configurator) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdaghagfopacdngbohiknlhcocjccjao [2017-12-13] CHR Extension: (DuckDuckGo Home Page) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ljkalbbbffedallekgkdheknngopfhif [2017-05-07] CHR Extension: (Baseflight - Configurator) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mppkgnedeapfejgfimkdoninnofofigk [2017-05-07] CHR Extension: (Chrome Web Store Payments) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: ( The scale of the universe) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ooidlchfdlimcgilcmpckfjleogaobka [2017-05-07] CHR Extension: (Gmail) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-07] CHR Extension: (Chrome Media Router) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25] CHR HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jmegndhbalhkegdidohofafobbcabine] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (__MSG_appName__) - C:\Users\PC-\AppData\Roaming\Opera Software\Opera Stable\Extensions\epeomjakeffkfofnidikcpbacmfliolc [2018-04-02] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated) R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe [472456 2017-11-03] (AMD) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2017-10-28] () R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed] R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [218768 2016-05-25] (DTS) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-10] (EasyAntiCheat Ltd) S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries) R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-26] (Paramount Software UK Ltd) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [28256 2015-09-04] (Samsung Electronics Co., Ltd.) R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2016-07-24] () R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-04-05] (Seagate Technology LLC) R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-04-05] (Seagate Technology LLC) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-16] (Microsoft Corporation) R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [326544 2012-06-04] (Sierra Wireless, Inc.) S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-06] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-06] (Microsoft Corporation) R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [316120 2014-08-18] () ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.) R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmdag.sys [40034184 2017-11-03] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmpag.sys [536456 2017-11-03] (Advanced Micro Devices, Inc.) U5 androidusb; C:\Windows\System32\Drivers\androidusb.sys [33736 2009-11-02] (HTC, Corporation) [File not signed] R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-05-08] () R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [118960 2017-10-13] (Advanced Micro Devices) S1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [10864 2012-04-24] (Corel Corporation) S1 Cdr4_xp; C:\Windows\SysWow64\Drivers\Cdr4_xp.sys [64208 2003-01-13] (Roxio) [File not signed] S1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [11376 2012-04-24] (Corel Corporation) S1 Cdralw2k; C:\Windows\SysWow64\Drivers\Cdralw2k.sys [24839 2003-01-13] (Roxio) [File not signed] S1 cdudf_xp; C:\Windows\SysWow64\Drivers\cdudf_xp.sys [249344 2003-01-13] (Roxio) [File not signed] S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com) S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] () S3 dvd_2K; C:\Windows\SysWow64\Drivers\dvd_2K.sys [21654 2003-01-13] (Roxio) [File not signed] S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] () [File not signed] S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14944 2014-11-18] () [File not signed] R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] () S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] () [File not signed] S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] () [File not signed] S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed] S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [42944 2017-05-29] (hxxp://libusb-win32.sourceforge.net) S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47928 2017-01-27] (hxxp://libusb-win32.sourceforge.net) S3 massfilter_lte; C:\WINDOWS\system32\drivers\massfilter_lte.sys [18456 2012-01-04] (HandSet Incorporated) S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-04-03] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2018-04-03] (Malwarebytes) S3 mmc_2K; C:\Windows\SysWow64\Drivers\mmc_2K.sys [22758 2003-01-13] (Roxio) [File not signed] R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] () S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 NPF; C:\WINDOWS\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) S1 pwd_2k; C:\Windows\SysWow64\Drivers\pwd_2k.sys [118422 2003-01-13] (Roxio) [File not signed] R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation) R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [271968 2015-09-04] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [110688 2015-09-04] (Samsung Electronics Co., Ltd.) R0 SCMNdisP; C:\WINDOWS\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) S3 swg3kser00; C:\WINDOWS\system32\DRIVERS\swg3kser00.sys [259328 2012-09-05] (Sierra Wireless Incorporated) S3 swiwdmbx; C:\WINDOWS\System32\drivers\swiwdmbx64.sys [108800 2012-09-05] (Sierra Wireless Inc.) S3 SWNC8UA3; C:\WINDOWS\System32\drivers\swnc8ua3.sys [300544 2012-09-05] (Sierra Wireless Inc.) S1 UdfReadr_xp; C:\Windows\SysWow64\Drivers\UdfReadr_xp.sys [206464 2003-01-13] (Roxio) [File not signed] U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [40448 2017-04-28] (Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-06] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-06] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-06] (Microsoft Corporation) S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X] S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-03 09:46 - 2018-04-03 09:47 - 000027693 _____ C:\Users\PC-\Downloads\FRST.txt 2018-04-03 09:46 - 2018-04-03 09:46 - 000000000 ____D C:\FRST 2018-04-03 09:45 - 2018-04-03 09:46 - 002403328 _____ (Farbar) C:\Users\PC-\Downloads\FRST64.exe 2018-04-03 09:40 - 2018-04-03 09:43 - 000388608 _____ (Trend Micro Inc.) C:\Users\PC-\Downloads\HijackThis.exe 2018-04-03 09:29 - 2018-04-03 09:29 - 006705178 _____ C:\Users\PC-\Downloads\mbam-chameleon-3.1.33.0 (1).zip 2018-04-03 09:29 - 2018-04-03 09:29 - 000000000 ____D C:\Users\PC-\Downloads\New Folder 2018-04-03 09:29 - 2018-04-03 09:29 - 000000000 ____D C:\Users\PC-\Downloads\cham 2018-04-03 09:20 - 2018-04-03 09:20 - 000000000 ____D C:\ProgramData\MB3Migration 2018-04-03 09:20 - 2018-04-03 09:20 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2018-04-03 09:18 - 2018-04-03 09:18 - 000000000 ____D C:\ProgramData\MB2Migration 2018-04-03 09:10 - 2018-04-03 09:10 - 000000000 ____D C:\Users\PC-\Downloads\mbam-chameleon-3.1.33.0 2018-04-03 09:09 - 2018-04-03 09:09 - 006705178 _____ C:\Users\PC-\Downloads\mbam-chameleon-3.1.33.0.zip 2018-04-03 01:19 - 2018-04-03 09:00 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-04-02 20:45 - 2018-04-02 20:45 - 000000258 __RSH C:\Users\PC-\ntuser.pol 2018-04-02 20:24 - 2018-04-03 09:38 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-04-02 20:24 - 2018-04-03 09:11 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-04-02 20:24 - 2018-04-03 09:03 - 000002101 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-04-02 20:24 - 2018-04-02 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-04-02 20:24 - 2018-04-02 20:24 - 000000000 ____D C:\Program Files\Malwarebytes 2018-04-02 20:24 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2018-04-02 20:23 - 2018-04-02 20:24 - 072135408 _____ (Malwarebytes ) C:\Users\PC-\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4576.exe 2018-04-02 20:11 - 2018-04-02 20:44 - 000000000 ____D C:\Users\PC-\AppData\Roaming\ttdyyfziyzp 2018-04-02 20:11 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\kn4epig0bfd 2018-04-02 20:11 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\bfmni1kmwjx 2018-04-02 20:03 - 2018-04-02 20:06 - 006968952 _____ (ESET spol. s r.o.) C:\Users\PC-\Downloads\esetonlinescanner_enu.exe 2018-04-02 19:55 - 2018-04-02 19:55 - 000000000 ____D C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget 2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\wxpz0gsme1e 2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\u1mv3fkt2f0 2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\njrwhwv0gz5 2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\efynkkjtu3n 2018-04-02 19:51 - 2018-04-02 20:45 - 000000000 ____D C:\ProgramData\385fb600e5 2018-04-02 19:49 - 2018-04-02 20:42 - 000000000 ____D C:\ProgramData\c93bffa3-1769-4f43-90d0-692655e2815d 2018-04-02 19:48 - 2018-04-02 20:42 - 000000000 ____D C:\ProgramData\10b45edb-3473-4b10-b57e-0ad402f4c858 2018-04-02 19:48 - 2018-04-02 19:55 - 000003634 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask 2018-04-02 19:48 - 2018-04-02 19:48 - 000000000 ____D C:\Program Files\My Program 2018-04-02 19:47 - 2018-04-02 20:39 - 000000000 ____D C:\Program Files (x86)\ProxyGate 2018-04-02 19:47 - 2018-04-02 19:54 - 000929792 _____ C:\Users\PC-\AppData\Local\sham.db 2018-04-02 19:47 - 2018-04-02 19:47 - 000140800 _____ C:\Users\PC-\AppData\Local\installer.dat 2018-04-02 19:47 - 2018-04-02 19:47 - 000000000 ____D C:\Users\PC-\AppData\Roaming\FastDataX 2018-04-02 19:46 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\vhjv50pfeb3 2018-04-02 19:45 - 2018-04-02 20:42 - 000000000 ____D C:\Program Files (x86)\astra 2018-04-02 19:44 - 2018-04-02 20:42 - 000000000 ___HD C:\Program Files (x86)\Buffo 2018-04-02 19:44 - 2018-04-02 20:42 - 000000000 ____D C:\Program Files (x86)\solidified 2018-04-02 19:44 - 2018-04-02 20:42 - 000000000 ____D C:\Program Files (x86)\chatelaine 2018-04-02 19:44 - 2018-04-02 19:44 - 000003972 _____ C:\WINDOWS\System32\Tasks\philby aides tamari 2018-04-02 19:44 - 2018-04-02 19:44 - 000003970 _____ C:\WINDOWS\System32\Tasks\leverrier_refunded 2018-04-02 19:44 - 2018-04-02 19:44 - 000003922 _____ C:\WINDOWS\System32\Tasks\incognita 2018-04-02 19:44 - 2018-04-02 19:44 - 000003844 _____ C:\WINDOWS\System32\Tasks\tsphilby aides tamariphilby aides tamari 2018-04-02 19:44 - 2018-04-02 19:44 - 000003840 _____ C:\WINDOWS\System32\Tasks\tsleverrier_refundedleverrier_refunded 2018-04-02 19:44 - 2018-04-02 19:44 - 000003774 _____ C:\WINDOWS\System32\Tasks\tsincognitaincognita 2018-04-02 19:44 - 2018-04-02 19:44 - 000000012 _____ C:\WINDOWS\b28870344 2018-04-02 19:44 - 2018-04-02 19:44 - 000000000 ___HD C:\Program Files (x86)\brust 2018-04-02 19:44 - 2018-04-02 19:44 - 000000000 ____D C:\Users\PC-\AppData\Local\AdvinstAnalytics 2018-04-02 19:44 - 2018-04-02 19:44 - 000000000 ____D C:\Program Files (x86)\Sandrock 2018-04-02 19:38 - 2018-04-03 09:05 - 000000000 ____D C:\Users\PC-\AppData\Roaming\AGData 2018-04-02 19:38 - 2018-04-03 09:05 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget 2018-04-02 19:38 - 2018-04-02 19:38 - 000194048 _____ C:\Users\PC-\AppData\Local\install.dll 2018-04-02 19:38 - 2018-04-02 19:38 - 000043520 _____ C:\Users\PC-\AppData\Local\wayout.dll 2018-04-02 19:38 - 2018-04-02 19:38 - 000003072 _____ C:\Users\PC-\AppData\Local\install_UEFIConfig.exe 2018-04-02 18:30 - 2018-04-02 18:30 - 000950803 _____ C:\Users\PC-\Desktop\What’s my favourite movie.pptx 2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ C:\WINDOWS\mouthful.exe 2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ C:\Users\PC-\AppData\Local\Erika.exe 2018-04-02 15:44 - 2018-04-02 15:44 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\Landfall West 2018-04-01 07:30 - 2018-04-01 07:30 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\NoBrakesGames 2018-03-31 21:59 - 2018-03-31 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup 2018-03-31 21:59 - 2018-03-31 21:59 - 000000000 ____D C:\Program Files (x86)\DiskCheckup 2018-03-30 13:49 - 2018-03-30 13:49 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b 2018-03-21 00:20 - 2018-03-21 00:21 - 032465159 _____ C:\Users\PC-\Desktop\closed-loop-communication.wmv 2018-03-21 00:11 - 2018-03-21 01:20 - 035596460 _____ C:\Users\PC-\Desktop\ISBAR video removed.pptx 2018-03-19 00:15 - 2018-03-19 00:15 - 000000000 ____D C:\Users\PC-\AppData\Roaming\twitch-electron 2018-03-17 19:43 - 2018-03-17 19:44 - 002953376 _____ C:\Users\PC-\Downloads\ISBAR clinical governance1.potx 2018-03-11 18:49 - 2018-03-11 18:49 - 000000220 _____ C:\Users\PC-\Desktop\oliver homework todo list.txt 2018-03-10 17:48 - 2018-03-10 08:46 - 000000231 ___SH C:\Users\Public\Libraries.ini 2018-03-10 17:45 - 2018-03-10 17:45 - 000000000 ____D C:\Users\PC-\AppData\Local\NVIDIA Corporation 2018-03-10 17:44 - 2018-03-10 17:44 - 000000000 ____D C:\Users\PC-\AppData\Local\FortniteGame 2018-03-10 17:43 - 2018-03-10 17:44 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat 2018-03-10 17:43 - 2018-03-10 17:43 - 000000000 ____D C:\Users\PC-\AppData\Roaming\EasyAntiCheat 2018-03-10 12:34 - 2018-03-10 12:34 - 000000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk 2018-03-10 12:34 - 2018-03-10 12:34 - 000000000 ____D C:\Users\PC-\AppData\Local\UnrealEngineLauncher 2018-03-10 12:34 - 2018-03-10 12:34 - 000000000 ____D C:\Users\PC-\AppData\Local\EpicGamesLauncher 2018-03-10 12:33 - 2018-03-10 12:36 - 000000000 ____D C:\ProgramData\Epic 2018-03-10 12:32 - 2018-03-10 12:33 - 032256000 _____ C:\Users\PC-\Downloads\EpicInstaller-7.5.0-fortnite-69782c2860c74180b94f3bb45a917ebd.msi 2018-03-10 12:29 - 2018-03-10 12:29 - 000192512 _____ C:\Users\PC-\Desktop\rifflefrog.cld 2018-03-08 19:46 - 2018-03-08 19:46 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\VelociDrone 2018-03-08 19:22 - 2018-03-08 19:31 - 899305562 _____ C:\Users\PC-\Downloads\velocidrone-1-11-0-windows-trial.zip 2018-03-06 19:21 - 2018-03-06 19:21 - 000701863 _____ C:\Users\PC-\Downloads\betaflight_3.3.0_SPRACINGF3.hex 2018-03-06 19:17 - 2018-03-06 19:17 - 000032463 _____ C:\Users\PC-\Downloads\eachine 010.json 2018-03-06 19:17 - 2018-03-06 19:17 - 000032463 _____ C:\Users\PC-\Downloads\BTFL_backup_20180306_201734.json 2018-03-06 19:17 - 2018-03-06 19:17 - 000032454 _____ C:\Users\PC-\Downloads\BTFL_backup_20180306_201740.json 2018-03-06 07:33 - 2018-03-06 07:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-03-05 18:41 - 2018-03-08 14:53 - 000000000 ____D C:\Users\PC-\Desktop\Car CD 2018-03-05 17:57 - 2018-03-05 17:57 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\Denki 2018-03-05 17:54 - 2018-03-05 17:55 - 038289665 _____ C:\Users\PC-\Downloads\Autonauts_Version_21.2_Windows x64.zip 2018-03-05 06:59 - 2018-03-05 06:59 - 000812622 _____ C:\Users\PC-\Downloads\Statement20180302.pdf 2018-03-04 11:58 - 2018-03-15 15:58 - 000000000 ____D C:\Users\PC-\Desktop\Oliver's Homework ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-03 09:44 - 2016-10-01 23:43 - 003803466 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-04-03 09:37 - 2016-10-01 23:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-04-03 09:36 - 2016-12-12 23:05 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2018-04-03 09:36 - 2016-07-16 16:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2018-04-03 09:08 - 2017-03-01 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools 2018-04-03 09:08 - 2017-03-01 19:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-04-03 09:07 - 2016-07-16 21:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-04-03 08:21 - 2016-12-20 19:19 - 000000000 ____D C:\Users\PC-\AppData\Local\Adobe 2018-04-03 07:41 - 2015-12-03 23:45 - 000006680 __RSH C:\ProgramData\ntuser.pol 2018-04-03 07:35 - 2016-10-01 23:43 - 000000000 ____D C:\Users\PC- 2018-04-03 06:51 - 2016-07-16 21:47 - 000000000 ___HD C:\Program Files\WindowsApps 2018-04-03 06:51 - 2016-07-16 21:47 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-04-03 06:37 - 2016-10-01 23:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-04-03 00:17 - 2016-10-01 23:53 - 000003280 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3B04C3FB-2427-4C20-9023-0F335CF12761} 2018-04-02 20:49 - 2016-07-08 21:32 - 000000000 ____D C:\Users\PC-\AppData\Local\ESET 2018-04-02 20:44 - 2015-08-04 18:44 - 000000000 ____D C:\Program Files (x86)\Steam 2018-04-02 20:43 - 2017-06-06 07:07 - 000002336 _____ C:\Users\Admin\Desktop\Google Chrome.lnk 2018-04-02 20:43 - 2015-08-04 01:58 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-04-02 20:42 - 2016-07-16 16:04 - 000000000 ____D C:\Program Files\MB Registracting System 2018-04-02 20:20 - 2018-01-06 18:05 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\Mozilla 2018-04-02 20:10 - 2015-08-08 20:07 - 000000000 ____D C:\Users\PC-\AppData\Roaming\uTorrent 2018-04-02 19:53 - 2016-07-16 21:47 - 000000000 ____D C:\Program Files\Windows Multimedia Platform 2018-04-02 19:53 - 2016-05-23 19:47 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition 2018-04-02 19:50 - 2013-08-23 01:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2018-04-02 19:44 - 2018-01-27 15:01 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-04-02 18:30 - 2015-08-19 18:43 - 001142272 ___SH C:\Users\PC-\Desktop\Thumbs.db 2018-04-02 17:01 - 2018-02-25 13:37 - 000000000 ____D C:\Users\PC-\Desktop\Oliver's games 2018-04-02 15:42 - 2017-11-13 05:53 - 000000000 ____D C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2018-03-31 21:55 - 2017-06-30 07:31 - 000001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk 2018-03-31 21:55 - 2016-12-09 14:42 - 000003944 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1481258520 2018-03-31 21:55 - 2016-12-09 14:41 - 000000000 ____D C:\Program Files (x86)\Opera 2018-03-31 13:43 - 2015-08-04 19:18 - 000000000 ____D C:\Users\PC-\AppData\Roaming\.minecraft 2018-03-29 05:55 - 2017-01-16 14:22 - 000000000 ____D C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2018-03-26 07:10 - 2017-01-16 14:22 - 000000000 ____D C:\Users\PC-\AppData\Local\Roblox 2018-03-21 00:12 - 2015-08-02 22:58 - 000000000 ____D C:\Users\PC-\AppData\Local\Packages 2018-03-19 00:16 - 2018-02-24 17:07 - 000000000 ____D C:\Users\PC-\AppData\Roaming\Twitch 2018-03-12 20:51 - 2018-01-21 18:24 - 000000000 ____D C:\Users\PC-\Desktop\Daddy's Games 2018-03-10 17:44 - 2017-09-03 01:34 - 000000000 ____D C:\Users\PC-\AppData\Local\UnrealEngine 2018-03-10 14:52 - 2017-12-19 17:06 - 000000000 ____D C:\Users\PC-\AppData\Roaming\.pokepack 2 2018-03-10 12:36 - 2016-10-01 23:42 - 000000000 ____D C:\ProgramData\Package Cache 2018-03-10 12:26 - 2016-07-16 21:47 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2018-03-10 10:40 - 2015-08-10 07:46 - 000000000 ____D C:\Users\PC-\AppData\Local\ElevatedDiagnostics 2018-03-06 21:35 - 2017-01-12 23:51 - 000000000 ____D C:\Users\PC-\AppData\Roaming\vlc 2018-03-06 07:43 - 2016-07-16 21:47 - 000000000 ___RD C:\Program Files\Windows Defender 2018-03-04 21:10 - 2017-07-12 14:07 - 000000000 ____D C:\Users\PC-\AppData\Roaming\dvdcss 2018-03-04 12:01 - 2018-03-03 23:22 - 000000000 ____D C:\Users\PC-\Documents\l10 ==================== Files in the root of some directories ======= 2016-04-03 23:17 - 2016-04-03 23:18 - 000004608 _____ () C:\Users\PC-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ () C:\Users\PC-\AppData\Local\Erika.exe 2018-04-02 19:38 - 2018-04-02 19:38 - 000194048 _____ () C:\Users\PC-\AppData\Local\install.dll 2018-04-02 19:47 - 2018-04-02 19:47 - 000140800 _____ () C:\Users\PC-\AppData\Local\installer.dat 2018-04-02 19:38 - 2018-04-02 19:38 - 000003072 _____ () C:\Users\PC-\AppData\Local\install_UEFIConfig.exe 2018-01-29 12:48 - 2018-01-29 12:48 - 000000017 _____ () C:\Users\PC-\AppData\Local\resmon.resmoncfg 2018-04-02 19:47 - 2018-04-02 19:54 - 000929792 _____ () C:\Users\PC-\AppData\Local\sham.db 2018-04-02 19:38 - 2018-04-02 19:38 - 000043520 _____ () C:\Users\PC-\AppData\Local\wayout.dll Some files in TEMP: ==================== 2017-08-16 23:34 - 2017-08-16 23:34 - 001177480 _____ () C:\Users\PC-\AppData\Local\Temp\AMDCleanupUtility.exe 2017-08-16 23:34 - 2017-08-16 23:34 - 000250248 _____ () C:\Users\PC-\AppData\Local\Temp\Cleanup.dll 2017-08-16 23:34 - 2017-08-16 23:34 - 000065536 _____ (Windows (R) Server 2003 DDK provider) C:\Users\PC-\AppData\Local\Temp\ddu.exe 2018-04-02 19:36 - 2018-04-02 19:36 - 001793310 _____ () C:\Users\PC-\AppData\Local\Temp\gimi.exe 2018-04-02 19:37 - 2018-04-02 19:37 - 004335290 _____ () C:\Users\PC-\AppData\Local\Temp\insifucan.exe 2017-11-19 18:38 - 2017-11-19 18:38 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1154735672996083300.dll 2017-11-19 20:18 - 2017-11-19 20:18 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1464764265914328830.dll 2017-11-13 21:09 - 2017-11-13 21:09 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1547810544809404639.dll 2017-11-19 19:30 - 2017-11-19 19:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1593254549717263245.dll 2017-11-19 18:55 - 2017-11-19 18:55 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1690539436159311693.dll 2018-03-04 06:30 - 2018-03-04 06:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-2482033594460382393.dll 2017-11-19 18:54 - 2017-11-19 18:54 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-2687753416721811457.dll 2017-11-19 19:30 - 2017-11-19 19:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-2932195214392308003.dll 2018-02-24 19:13 - 2018-02-24 19:13 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3044242924852044250.dll 2018-02-24 19:07 - 2018-02-24 19:07 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3065947850748833017.dll 2018-02-25 06:11 - 2018-02-25 06:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3090400866220708828.dll 2018-02-24 19:01 - 2018-02-24 19:01 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-331796050798688962.dll 2017-11-19 19:05 - 2017-11-19 19:05 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3333956312288007370.dll 2017-11-19 19:29 - 2017-11-19 19:29 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3338430850092768373.dll 2017-11-20 07:10 - 2017-11-20 07:10 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3436539544659961381.dll 2017-11-20 07:10 - 2017-11-20 07:10 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3817856707412600517.dll 2017-11-19 19:05 - 2017-11-19 19:05 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3843902266096510911.dll 2017-11-19 18:40 - 2017-11-19 18:40 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4250398577020638135.dll 2017-11-13 21:07 - 2017-11-13 21:07 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4524701280499665543.dll 2017-11-19 19:29 - 2017-11-19 19:29 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4688029176823173488.dll 2017-11-19 19:59 - 2017-11-19 19:59 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4709186475147128148.dll 2017-11-13 21:14 - 2017-11-13 21:14 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4875606554627998226.dll 2017-11-19 19:56 - 2017-11-19 19:56 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4932998981811555426.dll 2017-11-20 07:41 - 2017-11-20 07:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-50399607490293459.dll 2017-11-19 19:59 - 2017-11-19 19:59 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5123425577962716081.dll 2017-11-19 18:43 - 2017-11-19 18:43 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5249782763613723897.dll 2017-11-19 19:11 - 2017-11-19 19:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5358125278879503070.dll 2017-11-19 18:53 - 2017-11-19 18:53 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5574364129756514307.dll 2017-11-20 07:11 - 2017-11-20 07:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5828237950329362504.dll 2017-11-19 19:56 - 2017-11-19 19:56 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6122521847273254708.dll 2017-11-19 18:41 - 2017-11-19 18:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6181910552863925402.dll 2017-11-19 20:04 - 2017-11-19 20:04 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6286899380746404139.dll 2017-11-19 18:54 - 2017-11-19 18:54 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6515514210684840360.dll 2017-11-19 18:53 - 2017-11-19 18:53 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6716366613263652999.dll 2017-11-19 18:41 - 2017-11-19 18:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6800111260289939343.dll 2017-11-19 20:18 - 2017-11-19 20:18 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6951282655468735342.dll 2017-11-19 20:06 - 2017-11-19 20:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7115100588086859338.dll 2017-11-19 19:11 - 2017-11-19 19:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7208374827041395840.dll 2017-11-19 18:55 - 2017-11-19 18:55 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7254346936848756846.dll 2017-11-13 21:04 - 2017-11-13 21:04 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7401461684807603174.dll 2017-11-19 20:04 - 2017-11-19 20:04 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7941934255482740537.dll 2018-02-25 09:23 - 2018-02-25 09:23 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8132190790898914066.dll 2017-11-19 18:38 - 2017-11-19 18:38 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8223865945422888254.dll 2017-11-17 14:30 - 2017-11-17 14:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8362638309452189810.dll 2017-11-19 19:06 - 2017-11-19 19:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8509283534852200759.dll 2017-11-19 19:06 - 2017-11-19 19:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8615231387327955072.dll 2018-02-25 13:39 - 2018-02-25 13:39 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8756203341855063304.dll 2017-11-13 21:03 - 2017-11-13 21:03 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8998844724991135980.dll 2017-11-20 07:41 - 2017-11-20 07:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-9217592599316072740.dll 2018-04-02 19:52 - 2018-04-02 19:52 - 000719872 _____ () C:\Users\PC-\AppData\Local\Temp\movari.exe 2017-08-16 23:34 - 2017-08-16 23:34 - 000516096 _____ (Microsoft Corporation) C:\Users\PC-\AppData\Local\Temp\msvcm80.dll 2017-08-16 23:34 - 2017-08-16 23:34 - 001061376 _____ (Microsoft Corporation) C:\Users\PC-\AppData\Local\Temp\msvcp80.dll 2017-08-16 23:34 - 2017-08-16 23:34 - 000796672 _____ (Microsoft Corporation) C:\Users\PC-\AppData\Local\Temp\msvcr80.dll 2018-04-03 09:05 - 2018-04-02 19:38 - 000013824 _____ () C:\Users\PC-\AppData\Local\Temp\uninstall.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-03-26 07:02 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018 Ran by PC-Home (03-04-2018 09:47:52) Running from C:\Users\PC-\Downloads Windows 10 Pro Version 1607 14393.1198 (X64) (2016-10-01 13:54:19) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Admin (S-1-5-21-1802162536-2727602968-3184661257-1009 - Limited - Enabled) => C:\Users\Admin Administrator (S-1-5-21-1802162536-2727602968-3184661257-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1802162536-2727602968-3184661257-503 - Limited - Disabled) Guest (S-1-5-21-1802162536-2727602968-3184661257-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1802162536-2727602968-3184661257-1005 - Limited - Enabled) PC-Home (S-1-5-21-1802162536-2727602968-3184661257-1001 - Administrator - Enabled) => C:\Users\PC- quirk (S-1-5-21-1802162536-2727602968-3184661257-1010 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Premiere Elements 15 (HKLM-x32\...\{FD45A9C9-02BE-4E62-8629-78DF29A10FF5}) (Version: 15.0 - Adobe Systems Incorporated) AIDA64 Extreme v5.50 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.50 - FinalWire Ltd.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.) Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.) ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation) Arduino (HKLM-x32\...\Arduino) (Version: 1.8.1 - Arduino LLC) AUSkey (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\AUSkey) (Version: 1.1.0 - Australian Taxation Office) Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.12.160304 - ) Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden Borderlands - The Pre-Sequel (HKLM-x32\...\Borderlands - The Pre-Sequel_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter) Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: 1.8.4 - 2K Games) Borderlands 2 GOTY version 1.8.2.0 (HKLM-x32\...\Borderlands 2 GOTY_is1) (Version: 1.8.2.0 - Mr DJ) Call of Duty 4 - Modern Warfare (HKLM-x32\...\Call of Duty 4 - Modern Warfare_is1) (Version: - ) Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version: v.1.18.1281374.0 - Decepticon) Call of Duty Ghosts (HKLM-x32\...\Q2FsbG9mRHV0eUdob3N0cw==_is1) (Version: 1 - ) Call Of Duty World At War version 1.7.1263.0 (HKLM-x32\...\Call Of Duty World At War_is1) (Version: 1.7.1263.0 - Mr DJ) Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision) Call of Duty: Black Ops III (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - ) Call of Duty: Infinite Warfare (HKLM\...\Y2FsbG9mZHV0eWluZmluaXRld2FyZmFyZQ_is1) (Version: 1 - ) Call of Duty®: Black Ops 2 (HKLM-x32\...\Call of Duty®: Black Ops 2_is1) (Version: 1.0.5 - R.G. Revenants) CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden Catalyst Control Center Next Localization BR (HKLM\...\{15979E65-792E-474B-BC5D-42257709D4D9}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{D6ACA0E4-2488-AE52-E73D-24DB98F9AD65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{B8C421E8-BDF9-F598-832C-659A513F79EB}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{DD3A9C85-51E9-854D-EB9B-F0AE8E5B2F7C}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{A00A5425-8899-055A-404C-8F96C2EC647F}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{CB71E054-00CF-182D-6C78-F9D85D10B7BA}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{30B97DD0-3646-AD22-2E77-3792B11BB5E6}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{8342F234-A97E-D691-3C01-F060CB7DA175}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{CD47D86C-737D-4818-F059-CF8A53F37B76}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{DB0E2806-DE62-D60E-9BD9-E3A89FB2A5A8}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{D4EF1657-8835-A5AE-DBA0-658EF2869048}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{ED71C4B4-4C00-F7C9-9151-60411373DC35}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{28FFCD28-01FF-9792-B1A9-B944D44FB37D}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{DAEF66AB-6EA7-B0A8-96FB-243A2F33B8B2}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{3DBC48E0-7DE6-295B-448E-5F53D1491AC3}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{CAF3DAD2-A7E8-5472-F8E3-D71E92B7FA65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{E7666716-625F-9E54-ECB3-39CC3C7FFB14}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{30A5B188-80AB-2CF5-22D8-8E20D66907D4}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{A38C8B57-D3E6-5748-F2D3-FDC383D1203A}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{1CD84FD4-26F3-08FC-32F5-17DA9E8A4ED7}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform) CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - ) CD-LabelPrint Packages (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\CD-LabelPrint Packages) (Version: - ) <==== ATTENTION Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.) CPUID CPU-Z 1.80 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CPUID HWMonitor 1.32 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.32 - ) CrystalDiskInfo 7.1.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.1.0 - Crystal Dew World) CutList Plus Express (HKLM-x32\...\{13B966CF-C74E-4AAE-A6EE-29F3C9C92B27}) (Version: 1.1.10 - Bridgewood Design) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DB Browser for SQLite (HKLM-x32\...\DB Browser for SQLite) (Version: 3.9.1 - DB Browser for SQLite Team) DiskCheckup v3.4 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.4.1003 - PassMark Software) DJI driver version 2.02 (HKLM-x32\...\{EDFDE5EE-84C7-4936-804C-6563943E5754}_is1) (Version: 2.02 - DJI) DJI Phantom 2 Vision Assistant version 3.8 (HKLM-x32\...\{EDCE7221-F31F-407A-B348-30D011ED3126}_is1) (Version: 3.8 - DJI) Dotfuscator and Analytics Community Edition 5.19.1 (HKLM-x32\...\{2A7F99F6-88A4-4B44-B350-41C0B147A39C}) (Version: 5.19.1.3091 - PreEmptive Solutions) Hidden DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen) e5 Secure Download Manager (HKLM-x32\...\{7C4C779B-C315-4730-A7D2-E2DD138CBAE6}) (Version: 3.2.259.0 - Kivuto Solutions Inc.) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS) Easy CD & DVD Creator 6 (HKLM-x32\...\{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}) (Version: 6.0.0.171 - Roxio Inc.,) Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden Epic Games Launcher (HKLM-x32\...\{CA3B6D8B-2437-4C7C-84A3-97AF21EDBE20}) (Version: 1.1.144.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden EPUB to MOBI (HKLM-x32\...\{C65AA5AE-8B80-46B6-ADFC-BBF1EFF2AD98}_is1) (Version: - epubtomobi.com) erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 6.18 - NCH Software) Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden GIGABYTE VGA @BIOS (HKLM-x32\...\{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}) (Version: 6.80 - GIGABYTE) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.) Google Photos Backup (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.) HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software) HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation) IKEA Home Planner (HKLM-x32\...\{B3276CB1-20B6-4AF9-AAEC-E72C83816495}) (Version: 2.0.3 - IKEA IT) Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.) Macrium Reflect Free Edition (HKLM\...\{6085136C-5E0B-4516-BA48-2B909062778A}) (Version: 6.3.1835 - Paramount Software (UK) Ltd.) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.) Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes) Micro-Measure (HKLM-x32\...\{75E1D518-6772-4073-A71C-354B71181391}) (Version: 1.0.0 - Brightwell) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Community 2015 with Update 2 (HKLM-x32\...\{04fa3a35-1f49-4510-8051-819cdc1e6e01}) (Version: 14.0.25123.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Minimal ADB and Fastboot version 1.3.1 (HKLM-x32\...\{26AC9666-A2C6-4D33-8370-A50F50F277C4}_is1) (Version: 1.3.1 - Sam Rodberg) Mission Planner (HKLM-x32\...\{BCB89166-2874-4BBA-9249-22E658D46B96}) (Version: 1.3.34 - Michael Oborne) Mobile Broadband Manager (HKLM-x32\...\{86077E92-2879-489B-9EB0-6957311B98A2}) (Version: 3.15.20905 - Telstra) Hidden Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla) Mozilla Firefox 58.0 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0 (x64 en-US)) (Version: 58.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0 - Mozilla) MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{13FE8B50-B340-4FDA-BB6E-AA1F5FAB8205}) (Version: 14.0.25123 - Microsoft Corporation) Hidden Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.5 - NETGEAR) NVIDIA PhysX (HKLM-x32\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation) OpenTX Companion 2.2 (HKLM-x32\...\OpenTX Companion 2.2) (Version: - OpenTX) Opera Stable 52.0.2871.40 (HKLM-x32\...\Opera 52.0.2871.40) (Version: 52.0.2871.40 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 9.9.1.62656 - Electronic Arts, Inc.) PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1037.0 - Passmark Software) Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation) Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Portal 2 (HKLM-x32\...\Postal 2_is1) (Version: - ) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd) PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden ProShow Gold (HKLM-x32\...\ProShow Gold) (Version: - Photodex Corporation) ProShow Gold version 8.0 (HKLM-x32\...\{DD0D5CC9-203C-4702-A196-74A9A8F2D2AD}_is1) (Version: 8.0 - Photodex) Race Driver 3 (HKLM-x32\...\{0297C87B-CC40-446F-865A-031B4FC0CF22}) (Version: 1.00.0000 - Codemasters) RAPID Mode (HKLM\...\{18DF567E-AA9B-434D-BE77-BFE2292712F6}) (Version: 1.0.1.96 - Samsung Electronics Co., Ltd.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 - Realtek Semiconductor Corp.) Roblox Player for PC-Home (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) Roblox Studio for PC-Home (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation) Robot Updater Setup (HKLM-x32\...\{FD765C6E-0FC8-4432-A3DA-579D2734BCF8}) (Version: 1.28.5000 - Spinmaster) Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (HKLM-x32\...\{96139D17-D4D8-3BE1-883A-F0201E15B84E}) (Version: 14.0.25130 - Microsoft Corporation) Hidden Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.9.7 - Samsung Electronics) Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.1902.0 - Seagate) SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.) Snake Pass (HKLM-x32\...\Snake Pass_is1) (Version: - ) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.4.28745 - Electronic Arts) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Team Explorer for Microsoft Visual Studio 2015 Update 2 (HKLM-x32\...\{7932CD6F-86D3-3EE4-8A02-B954404D1FFC}) (Version: 14.95.25118 - Microsoft) Hidden TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) Telstra Mobile Broadband Manager (HKLM-x32\...\Mobile Broadband Manager) (Version: 3.15.20905 - Telstra) TerraTech (HKLM-x32\...\1448625945_is1) (Version: 2.8.0.10 - GOG.com) Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com) TransMac version 11.2 (HKLM-x32\...\TransMac_is1) (Version: 11.2 - Acute Systems) Twitch (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.) TypeScript Power Tool (HKLM-x32\...\{60890089-588B-4362-B9C5-A9C11D6E5DD1}) (Version: 1.8.9.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{4AC64C61-A7EC-4E4E-8F28-F57EB3430334}) (Version: 1.8.31.0 - Microsoft Corporation) Hidden Unity (HKLM-x32\...\Unity) (Version: 5.3.5f1 - Unity Technologies ApS) Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS) Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes) Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) VS Update core components (HKLM-x32\...\{6A878817-D626-305A-BE8D-94C93F70E27A}) (Version: 14.0.25123 - Microsoft Corporation) Hidden vs_update2notification (HKLM-x32\...\{D4A78CC3-D7A0-345F-AB7D-9DA828558E4F}) (Version: 14.0.25130 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Driver Package - 3D Robotics (usbser) Ports (01/01/2015 2.0.0.9) (HKLM\...\75690F2C86F7BE1E9F51D6D0CC84D4D7C203E6B5) (Version: 01/01/2015 2.0.0.9 - 3D Robotics) Windows Driver Package - 3D Robotics (usbser) Ports (01/01/2015 2.0.0.9) (HKLM\...\E5BE0983C0C60432B42B39114C40C1931CE1AE00) (Version: 01/01/2015 2.0.0.9 - 3D Robotics) Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports (01/01/2015 2.0.0.9) (HKLM\...\86FE9521DE7ABE24A00FABF1A36DFEA326A2B95B) (Version: 01/01/2015 2.0.0.9 - Arduino LLC (www.arduino.cc)) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI) Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI) Windows Driver Package - libusbK USBasp (04/28/2014 3.0.7.0) (HKLM\...\10E53F572A88913B4A453B98665A2C793D4F5527) (Version: 04/28/2014 3.0.7.0 - libusbK) Windows Driver Package - Silicon Laboratories (silabenm) Ports (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) Wolfenstein The Old Blood (HKLM-x32\...\Wolfenstein The Old Blood_is1) (Version: - ) Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - ) ZTE LTE Device USB Driver (HKLM\...\{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}) (Version: - ZTE Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\ChromeHTML: -> <==== ATTENTION CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncApi64.dll => No File ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-05] (Igor Pavlov) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd) ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd) ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-15] (Elaborate Bytes AG) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal) ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd) ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-15] (Elaborate Bytes AG) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-05] (Igor Pavlov) ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-11-02] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-05] (Igor Pavlov) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal) ContextMenuHandlers1_S-1-5-21-1802162536-2727602968-3184661257-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers4_S-1-5-21-1802162536-2727602968-3184661257-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers5_S-1-5-21-1802162536-2727602968-3184661257-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03876411-2295-4097-9937-80AD4B349913} - System32\Tasks\{60F23C96-1CCF-4312-83F5-8A1C1FCD3AE7} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\ -c -auto Task: {03CC38D3-A11E-44AF-B22A-B6DA388D0D52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation) Task: {03FB0589-466F-4A4C-979F-CF1A32893383} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {064DCBB1-D3D1-4646-8DC7-1A25F20C452D} - System32\Tasks\{E7E0B43D-773F-41C6-B9F1-424FB1672ABC} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\ Task: {066EF6EC-A46D-4F6F-864E-D0C2BB513739} - System32\Tasks\{632FAEB9-90A2-413B-BBA5-0680A6B94A61} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\ Task: {0B99E979-37E7-490B-ADF4-74D493695D09} - System32\Tasks\tsleverrier_refundedleverrier_refunded => C:\Program Files (x86)\Buffo\Erika.exe [2018-04-02] () Task: {104D18DC-0380-4D1B-AA15-497A3DE17EDC} - System32\Tasks\tsincognitaincognita => C:\Program Files (x86)\Sandrock\Erika.exe [2018-04-02] () Task: {123AEDAD-DA29-4B70-AABB-D66953551857} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation) Task: {1489D83A-8A03-4C2C-B30C-99B3F6169DCC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {16CE6728-168C-4530-9966-85B5F75B5472} - System32\Tasks\incognita => C:\Program Files (x86)\Sandrock\Erika.exe [2018-04-02] () Task: {1899AA56-C1DE-4BA7-9897-6BACF21CAD8A} - System32\Tasks\{BA42BC49-61A4-4B7C-8D7A-36909E2CD696} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\ Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {43115EA7-B074-42EE-96EC-1E77F1695F6C} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2016-05-13] (Samsung Electronics.) Task: {44D47007-D187-4979-A5A8-7AC193EA9222} - System32\Tasks\{CFBC9378-0557-4F66-8C9E-0F6B926DE1BA} => C:\WINDOWS\system32\pcalua.exe -a "E:\downloads\USB microscope1\USB microscope1.5\Driver\setup.exe" -d "E:\downloads\USB microscope1\USB microscope1.5\Driver" Task: {45221D7A-8EF7-44D3-AE98-6C24EA43DD07} - System32\Tasks\PC-Home => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-04-05] (Seagate Technology LLC) Task: {4559514F-9C2F-4D2B-9C8E-7F49A157645D} - System32\Tasks\leverrier_refunded => C:\Program Files (x86)\Buffo\Erika.exe [2018-04-02] () Task: {46BE5CA5-1B4C-41FE-A48A-61F56BEB71FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1802162536-2727602968-3184661257-1001UA => C:\Users\PC-\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-11] (Google Inc.) Task: {48BE282B-6AFB-4E18-A640-184F909219BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {4ADEE42D-E335-4065-B135-CB469476645E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation) Task: {4B725489-ADBA-405A-8715-E6291ECB75A1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {4E5D00AE-65F8-41C9-9336-B26012F3B554} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {4E6BD295-B4EB-446B-890D-07C0033EA996} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {534255CB-7C62-4443-B9EB-76EDDD684686} - System32\Tasks\AdobeGCInvoker-1.0-PC-PC-Home => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated) Task: {58C01240-498D-4E41-8E09-043FBFCD2E47} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {5B598026-0B08-43B7-B800-6C49AA52D651} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.) Task: {6B4350AB-F483-4C65-AB55-CBF93276D738} - System32\Tasks\Opera scheduled Autoupdate 1481258520 => C:\Program Files (x86)\Opera\launcher.exe [2018-03-28] (Opera Software) Task: {6F9A3CFC-C5B5-4C89-B22E-130841AE946D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-04] (Piriform Ltd) Task: {726BE6BF-CDBE-4E22-A33B-25F0719EDC08} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {78BC313D-5ADD-4198-9280-3F74F11E2134} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {800090B0-9ABB-4B28-A610-AA4DA7DF9E46} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation) Task: {8443B11D-A8CC-40CA-8121-88B766F73928} - System32\Tasks\PC-Home Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-04-05] (Seagate Technology LLC) Task: {9A2F3A4C-0C54-46EB-9029-0BA502C02BE1} - System32\Tasks\AdobeAAMUpdater-1.0-PC-PC-Home => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {A167D538-F3FC-4F4A-B148-E5673ACA1ACD} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-11-02] (Advanced Micro Devices, Inc.) Task: {A71185F0-C844-406F-9618-4910108EBF96} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {B64D8650-B24A-4ECF-A35A-9EA51FC91D19} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-03-22] (Microsoft Corporation) Task: {B7FD0870-62F9-4504-86AA-4D50F6176F93} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1802162536-2727602968-3184661257-1001Core => C:\Users\PC-\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-11] (Google Inc.) Task: {B999CA04-D675-4CA7-AED7-AD862376457A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {CAAD45F9-0CBD-4494-A6E5-A2116946CF67} - System32\Tasks\{ABF7A772-ED4E-43B9-82C3-1BCF34F34EDB} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\ -c -auto Task: {CC026503-5BA5-49CC-AD85-8FC3AF907B7E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] () Task: {D7CF03C9-8FE1-4FA8-8610-1D5D5484A9EC} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-04-05] (Seagate Technology LLC) Task: {DE510B07-A25B-40A6-8307-2906E0B7FE5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.) Task: {EDCB60C2-C743-4761-8D49-ADE66D621A65} - System32\Tasks\philby aides tamari => C:\Users\PC-\AppData\Local\Erika.exe [2018-04-02] () Task: {F59B4BD9-AC87-474B-86ED-57A1931D0CA4} - \WPD\SqmUpload_S-1-5-21-1802162536-2727602968-3184661257-1001 -> No File <==== ATTENTION Task: {F706E402-E307-4296-87AE-03C105BDFCCB} - System32\Tasks\PC-Home DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2016-04-05] (Seagate Technology LLC) Task: {F7FE89D1-DF16-40BD-B238-0DBFB0EC9FC6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {FA2F2247-B1B6-439A-AE21-FA1D80252532} - System32\Tasks\tsphilby aides tamariphilby aides tamari => C:\Users\PC-\AppData\Local\Erika.exe [2018-04-02] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\PC-\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm Shortcut: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut (2).lnk -> C:\Survival___\start.bat () Shortcut: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut.lnk -> C:\Oliver's server\start.bat () ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 21:42 - 2016-07-16 21:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-05-11 02:33 - 2017-04-28 10:49 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-10-28 07:34 - 2017-10-28 07:34 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe 2017-10-28 07:34 - 2014-04-24 14:29 - 001360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe 2017-01-09 20:13 - 2016-07-24 14:13 - 000186760 _____ () C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe 2013-10-17 15:27 - 2013-10-17 15:27 - 000166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2015-12-06 00:23 - 2014-08-18 16:50 - 000316120 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe 2017-07-25 11:25 - 2017-07-25 11:25 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL 2017-07-25 11:25 - 2017-07-25 11:25 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2016-10-02 09:36 - 2016-10-02 09:36 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-15 06:32 - 2017-03-04 16:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-15 06:32 - 2017-03-04 16:12 - 009760768 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 06:32 - 2017-03-04 16:05 - 001401856 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-15 06:32 - 2017-03-04 16:05 - 000757248 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-05-11 02:33 - 2017-04-28 09:36 - 001033216 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-05-11 02:33 - 2017-04-28 09:36 - 002424320 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-05-11 02:33 - 2017-04-28 09:37 - 004853760 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2018-04-03 09:37 - 2018-04-03 09:37 - 001191200 _____ () C:\Users\PC-\AppData\Local\Temp\is-D9V37.tmp\mbam-setup.tmp 2016-06-07 22:02 - 2014-03-11 15:15 - 000069632 _____ () C:\Program Files (x86)\GLPCCamera\monitorpad.exe 2018-04-02 16:16 - 2018-04-02 16:16 - 000066837 _____ () C:\Program Files (x86)\brust\nonfunctioning.exe 2018-03-23 14:23 - 2018-03-20 16:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll 2018-03-23 14:23 - 2018-03-20 16:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll 2017-10-28 07:34 - 2015-05-08 14:26 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll 2015-12-06 00:23 - 2015-03-05 17:22 - 000380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll 2018-01-17 21:12 - 2016-05-13 00:35 - 000021600 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll 2018-04-02 19:38 - 2018-04-02 19:38 - 000043520 _____ () C:\Users\PC-\AppData\Local\wayout.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0] AlternateDataStreams: C:\Users\Public\AppData:CSM [474] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-04-02 19:44 - 2018-04-02 20:42 - 000000569 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 cpm.paneladmin.pro 127.0.0.1 publisher.hmdiadmingate.xyz 127.0.0.1 hmdicrewtracksystem.xyz 127.0.0.1 mydownloaddomain.com 127.0.0.1 linkmate.space 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 doctorlink.space 127.0.0.1 plugpackdownload.net 127.0.0.1 texttotalk.org 127.0.0.1 gambling577.xyz 127.0.0.1 htagdownload.space 127.0.0.1 mybcnmonetize.com 127.0.0.1 360devtraking.website 127.0.0.1 dscdn.pw 127.0.0.1 bcnmonetize.go2affise.com 127.0.0.1 beautifllink.xyz ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Raptr" HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive" HKLM\...\StartupApproved\Run32: => "BigPondWirelessBroadbandCM" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent" HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray" HKLM\...\StartupApproved\Run32: => "DBAgent" HKLM\...\StartupApproved\Run32: => "RoxAssistant" HKLM\...\StartupApproved\Run32: => "RoxioDragToDisc" HKLM\...\StartupApproved\Run32: => "RoxioAudioCentral" HKLM\...\StartupApproved\Run32: => "RoxioEngineUtility" HKLM\...\StartupApproved\Run32: => "LWS" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "EADM" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "Uploader" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "Google Photos Backup" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{2BF510E9-F50A-4512-9441-F89CEBB63267}E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe] => (Block) E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe FirewallRules: [TCP Query User{BE4D19C5-6BBE-42A2-9F5A-9B2FE772906E}E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe] => (Block) E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe FirewallRules: [UDP Query User{92E8F8D7-0DA3-43B2-BF9A-1C21F5F9A6EE}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [TCP Query User{73148BB7-E9DD-4E8D-A29A-90DB877C3F68}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [UDP Query User{A7C984B1-0D0B-4CC2-A72E-0A0BFED725E7}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [TCP Query User{90FEE90F-243B-4F96-AD1F-BAE29B214AE7}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [UDP Query User{BB6E3ADC-5E0D-4A3C-A489-492D22BA64C6}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [TCP Query User{3926B879-8904-4EC7-B3AF-3BBC533FC2F8}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [{1B090A48-6C97-474F-99C2-30D0A24131A6}] => (Allow) LPort=8888 FirewallRules: [UDP Query User{8FA93161-0D92-462F-B047-BC229705B491}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [TCP Query User{BC257035-5BF2-47D1-BBEF-BB4BCA38F56A}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [{EFBABF91-DED5-415B-B20C-9DCC3E20C4F4}] => (Allow) LPort=8888 FirewallRules: [UDP Query User{9C51F00D-4721-498C-A5AE-738C3E04001A}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe FirewallRules: [TCP Query User{9780C0B0-CD57-4C7B-BA65-40D1C1F2305A}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe FirewallRules: [UDP Query User{D99AF1D4-4777-4C58-ADBE-94529B2900DF}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe FirewallRules: [TCP Query User{C6E9F2F0-485A-4F53-B9FE-2806E3A9D888}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe FirewallRules: [{E3953CDB-8714-4CCA-8FF9-4856721611A8}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [UDP Query User{AC0DCBD5-0E14-4A7B-977A-35476D48963B}C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe FirewallRules: [TCP Query User{C32393A0-A223-4850-BFC6-94A591887545}C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe FirewallRules: [UDP Query User{C7A0EF56-0347-44A1-A21A-4921848FE44F}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe FirewallRules: [TCP Query User{6628366B-CBA0-46D6-9597-D30CDC40E70D}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe FirewallRules: [UDP Query User{8E94AFC5-348B-4405-B0A1-5985E1A1CAF1}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe FirewallRules: [TCP Query User{B24A2852-0819-471C-A961-1E74336F8DF6}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe FirewallRules: [UDP Query User{16C8B196-82F0-49D3-992D-6102250363ED}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe FirewallRules: [TCP Query User{0C1CD70E-6ED1-4B3E-A3FE-690E03AFB992}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe FirewallRules: [UDP Query User{66EEF8D3-EA29-4D90-B0E3-F8283584D0A0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{963D3C7C-560A-42E5-AFD1-860F932C2F13}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{7768489A-E32A-4566-8C7D-49BFEDBDE7DF}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe FirewallRules: [TCP Query User{0D6A77AD-0F2D-4571-99FF-9B3BD7094D87}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe FirewallRules: [{EB1150CE-A4CC-4C75-AFDD-0C986C1E4714}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe FirewallRules: [{16753DCB-EDD9-4270-96E7-271221941CCA}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe FirewallRules: [UDP Query User{BE1BEDF2-B4AD-4E45-A855-D33D47192A68}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe FirewallRules: [TCP Query User{BEE80F26-6232-4EE1-B92A-5217A0551BAF}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe FirewallRules: [{C69DA563-BEA5-4FCD-99A4-C175F25FD5A4}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe FirewallRules: [{5FCF9FA6-D88A-49C6-A0D1-8133EBBD1CB5}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe FirewallRules: [{158B90D7-8CE3-4969-BAA4-040076465F9D}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F0725DDB-0AC9-455D-AE0B-5D830527ADE3}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E1CEEC3D-0816-42C6-8B31-E3E0010E7138}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3ABB99E6-4188-4646-B066-7E2F6E338156}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0A916694-C4D0-4D7B-A358-E14C83CEDE4E}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7F8A3E06-AA8A-4DC6-BD99-F05EECA4E3B1}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{74D27CA9-DE1A-4F21-98DB-128BD423B6F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe FirewallRules: [{F67D41CD-1C93-4CA2-8047-9D849F3E8F4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe FirewallRules: [{13054606-B407-4EC6-8F4E-0194F2389552}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{2C2C7571-C281-45F7-A9BD-EB4A03EB44EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{DA75EF4D-20F9-4746-B382-A91749DEF5DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{DE611DA3-352B-4341-A8D8-16EF87D4056B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{28085ACE-FA2A-4EDA-ACEE-353B95FFFDBD}C:\program files (x86)\valve\portal 2\portal2.exe] => (Block) C:\program files (x86)\valve\portal 2\portal2.exe FirewallRules: [UDP Query User{2401BB92-8476-41C8-B1B3-03E8F07A6FE9}C:\program files (x86)\valve\portal 2\portal2.exe] => (Block) C:\program files (x86)\valve\portal 2\portal2.exe FirewallRules: [TCP Query User{5EF17B59-D6F6-4D5B-B658-465D7040C6D0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{791ADA7B-DB09-46D7-A933-848C2F59F482}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{9572CFC9-B835-4BC9-A8DE-7ECCE25FB8CD}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [UDP Query User{6C2CF78B-DA2B-49B4-8619-D80EF02494A2}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [{EBCC6B8F-5650-4AFD-B781-175C41101F96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0BE32DE6-7A07-4966-B0F6-2E23E1D627C9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{913AB778-9BEC-4838-BC9F-23323A2ABD53}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe FirewallRules: [UDP Query User{626F82E4-F4FA-4A80-B26E-FAFA4F65DCCD}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe FirewallRules: [TCP Query User{50D2FA59-4CE7-4F77-BD08-98CC92A56833}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe FirewallRules: [UDP Query User{59127E00-3157-4D28-ADD2-E26B4254A1CD}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe FirewallRules: [{24056517-7F6C-478C-A904-033FA4ADC62A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{3F589188-EA62-4FEB-A859-4226C3CBCEF6}] => (Allow) LPort=2869 FirewallRules: [{E6421478-EB5D-409D-8893-7CD08E0D8F16}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{B372935E-B9D6-41E9-A618-ED116A78CC2E}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe FirewallRules: [UDP Query User{30229F32-179E-4886-9AC0-2CC0503AAAE2}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe FirewallRules: [TCP Query User{E43B7B7D-1ABE-4AA3-B051-600CEBD0F6F6}E:\games\black ops 2\call of duty - black ops 2\t6sp.exe] => (Block) E:\games\black ops 2\call of duty - black ops 2\t6sp.exe FirewallRules: [UDP Query User{FA6DD97B-6751-4149-B773-0B217C39D7C9}E:\games\black ops 2\call of duty - black ops 2\t6sp.exe] => (Block) E:\games\black ops 2\call of duty - black ops 2\t6sp.exe FirewallRules: [{12186A48-1ED8-4D89-B0F4-66C58B4977B3}] => (Allow) E:\Games\Mr DJ\Call Of Duty World At War\CoDWaW.exe FirewallRules: [{F8E41F69-6B93-4C56-98DF-D7F98625C688}] => (Allow) E:\Games\Mr DJ\Call Of Duty World At War\CoDWaW.exe FirewallRules: [{EDFF46D6-B7ED-4E40-A366-BA98D6DDD637}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{B35404D2-2614-4FBD-B2AC-2407759D9FBD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [TCP Query User{22375CBA-9741-4058-BC81-8402CFEB66A1}E:\gmaes\call of duty black ops iii\blackops3.exe] => (Block) E:\gmaes\call of duty black ops iii\blackops3.exe FirewallRules: [UDP Query User{298F193F-3171-4387-A958-C2F5184074AF}E:\gmaes\call of duty black ops iii\blackops3.exe] => (Block) E:\gmaes\call of duty black ops iii\blackops3.exe FirewallRules: [TCP Query User{E62A9E05-28E3-4FA8-9F95-DE00232B4340}E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Block) E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe FirewallRules: [UDP Query User{2D2CE519-D42F-44BE-A977-BFEA314388E3}E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Block) E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe FirewallRules: [TCP Query User{907E41D9-4498-4CC7-95D5-BC63C7E31689}E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe FirewallRules: [UDP Query User{E6ACF7B6-673C-4E4C-A65F-5A7BEB83FC2C}E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe FirewallRules: [{CCA86254-4F46-4E72-A5F4-810E55B737C7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{CC9D8807-0478-4D2B-BBE1-986033BC8F46}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{EED8767A-B98E-46B3-9591-4CC9A32AC7E7}E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe FirewallRules: [UDP Query User{DCC59A7F-3F4A-4B71-9563-52F37311920B}E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe FirewallRules: [{5347E0A4-3595-4CE3-A239-9077F0A39688}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe FirewallRules: [{95D21B68-AFF5-4D78-910C-99988691F7F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe FirewallRules: [{B949D608-DF3E-4C89-BCFA-DDDB3F09F034}] => (Allow) LPort=25565 FirewallRules: [{3ADFCE03-1614-45BE-9744-9A14B5F93B7C}] => (Allow) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin FirewallRules: [{B7E071BE-4274-4265-8E7F-C00724959973}] => (Allow) E:\Games\Call Of Duty World At War\CoDWaW.exe FirewallRules: [{A5B6B503-7D4D-418F-AAE2-3E78ABACBC95}] => (Allow) E:\Games\Call Of Duty World At War\CoDWaW.exe FirewallRules: [TCP Query User{04565DF2-19DF-4469-9276-6A8C58232253}E:\games\wolfenstein\wolfneworder_x64.exe] => (Block) E:\games\wolfenstein\wolfneworder_x64.exe FirewallRules: [UDP Query User{AE810389-AFC3-4D8A-BF3F-A02A4030FBB4}E:\games\wolfenstein\wolfneworder_x64.exe] => (Block) E:\games\wolfenstein\wolfneworder_x64.exe FirewallRules: [TCP Query User{7DA916B9-3B76-4B0A-BB67-1156ADCC3FEE}E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe] => (Block) E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe FirewallRules: [UDP Query User{ECAE7D1D-D9A2-4D20-933C-1A5657F421BF}E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe] => (Block) E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe FirewallRules: [{B42BCE0F-9CBA-4C35-B35D-DB9D49B994B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe FirewallRules: [{15FB3418-ACEF-42D0-BF14-B897D755A696}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe FirewallRules: [{0F60530E-2FEB-48B7-9653-F8EE5BC653AF}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_sp64_ship.exe FirewallRules: [{07B654AC-506B-431F-9BBF-C0111079F80E}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_sp64_ship.exe FirewallRules: [{12C44D2A-0B48-4A67-8707-C02A8603F05F}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Half-Life\hl.exe FirewallRules: [{A4687783-AB9B-4D52-8827-F22206334F36}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Half-Life\hl.exe FirewallRules: [TCP Query User{B4987BEF-FFB6-40CF-88F4-C03608BA861A}E:\games\borderlands 2\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\binaries\win32\borderlands2.exe FirewallRules: [UDP Query User{D2CDBD97-B714-4DB2-8077-7CBFFF81F6F8}E:\games\borderlands 2\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\binaries\win32\borderlands2.exe FirewallRules: [{7B532AC5-6F61-43F7-A0F9-AA97E7140EE6}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Bloons TD Battles\Battles-Win.exe FirewallRules: [{87DA53C2-7FE4-48B0-9D32-1E5BA499324D}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Bloons TD Battles\Battles-Win.exe FirewallRules: [{1A5F5951-ED70-4F77-8F7A-8AE26BC88513}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_mp64_ship.exe FirewallRules: [{B091925F-37AA-4793-8BEF-A15CBAA5B799}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_mp64_ship.exe FirewallRules: [{8F6DF36C-72F9-4003-B422-89EC52E6665F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Trail\TheTrail.exe FirewallRules: [{D54DF1D7-8C89-4348-B654-272A7E3D8F9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Trail\TheTrail.exe FirewallRules: [{5DFBC611-EEF0-49AB-BDD0-0AB94BA42E34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amazing Frog\AmazingFrog.exe FirewallRules: [{EAAEA303-F633-4E6A-B4DA-F4340497E684}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amazing Frog\AmazingFrog.exe FirewallRules: [{2537C76A-F04E-45DB-9A3D-2893C736CCC2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{3766FC18-4255-4587-91DF-D427C8D5190A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{2442A4FB-B935-4416-9793-6427646C26D2}C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe FirewallRules: [UDP Query User{3AFC5F9E-D692-4E34-96AD-A47E1B0940DC}C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe FirewallRules: [TCP Query User{5FD7E2B7-2A36-42E7-AC7D-923490804E8A}E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [UDP Query User{C846738C-4F0D-4E74-A064-866757180C84}E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{22D39611-A145-4325-9C6E-14C96CBA5544}E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{6B34B628-0D5C-4AB4-B51D-FCA4DCB6BD0B}E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{E09511A2-6749-44D6-888B-AE165248ECE7}E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [UDP Query User{2F639284-5538-409E-96B2-706E4D3D92FF}E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [{051E3205-3235-4327-956A-CA4723D9E695}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.55\opera.exe FirewallRules: [{C4420CE7-0984-44D4-B493-97749F1B33BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AnimalSuperSquad\GWGame\Binaries\Win64\ASS-Win64.exe FirewallRules: [{AEC985CD-0E64-4899-8345-913636BB32B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AnimalSuperSquad\GWGame\Binaries\Win64\ASS-Win64.exe FirewallRules: [{513E2D7F-E904-4DA8-B887-1F5D7E815409}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{264F0709-34F8-4571-8FF8-8D128D430E39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe FirewallRules: [{560F51A1-9613-4256-9B2B-4979E2AD1684}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe FirewallRules: [{B84B43E3-B66E-4404-BD8B-619032B121F9}] => (Allow) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe FirewallRules: [{154230D0-233E-4082-AB14-75627B298F36}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Human Fall Flat\Human.exe FirewallRules: [{637A06B8-EF0C-4787-ABBF-347F13FBF88F}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Human Fall Flat\Human.exe FirewallRules: [{43A4F369-4548-4589-BE9A-278D2AAA9412}] => (Allow) E:\Games\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe FirewallRules: [{39AF439D-B39C-433D-9294-7E21B6D68C3C}] => (Allow) E:\Games\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe FirewallRules: [{3B33B057-29A9-49BD-86EE-15C530A2430C}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [{38DBF9CB-CA71-43BD-AD52-400EF4C85F5D}] => (Allow) C:\Program Files (x86)\Sandrock\Erika.exe FirewallRules: [{76281E4E-6A2C-4D56-9C49-752A425CEA61}] => (Allow) C:\Program Files (x86)\Buffo\Erika.exe FirewallRules: [{42A06B9F-26D5-4E27-830E-D56929AA2588}] => (Allow) C:\Program Files (x86)\chatelaine\tiberias.exe FirewallRules: [{F0ABC415-82DC-4745-8B94-262001E1A18E}] => (Allow) C:\Program Files (x86)\Buffo\tiberias.exe FirewallRules: [{F5E2CE77-898C-4BC0-91D3-2778ADB28A4C}] => (Allow) C:\WINDOWS\System32\rundll32.exe FirewallRules: [{31A5A55A-DA4A-4A26-9A7E-C36A2ECC76F8}] => (Allow) C:\WINDOWS\System32\rundll32.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/03/2018 09:38:55 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Erika.exe version 9.4.6.164 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 14fc Start Time: 01d3cadb94b875ca Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Buffo\Erika.exe Report Id: 0011bd70-36cf-11e8-8402-20cf303b5e2a Faulting package full name: Faulting package-relative application ID: Error: (04/03/2018 07:43:48 AM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected Error: (04/03/2018 07:03:07 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\Adobe\Adobe Premiere Elements 15\MPEGHDVExport.exe". Dependent Assembly Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/03/2018 07:01:37 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest. Error: (04/03/2018 06:50:26 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (04/03/2018 06:49:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5 Faulting module name: KERNELBASE.dll, version: 10.0.14393.1198, time stamp: 0x5902845a Exception code: 0xe0434352 Fault offset: 0x000da9f2 Faulting process ID: 0x4c58 Faulting application start time: 0x01d3cac3fa80822f Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report ID: 85acae79-69ab-46bb-8f6c-c09ce8196ab9 Faulting package full name: Faulting package-relative application ID: Error: (04/03/2018 06:48:59 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: esu.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext() at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef) at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean) at Garmin.Omt.Service.Shared.Overrides..cctor() Exception Info: System.TypeInitializationException at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl() at Garmin.Omt.Express.SelfUpdater.Program.RealMain() at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[]) Error: (04/03/2018 06:37:41 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) System errors: ============= Error: (04/03/2018 09:48:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/03/2018 09:46:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/03/2018 09:38:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/03/2018 09:37:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/03/2018 09:37:30 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HomeGroupListener service terminated with the following service-specific error: %%2147944153 = There are no more endpoints available from the endpoint mapper. Error: (04/03/2018 09:37:25 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\pwd_2k.SYS Error: (04/03/2018 09:37:24 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\pwd_2k.SYS Error: (04/03/2018 09:37:24 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\cdudf_xp.SYS Windows Defender: =================================== Date: 2018-04-03 08:26:25.576 Description: Windows Defender scan has been stopped before completion. Scan ID: {642280AA-91E0-4E09-84F1-3AF59003902D} Scan Type: Antimalware Scan Parameters: Full Scan Date: 2018-04-02 19:48:52.972 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner.CY&threatid=2147726391&enterprise=0 Name: Trojan:Win32/CoinMiner.CY ID: 2147726391 Severity: Severe Category: Trojan Path: clsid:_HKLM\SOFTWARE\CLASSES\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};file:_C:\WINDOWS\System32\mcicda64.dll;regkey:_HKLM\SOFTWARE\CLASSES\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shellexechook:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shellextapproved:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shelliconoverlayid:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\{BFD98515-CD74-48A4-98E2-13D209E3EE4F} Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\WINDOWS\explorer.exe Signature Version: AV: 1.263.1903.0, AS: 1.263.1903.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-04-02 19:48:14.587 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner.CY&threatid=2147726391&enterprise=0 Name: Trojan:Win32/CoinMiner.CY ID: 2147726391 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\System32\mcicda64.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\WINDOWS\explorer.exe Signature Version: AV: 1.263.1903.0, AS: 1.263.1903.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-04-02 19:47:35.146 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Xadupi&threatid=2147709752&enterprise=0 Name: Trojan:Win32/Xadupi ID: 2147709752 Severity: Severe Category: Trojan Path: file:_C:\Users\PC-\AppData\Local\Temp\PandaViewer\thumbnail.ico Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\PC-\AppData\Local\Temp\1522662408U2Ftmp.exe Signature Version: AV: 1.263.1903.0, AS: 1.263.1903.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-04-02 11:43:59.392 Description: Windows Defender scan has been stopped before completion. Scan ID: {008FDDA2-EC92-4291-AE49-337883242207} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-04-03 09:12:07.515 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: 1.263.1966.0 Previous Signature Version: 1.263.1962.0 Update Source: User Signature Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.14600.4 Previous Engine Version: 1.1.14600.4 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. Date: 2018-04-03 09:12:07.515 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: 1.263.1966.0 Previous Signature Version: 1.263.1962.0 Update Source: User Signature Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.14600.4 Previous Engine Version: 1.1.14600.4 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. Date: 2018-04-03 07:53:42.501 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.263.1903.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14600.4 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. Date: 2018-04-03 07:53:42.500 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.263.1903.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14600.4 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. Date: 2018-04-03 07:53:34.297 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Signature Type: Update Type: Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. CodeIntegrity: =================================== Date: 2018-03-06 08:43:47.353 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-03-06 08:43:47.352 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-21 16:35:56.596 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-21 16:35:56.590 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-02-25 01:10:58.705 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-23 02:38:33.870 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-22 07:25:44.569 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 11:11:24.110 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz Percentage of memory in use: 55% Total physical RAM: 8183.11 MB Available physical RAM: 3665.09 MB Total Virtual: 16887.11 MB Available Virtual: 12342.27 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:223.03 GB) (Free:19.22 GB) NTFS Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:39.81 GB) NTFS Drive g: (Raid Storage) (Fixed) (Total:1862.77 GB) (Free:1861.85 GB) NTFS \\?\Volume{5975580d-3915-11e5-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS \\?\Volume{004090af-0000-0000-0000-50c837000000}\ () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 004090AF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DCC5820C) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 3 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229306 Share Posted April 3, 2018 My issue continues - Opening the task manager reveals multiple copies of a program called "Erika" opening (50+). I just ran adwcleaner then restarted after it had 'cleaned' issues it found but the Erika issue continues (currently have 15 versions of it running) and cannot still start malwarebytes # AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 03 00:30:29 2018 # Updated on 2018/08/02 by Malwarebytes # Running on Windows 10 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Program Files (x86)\AnonymizerGadget Deleted: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget Deleted: C:\Users\PC-\AppData\Local\AdvinstAnalytics Deleted: C:\Users\PC-\AppData\Roaming\FastDataX Deleted: C:\Program Files (x86)\ProxyGate Deleted: C:\Windows\Temp\Smartbar ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SOFTWARE\Microleaves Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Deleted: [Key] - HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} Deleted: [Key] - HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\ Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\ Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\ ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C1].txt - [3737 B] - [2016/4/5 9:40:34] C:/AdwCleaner/AdwCleaner[S1].txt - [3208 B] - [2016/4/5 9:39:46] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ########## Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229307 Share Posted April 3, 2018 Reran adwcleaner after another round of Erika opened # AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 03 00:38:17 2018 # Updated on 2018/08/02 by Malwarebytes # Running on Windows 10 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C1].txt - [3010 B] - [2016/4/5 9:40:34] C:/AdwCleaner/AdwCleaner[S1].txt - [1242 B] - [2016/4/5 9:39:46] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ########## Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229308 Share Posted April 3, 2018 rebooted then ran first64 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018 Ran by PC-Home (administrator) on PC (03-04-2018 10:41:09) Running from C:\Users\PC-\Downloads Loaded Profiles: PC-Home (Available Profiles: PC-Home & Admin) Platform: Windows 10 Pro Version 1607 14393.1198 (X64) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe (AMD) C:\WINDOWS\System32\atieclxx.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe (DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Samsung Electronics Co., Ltd.) C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe () C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe () C:\Program Files (x86)\Sandrock\Erika.exe () C:\Program Files (x86)\Buffo\Erika.exe () C:\Users\PC-\AppData\Local\Erika.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe () C:\Program Files (x86)\Sandrock\Erika.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe () C:\Program Files (x86)\GLPCCamera\monitorpad.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe () C:\Program Files (x86)\Sandrock\Erika.exe () C:\Program Files (x86)\Buffo\Erika.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe () C:\Program Files (x86)\Sandrock\Erika.exe () C:\Program Files (x86)\Buffo\Erika.exe () C:\Program Files (x86)\Sandrock\Erika.exe () C:\Program Files (x86)\Buffo\Erika.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files (x86)\brust\nonfunctioning.exe () C:\Program Files (x86)\Sandrock\Erika.exe () C:\Program Files (x86)\Sandrock\Erika.exe () C:\Program Files (x86)\Sandrock\Erika.exe (Microsoft Corporation) C:\WINDOWS\System32\PrintIsolationHost.exe (Microsoft Corporation) C:\WINDOWS\System32\cmd.exe () C:\Program Files (x86)\Buffo\Erika.exe (Oracle Corporation) C:\Program Files\Java\jre1.8.0_60\bin\java.exe (Microsoft Corporation) C:\WINDOWS\System32\cmd.exe (Oracle Corporation) C:\Program Files\Java\jre1.8.0_60\bin\java.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe () C:\Program Files (x86)\Sandrock\Erika.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [GLSystray] => C:\Program Files (x86)\GLPCCamera\monitorpad.exe [69632 2014-03-11] () HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822528 2016-05-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1429248 2016-05-25] (Realtek Semiconductor) HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281696 2015-09-04] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated) HKLM\...\Run: [assuaging] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] () HKLM\...\Run: [assuagingassuaging] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] () HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd) HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [6215288 2012-10-15] (Telstra) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd) HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] () HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-04-05] (Seagate Technology LLC) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.) HKLM-x32\...\Run: [RoxioEngineUtility] => C:\Program Files (x86)\Common Files\Roxio Shared\System\EngUtil.exe [69632 2003-01-13] (Roxio) HKLM-x32\...\Run: [RoxAssistant] => C:\Program Files (x86)\Common Files\Roxio Shared\Upgrade\RoxAssist.exe [86016 2003-01-13] (Roxio) HKLM-x32\...\Run: [RoxioDragToDisc] => C:\Program Files (x86)\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [757760 2003-01-13] (Roxio) HKLM-x32\...\Run: [RoxioAudioCentral] => C:\Program Files (x86)\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [253952 2003-01-09] (Roxio, Inc.) HKLM-x32\...\Run: [wolfram] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] () HKLM-x32\...\Run: [wolframwolfram] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] () HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3198752 2018-03-27] (Valve Corporation) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2015-12-17] (Electronic Arts) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-04-05] (Seagate Technology LLC) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Google Update] => C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [Google Photos Backup] => C:\Users\PC-\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-09] (Google, Inc) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [wayout] => rundll32.exe "C:\Users\PC-\AppData\Local\wayout.dll",wayout <==== ATTENTION HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [terriers] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] () HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [terriersterriers] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] () HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [shook] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] () HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [shookshook] => C:\Program Files (x86)\Buffo\Erika.exe [137216 2018-04-02] () HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [nonfunctioning] => C:\Program Files (x86)\brust\nonfunctioning.exe [66837 2018-04-02] () HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Run: [dozing] => C:\Program Files (x86)\Sandrock\Erika.exe [137216 2018-04-02] () HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {2720b8a3-465d-11e5-825b-000272d49f2d} - "F:\setup.exe" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {53e89e93-20a7-11e7-8381-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {7655fdf0-c973-11e6-8350-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {7c566bfb-f0f3-11e6-836f-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {a15bfc82-f1ae-11e6-8370-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\MountPoints2: {e93fdcaf-f9cd-11e7-83d0-20cf303b5e2a} - "G:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries) Startup: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newey.lnk [2018-04-02] ShortcutTarget: newey.lnk -> C:\Program Files (x86)\Sandrock\Erika.exe () Startup: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut (2).lnk [2018-01-26] ShortcutTarget: start - Shortcut (2).lnk -> C:\Survival___\start.bat () Startup: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut.lnk [2017-07-20] ShortcutTarget: start - Shortcut.lnk -> C:\Oliver's server\start.bat () GroupPolicy: Restriction - Chrome <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: Hosts file not detected in the default directory Tcpip\..\Interfaces\{15b74de2-1a43-460f-9390-40d9aea884fb}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{77e0edf0-5c1a-4b02-ac72-e987d2c266d5}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f9997c51-f1a9-4314-85f1-12b97f23564b}: [NameServer] 8.8.8.8,8.8.4.4 Internet Explorer: ================== HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-14] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-14] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-14] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-14] (Oracle Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File FireFox: ======== FF DefaultProfile: 4k8kw0sm.default FF ProfilePath: C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default [2018-04-02] FF user.js: detected! => C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default\user.js [2017-06-30] FF Homepage: Mozilla\Firefox\Profiles\4k8kw0sm.default -> hxxps://www.malwarebytes.org/restorebrowser/ FF Extension: (AUSkey) - C:\Users\PC-\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@au.gov.abr.auskeyfirefox.xpi [2017-04-11] FF Extension: (System Table) - C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default\Extensions\143734@modext.tech.xpi [2018-03-01] FF Extension: (System Table) - C:\Users\PC-\AppData\Roaming\Mozilla\Firefox\Profiles\4k8kw0sm.default\Extensions\622127@modext.tech.xpi [2018-02-27] FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-14] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-14] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2017-01-09] ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Plugin HKU\S-1-5-21-1802162536-2727602968-3184661257-1001: @tools.google.com/Google Update;version=3 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin HKU\S-1-5-21-1802162536-2727602968-3184661257-1001: @tools.google.com/Google Update;version=9 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) Chrome: ======= CHR DefaultProfile: Profile 1 CHR HomePage: Profile 1 -> hxxp://www.google.com.au/ CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/" CHR Profile: C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-04-03] CHR Extension: (Slides) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Docs) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-07] CHR Extension: (YouTube) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-07] CHR Extension: (Adblock for Youtube™) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-15] CHR Extension: (Word Search) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2017-05-07] CHR Extension: (Cleanflight - Configurator) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\enacoimjcgeinfnnnpajinjgmkahmfgb [2017-07-31] CHR Extension: (Sheets) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Kingdom Rush Frontiers) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fmfibdjbnmndigbklnlllakjbjheiopj [2017-05-07] CHR Extension: (Google Docs Offline) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-07] CHR Extension: (Adblocker for Youtube™) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjjkhfonangkojdpjcdhldbcicegaohc [2018-04-02] CHR Extension: (Prodigy Math Game) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hndgjbjghbnahgfhcmhkkoibbgdemlia [2017-05-07] CHR Extension: (Free Guitar Tuner) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iojcckkgkckfailcedaooonjlndpnoib [2017-05-07] CHR Extension: (AUSkey for Chrome) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmegndhbalhkegdidohofafobbcabine [2017-09-13] CHR Extension: (Betaflight - Configurator) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdaghagfopacdngbohiknlhcocjccjao [2017-12-13] CHR Extension: (DuckDuckGo Home Page) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ljkalbbbffedallekgkdheknngopfhif [2017-05-07] CHR Extension: (Baseflight - Configurator) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mppkgnedeapfejgfimkdoninnofofigk [2017-05-07] CHR Extension: (Chrome Web Store Payments) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: ( The scale of the universe) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ooidlchfdlimcgilcmpckfjleogaobka [2017-05-07] CHR Extension: (Gmail) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-07] CHR Extension: (Chrome Media Router) - C:\Users\PC-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25] CHR HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jmegndhbalhkegdidohofafobbcabine] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (__MSG_appName__) - C:\Users\PC-\AppData\Roaming\Opera Software\Opera Stable\Extensions\epeomjakeffkfofnidikcpbacmfliolc [2018-04-02] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated) R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe [472456 2017-11-03] (AMD) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2017-10-28] () R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed] R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [218768 2016-05-25] (DTS) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-10] (EasyAntiCheat Ltd) S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries) R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-26] (Paramount Software UK Ltd) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [28256 2015-09-04] (Samsung Electronics Co., Ltd.) R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2016-07-24] () R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-04-05] (Seagate Technology LLC) R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-04-05] (Seagate Technology LLC) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-16] (Microsoft Corporation) R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [326544 2012-06-04] (Sierra Wireless, Inc.) S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-06] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-06] (Microsoft Corporation) R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [316120 2014-08-18] () ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.) R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmdag.sys [40034184 2017-11-03] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmpag.sys [536456 2017-11-03] (Advanced Micro Devices, Inc.) U5 androidusb; C:\Windows\System32\Drivers\androidusb.sys [33736 2009-11-02] (HTC, Corporation) [File not signed] R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-05-08] () R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [118960 2017-10-13] (Advanced Micro Devices) S1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [10864 2012-04-24] (Corel Corporation) S1 Cdr4_xp; C:\Windows\SysWow64\Drivers\Cdr4_xp.sys [64208 2003-01-13] (Roxio) [File not signed] S1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [11376 2012-04-24] (Corel Corporation) S1 Cdralw2k; C:\Windows\SysWow64\Drivers\Cdralw2k.sys [24839 2003-01-13] (Roxio) [File not signed] S1 cdudf_xp; C:\Windows\SysWow64\Drivers\cdudf_xp.sys [249344 2003-01-13] (Roxio) [File not signed] S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com) S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] () S3 dvd_2K; C:\Windows\SysWow64\Drivers\dvd_2K.sys [21654 2003-01-13] (Roxio) [File not signed] S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] () [File not signed] S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14944 2014-11-18] () [File not signed] R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] () S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] () [File not signed] S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] () [File not signed] S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed] S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [42944 2017-05-29] (hxxp://libusb-win32.sourceforge.net) S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47928 2017-01-27] (hxxp://libusb-win32.sourceforge.net) S3 massfilter_lte; C:\WINDOWS\system32\drivers\massfilter_lte.sys [18456 2012-01-04] (HandSet Incorporated) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-04-03] (Malwarebytes) S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-04-03] (Malwarebytes) S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-04-03] (Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-03] (Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-04-03] (Malwarebytes) S3 mmc_2K; C:\Windows\SysWow64\Drivers\mmc_2K.sys [22758 2003-01-13] (Roxio) [File not signed] R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] () S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 NPF; C:\WINDOWS\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) S1 pwd_2k; C:\Windows\SysWow64\Drivers\pwd_2k.sys [118422 2003-01-13] (Roxio) [File not signed] R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation) R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [271968 2015-09-04] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [110688 2015-09-04] (Samsung Electronics Co., Ltd.) R0 SCMNdisP; C:\WINDOWS\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) S3 swg3kser00; C:\WINDOWS\system32\DRIVERS\swg3kser00.sys [259328 2012-09-05] (Sierra Wireless Incorporated) S3 swiwdmbx; C:\WINDOWS\System32\drivers\swiwdmbx64.sys [108800 2012-09-05] (Sierra Wireless Inc.) S3 SWNC8UA3; C:\WINDOWS\System32\drivers\swnc8ua3.sys [300544 2012-09-05] (Sierra Wireless Inc.) S1 UdfReadr_xp; C:\Windows\SysWow64\Drivers\UdfReadr_xp.sys [206464 2003-01-13] (Roxio) [File not signed] U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [40448 2017-04-28] (Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-06] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-06] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-06] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-03 20:14 - 2018-04-03 10:38 - 114294784 _____ C:\WINDOWS\system32\config\SOFTWARE 2018-04-03 20:09 - 2018-04-03 20:14 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware 2018-04-03 10:26 - 2018-04-03 10:26 - 008222496 _____ (Malwarebytes) C:\Users\PC-\Downloads\adwcleaner_7.0.8.0.exe 2018-04-03 10:24 - 2018-04-03 10:24 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC 2018-04-03 10:22 - 2018-04-03 10:22 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\PC-\Downloads\rkill.exe 2018-04-03 10:22 - 2018-04-03 10:22 - 000002252 _____ C:\Users\PC-\Desktop\Rkill.txt 2018-04-03 10:20 - 2018-04-03 10:20 - 006705178 _____ C:\Users\PC-\Downloads\mbam-chameleon-3.1.33.0 (2).zip 2018-04-03 10:20 - 2018-04-03 10:20 - 000000000 ____D C:\cham 2018-04-03 10:19 - 2018-04-03 10:23 - 000002101 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-04-03 10:19 - 2018-04-03 10:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-04-03 09:57 - 2018-04-03 09:57 - 000000000 _____ C:\Users\PC-\Documents\hostsABC.txt 2018-04-03 09:47 - 2018-04-03 09:48 - 000098643 _____ C:\Users\PC-\Downloads\Addition.txt 2018-04-03 09:46 - 2018-04-03 10:41 - 000028698 _____ C:\Users\PC-\Downloads\FRST.txt 2018-04-03 09:46 - 2018-04-03 10:41 - 000000000 ____D C:\FRST 2018-04-03 09:45 - 2018-04-03 09:46 - 002403328 _____ (Farbar) C:\Users\PC-\Downloads\FRST64.exe 2018-04-03 09:40 - 2018-04-03 09:43 - 000388608 _____ (Trend Micro Inc.) C:\Users\PC-\Downloads\HijackThis.exe 2018-04-03 09:29 - 2018-04-03 09:29 - 006705178 _____ C:\Users\PC-\Downloads\mbam-chameleon-3.1.33.0 (1).zip 2018-04-03 09:29 - 2018-04-03 09:29 - 000000000 ____D C:\Users\PC-\Downloads\New Folder 2018-04-03 09:29 - 2018-04-03 09:29 - 000000000 ____D C:\Users\PC-\Downloads\cham 2018-04-03 09:20 - 2018-04-03 09:20 - 000000000 ____D C:\ProgramData\MB3Migration 2018-04-03 09:20 - 2018-04-03 09:20 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2018-04-03 09:18 - 2018-04-03 09:18 - 000000000 ____D C:\ProgramData\MB2Migration 2018-04-03 09:10 - 2018-04-03 09:10 - 000000000 ____D C:\Users\PC-\Downloads\mbam-chameleon-3.1.33.0 2018-04-03 09:09 - 2018-04-03 09:09 - 006705178 _____ C:\Users\PC-\Downloads\mbam-chameleon-3.1.33.0.zip 2018-04-03 01:19 - 2018-04-03 10:24 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-04-03 01:19 - 2018-04-03 10:23 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-04-03 01:19 - 2018-04-03 10:23 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-04-02 20:45 - 2018-04-02 20:45 - 000000258 __RSH C:\Users\PC-\ntuser.pol 2018-04-02 20:24 - 2018-04-03 10:23 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-04-02 20:24 - 2018-04-03 10:23 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2018-04-02 20:24 - 2018-04-03 09:11 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-04-02 20:24 - 2018-04-02 20:24 - 000000000 ____D C:\Program Files\Malwarebytes 2018-04-02 20:24 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2018-04-02 20:23 - 2018-04-02 20:24 - 072135408 _____ (Malwarebytes ) C:\Users\PC-\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4576.exe 2018-04-02 20:11 - 2018-04-02 20:44 - 000000000 ____D C:\Users\PC-\AppData\Roaming\ttdyyfziyzp 2018-04-02 20:11 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\kn4epig0bfd 2018-04-02 20:11 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\bfmni1kmwjx 2018-04-02 20:03 - 2018-04-02 20:06 - 006968952 _____ (ESET spol. s r.o.) C:\Users\PC-\Downloads\esetonlinescanner_enu.exe 2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\wxpz0gsme1e 2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\u1mv3fkt2f0 2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\njrwhwv0gz5 2018-04-02 19:52 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\efynkkjtu3n 2018-04-02 19:51 - 2018-04-02 20:45 - 000000000 ____D C:\ProgramData\385fb600e5 2018-04-02 19:49 - 2018-04-02 20:42 - 000000000 ____D C:\ProgramData\c93bffa3-1769-4f43-90d0-692655e2815d 2018-04-02 19:48 - 2018-04-02 20:42 - 000000000 ____D C:\ProgramData\10b45edb-3473-4b10-b57e-0ad402f4c858 2018-04-02 19:48 - 2018-04-02 19:55 - 000003634 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask 2018-04-02 19:48 - 2018-04-02 19:48 - 000000000 ____D C:\Program Files\My Program 2018-04-02 19:47 - 2018-04-02 19:54 - 000929792 _____ C:\Users\PC-\AppData\Local\sham.db 2018-04-02 19:47 - 2018-04-02 19:47 - 000140800 _____ C:\Users\PC-\AppData\Local\installer.dat 2018-04-02 19:46 - 2018-04-02 20:40 - 000000000 ____D C:\Users\PC-\AppData\Roaming\vhjv50pfeb3 2018-04-02 19:45 - 2018-04-02 20:42 - 000000000 ____D C:\Program Files (x86)\astra 2018-04-02 19:44 - 2018-04-03 10:35 - 000000000 ___HD C:\Program Files (x86)\Buffo 2018-04-02 19:44 - 2018-04-02 20:42 - 000000000 ____D C:\Program Files (x86)\solidified 2018-04-02 19:44 - 2018-04-02 20:42 - 000000000 ____D C:\Program Files (x86)\chatelaine 2018-04-02 19:44 - 2018-04-02 19:44 - 000003972 _____ C:\WINDOWS\System32\Tasks\philby aides tamari 2018-04-02 19:44 - 2018-04-02 19:44 - 000003970 _____ C:\WINDOWS\System32\Tasks\leverrier_refunded 2018-04-02 19:44 - 2018-04-02 19:44 - 000003922 _____ C:\WINDOWS\System32\Tasks\incognita 2018-04-02 19:44 - 2018-04-02 19:44 - 000003844 _____ C:\WINDOWS\System32\Tasks\tsphilby aides tamariphilby aides tamari 2018-04-02 19:44 - 2018-04-02 19:44 - 000003840 _____ C:\WINDOWS\System32\Tasks\tsleverrier_refundedleverrier_refunded 2018-04-02 19:44 - 2018-04-02 19:44 - 000003774 _____ C:\WINDOWS\System32\Tasks\tsincognitaincognita 2018-04-02 19:44 - 2018-04-02 19:44 - 000000012 _____ C:\WINDOWS\b28870344 2018-04-02 19:44 - 2018-04-02 19:44 - 000000000 ___HD C:\Program Files (x86)\brust 2018-04-02 19:44 - 2018-04-02 19:44 - 000000000 ____D C:\Program Files (x86)\Sandrock 2018-04-02 19:38 - 2018-04-03 09:05 - 000000000 ____D C:\Users\PC-\AppData\Roaming\AGData 2018-04-02 19:38 - 2018-04-02 19:38 - 000194048 _____ C:\Users\PC-\AppData\Local\install.dll 2018-04-02 19:38 - 2018-04-02 19:38 - 000043520 _____ C:\Users\PC-\AppData\Local\wayout.dll 2018-04-02 19:38 - 2018-04-02 19:38 - 000003072 _____ C:\Users\PC-\AppData\Local\install_UEFIConfig.exe 2018-04-02 18:30 - 2018-04-02 18:30 - 000950803 _____ C:\Users\PC-\Desktop\What’s my favourite movie.pptx 2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ C:\WINDOWS\mouthful.exe 2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ C:\Users\PC-\AppData\Local\Erika.exe 2018-04-02 15:44 - 2018-04-02 15:44 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\Landfall West 2018-04-01 07:30 - 2018-04-01 07:30 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\NoBrakesGames 2018-03-31 21:59 - 2018-03-31 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup 2018-03-31 21:59 - 2018-03-31 21:59 - 000000000 ____D C:\Program Files (x86)\DiskCheckup 2018-03-30 13:49 - 2018-03-30 13:49 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b 2018-03-21 00:20 - 2018-03-21 00:21 - 032465159 _____ C:\Users\PC-\Desktop\closed-loop-communication.wmv 2018-03-21 00:11 - 2018-03-21 01:20 - 035596460 _____ C:\Users\PC-\Desktop\ISBAR video removed.pptx 2018-03-19 00:15 - 2018-03-19 00:15 - 000000000 ____D C:\Users\PC-\AppData\Roaming\twitch-electron 2018-03-17 19:43 - 2018-03-17 19:44 - 002953376 _____ C:\Users\PC-\Downloads\ISBAR clinical governance1.potx 2018-03-11 18:49 - 2018-03-11 18:49 - 000000220 _____ C:\Users\PC-\Desktop\oliver homework todo list.txt 2018-03-10 17:48 - 2018-03-10 08:46 - 000000231 ___SH C:\Users\Public\Libraries.ini 2018-03-10 17:45 - 2018-03-10 17:45 - 000000000 ____D C:\Users\PC-\AppData\Local\NVIDIA Corporation 2018-03-10 17:44 - 2018-03-10 17:44 - 000000000 ____D C:\Users\PC-\AppData\Local\FortniteGame 2018-03-10 17:43 - 2018-03-10 17:44 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat 2018-03-10 17:43 - 2018-03-10 17:43 - 000000000 ____D C:\Users\PC-\AppData\Roaming\EasyAntiCheat 2018-03-10 12:34 - 2018-03-10 12:34 - 000000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk 2018-03-10 12:34 - 2018-03-10 12:34 - 000000000 ____D C:\Users\PC-\AppData\Local\UnrealEngineLauncher 2018-03-10 12:34 - 2018-03-10 12:34 - 000000000 ____D C:\Users\PC-\AppData\Local\EpicGamesLauncher 2018-03-10 12:33 - 2018-03-10 12:36 - 000000000 ____D C:\ProgramData\Epic 2018-03-10 12:32 - 2018-03-10 12:33 - 032256000 _____ C:\Users\PC-\Downloads\EpicInstaller-7.5.0-fortnite-69782c2860c74180b94f3bb45a917ebd.msi 2018-03-10 12:29 - 2018-03-10 12:29 - 000192512 _____ C:\Users\PC-\Desktop\rifflefrog.cld 2018-03-08 19:46 - 2018-03-08 19:46 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\VelociDrone 2018-03-08 19:22 - 2018-03-08 19:31 - 899305562 _____ C:\Users\PC-\Downloads\velocidrone-1-11-0-windows-trial.zip 2018-03-06 19:21 - 2018-03-06 19:21 - 000701863 _____ C:\Users\PC-\Downloads\betaflight_3.3.0_SPRACINGF3.hex 2018-03-06 19:17 - 2018-03-06 19:17 - 000032463 _____ C:\Users\PC-\Downloads\eachine 010.json 2018-03-06 19:17 - 2018-03-06 19:17 - 000032463 _____ C:\Users\PC-\Downloads\BTFL_backup_20180306_201734.json 2018-03-06 19:17 - 2018-03-06 19:17 - 000032454 _____ C:\Users\PC-\Downloads\BTFL_backup_20180306_201740.json 2018-03-06 07:33 - 2018-03-06 07:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-03-05 18:41 - 2018-03-08 14:53 - 000000000 ____D C:\Users\PC-\Desktop\Car CD 2018-03-05 17:57 - 2018-03-05 17:57 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\Denki 2018-03-05 17:54 - 2018-03-05 17:55 - 038289665 _____ C:\Users\PC-\Downloads\Autonauts_Version_21.2_Windows x64.zip 2018-03-05 06:59 - 2018-03-05 06:59 - 000812622 _____ C:\Users\PC-\Downloads\Statement20180302.pdf 2018-03-04 11:58 - 2018-03-15 15:58 - 000000000 ____D C:\Users\PC-\Desktop\Oliver's Homework ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-03 10:39 - 2016-10-01 23:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-04-03 10:38 - 2016-12-12 23:05 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2018-04-03 10:38 - 2016-07-16 16:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2018-04-03 10:36 - 2016-10-01 23:43 - 003829410 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-04-03 10:35 - 2016-04-05 19:35 - 000000000 ____D C:\AdwCleaner 2018-04-03 09:08 - 2017-03-01 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools 2018-04-03 09:08 - 2017-03-01 19:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-04-03 09:07 - 2016-07-16 21:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-04-03 08:21 - 2016-12-20 19:19 - 000000000 ____D C:\Users\PC-\AppData\Local\Adobe 2018-04-03 07:41 - 2015-12-03 23:45 - 000006680 __RSH C:\ProgramData\ntuser.pol 2018-04-03 07:35 - 2016-10-01 23:43 - 000000000 ____D C:\Users\PC- 2018-04-03 06:51 - 2016-07-16 21:47 - 000000000 ___HD C:\Program Files\WindowsApps 2018-04-03 06:51 - 2016-07-16 21:47 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-04-03 06:37 - 2016-10-01 23:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-04-03 00:17 - 2016-10-01 23:53 - 000003280 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3B04C3FB-2427-4C20-9023-0F335CF12761} 2018-04-02 20:49 - 2016-07-08 21:32 - 000000000 ____D C:\Users\PC-\AppData\Local\ESET 2018-04-02 20:44 - 2015-08-04 18:44 - 000000000 ____D C:\Program Files (x86)\Steam 2018-04-02 20:43 - 2017-06-06 07:07 - 000002336 _____ C:\Users\Admin\Desktop\Google Chrome.lnk 2018-04-02 20:43 - 2015-08-04 01:58 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-04-02 20:42 - 2016-07-16 16:04 - 000000000 ____D C:\Program Files\MB Registracting System 2018-04-02 20:20 - 2018-01-06 18:05 - 000000000 ____D C:\Users\PC-\AppData\LocalLow\Mozilla 2018-04-02 20:10 - 2015-08-08 20:07 - 000000000 ____D C:\Users\PC-\AppData\Roaming\uTorrent 2018-04-02 19:53 - 2016-07-16 21:47 - 000000000 ____D C:\Program Files\Windows Multimedia Platform 2018-04-02 19:53 - 2016-05-23 19:47 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition 2018-04-02 19:50 - 2013-08-23 01:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2018-04-02 19:44 - 2018-01-27 15:01 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-04-02 18:30 - 2015-08-19 18:43 - 001142272 ___SH C:\Users\PC-\Desktop\Thumbs.db 2018-04-02 17:01 - 2018-02-25 13:37 - 000000000 ____D C:\Users\PC-\Desktop\Oliver's games 2018-04-02 15:42 - 2017-11-13 05:53 - 000000000 ____D C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2018-03-31 21:55 - 2017-06-30 07:31 - 000001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk 2018-03-31 21:55 - 2016-12-09 14:42 - 000003944 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1481258520 2018-03-31 21:55 - 2016-12-09 14:41 - 000000000 ____D C:\Program Files (x86)\Opera 2018-03-31 13:43 - 2015-08-04 19:18 - 000000000 ____D C:\Users\PC-\AppData\Roaming\.minecraft 2018-03-29 05:55 - 2017-01-16 14:22 - 000000000 ____D C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2018-03-26 07:10 - 2017-01-16 14:22 - 000000000 ____D C:\Users\PC-\AppData\Local\Roblox 2018-03-21 00:12 - 2015-08-02 22:58 - 000000000 ____D C:\Users\PC-\AppData\Local\Packages 2018-03-19 00:16 - 2018-02-24 17:07 - 000000000 ____D C:\Users\PC-\AppData\Roaming\Twitch 2018-03-12 20:51 - 2018-01-21 18:24 - 000000000 ____D C:\Users\PC-\Desktop\Daddy's Games 2018-03-10 17:44 - 2017-09-03 01:34 - 000000000 ____D C:\Users\PC-\AppData\Local\UnrealEngine 2018-03-10 14:52 - 2017-12-19 17:06 - 000000000 ____D C:\Users\PC-\AppData\Roaming\.pokepack 2 2018-03-10 12:36 - 2016-10-01 23:42 - 000000000 ____D C:\ProgramData\Package Cache 2018-03-10 12:26 - 2016-07-16 21:47 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2018-03-10 10:40 - 2015-08-10 07:46 - 000000000 ____D C:\Users\PC-\AppData\Local\ElevatedDiagnostics 2018-03-06 21:35 - 2017-01-12 23:51 - 000000000 ____D C:\Users\PC-\AppData\Roaming\vlc 2018-03-06 07:43 - 2016-07-16 21:47 - 000000000 ___RD C:\Program Files\Windows Defender 2018-03-04 21:10 - 2017-07-12 14:07 - 000000000 ____D C:\Users\PC-\AppData\Roaming\dvdcss 2018-03-04 12:01 - 2018-03-03 23:22 - 000000000 ____D C:\Users\PC-\Documents\l10 ==================== Files in the root of some directories ======= 2016-04-03 23:17 - 2016-04-03 23:18 - 000004608 _____ () C:\Users\PC-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ () C:\Users\PC-\AppData\Local\Erika.exe 2018-04-02 19:38 - 2018-04-02 19:38 - 000194048 _____ () C:\Users\PC-\AppData\Local\install.dll 2018-04-02 19:47 - 2018-04-02 19:47 - 000140800 _____ () C:\Users\PC-\AppData\Local\installer.dat 2018-04-02 19:38 - 2018-04-02 19:38 - 000003072 _____ () C:\Users\PC-\AppData\Local\install_UEFIConfig.exe 2018-01-29 12:48 - 2018-01-29 12:48 - 000000017 _____ () C:\Users\PC-\AppData\Local\resmon.resmoncfg 2018-04-02 19:47 - 2018-04-02 19:54 - 000929792 _____ () C:\Users\PC-\AppData\Local\sham.db 2018-04-02 19:38 - 2018-04-02 19:38 - 000043520 _____ () C:\Users\PC-\AppData\Local\wayout.dll Some files in TEMP: ==================== 2017-08-16 23:34 - 2017-08-16 23:34 - 001177480 _____ () C:\Users\PC-\AppData\Local\Temp\AMDCleanupUtility.exe 2017-08-16 23:34 - 2017-08-16 23:34 - 000250248 _____ () C:\Users\PC-\AppData\Local\Temp\Cleanup.dll 2017-08-16 23:34 - 2017-08-16 23:34 - 000065536 _____ (Windows (R) Server 2003 DDK provider) C:\Users\PC-\AppData\Local\Temp\ddu.exe 2018-04-02 19:36 - 2018-04-02 19:36 - 001793310 _____ () C:\Users\PC-\AppData\Local\Temp\gimi.exe 2018-04-02 19:37 - 2018-04-02 19:37 - 004335290 _____ () C:\Users\PC-\AppData\Local\Temp\insifucan.exe 2017-11-19 18:38 - 2017-11-19 18:38 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1154735672996083300.dll 2017-11-19 20:18 - 2017-11-19 20:18 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1464764265914328830.dll 2017-11-13 21:09 - 2017-11-13 21:09 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1547810544809404639.dll 2017-11-19 19:30 - 2017-11-19 19:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1593254549717263245.dll 2017-11-19 18:55 - 2017-11-19 18:55 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-1690539436159311693.dll 2018-03-04 06:30 - 2018-03-04 06:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-2482033594460382393.dll 2017-11-19 18:54 - 2017-11-19 18:54 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-2687753416721811457.dll 2017-11-19 19:30 - 2017-11-19 19:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-2932195214392308003.dll 2018-02-24 19:13 - 2018-02-24 19:13 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3044242924852044250.dll 2018-02-24 19:07 - 2018-02-24 19:07 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3065947850748833017.dll 2018-02-25 06:11 - 2018-02-25 06:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3090400866220708828.dll 2018-02-24 19:01 - 2018-02-24 19:01 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-331796050798688962.dll 2017-11-19 19:05 - 2017-11-19 19:05 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3333956312288007370.dll 2017-11-19 19:29 - 2017-11-19 19:29 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3338430850092768373.dll 2017-11-20 07:10 - 2017-11-20 07:10 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3436539544659961381.dll 2017-11-20 07:10 - 2017-11-20 07:10 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3817856707412600517.dll 2017-11-19 19:05 - 2017-11-19 19:05 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-3843902266096510911.dll 2017-11-19 18:40 - 2017-11-19 18:40 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4250398577020638135.dll 2017-11-13 21:07 - 2017-11-13 21:07 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4524701280499665543.dll 2017-11-19 19:29 - 2017-11-19 19:29 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4688029176823173488.dll 2017-11-19 19:59 - 2017-11-19 19:59 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4709186475147128148.dll 2017-11-13 21:14 - 2017-11-13 21:14 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4875606554627998226.dll 2017-11-19 19:56 - 2017-11-19 19:56 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-4932998981811555426.dll 2017-11-20 07:41 - 2017-11-20 07:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-50399607490293459.dll 2017-11-19 19:59 - 2017-11-19 19:59 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5123425577962716081.dll 2017-11-19 18:43 - 2017-11-19 18:43 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5249782763613723897.dll 2017-11-19 19:11 - 2017-11-19 19:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5358125278879503070.dll 2017-11-19 18:53 - 2017-11-19 18:53 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5574364129756514307.dll 2017-11-20 07:11 - 2017-11-20 07:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-5828237950329362504.dll 2017-11-19 19:56 - 2017-11-19 19:56 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6122521847273254708.dll 2017-11-19 18:41 - 2017-11-19 18:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6181910552863925402.dll 2017-11-19 20:04 - 2017-11-19 20:04 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6286899380746404139.dll 2017-11-19 18:54 - 2017-11-19 18:54 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6515514210684840360.dll 2017-11-19 18:53 - 2017-11-19 18:53 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6716366613263652999.dll 2017-11-19 18:41 - 2017-11-19 18:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6800111260289939343.dll 2017-11-19 20:18 - 2017-11-19 20:18 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-6951282655468735342.dll 2017-11-19 20:06 - 2017-11-19 20:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7115100588086859338.dll 2017-11-19 19:11 - 2017-11-19 19:11 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7208374827041395840.dll 2017-11-19 18:55 - 2017-11-19 18:55 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7254346936848756846.dll 2017-11-13 21:04 - 2017-11-13 21:04 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7401461684807603174.dll 2017-11-19 20:04 - 2017-11-19 20:04 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-7941934255482740537.dll 2018-02-25 09:23 - 2018-02-25 09:23 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8132190790898914066.dll 2017-11-19 18:38 - 2017-11-19 18:38 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8223865945422888254.dll 2017-11-17 14:30 - 2017-11-17 14:30 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8362638309452189810.dll 2017-11-19 19:06 - 2017-11-19 19:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8509283534852200759.dll 2017-11-19 19:06 - 2017-11-19 19:06 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8615231387327955072.dll 2018-02-25 13:39 - 2018-02-25 13:39 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8756203341855063304.dll 2017-11-13 21:03 - 2017-11-13 21:03 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-8998844724991135980.dll 2017-11-20 07:41 - 2017-11-20 07:41 - 000019968 _____ (Red Hat®, Inc.) C:\Users\PC-\AppData\Local\Temp\jansi-64-9217592599316072740.dll 2018-04-02 19:52 - 2018-04-02 19:52 - 000719872 _____ () C:\Users\PC-\AppData\Local\Temp\movari.exe 2017-08-16 23:34 - 2017-08-16 23:34 - 000516096 _____ (Microsoft Corporation) C:\Users\PC-\AppData\Local\Temp\msvcm80.dll 2017-08-16 23:34 - 2017-08-16 23:34 - 001061376 _____ (Microsoft Corporation) C:\Users\PC-\AppData\Local\Temp\msvcp80.dll 2017-08-16 23:34 - 2017-08-16 23:34 - 000796672 _____ (Microsoft Corporation) C:\Users\PC-\AppData\Local\Temp\msvcr80.dll 2018-04-03 09:05 - 2018-04-02 19:38 - 000013824 _____ () C:\Users\PC-\AppData\Local\Temp\uninstall.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-03-26 07:02 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018 Ran by PC-Home (03-04-2018 10:42:02) Running from C:\Users\PC-\Downloads Windows 10 Pro Version 1607 14393.1198 (X64) (2016-10-01 13:54:19) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Admin (S-1-5-21-1802162536-2727602968-3184661257-1009 - Limited - Enabled) => C:\Users\Admin Administrator (S-1-5-21-1802162536-2727602968-3184661257-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1802162536-2727602968-3184661257-503 - Limited - Disabled) Guest (S-1-5-21-1802162536-2727602968-3184661257-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1802162536-2727602968-3184661257-1005 - Limited - Enabled) PC-Home (S-1-5-21-1802162536-2727602968-3184661257-1001 - Administrator - Enabled) => C:\Users\PC- quirk (S-1-5-21-1802162536-2727602968-3184661257-1010 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Premiere Elements 15 (HKLM-x32\...\{FD45A9C9-02BE-4E62-8629-78DF29A10FF5}) (Version: 15.0 - Adobe Systems Incorporated) AIDA64 Extreme v5.50 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.50 - FinalWire Ltd.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.) Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.) ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation) Arduino (HKLM-x32\...\Arduino) (Version: 1.8.1 - Arduino LLC) AUSkey (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\AUSkey) (Version: 1.1.0 - Australian Taxation Office) Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.12.160304 - ) Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden Borderlands - The Pre-Sequel (HKLM-x32\...\Borderlands - The Pre-Sequel_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter) Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: 1.8.4 - 2K Games) Borderlands 2 GOTY version 1.8.2.0 (HKLM-x32\...\Borderlands 2 GOTY_is1) (Version: 1.8.2.0 - Mr DJ) Call of Duty 4 - Modern Warfare (HKLM-x32\...\Call of Duty 4 - Modern Warfare_is1) (Version: - ) Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version: v.1.18.1281374.0 - Decepticon) Call of Duty Ghosts (HKLM-x32\...\Q2FsbG9mRHV0eUdob3N0cw==_is1) (Version: 1 - ) Call Of Duty World At War version 1.7.1263.0 (HKLM-x32\...\Call Of Duty World At War_is1) (Version: 1.7.1263.0 - Mr DJ) Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision) Call of Duty: Black Ops III (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - ) Call of Duty: Infinite Warfare (HKLM\...\Y2FsbG9mZHV0eWluZmluaXRld2FyZmFyZQ_is1) (Version: 1 - ) Call of Duty®: Black Ops 2 (HKLM-x32\...\Call of Duty®: Black Ops 2_is1) (Version: 1.0.5 - R.G. Revenants) CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden Catalyst Control Center Next Localization BR (HKLM\...\{15979E65-792E-474B-BC5D-42257709D4D9}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{D6ACA0E4-2488-AE52-E73D-24DB98F9AD65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{B8C421E8-BDF9-F598-832C-659A513F79EB}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{DD3A9C85-51E9-854D-EB9B-F0AE8E5B2F7C}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{A00A5425-8899-055A-404C-8F96C2EC647F}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{CB71E054-00CF-182D-6C78-F9D85D10B7BA}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{30B97DD0-3646-AD22-2E77-3792B11BB5E6}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{8342F234-A97E-D691-3C01-F060CB7DA175}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{CD47D86C-737D-4818-F059-CF8A53F37B76}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{DB0E2806-DE62-D60E-9BD9-E3A89FB2A5A8}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{D4EF1657-8835-A5AE-DBA0-658EF2869048}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{ED71C4B4-4C00-F7C9-9151-60411373DC35}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{28FFCD28-01FF-9792-B1A9-B944D44FB37D}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{DAEF66AB-6EA7-B0A8-96FB-243A2F33B8B2}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{3DBC48E0-7DE6-295B-448E-5F53D1491AC3}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{CAF3DAD2-A7E8-5472-F8E3-D71E92B7FA65}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{E7666716-625F-9E54-ECB3-39CC3C7FFB14}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{30A5B188-80AB-2CF5-22D8-8E20D66907D4}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{A38C8B57-D3E6-5748-F2D3-FDC383D1203A}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{1CD84FD4-26F3-08FC-32F5-17DA9E8A4ED7}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform) CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - ) CD-LabelPrint Packages (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\CD-LabelPrint Packages) (Version: - ) <==== ATTENTION Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.) CPUID CPU-Z 1.80 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CPUID HWMonitor 1.32 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.32 - ) CrystalDiskInfo 7.1.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.1.0 - Crystal Dew World) CutList Plus Express (HKLM-x32\...\{13B966CF-C74E-4AAE-A6EE-29F3C9C92B27}) (Version: 1.1.10 - Bridgewood Design) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DB Browser for SQLite (HKLM-x32\...\DB Browser for SQLite) (Version: 3.9.1 - DB Browser for SQLite Team) DiskCheckup v3.4 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.4.1003 - PassMark Software) DJI driver version 2.02 (HKLM-x32\...\{EDFDE5EE-84C7-4936-804C-6563943E5754}_is1) (Version: 2.02 - DJI) DJI Phantom 2 Vision Assistant version 3.8 (HKLM-x32\...\{EDCE7221-F31F-407A-B348-30D011ED3126}_is1) (Version: 3.8 - DJI) Dotfuscator and Analytics Community Edition 5.19.1 (HKLM-x32\...\{2A7F99F6-88A4-4B44-B350-41C0B147A39C}) (Version: 5.19.1.3091 - PreEmptive Solutions) Hidden DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen) e5 Secure Download Manager (HKLM-x32\...\{7C4C779B-C315-4730-A7D2-E2DD138CBAE6}) (Version: 3.2.259.0 - Kivuto Solutions Inc.) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS) Easy CD & DVD Creator 6 (HKLM-x32\...\{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}) (Version: 6.0.0.171 - Roxio Inc.,) Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden Epic Games Launcher (HKLM-x32\...\{CA3B6D8B-2437-4C7C-84A3-97AF21EDBE20}) (Version: 1.1.144.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden EPUB to MOBI (HKLM-x32\...\{C65AA5AE-8B80-46B6-ADFC-BBF1EFF2AD98}_is1) (Version: - epubtomobi.com) erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 6.18 - NCH Software) Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden GIGABYTE VGA @BIOS (HKLM-x32\...\{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}) (Version: 6.80 - GIGABYTE) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.) Google Photos Backup (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.) HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software) HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation) IKEA Home Planner (HKLM-x32\...\{B3276CB1-20B6-4AF9-AAEC-E72C83816495}) (Version: 2.0.3 - IKEA IT) Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.) Macrium Reflect Free Edition (HKLM\...\{6085136C-5E0B-4516-BA48-2B909062778A}) (Version: 6.3.1835 - Paramount Software (UK) Ltd.) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.) Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes) Micro-Measure (HKLM-x32\...\{75E1D518-6772-4073-A71C-354B71181391}) (Version: 1.0.0 - Brightwell) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Community 2015 with Update 2 (HKLM-x32\...\{04fa3a35-1f49-4510-8051-819cdc1e6e01}) (Version: 14.0.25123.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Minimal ADB and Fastboot version 1.3.1 (HKLM-x32\...\{26AC9666-A2C6-4D33-8370-A50F50F277C4}_is1) (Version: 1.3.1 - Sam Rodberg) Mission Planner (HKLM-x32\...\{BCB89166-2874-4BBA-9249-22E658D46B96}) (Version: 1.3.34 - Michael Oborne) Mobile Broadband Manager (HKLM-x32\...\{86077E92-2879-489B-9EB0-6957311B98A2}) (Version: 3.15.20905 - Telstra) Hidden Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla) Mozilla Firefox 58.0 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0 (x64 en-US)) (Version: 58.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0 - Mozilla) MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{13FE8B50-B340-4FDA-BB6E-AA1F5FAB8205}) (Version: 14.0.25123 - Microsoft Corporation) Hidden Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.5 - NETGEAR) NVIDIA PhysX (HKLM-x32\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation) OpenTX Companion 2.2 (HKLM-x32\...\OpenTX Companion 2.2) (Version: - OpenTX) Opera Stable 52.0.2871.40 (HKLM-x32\...\Opera 52.0.2871.40) (Version: 52.0.2871.40 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 9.9.1.62656 - Electronic Arts, Inc.) PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1037.0 - Passmark Software) Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation) Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Portal 2 (HKLM-x32\...\Postal 2_is1) (Version: - ) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd) PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden ProShow Gold (HKLM-x32\...\ProShow Gold) (Version: - Photodex Corporation) ProShow Gold version 8.0 (HKLM-x32\...\{DD0D5CC9-203C-4702-A196-74A9A8F2D2AD}_is1) (Version: 8.0 - Photodex) Race Driver 3 (HKLM-x32\...\{0297C87B-CC40-446F-865A-031B4FC0CF22}) (Version: 1.00.0000 - Codemasters) RAPID Mode (HKLM\...\{18DF567E-AA9B-434D-BE77-BFE2292712F6}) (Version: 1.0.1.96 - Samsung Electronics Co., Ltd.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 - Realtek Semiconductor Corp.) Roblox Player for PC-Home (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation) Roblox Studio for PC-Home (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation) Robot Updater Setup (HKLM-x32\...\{FD765C6E-0FC8-4432-A3DA-579D2734BCF8}) (Version: 1.28.5000 - Spinmaster) Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (HKLM-x32\...\{96139D17-D4D8-3BE1-883A-F0201E15B84E}) (Version: 14.0.25130 - Microsoft Corporation) Hidden Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.9.7 - Samsung Electronics) Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.1902.0 - Seagate) SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.) Snake Pass (HKLM-x32\...\Snake Pass_is1) (Version: - ) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.4.28745 - Electronic Arts) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Team Explorer for Microsoft Visual Studio 2015 Update 2 (HKLM-x32\...\{7932CD6F-86D3-3EE4-8A02-B954404D1FFC}) (Version: 14.95.25118 - Microsoft) Hidden TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) Telstra Mobile Broadband Manager (HKLM-x32\...\Mobile Broadband Manager) (Version: 3.15.20905 - Telstra) TerraTech (HKLM-x32\...\1448625945_is1) (Version: 2.8.0.10 - GOG.com) Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com) TransMac version 11.2 (HKLM-x32\...\TransMac_is1) (Version: 11.2 - Acute Systems) Twitch (HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.) TypeScript Power Tool (HKLM-x32\...\{60890089-588B-4362-B9C5-A9C11D6E5DD1}) (Version: 1.8.9.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{4AC64C61-A7EC-4E4E-8F28-F57EB3430334}) (Version: 1.8.31.0 - Microsoft Corporation) Hidden Unity (HKLM-x32\...\Unity) (Version: 5.3.5f1 - Unity Technologies ApS) Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS) Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes) Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) VS Update core components (HKLM-x32\...\{6A878817-D626-305A-BE8D-94C93F70E27A}) (Version: 14.0.25123 - Microsoft Corporation) Hidden vs_update2notification (HKLM-x32\...\{D4A78CC3-D7A0-345F-AB7D-9DA828558E4F}) (Version: 14.0.25130 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Driver Package - 3D Robotics (usbser) Ports (01/01/2015 2.0.0.9) (HKLM\...\75690F2C86F7BE1E9F51D6D0CC84D4D7C203E6B5) (Version: 01/01/2015 2.0.0.9 - 3D Robotics) Windows Driver Package - 3D Robotics (usbser) Ports (01/01/2015 2.0.0.9) (HKLM\...\E5BE0983C0C60432B42B39114C40C1931CE1AE00) (Version: 01/01/2015 2.0.0.9 - 3D Robotics) Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports (01/01/2015 2.0.0.9) (HKLM\...\86FE9521DE7ABE24A00FABF1A36DFEA326A2B95B) (Version: 01/01/2015 2.0.0.9 - Arduino LLC (www.arduino.cc)) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI) Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI) Windows Driver Package - libusbK USBasp (04/28/2014 3.0.7.0) (HKLM\...\10E53F572A88913B4A453B98665A2C793D4F5527) (Version: 04/28/2014 3.0.7.0 - libusbK) Windows Driver Package - Silicon Laboratories (silabenm) Ports (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) Wolfenstein The Old Blood (HKLM-x32\...\Wolfenstein The Old Blood_is1) (Version: - ) Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - ) ZTE LTE Device USB Driver (HKLM\...\{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}) (Version: - ZTE Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\ChromeHTML: -> <==== ATTENTION CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-1802162536-2727602968-3184661257-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncApi64.dll => No File ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-05] (Igor Pavlov) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd) ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd) ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-15] (Elaborate Bytes AG) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal) ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd) ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-15] (Elaborate Bytes AG) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-05] (Igor Pavlov) ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-11-02] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-05] (Igor Pavlov) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal) ContextMenuHandlers1_S-1-5-21-1802162536-2727602968-3184661257-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers4_S-1-5-21-1802162536-2727602968-3184661257-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers5_S-1-5-21-1802162536-2727602968-3184661257-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\PC-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03876411-2295-4097-9937-80AD4B349913} - System32\Tasks\{60F23C96-1CCF-4312-83F5-8A1C1FCD3AE7} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\ -c -auto Task: {03CC38D3-A11E-44AF-B22A-B6DA388D0D52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation) Task: {03FB0589-466F-4A4C-979F-CF1A32893383} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {064DCBB1-D3D1-4646-8DC7-1A25F20C452D} - System32\Tasks\{E7E0B43D-773F-41C6-B9F1-424FB1672ABC} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\ Task: {066EF6EC-A46D-4F6F-864E-D0C2BB513739} - System32\Tasks\{632FAEB9-90A2-413B-BBA5-0680A6B94A61} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\ Task: {0B99E979-37E7-490B-ADF4-74D493695D09} - System32\Tasks\tsleverrier_refundedleverrier_refunded => C:\Program Files (x86)\Buffo\Erika.exe [2018-04-02] () Task: {104D18DC-0380-4D1B-AA15-497A3DE17EDC} - System32\Tasks\tsincognitaincognita => C:\Program Files (x86)\Sandrock\Erika.exe [2018-04-02] () Task: {123AEDAD-DA29-4B70-AABB-D66953551857} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation) Task: {1489D83A-8A03-4C2C-B30C-99B3F6169DCC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {16CE6728-168C-4530-9966-85B5F75B5472} - System32\Tasks\incognita => C:\Program Files (x86)\Sandrock\Erika.exe [2018-04-02] () Task: {1899AA56-C1DE-4BA7-9897-6BACF21CAD8A} - System32\Tasks\{BA42BC49-61A4-4B7C-8D7A-36909E2CD696} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\ Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {43115EA7-B074-42EE-96EC-1E77F1695F6C} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2016-05-13] (Samsung Electronics.) Task: {44D47007-D187-4979-A5A8-7AC193EA9222} - System32\Tasks\{CFBC9378-0557-4F66-8C9E-0F6B926DE1BA} => C:\WINDOWS\system32\pcalua.exe -a "E:\downloads\USB microscope1\USB microscope1.5\Driver\setup.exe" -d "E:\downloads\USB microscope1\USB microscope1.5\Driver" Task: {45221D7A-8EF7-44D3-AE98-6C24EA43DD07} - System32\Tasks\PC-Home => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-04-05] (Seagate Technology LLC) Task: {4559514F-9C2F-4D2B-9C8E-7F49A157645D} - System32\Tasks\leverrier_refunded => C:\Program Files (x86)\Buffo\Erika.exe [2018-04-02] () Task: {46BE5CA5-1B4C-41FE-A48A-61F56BEB71FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1802162536-2727602968-3184661257-1001UA => C:\Users\PC-\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-11] (Google Inc.) Task: {48BE282B-6AFB-4E18-A640-184F909219BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {4ADEE42D-E335-4065-B135-CB469476645E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation) Task: {4B725489-ADBA-405A-8715-E6291ECB75A1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {4E5D00AE-65F8-41C9-9336-B26012F3B554} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {4E6BD295-B4EB-446B-890D-07C0033EA996} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {534255CB-7C62-4443-B9EB-76EDDD684686} - System32\Tasks\AdobeGCInvoker-1.0-PC-PC-Home => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated) Task: {58C01240-498D-4E41-8E09-043FBFCD2E47} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {5B598026-0B08-43B7-B800-6C49AA52D651} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.) Task: {6B4350AB-F483-4C65-AB55-CBF93276D738} - System32\Tasks\Opera scheduled Autoupdate 1481258520 => C:\Program Files (x86)\Opera\launcher.exe [2018-03-28] (Opera Software) Task: {6F9A3CFC-C5B5-4C89-B22E-130841AE946D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-04] (Piriform Ltd) Task: {726BE6BF-CDBE-4E22-A33B-25F0719EDC08} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {78BC313D-5ADD-4198-9280-3F74F11E2134} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {800090B0-9ABB-4B28-A610-AA4DA7DF9E46} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-06] (Microsoft Corporation) Task: {8443B11D-A8CC-40CA-8121-88B766F73928} - System32\Tasks\PC-Home Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-04-05] (Seagate Technology LLC) Task: {9A2F3A4C-0C54-46EB-9029-0BA502C02BE1} - System32\Tasks\AdobeAAMUpdater-1.0-PC-PC-Home => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {A167D538-F3FC-4F4A-B148-E5673ACA1ACD} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-11-02] (Advanced Micro Devices, Inc.) Task: {A71185F0-C844-406F-9618-4910108EBF96} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {B64D8650-B24A-4ECF-A35A-9EA51FC91D19} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-03-22] (Microsoft Corporation) Task: {B7FD0870-62F9-4504-86AA-4D50F6176F93} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1802162536-2727602968-3184661257-1001Core => C:\Users\PC-\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-11] (Google Inc.) Task: {B999CA04-D675-4CA7-AED7-AD862376457A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {CAAD45F9-0CBD-4494-A6E5-A2116946CF67} - System32\Tasks\{ABF7A772-ED4E-43B9-82C3-1BCF34F34EDB} => C:\WINDOWS\system32\pcalua.exe -a G:\Setup.exe -d G:\ -c -auto Task: {CC026503-5BA5-49CC-AD85-8FC3AF907B7E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] () Task: {D7CF03C9-8FE1-4FA8-8610-1D5D5484A9EC} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-04-05] (Seagate Technology LLC) Task: {DE510B07-A25B-40A6-8307-2906E0B7FE5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.) Task: {EDCB60C2-C743-4761-8D49-ADE66D621A65} - System32\Tasks\philby aides tamari => C:\Users\PC-\AppData\Local\Erika.exe [2018-04-02] () Task: {F59B4BD9-AC87-474B-86ED-57A1931D0CA4} - \WPD\SqmUpload_S-1-5-21-1802162536-2727602968-3184661257-1001 -> No File <==== ATTENTION Task: {F706E402-E307-4296-87AE-03C105BDFCCB} - System32\Tasks\PC-Home DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2016-04-05] (Seagate Technology LLC) Task: {F7FE89D1-DF16-40BD-B238-0DBFB0EC9FC6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {FA2F2247-B1B6-439A-AE21-FA1D80252532} - System32\Tasks\tsphilby aides tamariphilby aides tamari => C:\Users\PC-\AppData\Local\Erika.exe [2018-04-02] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\PC-\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm Shortcut: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut (2).lnk -> C:\Survival___\start.bat () Shortcut: C:\Users\PC-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start - Shortcut.lnk -> C:\Oliver's server\start.bat () ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 21:42 - 2016-07-16 21:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-05-11 02:33 - 2017-04-28 10:49 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-10-28 07:34 - 2014-04-24 14:29 - 001360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe 2017-10-28 07:34 - 2017-10-28 07:34 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe 2013-10-17 15:27 - 2013-10-17 15:27 - 000166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2017-01-09 20:13 - 2016-07-24 14:13 - 000186760 _____ () C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe 2015-12-06 00:23 - 2014-08-18 16:50 - 000316120 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe 2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ () C:\Program Files (x86)\Sandrock\Erika.exe 2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ () C:\Program Files (x86)\Buffo\Erika.exe 2018-04-02 16:16 - 2018-04-02 16:16 - 000137216 _____ () C:\Users\PC-\AppData\Local\Erika.exe 2016-10-02 09:36 - 2016-10-02 09:36 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-15 06:32 - 2017-03-04 16:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-15 06:32 - 2017-03-04 16:12 - 009760768 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 06:32 - 2017-03-04 16:05 - 001401856 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-15 06:32 - 2017-03-04 16:05 - 000757248 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-05-11 02:33 - 2017-04-28 09:36 - 001033216 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-05-11 02:33 - 2017-04-28 09:36 - 002424320 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-05-11 02:33 - 2017-04-28 09:37 - 004853760 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2018-03-23 14:23 - 2018-03-20 16:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll 2018-03-23 14:23 - 2018-03-20 16:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll 2017-03-15 06:32 - 2017-03-04 16:04 - 000114176 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll 2016-06-07 22:02 - 2014-03-11 15:15 - 000069632 _____ () C:\Program Files (x86)\GLPCCamera\monitorpad.exe 2018-04-02 16:16 - 2018-04-02 16:16 - 000066837 _____ () C:\Program Files (x86)\brust\nonfunctioning.exe 2017-10-28 07:34 - 2015-05-08 14:26 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll 2015-12-06 00:23 - 2015-03-05 17:22 - 000380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll 2018-01-17 21:12 - 2016-05-13 00:35 - 000021600 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll 2018-04-02 19:38 - 2018-04-02 19:38 - 000043520 _____ () C:\Users\PC-\AppData\Local\wayout.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0] AlternateDataStreams: C:\Users\Public\AppData:CSM [474] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Raptr" HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive" HKLM\...\StartupApproved\Run32: => "BigPondWirelessBroadbandCM" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent" HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray" HKLM\...\StartupApproved\Run32: => "DBAgent" HKLM\...\StartupApproved\Run32: => "RoxAssistant" HKLM\...\StartupApproved\Run32: => "RoxioDragToDisc" HKLM\...\StartupApproved\Run32: => "RoxioAudioCentral" HKLM\...\StartupApproved\Run32: => "RoxioEngineUtility" HKLM\...\StartupApproved\Run32: => "LWS" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "EADM" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "Uploader" HKU\S-1-5-21-1802162536-2727602968-3184661257-1001\...\StartupApproved\Run: => "Google Photos Backup" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{2BF510E9-F50A-4512-9441-F89CEBB63267}E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe] => (Block) E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe FirewallRules: [TCP Query User{BE4D19C5-6BBE-42A2-9F5A-9B2FE772906E}E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe] => (Block) E:\games\igg-scrap.mechanic.v0.1.30\release\scrapmechanic.exe FirewallRules: [UDP Query User{92E8F8D7-0DA3-43B2-BF9A-1C21F5F9A6EE}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [TCP Query User{73148BB7-E9DD-4E8D-A29A-90DB877C3F68}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [UDP Query User{A7C984B1-0D0B-4CC2-A72E-0A0BFED725E7}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [TCP Query User{90FEE90F-243B-4F96-AD1F-BAE29B214AE7}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [UDP Query User{BB6E3ADC-5E0D-4A3C-A489-492D22BA64C6}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [TCP Query User{3926B879-8904-4EC7-B3AF-3BBC533FC2F8}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [{1B090A48-6C97-474F-99C2-30D0A24131A6}] => (Allow) LPort=8888 FirewallRules: [UDP Query User{8FA93161-0D92-462F-B047-BC229705B491}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [TCP Query User{BC257035-5BF2-47D1-BBEF-BB4BCA38F56A}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [{EFBABF91-DED5-415B-B20C-9DCC3E20C4F4}] => (Allow) LPort=8888 FirewallRules: [UDP Query User{9C51F00D-4721-498C-A5AE-738C3E04001A}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe FirewallRules: [TCP Query User{9780C0B0-CD57-4C7B-BA65-40D1C1F2305A}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe FirewallRules: [UDP Query User{D99AF1D4-4777-4C58-ADBE-94529B2900DF}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe FirewallRules: [TCP Query User{C6E9F2F0-485A-4F53-B9FE-2806E3A9D888}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe FirewallRules: [{E3953CDB-8714-4CCA-8FF9-4856721611A8}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [UDP Query User{AC0DCBD5-0E14-4A7B-977A-35476D48963B}C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe FirewallRules: [TCP Query User{C32393A0-A223-4850-BFC6-94A591887545}C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe FirewallRules: [UDP Query User{C7A0EF56-0347-44A1-A21A-4921848FE44F}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe FirewallRules: [TCP Query User{6628366B-CBA0-46D6-9597-D30CDC40E70D}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe FirewallRules: [UDP Query User{8E94AFC5-348B-4405-B0A1-5985E1A1CAF1}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe FirewallRules: [TCP Query User{B24A2852-0819-471C-A961-1E74336F8DF6}E:\games\borderlands 2\game\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\game\binaries\win32\borderlands2.exe FirewallRules: [UDP Query User{16C8B196-82F0-49D3-992D-6102250363ED}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe FirewallRules: [TCP Query User{0C1CD70E-6ED1-4B3E-A3FE-690E03AFB992}C:\program files (x86)\mission planner\missionplanner.exe] => (Allow) C:\program files (x86)\mission planner\missionplanner.exe FirewallRules: [UDP Query User{66EEF8D3-EA29-4D90-B0E3-F8283584D0A0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{963D3C7C-560A-42E5-AFD1-860F932C2F13}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{7768489A-E32A-4566-8C7D-49BFEDBDE7DF}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe FirewallRules: [TCP Query User{0D6A77AD-0F2D-4571-99FF-9B3BD7094D87}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe FirewallRules: [{EB1150CE-A4CC-4C75-AFDD-0C986C1E4714}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe FirewallRules: [{16753DCB-EDD9-4270-96E7-271221941CCA}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe FirewallRules: [UDP Query User{BE1BEDF2-B4AD-4E45-A855-D33D47192A68}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe FirewallRules: [TCP Query User{BEE80F26-6232-4EE1-B92A-5217A0551BAF}C:\program files (x86)\call of duty - black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty - black ops 2\t6sp.exe FirewallRules: [{C69DA563-BEA5-4FCD-99A4-C175F25FD5A4}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe FirewallRules: [{5FCF9FA6-D88A-49C6-A0D1-8133EBBD1CB5}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe FirewallRules: [{158B90D7-8CE3-4969-BAA4-040076465F9D}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F0725DDB-0AC9-455D-AE0B-5D830527ADE3}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E1CEEC3D-0816-42C6-8B31-E3E0010E7138}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3ABB99E6-4188-4646-B066-7E2F6E338156}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0A916694-C4D0-4D7B-A358-E14C83CEDE4E}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7F8A3E06-AA8A-4DC6-BD99-F05EECA4E3B1}] => (Allow) C:\Users\PC-\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{74D27CA9-DE1A-4F21-98DB-128BD423B6F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe FirewallRules: [{F67D41CD-1C93-4CA2-8047-9D849F3E8F4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe FirewallRules: [{13054606-B407-4EC6-8F4E-0194F2389552}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{2C2C7571-C281-45F7-A9BD-EB4A03EB44EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{DA75EF4D-20F9-4746-B382-A91749DEF5DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{DE611DA3-352B-4341-A8D8-16EF87D4056B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{28085ACE-FA2A-4EDA-ACEE-353B95FFFDBD}C:\program files (x86)\valve\portal 2\portal2.exe] => (Block) C:\program files (x86)\valve\portal 2\portal2.exe FirewallRules: [UDP Query User{2401BB92-8476-41C8-B1B3-03E8F07A6FE9}C:\program files (x86)\valve\portal 2\portal2.exe] => (Block) C:\program files (x86)\valve\portal 2\portal2.exe FirewallRules: [TCP Query User{5EF17B59-D6F6-4D5B-B658-465D7040C6D0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{791ADA7B-DB09-46D7-A933-848C2F59F482}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{9572CFC9-B835-4BC9-A8DE-7ECCE25FB8CD}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [UDP Query User{6C2CF78B-DA2B-49B4-8619-D80EF02494A2}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [{EBCC6B8F-5650-4AFD-B781-175C41101F96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0BE32DE6-7A07-4966-B0F6-2E23E1D627C9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{913AB778-9BEC-4838-BC9F-23323A2ABD53}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe FirewallRules: [UDP Query User{626F82E4-F4FA-4A80-B26E-FAFA4F65DCCD}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe FirewallRules: [TCP Query User{50D2FA59-4CE7-4F77-BD08-98CC92A56833}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe FirewallRules: [UDP Query User{59127E00-3157-4D28-ADD2-E26B4254A1CD}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe FirewallRules: [{24056517-7F6C-478C-A904-033FA4ADC62A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{3F589188-EA62-4FEB-A859-4226C3CBCEF6}] => (Allow) LPort=2869 FirewallRules: [{E6421478-EB5D-409D-8893-7CD08E0D8F16}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{B372935E-B9D6-41E9-A618-ED116A78CC2E}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe FirewallRules: [UDP Query User{30229F32-179E-4886-9AC0-2CC0503AAAE2}E:\call of duty infinite warfare\iw7_ship.exe] => (Block) E:\call of duty infinite warfare\iw7_ship.exe FirewallRules: [TCP Query User{E43B7B7D-1ABE-4AA3-B051-600CEBD0F6F6}E:\games\black ops 2\call of duty - black ops 2\t6sp.exe] => (Block) E:\games\black ops 2\call of duty - black ops 2\t6sp.exe FirewallRules: [UDP Query User{FA6DD97B-6751-4149-B773-0B217C39D7C9}E:\games\black ops 2\call of duty - black ops 2\t6sp.exe] => (Block) E:\games\black ops 2\call of duty - black ops 2\t6sp.exe FirewallRules: [{12186A48-1ED8-4D89-B0F4-66C58B4977B3}] => (Allow) E:\Games\Mr DJ\Call Of Duty World At War\CoDWaW.exe FirewallRules: [{F8E41F69-6B93-4C56-98DF-D7F98625C688}] => (Allow) E:\Games\Mr DJ\Call Of Duty World At War\CoDWaW.exe FirewallRules: [{EDFF46D6-B7ED-4E40-A366-BA98D6DDD637}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{B35404D2-2614-4FBD-B2AC-2407759D9FBD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [TCP Query User{22375CBA-9741-4058-BC81-8402CFEB66A1}E:\gmaes\call of duty black ops iii\blackops3.exe] => (Block) E:\gmaes\call of duty black ops iii\blackops3.exe FirewallRules: [UDP Query User{298F193F-3171-4387-A958-C2F5184074AF}E:\gmaes\call of duty black ops iii\blackops3.exe] => (Block) E:\gmaes\call of duty black ops iii\blackops3.exe FirewallRules: [TCP Query User{E62A9E05-28E3-4FA8-9F95-DE00232B4340}E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Block) E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe FirewallRules: [UDP Query User{2D2CE519-D42F-44BE-A977-BFEA314388E3}E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Block) E:\downloads\scrap.mechanic.v0.1.32\scrap.mechanic.v0.1.32\release\scrapmechanic.exe FirewallRules: [TCP Query User{907E41D9-4498-4CC7-95D5-BC63C7E31689}E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe FirewallRules: [UDP Query User{E6ACF7B6-673C-4E4C-A65F-5A7BEB83FC2C}E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.1.32\release\scrapmechanic.exe FirewallRules: [{CCA86254-4F46-4E72-A5F4-810E55B737C7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{CC9D8807-0478-4D2B-BBE1-986033BC8F46}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{EED8767A-B98E-46B3-9591-4CC9A32AC7E7}E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe FirewallRules: [UDP Query User{DCC59A7F-3F4A-4B71-9563-52F37311920B}E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe] => (Allow) E:\games\scrap.mechanic.v0.2.4\release\scrapmechanic.exe FirewallRules: [{5347E0A4-3595-4CE3-A239-9077F0A39688}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe FirewallRules: [{95D21B68-AFF5-4D78-910C-99988691F7F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe FirewallRules: [{B949D608-DF3E-4C89-BCFA-DDDB3F09F034}] => (Allow) LPort=25565 FirewallRules: [{3ADFCE03-1614-45BE-9744-9A14B5F93B7C}] => (Allow) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin FirewallRules: [{B7E071BE-4274-4265-8E7F-C00724959973}] => (Allow) E:\Games\Call Of Duty World At War\CoDWaW.exe FirewallRules: [{A5B6B503-7D4D-418F-AAE2-3E78ABACBC95}] => (Allow) E:\Games\Call Of Duty World At War\CoDWaW.exe FirewallRules: [TCP Query User{04565DF2-19DF-4469-9276-6A8C58232253}E:\games\wolfenstein\wolfneworder_x64.exe] => (Block) E:\games\wolfenstein\wolfneworder_x64.exe FirewallRules: [UDP Query User{AE810389-AFC3-4D8A-BF3F-A02A4030FBB4}E:\games\wolfenstein\wolfneworder_x64.exe] => (Block) E:\games\wolfenstein\wolfneworder_x64.exe FirewallRules: [TCP Query User{7DA916B9-3B76-4B0A-BB67-1156ADCC3FEE}E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe] => (Block) E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe FirewallRules: [UDP Query User{ECAE7D1D-D9A2-4D20-933C-1A5657F421BF}E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe] => (Block) E:\downloads\slime.rancher.v1.0.1e\slime.rancher.v1.0.1e\x64\slimerancher.exe FirewallRules: [{B42BCE0F-9CBA-4C35-B35D-DB9D49B994B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe FirewallRules: [{15FB3418-ACEF-42D0-BF14-B897D755A696}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe FirewallRules: [{0F60530E-2FEB-48B7-9653-F8EE5BC653AF}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_sp64_ship.exe FirewallRules: [{07B654AC-506B-431F-9BBF-C0111079F80E}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_sp64_ship.exe FirewallRules: [{12C44D2A-0B48-4A67-8707-C02A8603F05F}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Half-Life\hl.exe FirewallRules: [{A4687783-AB9B-4D52-8827-F22206334F36}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Half-Life\hl.exe FirewallRules: [TCP Query User{B4987BEF-FFB6-40CF-88F4-C03608BA861A}E:\games\borderlands 2\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\binaries\win32\borderlands2.exe FirewallRules: [UDP Query User{D2CDBD97-B714-4DB2-8077-7CBFFF81F6F8}E:\games\borderlands 2\binaries\win32\borderlands2.exe] => (Block) E:\games\borderlands 2\binaries\win32\borderlands2.exe FirewallRules: [{7B532AC5-6F61-43F7-A0F9-AA97E7140EE6}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Bloons TD Battles\Battles-Win.exe FirewallRules: [{87DA53C2-7FE4-48B0-9D32-1E5BA499324D}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Bloons TD Battles\Battles-Win.exe FirewallRules: [{1A5F5951-ED70-4F77-8F7A-8AE26BC88513}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_mp64_ship.exe FirewallRules: [{B091925F-37AA-4793-8BEF-A15CBAA5B799}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Call of Duty WWII\s2_mp64_ship.exe FirewallRules: [{8F6DF36C-72F9-4003-B422-89EC52E6665F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Trail\TheTrail.exe FirewallRules: [{D54DF1D7-8C89-4348-B654-272A7E3D8F9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Trail\TheTrail.exe FirewallRules: [{5DFBC611-EEF0-49AB-BDD0-0AB94BA42E34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amazing Frog\AmazingFrog.exe FirewallRules: [{EAAEA303-F633-4E6A-B4DA-F4340497E684}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amazing Frog\AmazingFrog.exe FirewallRules: [{2537C76A-F04E-45DB-9A3D-2893C736CCC2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{3766FC18-4255-4587-91DF-D427C8D5190A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{2442A4FB-B935-4416-9793-6427646C26D2}C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe FirewallRules: [UDP Query User{3AFC5F9E-D692-4E34-96AD-A47E1B0940DC}C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe] => (Allow) C:\users\pc-\downloads\discoverytool_pc_v2.2.24.0.exe FirewallRules: [TCP Query User{5FD7E2B7-2A36-42E7-AC7D-923490804E8A}E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [UDP Query User{C846738C-4F0D-4E74-A064-866757180C84}E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{22D39611-A145-4325-9C6E-14C96CBA5544}E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{6B34B628-0D5C-4AB4-B51D-FCA4DCB6BD0B}E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\games\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{E09511A2-6749-44D6-888B-AE165248ECE7}E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [UDP Query User{2F639284-5538-409E-96B2-706E4D3D92FF}E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) E:\games\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [{051E3205-3235-4327-956A-CA4723D9E695}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.55\opera.exe FirewallRules: [{C4420CE7-0984-44D4-B493-97749F1B33BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AnimalSuperSquad\GWGame\Binaries\Win64\ASS-Win64.exe FirewallRules: [{AEC985CD-0E64-4899-8345-913636BB32B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AnimalSuperSquad\GWGame\Binaries\Win64\ASS-Win64.exe FirewallRules: [{513E2D7F-E904-4DA8-B887-1F5D7E815409}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{264F0709-34F8-4571-8FF8-8D128D430E39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe FirewallRules: [{560F51A1-9613-4256-9B2B-4979E2AD1684}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe FirewallRules: [{B84B43E3-B66E-4404-BD8B-619032B121F9}] => (Allow) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe FirewallRules: [{154230D0-233E-4082-AB14-75627B298F36}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Human Fall Flat\Human.exe FirewallRules: [{637A06B8-EF0C-4787-ABBF-347F13FBF88F}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Human Fall Flat\Human.exe FirewallRules: [{43A4F369-4548-4589-BE9A-278D2AAA9412}] => (Allow) E:\Games\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe FirewallRules: [{39AF439D-B39C-433D-9294-7E21B6D68C3C}] => (Allow) E:\Games\SteamLibrary\steamapps\common\StickFightTheGame\StickFight.exe FirewallRules: [{3B33B057-29A9-49BD-86EE-15C530A2430C}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [{38DBF9CB-CA71-43BD-AD52-400EF4C85F5D}] => (Allow) C:\Program Files (x86)\Sandrock\Erika.exe FirewallRules: [{76281E4E-6A2C-4D56-9C49-752A425CEA61}] => (Allow) C:\Program Files (x86)\Buffo\Erika.exe FirewallRules: [{42A06B9F-26D5-4E27-830E-D56929AA2588}] => (Allow) C:\Program Files (x86)\chatelaine\tiberias.exe FirewallRules: [{F0ABC415-82DC-4745-8B94-262001E1A18E}] => (Allow) C:\Program Files (x86)\Buffo\tiberias.exe FirewallRules: [{F5E2CE77-898C-4BC0-91D3-2778ADB28A4C}] => (Allow) C:\WINDOWS\System32\rundll32.exe FirewallRules: [{31A5A55A-DA4A-4A26-9A7E-C36A2ECC76F8}] => (Allow) C:\WINDOWS\System32\rundll32.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/03/2018 10:30:44 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\Adobe\Adobe Premiere Elements 15\MPEGHDVExport.exe". Dependent Assembly Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/03/2018 10:30:30 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest. Error: (04/03/2018 10:08:41 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest. Error: (04/03/2018 09:38:55 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Erika.exe version 9.4.6.164 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 14fc Start Time: 01d3cadb94b875ca Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Buffo\Erika.exe Report Id: 0011bd70-36cf-11e8-8402-20cf303b5e2a Faulting package full name: Faulting package-relative application ID: Error: (04/03/2018 07:43:48 AM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected Error: (04/03/2018 07:03:07 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\Adobe\Adobe Premiere Elements 15\MPEGHDVExport.exe". Dependent Assembly Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/03/2018 07:01:37 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest. Error: (04/03/2018 06:50:26 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (04/03/2018 10:39:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/03/2018 10:39:06 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HomeGroupListener service terminated with the following service-specific error: %%2147944153 = There are no more endpoints available from the endpoint mapper. Error: (04/03/2018 10:39:05 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (04/03/2018 10:39:04 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (04/03/2018 10:39:01 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\pwd_2k.SYS Error: (04/03/2018 10:38:59 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\pwd_2k.SYS Error: (04/03/2018 10:38:59 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\cdudf_xp.SYS Error: (04/03/2018 10:38:59 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\UdfReadr_xp.SYS Windows Defender: =================================== Date: 2018-04-03 10:08:37.478 Description: Windows Defender scan has been stopped before completion. Scan ID: {0A44AB37-BFB2-429F-AE1F-A2DC122DCF9F} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-04-03 08:26:25.576 Description: Windows Defender scan has been stopped before completion. Scan ID: {642280AA-91E0-4E09-84F1-3AF59003902D} Scan Type: Antimalware Scan Parameters: Full Scan Date: 2018-04-02 19:48:52.972 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner.CY&threatid=2147726391&enterprise=0 Name: Trojan:Win32/CoinMiner.CY ID: 2147726391 Severity: Severe Category: Trojan Path: clsid:_HKLM\SOFTWARE\CLASSES\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};file:_C:\WINDOWS\System32\mcicda64.dll;regkey:_HKLM\SOFTWARE\CLASSES\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shellexechook:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shellextapproved:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\\{BFD98515-CD74-48A4-98E2-13D209E3EE4F};shelliconoverlayid:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\{BFD98515-CD74-48A4-98E2-13D209E3EE4F} Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\WINDOWS\explorer.exe Signature Version: AV: 1.263.1903.0, AS: 1.263.1903.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-04-02 19:48:14.587 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner.CY&threatid=2147726391&enterprise=0 Name: Trojan:Win32/CoinMiner.CY ID: 2147726391 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\System32\mcicda64.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\WINDOWS\explorer.exe Signature Version: AV: 1.263.1903.0, AS: 1.263.1903.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-04-02 19:47:35.146 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Xadupi&threatid=2147709752&enterprise=0 Name: Trojan:Win32/Xadupi ID: 2147709752 Severity: Severe Category: Trojan Path: file:_C:\Users\PC-\AppData\Local\Temp\PandaViewer\thumbnail.ico Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\PC-\AppData\Local\Temp\1522662408U2Ftmp.exe Signature Version: AV: 1.263.1903.0, AS: 1.263.1903.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-04-03 09:12:07.515 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: 1.263.1966.0 Previous Signature Version: 1.263.1962.0 Update Source: User Signature Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.14600.4 Previous Engine Version: 1.1.14600.4 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. Date: 2018-04-03 09:12:07.515 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: 1.263.1966.0 Previous Signature Version: 1.263.1962.0 Update Source: User Signature Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.14600.4 Previous Engine Version: 1.1.14600.4 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. Date: 2018-04-03 07:53:42.501 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.263.1903.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14600.4 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. Date: 2018-04-03 07:53:42.500 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.263.1903.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14600.4 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. Date: 2018-04-03 07:53:34.297 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Signature Type: Update Type: Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. CodeIntegrity: =================================== Date: 2018-03-06 08:43:47.353 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-03-06 08:43:47.352 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-21 16:35:56.596 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-01-21 16:35:56.590 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-02-25 01:10:58.705 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-23 02:38:33.870 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-22 07:25:44.569 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 11:11:24.110 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz Percentage of memory in use: 63% Total physical RAM: 8183.11 MB Available physical RAM: 3014.39 MB Total Virtual: 16887.11 MB Available Virtual: 9542.91 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:223.03 GB) (Free:19.21 GB) NTFS Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:39.81 GB) NTFS Drive g: (Raid Storage) (Fixed) (Total:1862.77 GB) (Free:1861.85 GB) NTFS \\?\Volume{5975580d-3915-11e5-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS \\?\Volume{004090af-0000-0000-0000-50c837000000}\ () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 004090AF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DCC5820C) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 3 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229310 Share Posted April 3, 2018 Thanks for the service everyone provides here. Sorry if I am jumping the gun - anxiety levels high as my son is wanting to use the computer to transfer his homework to USB but I am not letting him until this is resolved. I'm wondering if I could just write a note to say a Dog some malware ate his homework? Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229311 Share Posted April 3, 2018 I also ran a Hijack this scan (in case it is of any benefit) Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 10:48:38 AM, on 3/04/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.14393.0953) FIREFOX: 41.0 (x86 en-US) Boot mode: Normal Running processes: C:\Program Files (x86)\GLPCCamera\monitorpad.exe C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe C:\WINDOWS\SysWOW64\rundll32.exe C:\Program Files (x86)\brust\nonfunctioning.exe C:\Users\PC-\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe O4 - HKLM\..\Run: [EaseUS EPM Tray Agent] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe" O4 - HKLM\..\Run: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files (x86)\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxAssistant] "C:\Program Files (x86)\Common Files\Roxio Shared\Upgrade\RoxAssist.exe" /s O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files (x86)\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [wolfram] "C:\Program Files (x86)\Sandrock\Erika.exe" mvu O4 - HKLM\..\Run: [wolframwolfram] "C:\Program Files (x86)\Buffo\Erika.exe" mvu O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [OneDrive] "C:\Users\PC-\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart O4 - HKCU\..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" O4 - HKCU\..\Run: [Google Update] C:\Users\PC-\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe O4 - HKCU\..\Run: [Google Photos Backup] "C:\Users\PC-\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart O4 - HKCU\..\Run: [wayout] rundll32.exe "C:\Users\PC-\AppData\Local\wayout.dll",wayout O4 - HKCU\..\Run: [terriers] "C:\Program Files (x86)\Sandrock\Erika.exe" mvu O4 - HKCU\..\Run: [terriersterriers] "C:\Program Files (x86)\Buffo\Erika.exe" mvu O4 - HKCU\..\Run: [shook] "C:\Program Files (x86)\Sandrock\Erika.exe" mvu O4 - HKCU\..\Run: [shookshook] "C:\Program Files (x86)\Buffo\Erika.exe" mvu O4 - HKCU\..\Run: [nonfunctioning] "C:\Program Files (x86)\brust\nonfunctioning.exe" mvu O4 - HKCU\..\Run: [dozing] "C:\Program Files (x86)\Sandrock\Erika.exe" mvu O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user') O4 - Startup: newey.lnk = ? O4 - Startup: start - Shortcut (2).lnk = C:\Survival___\start.bat O4 - Startup: start - Shortcut.lnk = C:\Oliver's server\start.bat O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{15b74de2-1a43-460f-9390-40d9aea884fb}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{f9997c51-f1a9-4314-85f1-12b97f23564b}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{15b74de2-1a43-460f-9390-40d9aea884fb}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: DTSAudioService - DTS - C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Macrium Service (MacriumService) - Paramount Software UK Ltd - C:\Program Files\Macrium\Common\MacriumService.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Samsung RAPID Mode Service (SamsungRapidSvc) - Unknown owner - C:\WINDOWS\system32\RAPID\SamsungRapidSvc.exe (file missing) O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe O23 - Service: Seagate MobileBackup Service - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WSWNDA3100v2 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- End of file - 12917 bytes Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229394 Share Posted April 3, 2018 Please help...I've just had a mad panic and tried to remove what I thought was malware but may have made things worse. I have a windows 10 computer that had windows defender running with regular scans. I tried to install some software last night and since then my computer has slowed down, the windows defender was disabled and I cannot install malwarebytes antimalware (or uninstall it now). I tried following the malwarebytes instructions to run chameleon but that also has failed (keeps saying the computer needs to reboot to complete an update but then won't update). I had a look in task manager and saw about 30 programs called ERIKA running plus some programs like bitcoin miner. my web searches in google are opening to random (?) websites (some of very questionable content). All this whilst my 10 year old son is asking to get his homework off the computer. I did post this in another post but realise I jumped the gun and tried to fix things myself. Thanks in advance Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229395 Share Posted April 3, 2018 Can this post please be closed. I realise I didn't follow the instructions correctly and as I couldn't edit my posts. I started a new thread. Sorry! Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229414 Share Posted April 3, 2018 I've managed to uninstall Malwarebytes and install it via the chameleon. Due to the difficulties I encountered earlier I ran the scan without a full update (that is where it hung last time) Txt logs following the MWB threat scan and farbar New symptom: when I alt tab I now have about 12 programs called FMVUB running and malwarebytes has disappeared!! malwarebytes.txt FRST.txt Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted April 3, 2018 ID:1229416 Share Posted April 3, 2018 Hello Quirkymac and welcome to Malwarebytes, I`ve merged both threads, keep all of your replies in this thread, do not create new topics. Am going over your logs, will post fix shortly.. Thank you, Kevin... Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229418 Share Posted April 3, 2018 Thanks Kevin - sorry for spamming! Anxiety response! Link to post Share on other sites More sharing options...
kevinf80 Posted April 3, 2018 ID:1229420 Share Posted April 3, 2018 Is no big deal, yes your system is severely infected. Lets see how we go, run the following; Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open Malwarebytes Anti-Malware. On the Settings tab > Protection Scroll to and make sure the following are selected:Scan for RootkitsScan within Archives Scroll further to Potential Threat Protection make sure the following are set as follows:Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended) Click on the Scan make sure Threat Scan is selected, A Threat Scan will begin. When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab If asked to restart your computer to complete the removal, please do so When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more to retrieve the log. To get the log from Malwarebytes do the following: Click on the Reports tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Let me see those logs in your reply.. Thank you, Kevin... fixlist.txt Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229424 Share Posted April 3, 2018 Fix applied..log posted Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted April 3, 2018 ID:1229425 Share Posted April 3, 2018 Can you run Malwarebytes..? Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229427 Share Posted April 3, 2018 I've tried to open malwarebytes but it won't open There is a malwarebytes tray application in the task manager but nothing is showing up as running and there is no icon where it would normally be (bottom right of the screen for me) Link to post Share on other sites More sharing options...
kevinf80 Posted April 3, 2018 ID:1229432 Share Posted April 3, 2018 Try this: Totally Remove Malwarebytes from your system: Download the latest version of MB-Clean by clicking this link: https://downloads.malwarebytes.com/file/mb_clean save to your Desktop, or a folder of your choice. Close all open applications Double-click and run mb-clean.exe A prompt with an option to clean up the system will appear: Yes - will proceed with backing up the license key (Malwarebytes 3.x only) and initiating the cleanup process. (Recommended)No - will exit the utility Once the cleanup process is completed, a prompt will appear:Yes – will proceed and post reboot you will be prompted to continue with the downloading, installation and activation of latest version of Malwarebytes 3.x (Recommended)No – will exit the utility and you will not be prompted (post reboot) to download, reinstall and re-activate (Not Recommended) We recommend rebooting immediately. Additionally, stopping at this step is not recommended and will most likely not resolve your issue(s). Upon reboot, a prompt will appear:Yes - will download, install and activate the latest version of Malwarebytes 3.x (Recommended)No - will exit the utility and the cleanup process is complete... A log file ("mb-clean-results.txt") will be on your desktop Next, Open Malwarebytes Anti-Malware. On the Settings tab > Protection Scroll to and make sure the following are selected:Scan for RootkitsScan within Archives Scroll further to Potential Threat Protection make sure the following are set as follows:Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended) Click on the Scan make sure Threat Scan is selected, A Threat Scan will begin. When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab If asked to restart your computer to complete the removal, please do so When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more to retrieve the log. To get the log from Malwarebytes do the following: Click on the Reports tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229444 Share Posted April 3, 2018 (edited) OK...by the time I came back to the computer (after talking to the Boss - Mrs Quirkymac) MWB-AMW had actually opened. I've started the threat scan with the parameters you specified above. Am I ok to run the threat scan or do you want me to stop it and still go through the clean and reinstall? I suspect my computer was on a massive go slow (which it has been doing). Let me know what I should do. Edited April 3, 2018 by Quirkymac Link to post Share on other sites More sharing options...
kevinf80 Posted April 3, 2018 ID:1229447 Share Posted April 3, 2018 With Malwarebytes Anti-Malware open do the following: On the Settings tab > Protection Scroll to and make sure the following are selected:Scan for RootkitsScan within Archives Scroll further to Potential Threat Protection make sure the following are set as follows:Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended) Click on the Scan make sure Threat Scan is selected, A Threat Scan will begin. When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab If asked to restart your computer to complete the removal, please do so When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more to retrieve the log. To get the log from Malwarebytes do the following: Click on the Reports tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229449 Share Posted April 3, 2018 scan completed. scan.txt Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229473 Share Posted April 3, 2018 Does that mean it is all clear? Many thanks for your time and efforts to help me sort this out. Please let me know if there is anything further I need to do. QM Link to post Share on other sites More sharing options...
kevinf80 Posted April 3, 2018 ID:1229540 Share Posted April 3, 2018 Hello Quirkymac, Couple more scans to complete: Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop Ensure to get the correct version for your system....https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply, also tell me if there are any remaining issues or concerns... Thank you, Kevin... Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229660 Share Posted April 3, 2018 # AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 03 20:57:20 2018 # Updated on 2018/08/02 by Malwarebytes # Running on Windows 10 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** Plugin deleted: System Table - ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C1].txt - [1335 B] - [2016/4/5 9:40:34] C:/AdwCleaner/AdwCleaner[S1].txt - [1104 B] - [2016/4/5 9:39:46] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ########## Link to post Share on other sites More sharing options...
kevinf80 Posted April 3, 2018 ID:1229664 Share Posted April 3, 2018 Thanks... Link to post Share on other sites More sharing options...
Quirkymac Posted April 3, 2018 Author ID:1229668 Share Posted April 3, 2018 Microsoft Windows Malicious Software Removal Tool v5.58, March 2018 (build 5.58.14622.1) Started On Wed Apr 04 07:02:08 2018 Engine: 1.1.14600.4 Signatures: 1.263.2.0 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 04 07:05:44 2018 Return code: 0 (0x0) Link to post Share on other sites More sharing options...
kevinf80 Posted April 3, 2018 ID:1229671 Share Posted April 3, 2018 How does your system respond now, any odd or erratic behavior...? Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Link to post Share on other sites More sharing options...
Recommended Posts