Jump to content

ow to remove Drive.bat virus on my computer


Recommended Posts

  • Root Admin

Hello @Radge and :welcome:

 

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/1/19
Scan Time: 11:39 PM
Log File: 2e8c4848-3c38-11e9-8e39-f0761c7d2de6.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.9498
License: Trial

-System Information-
OS: Windows 10 (Build 17134.590)
CPU: x64
File System: NTFS
User: acer\Elvie

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 342235
Threats Detected: 261
Threats Quarantined: 2
Time Elapsed: 13 min, 49 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 34
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DistromaticSearchProtect-hourly, No Action By User, [2027], [312600],1.0.9498
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DDDEECD2-3A21-4139-805D-8384987B78E0}, No Action By User, [2027], [312600],1.0.9498
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{DDDEECD2-3A21-4139-805D-8384987B78E0}, No Action By User, [2027], [312600],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\APPID\Amazon1ButtonBrowserHelper.dll, No Action By User, [3151], [468987],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\APPID\Amazon1ButtonRuntime.dll, No Action By User, [3151], [468987],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\Amazon1ButtonRuntime.AmazonRuntimeServer, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\TYPELIB\{48DDEC26-CEC3-478E-9566-0842DAF10CEA}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6B7479D5-C493-40F0-99B6-BFC901980034}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BFF94CF8-2D3B-4B2F-BB83-3600280AFEBA}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B7479D5-C493-40F0-99B6-BFC901980034}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BFF94CF8-2D3B-4B2F-BB83-3600280AFEBA}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{48DDEC26-CEC3-478E-9566-0842DAF10CEA}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{48DDEC26-CEC3-478E-9566-0842DAF10CEA}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\Amazon1ButtonRuntime.Amazon1ButtonRuntime, No Action By User, [3151], [386607],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\Amazon1ButtonBrowserHelper.dll, No Action By User, [3151], [468987],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\Amazon1ButtonRuntime.dll, No Action By User, [3151], [468987],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Amazon1ButtonBrowserHelper.dll, No Action By User, [3151], [468987],1.0.9498
PUP.Optional.Distromatic, HKU\S-1-5-21-1752258818-801759960-1543221255-1001\SOFTWARE\Distromatic, No Action By User, [6730], [359638],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Amazon1ButtonRuntime.dll, No Action By User, [3151], [468987],1.0.9498
PUP.Optional.Amazon1Button, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp, No Action By User, [3151], [441167],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp, No Action By User, [3151], [441168],1.0.9498
PUP.Optional.Amazon1Button, HKU\S-1-5-21-1752258818-801759960-1543221255-1001\SOFTWARE\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp, No Action By User, [3151], [441167],1.0.9498

Registry Value: 4
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|AMAZON1BUTTONTASKBARAPP.EXE, No Action By User, [3151], [493348],1.0.9498
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-1752258818-801759960-1543221255-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bahkljhhdeciiaodlkppoonappfnheoi, No Action By User, [266], [626736],1.0.9498
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DDDEECD2-3A21-4139-805D-8384987B78E0}|PATH, No Action By User, [2027], [312598],1.0.9498
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|AMAZON1BUTTONTASKBARAPP.EXE, No Action By User, [3151], [493348],1.0.9498

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 24
PUP.Optional.Booking, C:\PROGRAM FILES\BOOKING.COM, No Action By User, [864], [310593],1.0.9498
PUP.Optional.AmazonBrowserSettings, C:\PROGRAM FILES (X86)\AMAZON BROWSER SETTINGS, No Action By User, [2027], [312594],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\converter, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\icons, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\tiles, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\maps, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\_locales\pt_BR, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\fonts, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\_locales\en, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\_locales\fr, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\_locales\hi, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\_locales\vi, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\skin\icons, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\_metadata, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\_locales, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\vendor, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\skin, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\bahkljhhdeciiaodlkppoonappfnheoi, No Action By User, [266], [626736],1.0.9498

File: 199
PUP.Optional.AmazonBrowserSettings, C:\WINDOWS\SYSTEM32\TASKS\DistromaticSearchProtect-hourly, No Action By User, [2027], [312600],1.0.9498
Trojan.Agent.Generic, C:\USERS\ELVIE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\START.LNK, Quarantined, [3711], [394779],1.0.9498
PUP.Optional.NewTabTV, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage, No Action By User, [327], [359410],1.0.9498
PUP.Optional.NewTabTV, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage-journal, No Action By User, [327], [359410],1.0.9498
PUP.Optional.NewTabTV, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_newtabtv.com_0.localstorage, No Action By User, [327], [359416],1.0.9498
PUP.Optional.NewTabTV, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_newtabtv.com_0.localstorage-journal, No Action By User, [327], [359416],1.0.9498
PUP.Optional.MindSpark, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_free.gamingwonderland.com_0.localstorage, No Action By User, [612], [370343],1.0.9498
PUP.Optional.MindSpark, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_free.gamingwonderland.com_0.localstorage-journal, No Action By User, [612], [370343],1.0.9498
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.com.lnk, No Action By User, [864], [310593],1.0.9498
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.ico, No Action By User, [864], [310593],1.0.9498
PUP.Optional.Booking, C:\Program Files\Booking.COM\StartURL.exe, No Action By User, [864], [310593],1.0.9498
PUP.Optional.Booking, C:\Program Files\Booking.COM\Version.txt, No Action By User, [864], [310593],1.0.9498
PUP.Optional.Booking, C:\Booking.com.lnk, No Action By User, [864], [310593],1.0.9498
PUP.Optional.MindSpark.Generic, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_gamingwonderland.dl.tb.ask.com_0.localstorage, No Action By User, [1729], [443123],1.0.9498
PUP.Optional.MindSpark.Generic, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_gamingwonderland.dl.tb.ask.com_0.localstorage-journal, No Action By User, [1729], [443123],1.0.9498
PUP.Optional.AmazonBrowserSettings, C:\Program Files (x86)\Amazon Browser Settings\updater.exe, No Action By User, [2027], [312594],1.0.9498
PUP.Optional.MindSpark.Generic, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_gamingwonderland.dl.myway.com_0.localstorage, No Action By User, [1729], [443124],1.0.9498
PUP.Optional.MindSpark.Generic, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_gamingwonderland.dl.myway.com_0.localstorage-journal, No Action By User, [1729], [443124],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\fonts\HelveticaNeue-Thin.otf, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\fonts\HelveticaNeueLT-Roman.woff, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\fonts\neue-bold.woff, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\fonts\neue.woff, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\converter\close-FF8A5A.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\converter\collection-9B9B9B.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\converter\collection-FF691E.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\converter\doc-icon-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\converter\error-FF691E.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\converter\pdf-2-doc-9B9B9B.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\converter\pdf-2-doc-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\converter\pdf-icon-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\converter\success-FF8A5A.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\converter\tab-arrow-FF691E.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\converter\upload-FF691E.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\amazon-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\amazon.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\close.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\enlarge-000000-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\enlarge-FFCA00-000000.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\hulu-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\hulu.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\minimize-000000-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\netflix-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\netflix.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\refresh-FFFFFF-000000.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\shrink-FFCA00-000000.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\shuffle-000000.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\shuffle-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\vudu-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films\vudu.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\icons\128.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\icons\16.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\icons\48.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\icons\close.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\icons\favicon.ico, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\icons\trends.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\maps\bing-maps-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\maps\from-to-icon-8881FF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\maps\google-maps-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\maps\location-icon-8881FF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\maps\search-4A4A4A.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\maps\search-8881FF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\maps\switch-8881FF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\maps\tab-arrow-8881FF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\maps\whereto-logo-8881FF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\maps\whereto-logo-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\facebook_tile_v2.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\aliexpress.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\aliexpress_tile_v2.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\amazon.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\amazon_tile_v2.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\booking.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\booking_tile_v2.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\ebay.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\ebay_tile_v2.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\expedia.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\expedia_tile_v2.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\facebook.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\gmail.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\gmail_tile_v2.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\google-translate-icon-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\gtranslte.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\pinterest.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\pinterest_tile_v2.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\twitter.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\twitter_tile_v2.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\wix.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\wix_tile_v2.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\yahoo.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\yahoo_tile_v2.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\youtube.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sitesThumbnails\youtube_tile_v2.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\tiles\DOC-to-PDF.jpg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\tiles\PDF-to-DOC.jpg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\tiles\Translation.jpg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\tiles\View-PDF.jpg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\01d.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\01n.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\02d.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\02n.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\03d.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\03n.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\04d.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\04n.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\09d.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\09n.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\10d.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\10n.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\11d.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\11n.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\13d.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\13n.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\50d.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\weather\50n.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\down.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\alot.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\angle-arrow-down.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\bing.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\bing_large.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\bluesky-bg.jpg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\brush.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\bt.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\clock.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\cloud.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\cupcake-bg.jpg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\desk-bg.jpg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\doodle.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\enhanced_google.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\eyeglass.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\eyeglass_transparent.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\films-bg.jpg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\gmx_large.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\google.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\google_large.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\hero-bg.jpg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\just-the-box-empty.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\just-the-box.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\mountain-bg.jpg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\pointer2.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\radio-selected.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\radio-unselected.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\sea-bg.jpg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\search-D7D7D7.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\search-FFFFFF.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\settings.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\smallMagnifier.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\star-unselected.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\star.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\todoc.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\toggle-off.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\toggle-on.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\topdf.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\transparent_img.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\yahoo.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\yahoo.svg, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\yahoo_large.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\yandex.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\_enhanced_google.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\images\_gmx_large.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\content\bundle.v0.0.1.min.css, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\skin\icons\16.png, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\vendor\md5.min.js, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\vendor\react-dom.min.js, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\vendor\react-with-addons.min.js, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\_locales\en\messages.json, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\_locales\fr\messages.json, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\_locales\hi\messages.json, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\_locales\pt_BR\messages.json, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\_locales\vi\messages.json, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\_metadata\verified_contents.json, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\background.html, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\background.v0.0.1.min.js, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\client.v0.0.1.min.js, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\common.js.v0.0.1.min.js, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\e5d3501d500d07b0a1e952b0f8a81d78.woff, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\e_.json, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\index.html, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\manifest.json, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\bahkljhhdeciiaodlkppoonappfnheoi\10.1.3.96_0\responseConfig.json, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, [266], [626736],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, No Action By User, [266], [626736],1.0.9498
PUP.Optional.OpenCandy, C:\USERS\ELVIE\APPDATA\ROAMING\UTORRENT\UPDATES\3.4.3_40298.EXE, No Action By User, [1121], [317290],1.0.9498
Adware.Agent, C:\PROGRAM FILES (X86)\USB DISK SECURITY\LINKZB.EXE, No Action By User, [99], [597820],1.0.9498
Adware.Elex.ShrtCln, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, No Action By User, [272], [454721],1.0.9498
Adware.Elex.ShrtCln, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [272], [454721],1.0.9498
PUP.Optional.Palikan, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, No Action By User, [331], [455278],1.0.9498
PUP.Optional.Palikan, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [331], [455278],1.0.9498
PUP.Optional.Palikan, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [331], [455278],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [266], [626729],1.0.9498
PUP.Optional.Palikan, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, No Action By User, [331], [455278],1.0.9498
PUP.Optional.Palikan, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [331], [455278],1.0.9498
PUP.Optional.SearchManager.BITSRST, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [266], [628563],1.0.9498
PUP.Optional.Palikan, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, No Action By User, [331], [455278],1.0.9498
PUP.Optional.Palikan, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [331], [455278],1.0.9498
Adware.Elex.ShrtCln, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [272], [454721],1.0.9498
Adware.Elex.ShrtCln, C:\USERS\ELVIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, [272], [454721],1.0.9498

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.02.2019 01
Ran by Elvie (administrator) on ACER (01-03-2019 23:58:28)
Running from C:\Users\Elvie\Downloads\Programs
Loaded Profiles: Elvie (Available Profiles: Elvie)
Platform: Windows 10 Home Single Language Version 1803 17134.590 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o. -> ) C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(GameHouse Europe B.V. -> GameHouse) C:\Program Files (x86)\GameHouse Games\aminstantservice.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(CyberLink -> ) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Elvie\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Elvie\AppData\Roaming\uTorrent\uTorrent.exe
(Mirza) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Elvie\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Elvie\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Elvie\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Zbshareware Limited -> Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVG Technologies CZ, s.r.o. -> ) C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Yahoo! Inc. -> Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Prezi, Inc. -> Prezi Inc) C:\Program Files (x86)\Prezi\Update\1.3.101.21\PreziCrashHandler.exe
(Prezi, Inc. -> Prezi Inc) C:\Program Files (x86)\Prezi\Update\1.3.101.21\PreziCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-07-16] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-06-14] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [307632 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [662728 2013-02-07] (Zbshareware Limited -> Zbshareware Lab)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-06-14] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2187336 2017-10-21] (AVG Technologies CZ, s.r.o. -> )
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2019-02-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [64096 2018-03-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [307632 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc. -> Yahoo! Inc.)
HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\Run: [Google Update] => C:\Users\Elvie\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [605992 2018-12-18] (Google Inc -> Google Inc.)
HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\Run: [L09AXLRD_121579359] => C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE [351000 2008-06-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\Run: [uTorrent] => C:\Users\Elvie\AppData\Roaming\uTorrent\uTorrent.exe [1908920 2019-01-16] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4161592 2018-01-11] (Mirza) [File not signed]
HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35240336 2019-02-28] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\MountPoints2: {ef5ba4cb-c3b5-11e8-82c1-f0761c7d2de6} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\drivers\setup.exe
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-06-02]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 platform.wondershare.com
Tcpip\..\Interfaces\{627328d5-639b-4ad9-8720-3880d1b4a634}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9c99e2a1-6ea2-46e5-8192-514b135a1fd1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fc526c67-87f3-4628-9000-b3e4114d68f1}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKU\S-1-5-21-1752258818-801759960-1543221255-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180604__yaie
HKU\S-1-5-21-1752258818-801759960-1543221255-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKU\S-1-5-21-1752258818-801759960-1543221255-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.com/#/?show_is=1&source=art
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ph.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ph.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1752258818-801759960-1543221255-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F48C4319-D398-4FC1-A80F-24220BA37EC8}&mid=878f2e470c5647cc9d46213f5a99c415-592bae8b8e93f3f49198570cba79f528a27f6ff8&lang=en&ds=AVG&coid=avgtbavg&cmpid=0517tb&pr=fr&d=2016-08-01 17:54:57&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1752258818-801759960-1543221255-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F48C4319-D398-4FC1-A80F-24220BA37EC8}&mid=878f2e470c5647cc9d46213f5a99c415-592bae8b8e93f3f49198570cba79f528a27f6ff8&lang=en&ds=AVG&coid=avgtbavg&cmpid=0517tb&pr=fr&d=2016-08-01 17:54:57&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1752258818-801759960-1543221255-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180604__yaie&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-12-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll [2017-10-21] (AVG Technologies CZ, s.r.o. -> AVG)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-14] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll [2017-10-21] (AVG Technologies CZ, s.r.o. -> AVG)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-14] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 
FF HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Elvie\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Elvie\AppData\Roaming\IDM\idmmzcc5 [2018-08-02] [Legacy] [not signed]
FF HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_150.dll [2019-02-22] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-31] (VideoLAN) [File not signed]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_150.dll [2019-02-22] (Adobe Systems Incorporated -> )
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] (Foxit Corporation -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] (Foxit Corporation -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc. -> Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.prezi.com/Prezi Update;version=3 -> C:\Program Files (x86)\Prezi\Update\1.3.101.21\npPreziUpdate3.dll [2018-11-06] (Prezi, Inc. -> Prezi Inc)
FF Plugin-x32: @tools.prezi.com/Prezi Update;version=9 -> C:\Program Files (x86)\Prezi\Update\1.3.101.21\npPreziUpdate3.dll [2018-11-06] (Prezi, Inc. -> Prezi Inc)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-04-02] (WildTangent Inc -> )
FF Plugin HKU\S-1-5-21-1752258818-801759960-1543221255-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Elvie\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-1752258818-801759960-1543221255-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Elvie\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://www.palikan.com/?f=7&a=plk_tchfld_15_48&cd=2XzuyEtN2Y1L1Qzu0FtDyByCtC0CyB0DtB0D0EyC0FyC0C0DtN0D0Tzu0StCyEtBzztN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyE0C0E0FyEyBtC0CtGtBtB0CyDtGtBtAzyyBtGtAyEzzzztGyEyE0D0DyCtCtC0B0DtDyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0AtCyB0DzzzzyBtGtA0AzzyBtGyE0AyDyEtGzz0DyD0EtGtB0AtBzyyDzy0CzyyEtCtCzz2QtN0A0LzuyE&cr=1815942099&ir=","hxxp://www.oursurfing.com/?type=hp&ts=1445012397&z=3dd569eaa5597ffe3ebf9c9g8z6z7w9e9g3occ1tbm&from=2sq&uid=st500lt012-1dg142_s3pnjy6nxxxxs3pnjy6n"
CHR NewTab: Default ->  Not-active:"chrome-extension://bahkljhhdeciiaodlkppoonappfnheoi/content/newtab.html"
CHR Profile: C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default [2019-03-01]
CHR Extension: (Flash Video Downloader) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-09-24]
CHR Extension: (Search Manager) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2019-02-11]
CHR Extension: (OFFMP4 - Best Video Download Helper) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbpcocgobkgpipkcnnloblpeedpfonfk [2018-07-13]
CHR Extension: (Honey) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-02-17]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-26]
CHR Extension: (DownAlbum) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2019-01-15]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2017-07-17]
CHR Extension: (Video Downloader professional) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-08-04]
CHR Extension: (ARC Welder) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2018-08-15]
CHR Extension: (Google Play Music) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-12-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-11]
CHR Extension: (HTTPS Everywhere) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2019-02-01]
CHR Extension: (Musixmatch Lyrics for YouTube) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfenjblodoldnbiddmggcbkcapiolbig [2018-06-01]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-02-23]
CHR Extension: (Google Play Music) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2018-12-01]
CHR Extension: (Mauf - Custom Messenger Colors) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfjnmganegfpajpgchndgfjbljnehink [2017-06-29]
CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2018-05-09]
CHR Extension: (Google Play) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-10-23]
CHR Extension: (Web Navigation) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja [2016-02-04] [UpdateUrl:hxxp://www.linkszb.com/addon/chrome/update.xml] <==== ATTENTION
CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2018-11-30]
CHR Extension: (Google Play Books) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2018-01-03]
CHR Extension: (ShopBack Cashback Button) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngeinbnbakgkpcmokhonplkllgbnohoo [2019-02-21]
CHR Extension: (IDM Integration Module) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-11]
CHR Extension: (Chrome Media Router) - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-17]
CHR Profile: C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-12-04]
CHR Profile: C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-18]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]
CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\Elvie\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2016-02-03]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMInstantService; C:\Program Files (x86)\GameHouse Games\aminstantservice.exe [2041776 2016-10-26] (GameHouse Europe B.V. -> GameHouse)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [357360 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6807360 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428264 2018-06-14] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
S3 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [110048 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [453888 2019-02-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2938504 2018-02-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [104752 2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-07-23] (Acer Incorporated -> Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-04-02] (WildTangent Inc -> WildTangent)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370064 2015-09-30] (Intel Corporation - pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-31] (Acer Incorporated -> Acer Incorporate)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 prezi; C:\Program Files (x86)\Prezi\Update\PreziUpdate.exe [224160 2018-07-18] (Prezi Inc -> Prezi Inc)
S3 prezim; C:\Program Files (x86)\Prezi\Update\PreziUpdate.exe [224160 2018-07-18] (Prezi Inc -> Prezi Inc)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-10-18] (Acer Incorporated -> Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] (CyberLink -> )
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [6598496 2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (Acer Incorporated -> acer)
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-24] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-24] (Microsoft Corporation -> Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-10-21] (AVG Technologies CZ, s.r.o. -> )

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [37368 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [205656 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [226448 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [196848 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgblog.sys [320960 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [58008 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [15280 2019-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42552 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [167560 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [112568 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [88208 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1034184 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [474712 2019-02-16] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [217040 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [380208 2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-03-01] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-03-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-03-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-03-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek Semiconductor Corp -> Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-06-24] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated -> Synaptics Incorporated)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-09-19] (AVG Technologies CZ, s.r.o. -> AVG Netherlands B.V.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-24] (Microsoft Windows -> Microsoft Corporation)
U1 avgbdisk; no ImagePath

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys 4B45A2D37CCE3CC0F161B7C7286081A6
C:\WINDOWS\System32\drivers\3ware.sys F5E5BA493B7C497F1F769942E2EA4CE2
C:\WINDOWS\System32\drivers\ACPI.sys CA51BB1B81F97E896E116C839B92D9D8
C:\WINDOWS\System32\drivers\AcpiDev.sys 75795E4B19BB3ED8D3C25A17CD15DC30
C:\WINDOWS\System32\Drivers\acpiex.sys DDA0FC1400A24988A7D3E746AEDF2C0F
C:\WINDOWS\System32\drivers\acpipagr.sys 1F2EC25DA23D1DF3ADA12FE5A26D321C
C:\WINDOWS\System32\drivers\acpipmi.sys 6AFFD57803BBB6FBCB483F983900A5C4
C:\WINDOWS\System32\drivers\acpitime.sys 0FC8673FAFC7D78C1CDC000F892CAC64
C:\WINDOWS\System32\drivers\ADP80XX.SYS A3D4CF2F3A433BE18CD4AD3E6665DC63
C:\WINDOWS\system32\drivers\afd.sys 4DCCC3E02A22ED4A4ADB11386F226071
C:\WINDOWS\system32\drivers\afunix.sys F267095A11A461BEF39FB180750BE801
C:\Windows\SysWOW64\drivers\afunix.sys 254921C0E1C35BBF22728BE95AD31950
C:\WINDOWS\System32\DRIVERS\ahcache.sys 0CD0F0C62414217DE9EA7EC8D425277E
C:\WINDOWS\System32\drivers\amdk8.sys 6DF48AD26E6285FB137F11328B64A376
C:\WINDOWS\System32\drivers\amdppm.sys D8804032BCDE4077A6D8D431D12AC6CC
C:\WINDOWS\System32\drivers\amdsata.sys A88F5E24B65228FB25F2051B3408A0E4
C:\WINDOWS\System32\drivers\amdsbs.sys AECD39E51DABC2BF045B2857F02FA2BD
C:\WINDOWS\System32\drivers\amdxata.sys B4CC9943230CAEB05B46CC30C220E141
C:\WINDOWS\System32\drivers\appid.sys C3ECF8840E4EAF09A4F2AE0174D6F36A
C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys 4E59668442D1A2479E17F2FB5F819A7B
C:\WINDOWS\System32\drivers\AppleLowerFilter.sys 0122ECE34AEEC95212A211C016270937
C:\WINDOWS\System32\drivers\applockerfltr.sys 769316CA5884FBBD02D45C28FE105922
C:\WINDOWS\System32\drivers\arcsas.sys 013E057DF3D13A4462AD912D7732E7E0
C:\WINDOWS\System32\drivers\asyncmac.sys B25ACCD9BE5F5798E9DD8FFB04D7BE4C
C:\WINDOWS\System32\drivers\atapi.sys 90AB4ED8EBD72A1C096A40CC35404B91
C:\WINDOWS\System32\drivers\athw8x.sys 835E2C1A3D32492E2B90BD4FE5527CB6
C:\WINDOWS\System32\drivers\avgArDisk.sys CE91D2B4789883E8DAF16DAFD97CCFBC
C:\WINDOWS\System32\drivers\avgArPot.sys D5165C3AF2965C2B509FC170E190E1CF
C:\WINDOWS\System32\drivers\avgbidsdriver.sys C0B0D76A144DF75AD3745F48257EDE59
C:\WINDOWS\System32\drivers\avgbidsh.sys 93EE86F3C8F6CD3C7B809A799B0DFFE2
C:\WINDOWS\System32\drivers\avgblog.sys CFC5C9ECA6BC79F987598C763CC1741D
C:\WINDOWS\System32\drivers\avgbuniv.sys 0ABA0C933868DB14E1CC4EEFEEBC159E
C:\WINDOWS\System32\drivers\avgElam.sys ED8B18FE244A0A4B29EA6DE3A6D0E474
C:\WINDOWS\System32\drivers\avgKbd.sys 151FFDF8BEBFE03FDD93D293BD4FAA6C
C:\WINDOWS\System32\drivers\avgMonFlt.sys 069B0A48414A15666AF95E9DA03EFF19
C:\WINDOWS\System32\drivers\avgRdr2.sys 27A28EED3B49505FD9FE79E4F71588A7
C:\WINDOWS\System32\drivers\avgRvrt.sys D203359D77C98E094DFCDD3DEC5938D6
C:\WINDOWS\System32\drivers\avgSnx.sys 8F226FEDEA83364AE1D00AB001C471DE
C:\WINDOWS\System32\drivers\avgSP.sys EAD45CC4EC46E4DC84EAD6313DC90177
C:\WINDOWS\System32\drivers\avgStm.sys 589AD719C1FBEDF28965CAF13B07C376
C:\WINDOWS\System32\drivers\avgVmm.sys 016B8705FB5A002BDEFAFDD30CC5C316
C:\WINDOWS\System32\drivers\bxvbda.sys F10E4C9444A9FC6DCBAB2C42F6999FA1
C:\WINDOWS\System32\drivers\bam.sys 982FAA5686F67BFEF3E6094705C2621F
C:\WINDOWS\System32\drivers\BasicDisplay.sys FA4973E379E872C61D0CF4E39F807833
C:\WINDOWS\System32\drivers\BasicRender.sys F024B80EA0076A318598DAB795F9C3D0
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys 9B068DF7B7B3DDF768D06DFD69B49FD0
C:\WINDOWS\system32\drivers\bindflt.sys AC46922A724F2C35BF945FBAA024643E
C:\WINDOWS\System32\DRIVERS\bowser.sys 85B874696CC64AFE22DEAD2B87498621
C:\WINDOWS\System32\drivers\btath_bus.sys AF7DEA6A0E93AF8517A310D189B656BE
C:\WINDOWS\system32\DRIVERS\btfilter.sys C8BF11D79B29BB23A461B65B58BA8593
C:\WINDOWS\System32\drivers\bthhfenum.sys 5512D026F23AA7C99B49A8A18FE8556F
C:\WINDOWS\System32\drivers\bthmodem.sys A0EC1D5C937995A2C5F1179538A8A6B4
C:\WINDOWS\System32\drivers\BTHport.sys 11205A6A03B7F58BD45EF9896C01B50B
C:\WINDOWS\System32\drivers\BTHUSB.sys 0D5ECDF2601312025811F6AC413F851A
C:\WINDOWS\System32\drivers\bttflt.sys E3786BEBB7E4003DE324A18069DDA081
C:\WINDOWS\System32\drivers\buttonconverter.sys 03C13BB635635B9152DBF49AA07B728C
C:\WINDOWS\System32\drivers\CAD.sys 9983FF8D9834F2E67787F4BDC42A8E36
C:\WINDOWS\System32\drivers\capimg.sys 407B33DE151A3DFCF564AC4270E44B1D
C:\WINDOWS\System32\DRIVERS\cdfs.sys D7CFB8CA10EFD49764A25F3816028304
C:\WINDOWS\System32\drivers\cdrom.sys 6834DBBA2A1DBA5B9B6360D0B9A3CBB5
C:\WINDOWS\System32\drivers\cht4sx64.sys 4A08B239F92B319AD31E3916D27AD4B9
C:\WINDOWS\System32\drivers\cht4vx64.sys C8EA9376E4D284F9DF24B27AC6E3AB85
C:\WINDOWS\System32\drivers\circlass.sys 3AA86DA04A561E8162C2DBBF92D12074
C:\WINDOWS\System32\drivers\cldflt.sys 4C9CDDE070A9A005CC11CF17483720A4
C:\WINDOWS\System32\drivers\CLFS.sys DB26170CF6555B9AFF76CFA067ABCF90
C:\WINDOWS\System32\drivers\CmBatt.sys 66CBF6F8FE6F436B315D7FEAF5D2BB40
C:\WINDOWS\System32\Drivers\cng.sys C87059D18F28CDDBD9188C1E32A05473
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys 037DCC7A71938729CB12E8174E03031C
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys E40C99A3E0FFF49687F2187BF3E3050D
C:\WINDOWS\System32\drivers\condrv.sys 3799A9DFB162D9AAD6AC12CB8185FD19
C:\WINDOWS\System32\drivers\dam.sys 8711386E9B04357F8F58166760759F3A
C:\WINDOWS\System32\Drivers\dfsc.sys 8A1C10410FDA4287A76EC5A64371E221
C:\WINDOWS\system32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409
C:\WINDOWS\System32\drivers\disk.sys A79FCB89805FA9EA9F48B671A4591D4E
C:\WINDOWS\System32\drivers\dmvsc.sys F69D7A5D7EDEE16B85F08040836FB09C
C:\WINDOWS\System32\drivers\drmkaud.sys AD1BEFBF96C0273925EDC9282557D984
C:\WINDOWS\System32\drivers\dxgkrnl.sys 9DE01582E771304FC81538738CA5C7E0
C:\WINDOWS\System32\drivers\evbda.sys 75CA88887850A74DDAAAF92500B6D9B9
C:\WINDOWS\System32\drivers\EhStorClass.sys 7E838D857FC55535710C316441459C38
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys 49023DD6F646B8C70AE1C105415F3E2B
C:\WINDOWS\System32\drivers\errdev.sys 1DF19D7A941CB06F8EADF89FA0BF59AD
C:\WINDOWS\system32\drivers\mbae64.sys 74DBF5DE5CB747E73EC1FC6C3AC1CCFE
C:\Windows\System32\Drivers\exfat.sys EED39B62D3A7997D0A18711957C9D43A
C:\Windows\System32\Drivers\fastfat.sys BB0B0F010E44321C861749A91AEFFE64
C:\WINDOWS\System32\drivers\fdc.sys 6701B9973DE98578A491721B4BDE0926
C:\WINDOWS\System32\drivers\filecrypt.sys 9BC7FE262AF52B341048234809AA7D91
C:\WINDOWS\System32\drivers\fileinfo.sys 6702E71BDC30527842F86F1BF5B9F59E
C:\WINDOWS\System32\drivers\filetrace.sys 01D83D284E6B37902DB3C4D4DB0649E0
C:\WINDOWS\System32\drivers\flpydisk.sys CE9CB1DB00B5007ABFFF0717E748E919
C:\WINDOWS\System32\drivers\fltmgr.sys C5374BA2CAE89DE7269EC61A969EF5D5
C:\WINDOWS\System32\drivers\FsDepends.sys 835F9C7193B6F9A796DE76897DC56968
C:\Windows\System32\Drivers\Fs_Rec.sys A01BA0506E07F316483E99D7AD9B6E75
C:\WINDOWS\System32\DRIVERS\fvevol.sys 73721B6013AA296F935755A2EC8A3574
C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\WINDOWS\System32\drivers\vmgencounter.sys 71DBED7FB264DB60341BC796EC2E8135
C:\WINDOWS\System32\drivers\genericusbfn.sys EA5EE5EF9765A9157B346DF671952F18
C:\WINDOWS\System32\Drivers\msgpioclx.sys 6BE6550F1A32796A11EBC58BBC72C44D
C:\WINDOWS\System32\drivers\gpuenergydrv.sys 508614CAC7BF8AEE4FB9002A413919B1
C:\WINDOWS\System32\drivers\HDAudBus.sys DED74127C7A2266715C0B8EA2EE75214
C:\WINDOWS\System32\drivers\HidBatt.sys 95888B85956AF97320D1F5C354632957
C:\WINDOWS\System32\drivers\hidbth.sys 104124D3EB9D10608F80D621FA1B4525
C:\WINDOWS\System32\drivers\hidi2c.sys 6D767FEB02DF712F783BEEFF09E06431
C:\WINDOWS\System32\drivers\hidinterrupt.sys 542AB7A14235C5227A9307ACF1636F0B
C:\WINDOWS\System32\drivers\hidir.sys 1553DF41F4EE4F60B4BEEEC62264BE71
C:\WINDOWS\System32\drivers\hidusb.sys 6E3FB2047B8AE72E1B5F1C00A5F3E475
C:\WINDOWS\System32\drivers\HpSAMD.sys 621B1FFB2E4E4745484EA01B013BF1D2
C:\WINDOWS\System32\drivers\HTTP.sys 87B74C28D0A841D920B05184554C41BB
C:\WINDOWS\System32\drivers\hvcrash.sys 9E1F3BA540DB9F4942A3F50A92E5754F
C:\WINDOWS\System32\drivers\hvservice.sys C3D52DA1DD280253A4575A0AF7BF1BD8
C:\WINDOWS\System32\Drivers\mshwnclx.sys B149905CD7451160B6BFA2191A3F6182
C:\WINDOWS\System32\drivers\hwpolicy.sys FE36689912DEC37D45B7A6C6414046FE
C:\WINDOWS\System32\drivers\hyperkbd.sys A1133368F47D514D73DD7FB4C4FD2B75
C:\WINDOWS\System32\drivers\HyperVideo.sys B68252C53556FFB52CCE18FF30FACA99
C:\WINDOWS\System32\drivers\i8042prt.sys DA179667B8CEC22E4ECBBF4210DC0E35
C:\WINDOWS\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\WINDOWS\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAVC.sys 26405FA714257E449581DE5D6E6200E6
C:\WINDOWS\System32\drivers\iaStorV.sys 11AC0355FE52CC8813EE6864DE7531E4
C:\WINDOWS\System32\drivers\ibbus.sys 62CD9FA7394BCDF7784CCEFC9D00C9AA
C:\WINDOWS\system32\DRIVERS\idmwfp.sys 6248F7270A37B8890C7A058AAD4D6620
C:\WINDOWS\system32\DRIVERS\igdkmd64.sys 548712979B0BA12ECE2D8549797593D4
C:\WINDOWS\System32\drivers\IndirectKmd.sys AA38C19A3D65E8228D822EB18037E19D
C:\WINDOWS\system32\drivers\intelaud.sys F0F581A2299CB2BAB1DF2597BCDDB80F
C:\WINDOWS\system32\drivers\RTKVHD64.sys EB519FE4E7927D908D665305A177D3B6
C:\WINDOWS\system32\DRIVERS\IntcDAud.sys 8E4044C6B71B2F837166F6EDB6BF9100
C:\WINDOWS\System32\drivers\intelide.sys F1B552F7ACDF6E3E4DDDB76118CAFDE3
C:\WINDOWS\System32\drivers\intelpep.sys E6CC7C1E7CEDC81D6B15BF2CF4C99109
C:\WINDOWS\System32\drivers\intelppm.sys 2CEF9DEB97B2CA327175EE8AD5F195A1
C:\WINDOWS\System32\drivers\iorate.sys 8F466DA27E6160934A695BCCEFB80AC3
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FB72A49FAD5C343C8C38948F92D87BBF
C:\WINDOWS\System32\drivers\IPMIDrv.sys 5C58142E0F1F8AA379748CC123BA7527
C:\WINDOWS\System32\drivers\ipnat.sys 7408B83959A4B8271EF67FD06A6B366B
C:\WINDOWS\System32\drivers\ipt.sys 7BEA2228C81FB6E1EADDD54D615B4C7E
C:\WINDOWS\system32\drivers\irda.sys 030AE3773151CFA728C67E38416FAD8D
C:\WINDOWS\System32\drivers\irenum.sys 79D02DC54AB4F85D2C13A728A0E36193
C:\WINDOWS\System32\drivers\isapnp.sys 38A6EC08D0067DECF7B5BA4C871B846C
C:\WINDOWS\System32\drivers\msiscsi.sys 5529131AAB75E07D9295B19E20C54DAE
C:\WINDOWS\System32\drivers\ItSas35i.sys C35FD802C800F3CBB4FD426D5A542A22
C:\WINDOWS\System32\drivers\kbdclass.sys 17F3B012B28F27E7B813A7B037A3D790
C:\WINDOWS\System32\drivers\kbdhid.sys 843B4BBD15DD0340C5C293CD419D4A76
C:\WINDOWS\System32\drivers\kdnic.sys 5BBB86F3F1700E0ACE1DF10F0EF7B227
C:\WINDOWS\System32\Drivers\ksecdd.sys 9E2603E22242B1482EB5184EBE6ED107
C:\WINDOWS\System32\Drivers\ksecpkg.sys 43C0423E16C823E22BA9E50DB06FB275
C:\WINDOWS\system32\drivers\ksthunk.sys 10F2EBC1F1C4549C355781715DE47B66
C:\WINDOWS\System32\drivers\lltdio.sys 3CF979AFF0196DF3DF5E54DFC049EB1F
C:\WINDOWS\System32\drivers\LMDriver.sys 262ACFCAC89FEC27C361969613EB29DA
C:\WINDOWS\System32\drivers\lsi_sas.sys 48380096385DB46E43D85CD92B9500DB
C:\WINDOWS\System32\drivers\lsi_sas2i.sys F708223E5829510DF0D5AF209D11C8B8
C:\WINDOWS\System32\drivers\lsi_sas3i.sys B91BCC8F670F128A4BB826ACF2C2B9D5
C:\WINDOWS\System32\drivers\lsi_sss.sys FA31CDF977CD31AF9AEAAA422966ACC1
C:\WINDOWS\system32\drivers\luafv.sys E86400D7B6E095E89CF63667D94D3F50
C:\WINDOWS\System32\drivers\mausbhost.sys BD3D311802427608403C5E73A8D6137D
C:\WINDOWS\System32\drivers\mausbip.sys 61C2D9790943D8E3AD05AE35E4A313EF
C:\WINDOWS\System32\Drivers\MbamChameleon.sys AC5EE6C2018136DC8A3CBC7E5FEF5647
C:\WINDOWS\System32\DRIVERS\MbamElam.sys 31E4AC0C3D3BAC32082304BD43560760
C:\WINDOWS\System32\DRIVERS\farflt.sys A7F4BFED307FE44FC280917F2D4A1759
C:\WINDOWS\system32\DRIVERS\mbam.sys 613AD3165965D98E8C674ABE9CF6BAED
C:\WINDOWS\System32\Drivers\mbamswissarmy.sys A71F1F650EC0CE9D8EF793D706F08786
C:\WINDOWS\system32\DRIVERS\mwac.sys 2D63057C1CD66B7876CFC5E529DCF6FD
C:\WINDOWS\System32\drivers\megasas.sys 61BCE12529E96E6F0335A2A8DEB83C61
C:\WINDOWS\System32\drivers\MegaSas2i.sys CA22763F12783A9C81C512ED747CECDD
C:\WINDOWS\System32\drivers\megasas35i.sys FDB06D857FC43D654547BBB31D039DB4
C:\WINDOWS\System32\drivers\megasr.sys 230361AF74DDB91705284E024A22DF4F
C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys EB1D78140D6634C32A46AB1006105EDC
C:\WINDOWS\System32\drivers\mlx4_bus.sys A8931C3820D5F392D89176E0628E766E
C:\WINDOWS\system32\drivers\mmcss.sys 133BE679CF8962E52A7E927C25F41EF3
C:\WINDOWS\System32\drivers\modem.sys CA25F2D78FDD0D36E3F3071B4B317BD4
C:\WINDOWS\System32\drivers\monitor.sys 13142B3B30F633F407D5256B2FFCCEF0
C:\WINDOWS\System32\drivers\mouclass.sys 66C9CCC6A100ACF7A4514BD3091CE566
C:\WINDOWS\System32\drivers\mouhid.sys 6BE61DAF4CDC0E13940096EAC4A9F490
C:\WINDOWS\System32\drivers\mountmgr.sys 2CFB54C638F75E39FBB22723401A8A56
C:\WINDOWS\System32\drivers\mpsdrv.sys BC7C041E5AB2D7F157731456188BFCF5
C:\WINDOWS\system32\drivers\mrxdav.sys C12373EC998C6F17C0FE2D6C3CBB9C04
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 6C321DB795F5EF5FF870737177825FC9
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys F3764391962FB1D11B52649B0B8716CC
C:\WINDOWS\System32\drivers\bridge.sys F14DE177087F9E990EDE95ACE1F94662
C:\Windows\System32\Drivers\Msfs.sys 128E1D8C23F690DF1DD7AFDB214DB6ED
C:\WINDOWS\System32\drivers\msgpiowin32.sys 5A5ABA987943317300A4E55A5C5EB8C4
C:\WINDOWS\System32\drivers\mshidkmdf.sys D727DEA75E316C80793C7098225D3F56
C:\WINDOWS\System32\drivers\mshidumdf.sys E12A703CE10B068727499276340D5296
C:\WINDOWS\System32\drivers\msisadrv.sys 8E42D6B92CB4567467E29F58F2E31715
C:\WINDOWS\System32\drivers\MSKSSRV.sys 2F3B9A23F8DEE9C3AD58CB3D966D83DD
C:\WINDOWS\System32\drivers\mslldp.sys AECFFBE104D428E8A74BCABF5B3B9912
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 83364A92271339D8042C9DD5FD938A84
C:\WINDOWS\System32\drivers\MSPQM.sys AE5A4B89CDFF544B6481970BFD48A056
C:\Windows\System32\Drivers\MsRPC.sys 63794CE6137D70D2E8468E147A89BD76
C:\WINDOWS\System32\drivers\mssmbios.sys 4566CB65F176CE5CD8FCA487D2E3A64B
C:\WINDOWS\System32\drivers\MSTEE.sys 8A11E03B32840C0B73C14D16794F1A8A
C:\WINDOWS\System32\drivers\MTConfig.sys 794285C4F166B8108292E63FEA3C41E3
C:\WINDOWS\System32\Drivers\mup.sys EEB9D3E90B83546864211D63C1A0A74A
C:\WINDOWS\System32\drivers\mvumis.sys 69CECA6726FAD321F5643B16A1FF3934
C:\WINDOWS\System32\DRIVERS\nwifi.sys 84E984CE780DDAFDC1460C0DDBDE0DF3
C:\WINDOWS\System32\drivers\ndfltr.sys AB9EB3CADF4D415B598487397476A23A
C:\WINDOWS\System32\drivers\ndis.sys 8012D36F21968B8CBACEAE696D87B4C0
C:\WINDOWS\System32\drivers\ndiscap.sys AF73B18F3096B165A6F4417C5ED36B01
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 1A9B1F5B8B131CE461A01C9424E149D7
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 4C8BBD7EE829CE9BFB8E21134AC477E0
C:\WINDOWS\System32\drivers\ndisuio.sys 76DB7B344F90A29A16CB6B7C67B87CF6
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys A76D79B71300EB3FEDD3D12D4C6F1D76
C:\WINDOWS\System32\drivers\ndiswan.sys 407FC276F4E21FC9BF40D8F78E9D96AE
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 407FC276F4E21FC9BF40D8F78E9D96AE
C:\WINDOWS\System32\DRIVERS\NDProxy.sys 934E4A5CFD9CB891CD338052FA3467C6
C:\WINDOWS\System32\drivers\Ndu.sys 0E3B0F3645D1BAE79397C66FE8AF6402
C:\WINDOWS\System32\drivers\NetAdapterCx.sys A704515CF3038668E9E2CA66E31A0700
C:\WINDOWS\System32\drivers\netbios.sys DD09E3115DF2CDB36FED21E67149EB91
C:\WINDOWS\System32\DRIVERS\netbt.sys A6C01E478CD9ED26F6FB7ABCF9A2C773
C:\WINDOWS\System32\drivers\netvsc.sys DA8548D75434CE421BF921BAAC0916D9
C:\Windows\System32\Drivers\Npfs.sys 7190932DB00BE83B57C01B5EAC4D746B
C:\WINDOWS\System32\drivers\npsvctrig.sys 218DB396170D77BB94F69B526CC51B8F
C:\WINDOWS\System32\drivers\nsiproxy.sys A4952889D7C5804F17ABB9F454A371C2
C:\Windows\System32\Drivers\Ntfs.sys C535BBBD3C87D5C56686E56B2DFBD420
C:\Windows\System32\Drivers\Null.sys C029E5408EEE26C3B4E5BA5D29738DB8
C:\WINDOWS\System32\drivers\nvdimm.sys 189E5FCB96ABFEA84239A16062256EE4
C:\WINDOWS\System32\drivers\nvraid.sys 1F50ED95984009BF3634D6BD1A16FA5B
C:\WINDOWS\System32\drivers\nvstor.sys D6C14906B78F235461EEF96A886830D4
C:\WINDOWS\System32\drivers\parport.sys 13B175715A4391E4E5D2AB2EBC8CDBB5
C:\WINDOWS\System32\drivers\partmgr.sys 428B9FAFB0EE6EF66EAAB7B49A96487A
C:\WINDOWS\System32\drivers\pci.sys 171FEE651F837DE6BC0831EB2EE6E667
C:\WINDOWS\System32\drivers\pciide.sys C447CDA030A3415711E4E940D2E9B399
C:\WINDOWS\System32\drivers\pcmcia.sys 753174DF234EA8BBF732986D5F78FCE7
C:\WINDOWS\System32\drivers\pcw.sys 1D05B6DE437515281CD91A16C16529E6
C:\WINDOWS\System32\drivers\pdc.sys F5F1A092463D6E46E71CC709A65403D1
C:\WINDOWS\System32\drivers\peauth.sys 42B12A76D3C98AE69C97727E3BEC7D8A
C:\WINDOWS\System32\drivers\percsas2i.sys CD9BA1C279BE0E92E971C2B45A7F3D9B
C:\WINDOWS\System32\drivers\percsas3i.sys 6D5EA79E82A48B181E18C2C39416E8C8
C:\WINDOWS\System32\drivers\pmem.sys E8BE4041A69023B6A4D1096EE8436347
C:\WINDOWS\System32\drivers\pnpmem.sys 99ECEDA6B2E1FDB6892FBD5AED1E5D99
C:\WINDOWS\System32\drivers\raspptp.sys 1FB09FD846D5030B82EB345E9970A105
C:\WINDOWS\System32\drivers\processr.sys E0E55CDA29C80A9520FCFC78D7F8A73D
C:\WINDOWS\System32\drivers\pacer.sys E4BF8BE7B3711BCBBC95EE983C0236F4
C:\WINDOWS\System32\Drivers\PxHlpa64.sys BC08F7F3C53CBEE68670ED1314E290FD
C:\WINDOWS\system32\drivers\qwavedrv.sys 00F72861538B6C4E925A21BAE397A49D
C:\WINDOWS\System32\drivers\RadioShim.sys 911BD6CE96BB62D7779A74498089BCE2
C:\WINDOWS\System32\DRIVERS\ramdisk.sys 0FFABEB2D06CD74DDE0BCA510EEAEEBC
C:\WINDOWS\System32\DRIVERS\rasacd.sys B834761352403111D0113284D8736025
C:\WINDOWS\System32\drivers\AgileVpn.sys FA99CE309B66586A0AA6EF9CFF7BC467
C:\WINDOWS\System32\drivers\rasl2tp.sys 775ED7E51B58CF9EB415A1DBA540DACF
C:\WINDOWS\System32\DRIVERS\raspppoe.sys E2433A620ABF4083157944E4692C500D
C:\WINDOWS\System32\drivers\rassstp.sys EE5D1D51FA74ECCE57CF2DB8F6A417D8
C:\WINDOWS\System32\DRIVERS\rdbss.sys 9CDA1BF8C836AFEBAD96288037157124
C:\WINDOWS\System32\drivers\rdpbus.sys 206AB796793FDBD518B82E2F308A7176
C:\WINDOWS\System32\drivers\rdpdr.sys 3DE4216324BE32FC3AF7667AE2406EE5
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 0600DF60EF88FD10663EC84709E5E245
C:\WINDOWS\System32\drivers\rdyboost.sys 65652EFAAF4A8A59E60A2D7BE15317E8
C:\Windows\System32\Drivers\ReFS.sys 71CE42AB00F72493B1D8D159C551C0E7
C:\Windows\System32\Drivers\ReFSv1.sys 4FD5928665993430F517F937F7CD96EF
C:\WINDOWS\System32\drivers\rhproxy.sys 3D4F4CCE0364CD3F1B539D2630686F24
C:\WINDOWS\System32\drivers\rspndr.sys FFFB16EF6E0B8B5F7F19B425923E7D12
C:\WINDOWS\System32\drivers\rt640x64.sys CF0F908B50CD8FB12B7B69DA56A44681
C:\WINDOWS\system32\DRIVERS\RtsPer.sys CCC77C9F4EA95A4D37DFF42910C90FF7
C:\WINDOWS\System32\drivers\vms3cap.sys A2939E69027B97105014434BFBFF7195
C:\WINDOWS\System32\drivers\sbp2port.sys 04C51BBD8C9F54E5F2C5D831B03B11E3
C:\Windows\System32\Drivers\SCDEmu.sys 92EAE8DEC1F992DB12AA23D9D55F264A
C:\WINDOWS\System32\DRIVERS\scfilter.sys 0070C2DC6563C48EDA63A282748F3FCD
C:\WINDOWS\System32\drivers\scmbus.sys A61C34A8B6BA61E61C612CAD636C369F
C:\WINDOWS\System32\drivers\sdbus.sys 495273177E87B0C34D7E431E9254FA23
C:\WINDOWS\System32\drivers\SDFRd.sys 9EF09DE84CE20B787C02395394AC2A7E
C:\WINDOWS\System32\drivers\sdstor.sys F80D6C03FEA2F7DEE14023B7229DA8C2
C:\WINDOWS\System32\drivers\SerCx.sys C5CF2941AA9E417B3A224601255C002E
C:\WINDOWS\System32\drivers\SerCx2.sys B9C113BD9FCA4F3E23F03708A7DA07CC
C:\WINDOWS\System32\drivers\serenum.sys 1845736FA47A1DFBBB642FE21095B4E0
C:\WINDOWS\System32\drivers\serial.sys F1BABF50469041797ED9928C31318832
C:\WINDOWS\System32\drivers\sermouse.sys 340116988930B07629A2D0C2B380A365
C:\WINDOWS\System32\drivers\sfloppy.sys 77FF0A5BA023D8E8C82EACCD54EA5C78
C:\WINDOWS\System32\drivers\SgrmAgent.sys 1941F5CA54C469E16957587FD56ED842
C:\WINDOWS\System32\drivers\SiSRaid2.sys 1443CF919C2A3207CE7724E0A31686A2
C:\WINDOWS\System32\drivers\sisraid4.sys C0B1EAD6CC127CAE4E84EBF54105B3B8
C:\WINDOWS\System32\drivers\spaceport.sys 2A4B36D0154FB019C54DFD6184CEC5FE
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys FE1776E587227120DC04EAEC45473245
C:\WINDOWS\System32\drivers\SpbCx.sys D05EB2BB52EC6B665D1631EC33241B80
C:\WINDOWS\System32\DRIVERS\srv2.sys A7739D2DFAB2352C82CB00A98DECE5E4
C:\WINDOWS\System32\DRIVERS\srvnet.sys 02BB0B43BF6A640FCAFCCEDBDD275EE8
C:\WINDOWS\system32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455
C:\WINDOWS\System32\drivers\stexstor.sys DA82903F26AE12034CC5229F61098948
C:\WINDOWS\System32\drivers\storahci.sys F2D1983C7BEF5E3AB8978A7796C59A75
C:\WINDOWS\System32\drivers\vmstorfl.sys 76C9E2AA3400C22FC7091AD2F2999F95
C:\WINDOWS\System32\drivers\stornvme.sys 701078F20919BD635EA25F691880F651
C:\WINDOWS\System32\drivers\storqosflt.sys 16CEC85543981EE1D01978C210462993
C:\WINDOWS\System32\drivers\storufs.sys 25D7B79F80F3C2CD97D797C14D470165
C:\WINDOWS\System32\drivers\storvsc.sys 1FC7B7BE58A29DF27F5E6F6C2F061FA3
C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys 54255DF324C621A97220EBFA832237D2
C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys 1BCD06B8BA217CB73FDFF07E7921AC2D
C:\WINDOWS\System32\drivers\Synth3dVsc.sys A2A42A570524C975259E3B81C4D80DCA
C:\WINDOWS\System32\drivers\tap0901.sys 3C32FF010F869BC184DF71290477384E
C:\WINDOWS\System32\drivers\tcpip.sys 8439FEFCF998F4354F70B757ED184447
C:\WINDOWS\System32\drivers\tcpip.sys 8439FEFCF998F4354F70B757ED184447
C:\WINDOWS\System32\drivers\tcpipreg.sys 085F8A5F09E64CC27309AF160EF4F9BA
C:\WINDOWS\system32\DRIVERS\tdx.sys 16071C42E21CE3378FA449322FB9AB1D
C:\WINDOWS\System32\drivers\terminpt.sys B2C4D7CB291293CAC636748E695D111E
C:\WINDOWS\System32\drivers\tpm.sys 330F5AA122A302F0244D918B9C92C9D1
C:\WINDOWS\System32\drivers\tsusbflt.sys 0D721F40C179EC5737C15E551F22C69B
C:\WINDOWS\System32\drivers\TsUsbGD.sys DE1296871208D1F13B7AC57C4B1FA46C
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys 9B5C98C9F9EF5E62806DCD58B0D8EACE
C:\WINDOWS\System32\drivers\tunnel.sys BC938ABBF586272BD4063CA51F09149F
C:\WINDOWS\System32\drivers\uaspstor.sys BDFACE024EFF2398214797143AD76C87
C:\WINDOWS\System32\Drivers\UcmCx.sys 00C4396DE1CD3502884BB2E2B6D6861C
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys ED9CBD1541C8AFDAA9B8255A384E2B53
C:\WINDOWS\System32\drivers\UcmUcsi.sys F58F1BC6A6972437CE18516F8ACCEB9F
C:\WINDOWS\System32\drivers\ucx01000.sys 017FB9532F54B28EFC1E37A91DB9ECC5
C:\WINDOWS\System32\drivers\udecx.sys 12E2B6B642360E66396502B62B048694
C:\WINDOWS\System32\DRIVERS\udfs.sys 1E5947946B186A411261DB872D287B49
C:\WINDOWS\System32\drivers\UEFI.sys D30AF38971B6670C222250AC2CBB6227
C:\WINDOWS\System32\drivers\ufx01000.sys 588B9212DEE84F5192C09A147AA5C316
C:\WINDOWS\System32\drivers\UfxChipidea.sys 78B5C069C9AA1463ACC833FD7E2A3BD5
C:\WINDOWS\System32\drivers\ufxsynopsys.sys 533BF4F456A1C6E7581E8C0A4EC59300
C:\WINDOWS\System32\drivers\umbus.sys 360FEE6F687D98EFFE46A5433FE6182E
C:\WINDOWS\System32\drivers\umpass.sys F6F1A9D91F684AA02951B96EE8127DAE
C:\WINDOWS\System32\drivers\urschipidea.sys 49A5E1B43C59DC0E363AD9C2D7D10BE4
C:\WINDOWS\System32\drivers\urscx01000.sys 53F1DA2D92D1D8CE4BB9D33E58D7DF01
C:\WINDOWS\System32\drivers\urssynopsys.sys 09518A324B95BBC0B472BD5A472CB916
C:\WINDOWS\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\WINDOWS\System32\drivers\usbccgp.sys B7211393225AB05324C52BA47B31FEB4
C:\WINDOWS\System32\drivers\usbcir.sys 250D21958EE5F45CD13FE6BE3788EE70
C:\WINDOWS\System32\drivers\usbehci.sys 4269DE1EB8029D55B3BB3A8A330FCF90
C:\WINDOWS\System32\drivers\usbhub.sys D67AABAE0C9EBAC9BBA2E20E0AF52EF1
C:\WINDOWS\System32\drivers\UsbHub3.sys 95A5A70091854B99C09A4231E5050C65
C:\WINDOWS\System32\drivers\usbohci.sys A547E7B1B3FB2228259AA85AC7E82698
C:\WINDOWS\System32\drivers\usbprint.sys 692C0BA4109C8F78392A299369F51129
C:\WINDOWS\System32\drivers\usbser.sys 45A9E57185B79420EFEA5A4AED655809
C:\WINDOWS\System32\drivers\USBSTOR.SYS CEF7527514EC49EBE0C760D784643EF0
C:\WINDOWS\System32\drivers\usbuhci.sys A4124036C4FD2B94C6157C4588EEB4E3
C:\WINDOWS\System32\Drivers\usbvideo.sys 9431F7E997A8750139517709B04D8629
C:\WINDOWS\System32\drivers\USBXHCI.SYS 9F4CCFCD4B4C6008C940510E43D54AEC
C:\WINDOWS\System32\drivers\vdrvroot.sys 8DCB7E5A9497C030484E5AD9E541B85C
C:\WINDOWS\System32\drivers\VerifierExt.sys 5C25C1A89650C95D15F7988D71487B08
C:\WINDOWS\System32\drivers\vhdmp.sys 621BC9225307C834A0DCE2842052A6B8
C:\WINDOWS\System32\drivers\vhf.sys EDCD732D7845A2B21B91C7D0CE96DA10
C:\WINDOWS\System32\drivers\vmbus.sys AD63BC4A11A4FD436ED23208BB8D1A9C
C:\WINDOWS\System32\drivers\VMBusHID.sys E2D57FB1A62F0BB7F70570806A09CE2B
C:\WINDOWS\System32\drivers\vmgid.sys 7D778F1E82EBA9F5A4DD392CFD3C4224
C:\WINDOWS\System32\drivers\volmgr.sys 708410755721F94FC8939673893C2E2B
C:\WINDOWS\System32\drivers\volmgrx.sys 1514506CA7462A64DC38C48108DDBB45
C:\WINDOWS\System32\drivers\volsnap.sys F0EE4E6028CCA58BEA9A04E7BEAB7DB4
C:\WINDOWS\System32\drivers\volume.sys 77FD1607F2C371ABD241EC7699C58884
C:\WINDOWS\System32\drivers\vpci.sys A8E3A6BA6A1B4D1DFEC5E8D5CFF786DF
C:\WINDOWS\System32\drivers\vsmraid.sys ED0B3436E1DE601C6C8EB86789AC8BAB
C:\WINDOWS\System32\drivers\vstxraid.sys 3D706FBED35DF3B17809C6714F31F9B0
C:\WINDOWS\System32\drivers\vwifibus.sys 0B11DBB8173AD374D67893D54EBEE9F3
C:\WINDOWS\System32\drivers\vwififlt.sys 95540F74893235C189409C98643D7A77
C:\WINDOWS\System32\drivers\vwifimp.sys 60A14582772A4DF0D0BE27B3F873BE6B
C:\WINDOWS\System32\drivers\wacompen.sys 87A01F65BD16C9FCCDD1B65F56CB93B0
C:\WINDOWS\System32\DRIVERS\wanarp.sys 78284C8CA31F9DC0B572F34CCA29A360
C:\WINDOWS\System32\DRIVERS\wanarp.sys 78284C8CA31F9DC0B572F34CCA29A360
C:\WINDOWS\system32\drivers\wcifs.sys 8A304D6CDC067922448CBA1EBB9FFCA8
C:\WINDOWS\system32\drivers\wcnfs.sys 8E899F2D39BBE4BD49A1E36C3E8A1E5F
C:\WINDOWS\System32\drivers\wd\WdBoot.sys D70CF956F1D9F1E5E54F2EF825AC3B97
C:\WINDOWS\System32\drivers\Wdf01000.sys 152926023B401D1F5F8852929572F5C3
C:\WINDOWS\System32\drivers\wd\WdFilter.sys 5792692B9C431AFD830F042DA16CDC62
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 7CF63F36E6271E9647CE3C44F95DD613
C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys EAF4FB729E94561EE31BDE5BEF869C65
C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys 92B87BEA39C116A64E8B9DF316006C4C
C:\WINDOWS\System32\drivers\wfplwfs.sys EB0B154F12F78DE232F38EF61BCDEEA2
C:\WINDOWS\System32\drivers\wimmount.sys 3AE28A996C9EB8A6F2AC12BC55035126
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys 2BB82BABE32D41F430D290239ABC0E87
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 5F0EDDA201630E132C2251BC9DA85023
C:\WINDOWS\System32\drivers\winmad.sys 762D8D839C44C5A0BE0449AA84034522
C:\WINDOWS\System32\drivers\winnat.sys C5AE3E1B653FD1F8072BE67D2BA28160
C:\WINDOWS\System32\drivers\WinUSB.SYS 6FA3D810FE082001B16ADE19829F1E8E
C:\WINDOWS\System32\drivers\winverbs.sys D2D6DB37E06608A5AF5B68D8E677B219
C:\WINDOWS\System32\drivers\wmiacpi.sys EAEF2A087812BB7110C744446AB731D5
C:\Windows\System32\Drivers\Wof.sys E122AD60BF4D7E4B28CCBABF33B28C1F
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 15C1131EA0216F799C86B03EDAE0BE45
C:\WINDOWS\system32\drivers\ws2ifsl.sys C1C2E769FCD3B00A59FF876FB2AD4336
C:\WINDOWS\System32\drivers\WudfPf.sys 813DC18CC654CFB1875074139B0FEFD3
C:\WINDOWS\System32\drivers\WUDFRd.sys FB64BAD6DEDB27EA39B03685AC0A8EB4
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys FB64BAD6DEDB27EA39B03685AC0A8EB4
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys FB64BAD6DEDB27EA39B03685AC0A8EB4
C:\WINDOWS\System32\drivers\xboxgip.sys 93352403D9E6B71C275996690672488F
C:\WINDOWS\System32\drivers\xinputhid.sys CE1F78B5C1F14F74242008B2B3153FA2

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-01 23:57 - 2019-03-01 23:58 - 000000000 ____D C:\FRST
2019-03-01 23:55 - 2019-03-01 23:55 - 000055746 _____ C:\Users\Elvie\Desktop\MalwareBytes logs 1.txt
2019-03-01 23:38 - 2019-03-01 23:38 - 000000000 ____D C:\Users\Elvie\AppData\Local\mbam
2019-03-01 23:37 - 2019-03-01 23:37 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-03-01 23:37 - 2019-03-01 23:37 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-03-01 23:37 - 2019-03-01 23:37 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-03-01 23:37 - 2019-03-01 23:37 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-03-01 23:37 - 2019-03-01 23:37 - 000000000 ____D C:\Users\Elvie\AppData\Local\mbamtray
2019-03-01 23:36 - 2019-03-01 23:36 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-01 23:36 - 2019-03-01 23:36 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-01 23:36 - 2019-03-01 23:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-01 23:36 - 2019-03-01 23:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-01 23:36 - 2019-03-01 23:36 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-01 23:36 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-01 22:38 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-01 19:35 - 2019-03-01 23:13 - 000003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2019-03-01 19:23 - 2019-03-01 23:04 - 000000000 ____D C:\Users\Elvie\AppData\LocalLow\uTorrent
2019-02-28 19:49 - 2019-02-11 13:05 - 000362928 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2019-02-27 19:46 - 2019-02-27 19:46 - 000004320 _____ C:\Users\Elvie\Desktop\VID20190227154748.mp4.sfk
2019-02-27 17:57 - 2019-02-27 17:57 - 000000000 ____D C:\Users\Elvie\Desktop\ELS
2019-02-22 19:31 - 2019-02-22 19:31 - 000001193 _____ C:\Users\Public\Desktop\Avira.lnk
2019-02-18 18:13 - 2019-02-06 15:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-18 18:13 - 2019-02-06 11:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-18 18:13 - 2019-02-06 11:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-18 18:13 - 2019-02-06 11:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-18 18:13 - 2019-02-06 10:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-18 18:13 - 2019-02-06 10:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-18 18:13 - 2019-02-06 10:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-18 18:13 - 2019-02-06 10:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-18 18:13 - 2019-02-06 10:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-18 18:13 - 2019-02-06 10:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-18 18:13 - 2019-02-06 10:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-18 18:13 - 2019-01-09 13:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-18 18:13 - 2019-01-09 13:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-18 18:13 - 2019-01-09 13:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-18 18:13 - 2019-01-09 13:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-18 18:13 - 2019-01-09 13:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-18 18:13 - 2019-01-09 13:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-18 18:12 - 2019-02-06 15:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-18 18:12 - 2019-02-06 15:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-18 18:12 - 2019-02-06 15:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-18 18:12 - 2019-02-06 15:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-18 18:12 - 2019-02-06 15:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-18 18:12 - 2019-02-06 15:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-18 18:12 - 2019-02-06 15:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-18 18:12 - 2019-02-06 14:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-18 18:12 - 2019-02-06 14:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-18 18:12 - 2019-02-06 14:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-18 18:12 - 2019-02-06 14:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-18 18:12 - 2019-02-06 11:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-18 18:12 - 2019-02-06 11:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-18 18:12 - 2019-02-06 11:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-18 18:12 - 2019-02-06 11:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-18 18:12 - 2019-02-06 11:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-18 18:12 - 2019-02-06 11:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-18 18:12 - 2019-02-06 11:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-18 18:12 - 2019-02-06 11:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-18 18:12 - 2019-02-06 11:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-18 18:12 - 2019-02-06 11:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-18 18:12 - 2019-02-06 11:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-18 18:12 - 2019-02-06 11:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-18 18:12 - 2019-02-06 11:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-18 18:12 - 2019-02-06 11:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-18 18:12 - 2019-02-06 11:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-18 18:12 - 2019-02-06 11:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-18 18:12 - 2019-02-06 11:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-18 18:12 - 2019-02-06 11:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-18 18:12 - 2019-02-06 11:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-18 18:12 - 2019-02-06 11:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-18 18:12 - 2019-02-06 11:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-18 18:12 - 2019-02-06 10:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-18 18:12 - 2019-02-06 10:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-18 18:12 - 2019-02-06 10:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-18 18:12 - 2019-02-06 10:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-18 18:12 - 2019-02-06 10:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-18 18:12 - 2019-02-06 10:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-18 18:12 - 2019-02-06 10:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-18 18:12 - 2019-02-06 10:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-18 18:12 - 2019-02-06 10:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-18 18:12 - 2019-02-06 10:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-18 18:12 - 2019-02-06 10:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-18 18:12 - 2019-02-06 10:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-18 18:12 - 2019-02-06 10:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-18 18:12 - 2019-02-06 10:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-18 18:12 - 2019-02-06 10:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-18 18:12 - 2019-02-06 10:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-18 18:12 - 2019-02-06 10:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-18 18:12 - 2019-02-06 10:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-18 18:12 - 2019-02-06 10:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-18 18:12 - 2019-02-06 10:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-18 18:12 - 2019-02-06 10:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-18 18:12 - 2019-02-06 10:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-18 18:12 - 2019-02-06 10:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-18 18:12 - 2019-02-06 10:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-18 18:12 - 2019-02-06 10:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-18 18:12 - 2019-02-06 10:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-18 18:12 - 2019-02-06 10:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-18 18:12 - 2019-02-06 10:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-18 18:12 - 2019-02-06 10:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-18 18:12 - 2019-02-06 09:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-18 18:12 - 2019-01-12 16:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-18 18:12 - 2019-01-12 10:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-18 18:12 - 2019-01-10 02:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-18 18:12 - 2019-01-10 01:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-18 18:12 - 2019-01-10 01:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-18 18:12 - 2019-01-10 01:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-18 18:12 - 2019-01-10 01:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-18 18:12 - 2019-01-10 01:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-18 18:12 - 2019-01-10 01:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-18 18:12 - 2019-01-10 01:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-18 18:12 - 2019-01-09 18:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-18 18:12 - 2019-01-09 17:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-18 18:12 - 2019-01-09 17:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-18 18:12 - 2019-01-09 16:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-18 18:12 - 2019-01-09 16:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-18 18:12 - 2019-01-09 13:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-18 18:12 - 2019-01-09 13:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-18 18:12 - 2019-01-09 13:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-18 18:12 - 2019-01-09 13:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-18 18:12 - 2019-01-09 13:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-18 18:12 - 2019-01-09 13:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-18 18:12 - 2019-01-09 13:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-18 18:12 - 2019-01-09 13:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-18 18:12 - 2019-01-09 13:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-18 18:12 - 2019-01-09 13:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-18 18:12 - 2019-01-09 13:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-18 18:12 - 2019-01-09 13:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-18 18:12 - 2019-01-09 13:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-18 18:12 - 2019-01-09 13:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-18 18:12 - 2019-01-09 13:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-18 18:12 - 2019-01-09 13:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-18 18:12 - 2019-01-09 13:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-18 18:12 - 2019-01-09 13:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-18 18:12 - 2019-01-09 13:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-18 18:12 - 2019-01-09 13:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-18 18:12 - 2019-01-09 13:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-18 18:12 - 2019-01-09 13:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-18 18:12 - 2019-01-09 13:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-18 18:12 - 2019-01-09 13:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-18 18:12 - 2019-01-09 13:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-18 18:12 - 2019-01-09 13:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-18 18:12 - 2019-01-09 13:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-18 18:12 - 2019-01-09 13:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-18 18:12 - 2019-01-09 13:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-18 18:12 - 2019-01-09 13:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-18 18:12 - 2019-01-09 13:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-18 18:12 - 2019-01-09 13:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-18 18:12 - 2019-01-09 13:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-18 18:12 - 2019-01-09 13:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-18 18:12 - 2019-01-09 13:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-18 18:12 - 2019-01-09 13:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-18 18:12 - 2019-01-09 13:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-18 18:12 - 2019-01-09 13:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-18 18:12 - 2019-01-09 13:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-18 18:12 - 2019-01-09 13:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-18 18:12 - 2019-01-09 13:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-18 18:12 - 2019-01-09 13:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-18 18:12 - 2019-01-09 13:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-18 18:12 - 2019-01-09 13:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-18 18:12 - 2019-01-09 13:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-18 18:12 - 2019-01-09 13:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-18 18:12 - 2019-01-09 13:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-18 18:12 - 2019-01-09 13:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-18 18:12 - 2019-01-09 13:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-18 18:12 - 2019-01-09 13:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-18 18:12 - 2019-01-09 13:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-18 18:12 - 2019-01-09 13:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-18 18:12 - 2019-01-09 13:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-18 18:12 - 2019-01-09 13:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-18 18:12 - 2019-01-09 13:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-18 18:12 - 2019-01-09 13:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-18 18:12 - 2019-01-09 13:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-18 18:12 - 2019-01-09 13:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-18 18:12 - 2019-01-09 13:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-18 18:12 - 2019-01-09 13:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-18 18:12 - 2019-01-09 13:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-18 18:12 - 2019-01-09 13:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-18 18:12 - 2019-01-09 13:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-18 18:12 - 2019-01-09 13:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-18 18:12 - 2019-01-09 13:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-18 18:12 - 2019-01-09 13:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-18 18:12 - 2019-01-09 13:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-18 18:12 - 2019-01-09 13:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-18 18:12 - 2019-01-09 12:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-18 18:12 - 2019-01-09 12:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-18 18:12 - 2019-01-08 17:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-18 18:12 - 2019-01-08 11:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-18 18:12 - 2019-01-08 11:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-18 18:12 - 2019-01-08 11:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-17 18:49 - 2019-02-18 19:23 - 000000000 ____D C:\Users\Elvie\Desktop\FS FILES REVISIONS
2019-02-16 10:34 - 2019-02-16 10:34 - 000039063 _____ C:\Users\Elvie\Desktop\Ralph Breaks the Internet (2018) [WEBRip] [720p] [YTS.AM].torrent
2019-02-15 14:20 - 2019-02-15 14:20 - 000045069 _____ C:\Users\Elvie\Desktop\Creed II (2018) [WEBRip] [720p] [YTS.AM].torrent
2019-02-15 14:20 - 2019-02-15 14:20 - 000000000 ___HD C:\OneDriveTemp
2019-02-13 11:55 - 2019-02-17 11:06 - 000123187 _____ C:\Users\Elvie\Desktop\statements pfs - Copy.xlsx
2019-02-10 11:37 - 2018-09-20 12:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-02-06 19:23 - 2019-02-06 19:23 - 000000000 ____D C:\Users\Elvie\AppData\Local\OneDrive
2019-01-28 20:54 - 2019-01-31 18:26 - 000089157 _____ C:\Users\Elvie\Desktop\20170410-VACANCY-PDS.xlsx
2019-01-18 17:46 - 2019-01-28 20:57 - 000000000 ____D C:\Users\Elvie\Desktop\Angelica Aquino Carbonel - Application Folder
2019-01-15 01:42 - 2019-02-11 12:55 - 000226448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2019-01-14 19:08 - 2019-01-01 21:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-14 19:08 - 2019-01-01 21:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-14 19:08 - 2019-01-01 21:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-14 19:08 - 2019-01-01 21:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-14 19:08 - 2019-01-01 21:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-14 19:08 - 2019-01-01 21:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-14 19:08 - 2019-01-01 15:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-14 19:08 - 2019-01-01 15:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-14 19:08 - 2019-01-01 15:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-14 19:08 - 2019-01-01 15:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-14 19:08 - 2019-01-01 15:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-14 19:08 - 2019-01-01 15:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-14 19:08 - 2019-01-01 14:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-14 19:08 - 2019-01-01 14:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-14 19:08 - 2019-01-01 14:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-14 19:08 - 2019-01-01 14:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-14 19:08 - 2019-01-01 14:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-14 19:08 - 2019-01-01 14:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-14 19:08 - 2019-01-01 14:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-14 19:08 - 2019-01-01 14:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-14 19:08 - 2019-01-01 14:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-14 19:08 - 2019-01-01 14:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-14 19:08 - 2019-01-01 14:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-14 19:08 - 2019-01-01 14:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-14 19:08 - 2019-01-01 14:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-14 19:08 - 2019-01-01 14:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-14 19:08 - 2019-01-01 14:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-14 19:08 - 2019-01-01 14:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-14 19:08 - 2019-01-01 14:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-14 19:08 - 2019-01-01 14:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-14 19:08 - 2019-01-01 14:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-14 19:08 - 2019-01-01 14:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-14 19:08 - 2019-01-01 14:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-14 19:08 - 2019-01-01 14:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-14 19:08 - 2019-01-01 14:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-14 19:08 - 2019-01-01 14:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-14 19:08 - 2019-01-01 14:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-14 19:08 - 2019-01-01 14:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-14 19:08 - 2019-01-01 14:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-14 19:08 - 2019-01-01 14:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-14 19:08 - 2019-01-01 14:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-14 19:08 - 2019-01-01 14:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-08 09:36 - 2019-02-11 13:05 - 000037368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2019-01-08 09:36 - 2019-02-11 12:55 - 000320960 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblog.sys
2019-01-08 09:36 - 2019-02-11 12:55 - 000196848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2019-01-08 09:36 - 2019-02-11 12:55 - 000058008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2018-12-20 13:22 - 2018-12-14 15:10 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-12-20 13:22 - 2018-12-14 15:07 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-20 13:22 - 2018-12-14 14:54 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-12-20 13:22 - 2018-12-14 14:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-12-20 13:22 - 2018-12-14 14:52 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-20 13:22 - 2018-12-14 14:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-18 14:33 - 2018-12-18 14:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1752258818-801759960-1543221255-1001
2018-12-16 12:55 - 2018-12-08 20:42 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-12-16 12:55 - 2018-12-08 20:29 - 013572608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-12-16 12:55 - 2018-12-08 20:28 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-12-16 12:55 - 2018-12-08 20:25 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-12-16 12:55 - 2018-12-08 16:07 - 005625352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-12-16 12:55 - 2018-12-08 16:06 - 001017168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-16 12:55 - 2018-12-08 16:04 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-16 12:55 - 2018-12-08 15:47 - 000861744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-12-16 12:55 - 2018-12-08 15:46 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-12-16 12:55 - 2018-12-08 15:41 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-12-16 12:55 - 2018-12-08 15:38 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-12-16 12:55 - 2018-12-08 15:36 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-12-16 12:55 - 2018-11-09 14:15 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-12-16 12:55 - 2018-11-09 10:56 - 001213472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-12-16 12:54 - 2018-12-08 20:47 - 001048712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-16 12:54 - 2018-12-08 20:47 - 000645320 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-12-16 12:54 - 2018-12-08 20:46 - 000549760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-12-16 12:54 - 2018-12-08 20:41 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-12-16 12:54 - 2018-12-08 20:41 - 000481880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-12-16 12:54 - 2018-12-08 20:39 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-12-16 12:54 - 2018-12-08 20:27 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-12-16 12:54 - 2018-12-08 20:23 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-12-16 12:54 - 2018-12-08 20:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-12-16 12:54 - 2018-12-08 20:22 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-16 12:54 - 2018-12-08 16:12 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-16 12:54 - 2018-12-08 16:12 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-16 12:54 - 2018-12-08 16:07 - 001328632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2018-12-16 12:54 - 2018-12-08 16:06 - 000777512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-12-16 12:54 - 2018-12-08 16:06 - 000491416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-12-16 12:54 - 2018-12-08 16:05 - 002822656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-12-16 12:54 - 2018-12-08 16:05 - 001935008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-12-16 12:54 - 2018-12-08 16:05 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-12-16 12:54 - 2018-12-08 16:05 - 000793592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-12-16 12:54 - 2018-12-08 16:05 - 000706040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-12-16 12:54 - 2018-12-08 16:05 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-12-16 12:54 - 2018-12-08 16:05 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys
2018-12-16 12:54 - 2018-12-08 16:04 - 001188512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-12-16 12:54 - 2018-12-08 16:04 - 001150312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-16 12:54 - 2018-12-08 16:04 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-12-16 12:54 - 2018-12-08 16:04 - 000416024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-16 12:54 - 2018-12-08 16:04 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-12-16 12:54 - 2018-12-08 16:04 - 000158624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-12-16 12:54 - 2018-12-08 15:47 - 000785760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-12-16 12:54 - 2018-12-08 15:46 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-12-16 12:54 - 2018-12-08 15:46 - 000457056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-12-16 12:54 - 2018-12-08 15:45 - 002307240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-12-16 12:54 - 2018-12-08 15:45 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-12-16 12:54 - 2018-12-08 15:45 - 001379816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-12-16 12:54 - 2018-12-08 15:45 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-12-16 12:54 - 2018-12-08 15:42 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-12-16 12:54 - 2018-12-08 15:38 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-12-16 12:54 - 2018-12-08 15:38 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\eeprov.dll
2018-12-16 12:54 - 2018-12-08 15:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-12-16 12:54 - 2018-12-08 15:37 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-12-16 12:54 - 2018-12-08 15:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-16 12:54 - 2018-12-08 15:36 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-12-16 12:54 - 2018-12-08 15:36 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-12-16 12:54 - 2018-12-08 15:36 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-12-16 12:54 - 2018-12-08 15:36 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-12-16 12:54 - 2018-12-08 15:35 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2018-12-16 12:54 - 2018-12-08 15:34 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-12-16 12:54 - 2018-12-08 15:34 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-12-16 12:54 - 2018-12-08 15:34 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-16 12:54 - 2018-12-08 15:34 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-16 12:54 - 2018-12-08 15:34 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-12-16 12:54 - 2018-12-08 15:33 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-12-16 12:54 - 2018-12-08 15:33 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-12-16 12:54 - 2018-12-08 15:33 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-12-16 12:54 - 2018-12-08 15:33 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-12-16 12:54 - 2018-12-08 15:33 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-12-16 12:54 - 2018-12-08 15:33 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-12-16 12:54 - 2018-12-08 15:32 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-12-16 12:54 - 2018-12-08 15:32 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-12-16 12:54 - 2018-12-08 15:32 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-12-16 12:54 - 2018-12-08 15:30 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-12-16 12:54 - 2018-12-08 15:29 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-12-16 12:54 - 2018-12-08 15:29 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-12-16 12:54 - 2018-12-08 15:28 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-12-16 12:54 - 2018-12-08 15:28 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-12-16 12:54 - 2018-12-08 15:27 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-12-16 12:54 - 2018-12-08 15:27 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-12-16 12:54 - 2018-12-08 15:26 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-12-16 12:54 - 2018-12-08 15:26 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-12-16 12:54 - 2018-12-08 15:25 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-12-16 12:54 - 2018-12-08 15:25 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-12-16 12:54 - 2018-12-08 15:25 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-12-16 12:54 - 2018-12-08 15:25 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-12-16 12:54 - 2018-12-08 15:24 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-12-16 12:54 - 2018-11-09 13:59 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-12-16 12:54 - 2018-11-09 13:58 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-12-16 12:54 - 2018-11-09 13:57 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-12-16 12:54 - 2018-11-09 13:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-12-16 12:54 - 2018-11-09 13:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-12-16 12:54 - 2018-11-09 13:55 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-16 12:54 - 2018-11-09 13:55 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-12-16 12:54 - 2018-11-09 13:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2018-12-16 12:54 - 2018-11-09 13:32 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-12-16 12:54 - 2018-11-09 13:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-12-16 12:54 - 2018-11-09 13:20 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-12-16 12:54 - 2018-11-09 13:19 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-12-16 12:54 - 2018-11-09 13:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-12-16 12:54 - 2018-11-09 10:49 - 000723416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-12-16 12:54 - 2018-11-09 10:49 - 000565048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-12-16 12:54 - 2018-11-09 10:49 - 000368656 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-12-16 12:54 - 2018-11-09 10:48 - 003179760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-12-16 12:54 - 2018-11-09 10:48 - 001613288 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-12-16 12:54 - 2018-11-09 10:48 - 000766704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-12-16 12:54 - 2018-11-09 10:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-12-16 12:54 - 2018-11-09 10:48 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-12-16 12:54 - 2018-11-09 10:47 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-16 12:54 - 2018-11-09 10:47 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-12-16 12:54 - 2018-11-09 10:47 - 000537912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-12-16 12:54 - 2018-11-09 10:21 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-12-16 12:54 - 2018-11-09 10:20 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-12-16 12:54 - 2018-11-09 10:20 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-16 12:54 - 2018-11-09 10:18 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-12-16 12:54 - 2018-11-09 10:18 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-12-16 12:54 - 2018-11-09 10:18 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-12-16 12:54 - 2018-11-09 10:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-12-16 12:54 - 2018-11-09 10:17 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-12-16 12:54 - 2018-11-09 10:17 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-16 12:54 - 2018-11-09 10:16 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-12-16 12:54 - 2018-11-09 10:16 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-12-16 12:54 - 2018-11-09 10:16 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-12-16 12:54 - 2018-11-09 10:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-16 12:54 - 2018-11-09 10:15 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-16 12:54 - 2018-11-09 10:15 - 000933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-12-16 12:54 - 2018-11-09 10:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-12-16 12:54 - 2018-11-09 10:07 - 002417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-12-16 12:54 - 2018-11-09 10:07 - 001299704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-12-16 12:54 - 2018-11-09 09:48 - 000550728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-12-16 12:54 - 2018-11-09 09:46 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-12-16 12:54 - 2018-11-09 09:46 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-12-16 12:54 - 2018-11-09 09:46 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-12-16 12:54 - 2018-11-09 09:28 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-12-16 12:54 - 2018-11-09 09:26 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-12-16 12:54 - 2018-11-09 09:25 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-12-16 12:54 - 2018-11-09 09:25 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-12-16 12:53 - 2018-12-08 20:27 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-12-16 12:53 - 2018-12-08 20:27 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-12-16 12:53 - 2018-12-08 20:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-12-16 12:53 - 2018-12-08 20:23 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-12-16 12:53 - 2018-12-08 20:23 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-12-16 12:53 - 2018-12-08 16:06 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2018-12-16 12:53 - 2018-12-08 16:05 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-12-16 12:53 - 2018-12-08 16:05 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
2018-12-16 12:53 - 2018-12-08 16:05 - 000413920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-16 12:53 - 2018-12-08 16:04 - 002590296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-16 12:53 - 2018-12-08 16:04 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-12-16 12:53 - 2018-12-08 16:04 - 000413176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-12-16 12:53 - 2018-12-08 16:04 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-12-16 12:53 - 2018-12-08 16:04 - 000058168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2018-12-16 12:53 - 2018-12-08 15:46 - 001397104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-12-16 12:53 - 2018-12-08 15:45 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-12-16 12:53 - 2018-12-08 15:45 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-12-16 12:53 - 2018-12-08 15:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnsruprov.dll
2018-12-16 12:53 - 2018-12-08 15:38 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-16 12:53 - 2018-12-08 15:38 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-16 12:53 - 2018-12-08 15:38 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-12-16 12:53 - 2018-12-08 15:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2018-12-16 12:53 - 2018-12-08 15:37 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-16 12:53 - 2018-12-08 15:37 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-16 12:53 - 2018-12-08 15:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-12-16 12:53 - 2018-12-08 15:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2018-12-16 12:53 - 2018-12-08 15:37 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2018-12-16 12:53 - 2018-12-08 15:37 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-12-16 12:53 - 2018-12-08 15:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-12-16 12:53 - 2018-12-08 15:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2018-12-16 12:53 - 2018-12-08 15:36 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-12-16 12:53 - 2018-12-08 15:36 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-16 12:53 - 2018-12-08 15:36 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2018-12-16 12:53 - 2018-12-08 15:36 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mmcss.sys
2018-12-16 12:53 - 2018-12-08 15:33 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-12-16 12:53 - 2018-12-08 15:32 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-12-16 12:53 - 2018-12-08 15:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-16 12:53 - 2018-12-08 15:30 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-12-16 12:53 - 2018-12-08 15:29 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-12-16 12:53 - 2018-12-08 15:29 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2018-12-16 12:53 - 2018-12-08 15:28 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-16 12:53 - 2018-12-08 15:27 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2018-12-16 12:53 - 2018-12-08 15:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-12-16 12:53 - 2018-12-08 15:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-12-16 12:53 - 2018-12-08 15:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-12-16 12:53 - 2018-12-08 15:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-12-16 12:53 - 2018-11-09 14:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-12-16 12:53 - 2018-11-09 13:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-12-16 12:53 - 2018-11-09 13:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-16 12:53 - 2018-11-09 13:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-12-16 12:53 - 2018-11-09 13:18 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-12-16 12:53 - 2018-11-09 13:18 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-12-16 12:53 - 2018-11-09 10:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-16 12:53 - 2018-11-09 10:22 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2018-12-16 12:53 - 2018-11-09 10:21 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-16 12:53 - 2018-11-09 10:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-12-16 12:53 - 2018-11-09 10:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-12-16 12:53 - 2018-11-09 10:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2018-12-16 12:53 - 2018-11-09 10:20 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2018-12-16 12:53 - 2018-11-09 10:19 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-12-16 12:53 - 2018-11-09 10:18 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-12-16 12:53 - 2018-11-09 09:47 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-12-16 12:53 - 2018-11-09 09:31 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-12-16 12:53 - 2018-11-09 09:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-12-16 12:53 - 2018-11-09 09:30 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-12-16 12:53 - 2018-11-09 09:30 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2018-12-16 12:53 - 2018-11-09 09:29 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-12-16 12:53 - 2018-11-09 09:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-12-16 12:53 - 2018-11-09 09:26 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-12-09 20:21 - 2018-12-09 20:22 - 009861136 _____ C:\Users\Elvie\Downloads\boot.img
2018-12-08 18:17 - 2018-12-08 18:17 - 000000000 ____D C:\Users\Elvie\Documents\Dolphin Emulator
2018-12-08 14:41 - 2018-12-08 14:41 - 000000000 ____D C:\Users\Elvie\AppData\LocalLow\Steel Crate Games
2018-12-08 13:17 - 2018-12-08 13:17 - 000001791 _____ C:\Users\Elvie\Desktop\Keep Talking and Nobody Explodes.lnk
2018-12-02 23:34 - 2018-12-02 23:34 - 050475440 _____ C:\Users\Elvie\Documents\Untitled 6.wav
2018-12-02 23:34 - 2018-12-02 23:34 - 048954880 _____ C:\Users\Elvie\Documents\Untitled 5.wav
2018-12-02 23:34 - 2018-12-02 23:34 - 042246264 _____ C:\Users\Elvie\Documents\Untitled 4.wav
2018-12-02 23:34 - 2018-12-02 23:34 - 040823504 _____ C:\Users\Elvie\Documents\Untitled 3.wav
2018-12-02 23:34 - 2018-12-02 23:34 - 000394332 _____ C:\Users\Elvie\Documents\Untitled 6.pkf
2018-12-02 23:34 - 2018-12-02 23:34 - 000382460 _____ C:\Users\Elvie\Documents\Untitled 5.pkf
2018-12-02 23:34 - 2018-12-02 23:34 - 000330044 _____ C:\Users\Elvie\Documents\Untitled 4.pkf
2018-12-02 23:34 - 2018-12-02 23:34 - 000318940 _____ C:\Users\Elvie\Documents\Untitled 3.pkf
2018-12-02 21:56 - 2018-12-02 21:56 - 000005682 _____ C:\Users\Elvie\Documents\Untitled 1.wav

==================== Three months (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-02 00:03 - 2016-02-03 14:25 - 000000000 ____D C:\Users\Elvie\AppData\Roaming\uTorrent
2019-03-02 00:00 - 2018-04-12 07:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-01 23:32 - 2016-02-03 14:28 - 000000000 ____D C:\Users\Elvie\AppData\Local\CrashDumps
2019-03-01 23:07 - 2016-05-15 11:21 - 000000000 ___RD C:\Users\Elvie\OneDrive
2019-03-01 23:06 - 2018-04-12 05:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-01 23:05 - 2018-03-27 10:41 - 000000000 ____D C:\Users\Public\Speedup Sessions
2019-03-01 23:01 - 2017-10-23 16:10 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-01 23:01 - 2016-02-04 05:05 - 000000000 __SHD C:\Users\Elvie\IntelGraphicsProfiles
2019-03-01 23:00 - 2018-06-19 20:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-01 22:59 - 2018-04-12 05:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-03-01 22:58 - 2018-08-02 17:38 - 000000000 ____D C:\Users\Elvie\AppData\Roaming\DMCache
2019-03-01 22:54 - 2018-04-12 07:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-01 22:54 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-01 22:09 - 2018-03-09 22:16 - 000000000 ____D C:\Users\Elvie\Desktop\RADGE
2019-03-01 22:05 - 2018-06-19 20:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-01 21:54 - 2017-10-06 18:20 - 000000000 ____D C:\Program Files\rempl
2019-03-01 19:27 - 2018-06-19 20:44 - 000004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5652C342-154A-4A4D-AD37-9E3C038201D6}
2019-03-01 19:25 - 2018-06-19 20:44 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2019-03-01 06:31 - 2018-01-12 22:00 - 000000000 ____D C:\Users\Elvie\AppData\Local\Packages
2019-03-01 06:28 - 2016-02-03 14:22 - 000000000 ____D C:\Users\Elvie\AppData\Roaming\vlc
2019-02-28 19:52 - 2018-02-16 21:38 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2019-02-28 19:52 - 2018-02-16 21:38 - 000002045 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2019-02-28 19:50 - 2018-06-19 20:44 - 000004004 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2019-02-28 19:49 - 2018-04-12 07:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-28 19:16 - 2018-08-02 17:38 - 000000000 ____D C:\Users\Elvie\Downloads\Compressed
2019-02-28 19:12 - 2018-06-19 20:31 - 000838564 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-28 19:12 - 2018-04-12 07:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-28 19:06 - 2016-02-03 18:08 - 000000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1752258818-801759960-1543221255-1001UA.job
2019-02-28 19:06 - 2016-02-03 18:08 - 000000866 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1752258818-801759960-1543221255-1001Core.job
2019-02-28 17:31 - 2018-01-12 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-02-27 19:05 - 2018-10-07 11:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-02-27 19:05 - 2018-08-06 18:52 - 000003336 _____ C:\WINDOWS\System32\Tasks\PreziUpdateTaskMachineUA
2019-02-27 19:05 - 2018-08-06 18:52 - 000003112 _____ C:\WINDOWS\System32\Tasks\PreziUpdateTaskMachineCore
2019-02-27 19:05 - 2018-06-19 20:44 - 000004154 _____ C:\WINDOWS\System32\Tasks\Software Update Application
2019-02-27 19:05 - 2018-06-19 20:44 - 000003770 _____ C:\WINDOWS\System32\Tasks\DistromaticSearchProtect-hourly
2019-02-27 19:05 - 2018-06-19 20:44 - 000003742 _____ C:\WINDOWS\System32\Tasks\ACCAgent
2019-02-27 19:05 - 2018-06-19 20:44 - 000003592 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752258818-801759960-1543221255-1001UA
2019-02-27 19:05 - 2018-06-19 20:44 - 000003550 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752258818-801759960-1543221255-1001UA1d2585859aea7e1
2019-02-27 19:05 - 2018-06-19 20:44 - 000003324 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752258818-801759960-1543221255-1001Core
2019-02-27 19:05 - 2018-06-19 20:44 - 000003282 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752258818-801759960-1543221255-1001Core1d2585859912e64
2019-02-27 19:05 - 2018-06-19 20:44 - 000003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-02-27 19:05 - 2018-06-19 20:44 - 000003254 _____ C:\WINDOWS\System32\Tasks\Google Update
2019-02-27 19:05 - 2018-06-19 20:44 - 000003094 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2019-02-27 19:05 - 2018-06-19 20:44 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1752258818-801759960-1543221255-1001
2019-02-27 19:05 - 2018-06-19 20:44 - 000002838 _____ C:\WINDOWS\System32\Tasks\AviraSystemSpeedupUpdate
2019-02-27 19:05 - 2018-06-19 20:44 - 000002788 _____ C:\WINDOWS\System32\Tasks\ACC
2019-02-27 19:05 - 2018-06-19 20:44 - 000002762 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2019-02-27 19:05 - 2018-06-19 20:44 - 000002748 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1752258818-801759960-1543221255-500
2019-02-27 19:05 - 2018-06-19 20:44 - 000002182 _____ C:\WINDOWS\System32\Tasks\Quick Access Quick Launcher
2019-02-27 19:05 - 2018-06-19 20:44 - 000002096 _____ C:\WINDOWS\System32\Tasks\Power Management
2019-02-27 19:05 - 2018-06-19 20:44 - 000002070 _____ C:\WINDOWS\System32\Tasks\Launch Manager
2019-02-27 19:05 - 2018-06-19 20:44 - 000002068 _____ C:\WINDOWS\System32\Tasks\{B3A90B17-B1C1-4C35-995B-C984312DCF3A}
2019-02-27 19:05 - 2018-06-19 20:44 - 000002062 _____ C:\WINDOWS\System32\Tasks\Quick Access
2019-02-26 15:09 - 2016-02-03 14:20 - 000002536 _____ C:\Users\Elvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-26 15:09 - 2016-02-03 14:20 - 000002499 _____ C:\Users\Elvie\Desktop\Google Chrome.lnk
2019-02-24 18:32 - 2018-05-13 16:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-22 19:31 - 2015-01-15 03:08 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-22 09:19 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-02-22 09:19 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-02-19 17:22 - 2018-06-19 20:10 - 000487888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-18 21:27 - 2018-04-12 07:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-18 21:27 - 2018-04-12 07:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-18 21:27 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-18 21:26 - 2018-06-19 20:16 - 000000000 ____D C:\Users\Elvie
2019-02-18 21:26 - 2018-04-12 07:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-18 21:26 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-18 21:26 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-18 18:28 - 2018-04-12 07:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-16 14:48 - 2016-02-21 18:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-16 14:41 - 2016-02-21 18:44 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-16 14:39 - 2016-02-03 14:24 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-02-16 10:01 - 2018-10-05 21:06 - 000000000 ____D C:\Users\Elvie\Desktop\PFS.111
2019-02-16 09:54 - 2017-05-04 17:55 - 000474712 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2019-02-13 11:40 - 2013-08-22 21:25 - 000000199 _____ C:\WINDOWS\win.ini
2019-02-11 13:06 - 2017-05-04 17:55 - 000380208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2019-02-11 13:06 - 2017-05-04 17:55 - 000217040 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2019-02-11 13:05 - 2018-10-27 07:19 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2019-02-11 13:05 - 2018-02-16 21:31 - 000205656 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2019-02-11 13:05 - 2017-05-04 17:55 - 001034184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2019-02-11 13:05 - 2017-05-04 17:55 - 000167560 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2019-02-11 13:05 - 2017-05-04 17:55 - 000112568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2019-02-11 13:05 - 2017-05-04 17:55 - 000088208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2019-02-10 19:29 - 2018-06-26 20:03 - 000000000 ____D C:\ProgramData\Packages
2019-02-08 16:10 - 2018-06-19 20:16 - 000002401 _____ C:\Users\Elvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-03 06:53 - 2018-09-14 19:17 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-03 06:53 - 2018-09-14 19:17 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-02 11:36 - 2018-08-15 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
2019-02-02 11:36 - 2018-08-15 17:41 - 000000000 ____D C:\Users\Elvie\AppData\Roaming\Tencent

==================== Files in the root of some directories =======

2018-09-23 13:12 - 2018-09-23 13:12 - 000002171 _____ () C:\Program Files (x86)\r2h4433glmu.cfg
2018-09-22 17:22 - 2018-09-22 17:22 - 000002171 _____ () C:\Program Files (x86)\spdk21r2swf.cfg
2017-10-09 19:43 - 2017-10-09 19:44 - 000000747 _____ () C:\Users\Elvie\AppData\Roaming\paidashi.ini
2017-08-28 11:07 - 2017-08-28 11:07 - 000007605 _____ () C:\Users\Elvie\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-10-03 13:01 - 2012-03-13 21:47 - 035084352 ____R (Research In Motion Ltd.                                      ) C:\Users\Elvie\AppData\Local\Temp\BlackBerryDeviceManager.exe
2019-02-28 19:36 - 2014-06-20 01:42 - 007031360 _____ (Foxit Corporation) C:\Users\Elvie\AppData\Local\Temp\Foxit PhantomPDF Updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {0a2ab7ca-b2a7-11e4-8ae9-f0761c7d2de6}
                        {0a2ab7cb-b2a7-11e4-8ae9-f0761c7d2de6}
                        {0a2ab7cc-b2a7-11e4-8ae9-f0761c7d2de6}
timeout                 2

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {abfc549f-743f-11e8-8711-90d551aa3a44}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Firmware Application (101fffff)
-------------------------------
identifier              {0a2ab7ca-b2a7-11e4-8ae9-f0761c7d2de6}
description             EFI USB Device

Firmware Application (101fffff)
-------------------------------
identifier              {0a2ab7cb-b2a7-11e4-8ae9-f0761c7d2de6}
description             EFI DVD/CDROM

Firmware Application (101fffff)
-------------------------------
identifier              {0a2ab7cc-b2a7-11e4-8ae9-f0761c7d2de6}
description             EFI Network

Firmware Application (101fffff)
-------------------------------
identifier              {d6b82bc3-cab5-11e5-89e0-806e6f6e6963}
description             Realtek PXE B01 D00

Firmware Application (101fffff)
-------------------------------
identifier              {d6b82bc4-cab5-11e5-89e0-806e6f6e6963}
description             ST500LT012-1DG142               

Firmware Application (101fffff)
-------------------------------
identifier              {d6b82bc5-cab5-11e5-89e0-806e6f6e6963}
description             MATSHITA DVD-RAM UJ8HC          

Windows Boot Loader
-------------------
identifier              {3b853c4a-b2c2-11e4-9173-f0761c7d2de6}
device                  ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{3b853c4b-b2c2-11e4-9173-f0761c7d2de6}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{3b853c4b-b2c2-11e4-9173-f0761c7d2de6}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {abfc54a1-743f-11e8-8711-90d551aa3a44}
displaymessageoverride  Recovery
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {abfc549f-743f-11e8-8711-90d551aa3a44}
nx                      OptIn
bootmenupolicy          Standard

Windows Boot Loader
-------------------
identifier              {abfc54a1-743f-11e8-8711-90d551aa3a44}
device                  ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{abfc54a2-743f-11e8-8711-90d551aa3a44}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{abfc54a2-743f-11e8-8711-90d551aa3a44}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {abfc549f-743f-11e8-8711-90d551aa3a44}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {abfc54a1-743f-11e8-8711-90d551aa3a44}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {abfc54a2-743f-11e8-8711-90d551aa3a44}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume5
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


LastRegBack: 2018-06-19 20:10

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.02.2019 01
Ran by Elvie (02-03-2019 00:04:44)
Running from C:\Users\Elvie\Downloads\Programs
Windows 10 Home Single Language Version 1803 17134.590 (X64) (2018-06-19 12:46:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1752258818-801759960-1543221255-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1752258818-801759960-1543221255-503 - Limited - Disabled)
Elvie (S-1-5-21-1752258818-801759960-1543221255-1001 - Administrator - Enabled) => C:\Users\Elvie
Guest (S-1-5-21-1752258818-801759960-1543221255-501 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1752258818-801759960-1543221255-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3009 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2003.6 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3012 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8106.0 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3018 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2011.1 - Acer Incorporated)
Adobe Audition CS6 (HKLM-x32\...\{30FD541D-3C9D-41C4-B240-A994EE4E0231}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.150 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Aloha TriPeaks (HKLM-x32\...\WTA-f4739d91-44ea-4323-bea8-74cfd947a1c7) (Version: 2.2.0.98 - WildTangent) Hidden
Amazon Assistant (HKLM-x32\...\{5437E77B-E4B5-45E7-BD33-95C3F0AA6602}) (Version: 10.17.0228 - Amazon) <==== ATTENTION
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.2.3079 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{52B6D655-9038-4290-B710-0E568F806155}) (Version: 16.80.3 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.80.3.38236 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.566 - AVG Technologies)
Avira (HKLM-x32\...\{6E83C075-0805-4D11-B403-8BAC84374B81}) (Version: 1.2.129.13789 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{fd422d82-916c-4aca-bc42-67b7eb9925c4}) (Version: 1.2.129.13789 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{3364F4D6-86A4-4552-819E-A0EC18DC6410}) (Version: 2.0.6.11023 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.8.0.7455 - Avira Operations GmbH & Co. KG)
Bandicam (HKLM-x32\...\Bandicam) (Version: 4.1.0.1362 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Bejeweled 2 Deluxe (HKLM-x32\...\WTA-bd830cda-ce1b-4d4b-8592-c7a7de6b73eb) (Version: 2.2.0.95 - WildTangent) Hidden
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4609.02 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
D5100 (HKLM-x32\...\{D49F1D4B-389C-470D-A6B4-15E82C8A26A8}) (Version: 140.0.421.000 - Hewlett-Packard) Hidden
D5100_Help (HKLM-x32\...\{D8185007-3F98-413E-B22D-BA513517383A}) (Version: 82.0.233.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Encarta Search Bar (64-bit) (HKLM\...\{08044040-959A-4B0D-8825-2C533F0DDB19}) (Version: 1.0.0 - Microsoft)
Epic Games Launcher (HKLM-x32\...\{D442B219-3EBE-4EE2-88F9-5A31DF331CB1}) (Version: 1.1.144.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Farm to Fork Collector's Edition (HKLM-x32\...\WTA-759919d7-5257-4eb3-b70d-7676d4c30789) (Version: 3.0.2.59 - WildTangent) Hidden
FireAlpaca 1.9.0 (HKLM-x32\...\FireAlpaca_is1) (Version: 1.9.0 - firealpaca.com)
FMW 1 (HKLM\...\{4CC5FB14-3F4D-4FA8-B921-00A9B40145C4}) (Version: 1.227.45 - AVG Technologies) Hidden
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 11.0.0.7 - WildTangent, Inc.)
GameHouse Games (HKLM-x32\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
Google Chrome (HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.21 - Google Inc.) Hidden
GoPlay Editor (HKLM-x32\...\GoPlay Editor) (Version: 1.2.7 - BEYOND PLAY LIMITED)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-1830b46f-a201-46df-84f7-4bdad3b8d5ae) (Version: 3.0.2.59 - WildTangent) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
HandBrake 1.1.1 (HKLM-x32\...\HandBrake) (Version: 1.1.1 - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
iExplorer (HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\2ee35ebaf226322a) (Version: 4.1.14.0 - Macroplant LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Internet Download Manager 6.30.0.0 (HKLM-x32\...\Internet Download Manager 6.30.0.0) (Version:  - )
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-2e6e15fe-5091-4d76-bc27-90463568db37) (Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (HKLM-x32\...\WTA-d71839d9-f6d3-4b14-8763-c64ba5941dec) (Version: 3.0.2.48 - WildTangent) Hidden
K-Lite Codec Pack 11.4.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Learning Essentials for Microsoft Office (HKLM-x32\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
LUXOR Evolved (HKLM-x32\...\WTA-2aceda4f-2e9a-42ee-89ba-9317c9a93f7b) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-24da1054-5219-4b32-8ed4-a45621edab2b) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Math (HKLM-x32\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM-x32\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version:  - )
Microsoft Student with Encarta Premium 2009 (HKLM-x32\...\{09041881-2C94-4A67-8E55-8483C019C7D2}) (Version: 2009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{58b3beca-b999-4f6f-a48c-81681136a620}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-92a00d60-965c-4edd-a651-6e25cc769b70) (Version: 2.2.0.98 - WildTangent) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Photosmart and Deskjet Drivers 14.0 Rel. A (HKLM\...\{F58E1340-3FD5-40B8-A07C-4893CFC29749}) (Version: 14.0 - HP)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-07251b8e-a206-4dfe-b5cc-5c31ae8599b2) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-d9ca13d7-1f62-4a1a-8631-86356b0f3a81) (Version: 3.0.2.59 - WildTangent) Hidden
Popcap Game Collection (HKLM-x32\...\{69EA986B-B172-4FAA-B54D-853BD3A2B264}) (Version: 1.00.0000 - Popcap)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)
Prezi Next (HKLM\...\{e2a7a4d9-e52f-4496-9512-c3ed728b34c5}) (Version: 1.18.0.0 - Prezi)
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21257 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7300 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
SD Card Formatter (HKLM-x32\...\{10C16E01-F739-4093-89A7-E570589FA0F6}) (Version: 5.0.0 - SD Association)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
SF_CDA_ProductContext (HKLM-x32\...\{A186F0FE-F1AD-4B8B-B8FE-8C8A13C27A89}) (Version: 140.0.421.000 - Hewlett-Packard) Hidden
SF_CDA_Software (HKLM-x32\...\{73BA4AE3-2BDF-4B25-9567-F43B177ABE06}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Tenorshare ReiBoot (HKLM-x32\...\{reiboot}_is1) (Version: 6.9.4 - Tenorshare, Inc.)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-468bccc7-f892-4ef7-92bf-a1f7cb75f7a0) (Version: 3.0.2.51 - WildTangent) Hidden
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Trinklit Supreme (HKLM-x32\...\WTA-5f0bccbf-d03b-49ae-9bcf-3b169070511a) (Version: 2.2.0.98 - WildTangent) Hidden
Tumblebugs (HKLM-x32\...\Tumblebugs) (Version:  - )
Tumblebugs 2 (HKLM-x32\...\Tumblebugs 2) (Version:  - )
Update for Skype for Business 2015 (KB4462135) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03CD37B7-E1EB-42AE-9BC3-3687E679668B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462135) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03CD37B7-E1EB-42AE-9BC3-3687E679668B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462135) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{03CD37B7-E1EB-42AE-9BC3-3687E679668B}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
VEGAS Pro 15.0 (HKLM\...\{E0F91FB0-7FC4-11E7-B8E9-95BE57594EAC}) (Version: 15.0.177 - VEGAS)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.13 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)
Wondershare Filmora Scrn(Build 1.0.1) (HKLM\...\Wondershare Filmora Scrn_is1) (Version:  - Wondershare Software)
Wondershare Filmora(Build 8.3.5) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zuma's Revenge (HKLM-x32\...\WTA-426ef260-ef1b-4338-8f37-cd9af2e8f72c) (Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1752258818-801759960-1543221255-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1752258818-801759960-1543221255-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Elvie\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1752258818-801759960-1543221255-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Elvie\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1752258818-801759960-1543221255-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Elvie\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1752258818-801759960-1543221255-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Elvie\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1752258818-801759960-1543221255-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Elvie\AppData\Local\Google\Chrome\Application\72.0.3626.119\notification_helper.exe (Google LLC -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1752258818-801759960-1543221255-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Elvie\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1752258818-801759960-1543221255-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Elvie\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1752258818-801759960-1543221255-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Elvie\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1752258818-801759960-1543221255-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Elvie\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-24] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-11-19] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-11-19] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-11-19] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2014-05-14] (Foxit Corporation -> Foxit Corporation)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-07] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2018-03-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-06-19] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-06-19] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2019-01-10] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-07] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2018-03-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2015-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2018-03-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-02-11] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-07] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-06-19] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-06-19] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03986BB9-CB61-49DA-A161-724F9A2C5A0F} - System32\Tasks\S-1-5-21-1752258818-801759960-1543221255-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {07E758E2-9F94-4B11-8E08-450D891D1D2B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {08AA941A-E289-4732-8A49-753C995B2CDA} - \WPD\SqmUpload_S-1-5-21-1752258818-801759960-1543221255-1001 -> No File <==== ATTENTION
Task: {0B95C6CB-BF26-4742-A914-7C2E551E0E33} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe (Acer Incorporated -> )
Task: {0D7478E3-12B2-43B1-BBED-04A330394942} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0D79215A-29C0-4994-BAA6-4E6A2B571429} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {153ADC31-6388-49A8-992F-EF09F993F1CA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {192EBCBB-693F-4B77-8957-A51BFF7A2426} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752258818-801759960-1543221255-1001Core => C:\Users\Elvie\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {1B151C25-9B64-4444-A0FE-3C35E37A96F0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {427374CB-C7F8-479E-9308-1B6E52C30227} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe (Acer Incorporated -> Acer Incorporated)
Task: {4BB28C20-BBFB-4B92-A956-B73BE9A9A5A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4F13ECE4-58B3-4686-92F4-11529B7C1EC2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {52BA93C5-C5ED-4396-950C-DD5CA44A716A} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe (Acer Incorporated -> )
Task: {5688EB1E-270F-488C-ADEF-E7513C8D31AF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {66A4FE38-0DDE-462B-A9B2-365415F0E895} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752258818-801759960-1543221255-1001UA => C:\Users\Elvie\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {6F1A9980-B41F-444D-9789-9FCAFDCA4492} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7257F372-AD18-4052-B028-5FEB52B00548} - System32\Tasks\PreziUpdateTaskMachineUA => C:\Program Files (x86)\Prezi\Update\PreziUpdate.exe (Prezi Inc -> Prezi Inc) <==== ATTENTION
Task: {811F9345-271C-4EAC-BDC0-DA63E25D5046} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG )
Task: {82DAA997-D887-4DEE-8057-55BBE406BC4C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752258818-801759960-1543221255-1001UA1d2585859aea7e1 => C:\Users\Elvie\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8711D95F-04A0-4B60-A376-B6BDEA4EF1BD} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe (Acer Incorporated -> Acer Incorporated)
Task: {A6044A9C-4B6F-4145-BAA2-1C448702B250} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AC3E3777-2576-4622-A28D-90EAC06BA108} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AC49F35B-820A-4D2C-8376-858FF407683E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AD8ED5A0-B759-4F4C-85DB-2EB7B5E8C501} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B8300A7E-1F3A-45AA-ABA4-F513FD94753A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {B898EB5C-0491-48A3-9EA1-D9DADB3D1F22} - System32\Tasks\{B3A90B17-B1C1-4C35-995B-C984312DCF3A} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.14.0.104/en/go/help.faq.installer?LastError=1618
Task: {BDF438D0-48BD-4620-A4F5-C06D546CEEBD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C05DE746-A5BE-49A2-9108-5432D7DCBA2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C1716413-45F0-4262-8655-240C723BE7DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C38BC166-58ED-495E-ABB7-97D1BCABC6DF} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe (Acer Incorporated -> Acer Incorporate)
Task: {CBE04C48-6B0E-4E30-9E16-D242957CA95D} - System32\Tasks\Google Update => C:\Users\Elvie\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {CCCE7082-B4D8-4CBA-91B0-D01B3C5EAA62} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CD3BB0B3-BEE4-4FE9-8681-A83BCEF53462} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {CDEA1DC7-BBC9-431A-84D3-B1C31F9EFD54} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {D710D72C-AD55-46D8-AD48-62B00BBE15F6} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle America, Inc. -> Oracle Corporation)
Task: {DBD27477-6FD2-4F96-8B49-6389F87A2412} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Acer Incorporated -> Acer Incorporated)
Task: {DDDEECD2-3A21-4139-805D-8384987B78E0} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe <==== ATTENTION
Task: {E17EFE0B-1BEF-4B48-8AEC-D585D2AFC206} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {E61EED84-5068-4C15-8BC0-59570FB2888D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E74BC51D-EBA1-4D68-B61E-2899E06711B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1752258818-801759960-1543221255-1001Core1d2585859912e64 => C:\Users\Elvie\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {E769C840-1E00-46D8-9FE7-486446A90251} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
Task: {E90D6A15-C0ED-4401-ADF8-0E94FCD2B63D} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe (Acer Incorporated -> Acer Incorporate)
Task: {EA519962-0487-404E-84C6-00B288085C79} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe () [File not signed]
Task: {EACE0E7C-5B39-4B5B-8F75-F990197D82E2} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {ED8C45B4-348C-4BBE-804B-93D741D64D08} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe (Acer Incorporated -> Acer Incorporated)
Task: {F01120E0-64D2-419E-9CF7-73836F48B638} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe (Acer Incorporated -> Acer Incorporate)
Task: {F3745C42-6733-4588-8856-126414510AAC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F70D9A4C-EE31-4CFC-B16D-369368563BC7} - System32\Tasks\PreziUpdateTaskMachineCore => C:\Program Files (x86)\Prezi\Update\PreziUpdate.exe (Prezi Inc -> Prezi Inc) <==== ATTENTION
Task: {F7630DDD-4821-4E48-B899-55A43E0408DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {FA3ED4C8-0FD3-4573-B689-E7C8E308A927} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {FCC403B2-5C75-4BF3-8A88-534A5A6A0483} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\avg\overseer\overseer.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1752258818-801759960-1543221255-1001Core.job => C:\Users\Elvie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1752258818-801759960-1543221255-1001UA.job => C:\Users\Elvie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Elvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\ARC Welder.lnk -> C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=emfinbmielocnlhgmfkkmkngdoccbadn
ShortcutWithArgument: C:\Users\Elvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Elvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fortnite Installer.lnk -> C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ondcfcoagpaoibhkmppgbbjomhknncbj
ShortcutWithArgument: C:\Users\Elvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Users\Elvie\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Public\Desktop\Dropbox.lnk -> C:\Program Files\Dropbox\StartURL.exe () -> hxxps://www.dropbox.com/partners/acer2014/download

==================== Loaded Modules (Whitelisted) ==============

2013-08-28 06:32 - 2013-08-28 06:32 - 000747520 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2018-01-11 03:00 - 2018-01-11 03:00 - 004161592 _____ (Mirza) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe
2018-03-16 20:39 - 2018-03-16 20:40 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
2018-03-16 20:40 - 2018-03-16 20:45 - 098275328 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-03-16 20:45 - 2018-03-16 20:45 - 003922432 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2018-03-16 20:45 - 2018-03-16 20:45 - 000092672 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2019-02-22 15:15 - 2019-02-22 15:15 - 000880128 _____ (ServiceStack) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ServiceStack.Text\ed0583179c8b9c0efe026bd6781a9450\ServiceStack.Text.ni.dll
2016-12-03 13:40 - 2016-12-03 13:40 - 048920064 _____ () [File not signed] C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2018-06-19 20:21 - 2018-06-19 20:21 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2018-06-19 20:21 - 2018-06-19 20:21 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2001-06-21 16:26 - 2001-06-21 16:26 - 000221184 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
2001-06-21 16:14 - 2001-06-21 16:14 - 000188416 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\itircl54.dll
2008-06-04 09:06 - 2008-06-04 09:06 - 000033792 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\custsat.dll
2011-04-29 19:08 - 2011-04-29 19:08 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2012-09-15 06:08 - 2012-09-15 06:08 - 000015360 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2018-06-19 20:21 - 2018-06-19 20:21 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2016-02-03 14:18 - 2010-12-09 21:27 - 006062080 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\USB Disk Security\BCGCBPRO1500u80.dll
2016-02-03 14:18 - 2010-12-08 15:21 - 000753664 _____ (BCGSoft Co Ltd) [File not signed] C:\Program Files (x86)\USB Disk Security\BCGPStyle2010Blue150.dll
2016-05-20 19:33 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-05-20 19:33 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-05-20 19:33 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
2016-02-03 14:23 - 2012-05-25 04:25 - 000921600 _____ () [File not signed] C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2016-02-03 14:22 - 2012-05-25 04:25 - 000253952 _____ (Yahoo! Inc.) [File not signed] C:\Program Files (x86)\Yahoo!\Messenger\YImage.dll
2016-02-03 14:23 - 2012-05-25 03:57 - 001417216 _____ (Yahoo! Inc.) [File not signed] C:\Program Files (x86)\Yahoo!\Messenger\resources\en-US\res_msgr.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-01 23:36 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-01 23:36 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2016-09-19 11:27 - 2016-09-19 11:27 - 036682240 _____ () [File not signed] C:\Program Files (x86)\AVG\AVG PC TuneUp\libcef.dll
2016-09-19 11:26 - 2016-09-19 11:26 - 009956864 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\AVG\AVG PC TuneUp\icudt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 21:25 - 2019-01-07 18:36 - 000000858 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 platform.wondershare.com

2016-12-20 12:45 - 2018-04-30 11:00 - 000000511 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

46 33 482

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Acer\abFiles\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1752258818-801759960-1543221255-1001\Control Panel\Desktop\\Wallpaper -> c:\users\elvie\pictures\cathrina\trees_green_entrance_stairs_planet_61651_3840x2160.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1752258818-801759960-1543221255-1001\...\StartupApproved\Run: => "Google Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5D8C99E1-3801-467A-99E3-8EDBFD98E57B}] => (Allow) C:\Users\Elvie\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8386C466-6403-4B34-9F34-B697D876B517}] => (Allow) C:\Users\Elvie\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{DBFA4F0D-3DBC-4B66-B818-5E2B2D4B64AB}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{CFB14007-CC95-44E7-9E8C-02F64E05BBBA}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{1A26C215-654F-4345-B660-42F82EAFCF96}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{72E99D43-CEB2-4D8D-990C-2E4F50468D43}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{E8D93D73-6523-4F57-85A7-2EBEEB644CB2}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{DCE6ED67-C468-4CA8-BEA4-8046014A2238}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{774EA6DD-9333-4A25-83ED-CBDC06EB14BF}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{3A229CFF-8FCA-4E79-B65D-559EB9C887F6}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{A2F6E492-4C56-4DCB-80DC-FFC249F7D47D}] => (Block) C:\users\elvie\downloads\max remote\archives\jre\bin\javaw.exe
FirewallRules: [{73860552-81EF-4132-8F50-AF5B8CD98A83}] => (Block) C:\users\elvie\downloads\max remote\archives\jre\bin\javaw.exe
FirewallRules: [UDP Query User{1B20E0E2-FF1E-46A7-9EE7-243460636684}C:\users\elvie\downloads\max remote\archives\jre\bin\javaw.exe] => (Allow) C:\users\elvie\downloads\max remote\archives\jre\bin\javaw.exe
FirewallRules: [TCP Query User{6FF51286-2D54-4D4E-BA5C-B8ECE87F8EC5}C:\users\elvie\downloads\max remote\archives\jre\bin\javaw.exe] => (Allow) C:\users\elvie\downloads\max remote\archives\jre\bin\javaw.exe
FirewallRules: [{44992B8D-0973-410F-BC46-DE943A7D842F}] => (Allow) C:\Users\Elvie\Downloads\LiquidSky.exe No File
FirewallRules: [{6C0FBA8D-C276-4E3F-817F-607D1DAA776F}] => (Allow) C:\Users\Elvie\Downloads\LiquidSky.exe No File
FirewallRules: [{52BB19F6-00F5-4385-B40F-D46BEFD7ADED}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
FirewallRules: [{99797E7B-5FAC-4977-8451-35E21A8CA392}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
FirewallRules: [{9C6D8E2A-9FEE-4018-8DB7-839F78C7CB05}] => (Block) C:\program files\dolphin\dolphin.exe No File
FirewallRules: [{45AD38B7-5DBB-40EE-9244-68A97DEEEF93}] => (Block) C:\program files\dolphin\dolphin.exe No File
FirewallRules: [UDP Query User{E31467F0-0C73-4D30-963E-8800ACB0FD49}C:\program files\dolphin\dolphin.exe] => (Allow) C:\program files\dolphin\dolphin.exe No File
FirewallRules: [TCP Query User{87EC475D-D5A3-4CC4-8D3B-67360CC6D3ED}C:\program files\dolphin\dolphin.exe] => (Allow) C:\program files\dolphin\dolphin.exe No File
FirewallRules: [{6370D41B-8F84-4B83-B911-1735DB0A2EFB}] => (Block) %ProgramFiles% (x86)\Bandicam\bdcam.exe No File
FirewallRules: [{6986BA8B-5AD0-4CB5-B939-563BBA0726F7}] => (Allow) C:\Users\Elvie\Downloads\other stuff\other stuffs\LiquidSkyClient0.2.9.exe (LiquidSky Software, Inc -> )
FirewallRules: [{0C55E419-F851-4CC1-9BDF-A5F4CBA2B892}] => (Allow) C:\Users\Elvie\Downloads\other stuff\other stuffs\LiquidSkyClient0.2.9.exe (LiquidSky Software, Inc -> )
FirewallRules: [{611EE6AF-DABC-4AC3-A7FB-D4DF0A5C910F}] => (Allow) C:\Users\Elvie\Downloads\other stuff\LiquidSkyClient0.2.9.exe No File
FirewallRules: [{265AD328-7B08-48E4-B13D-C02AF771FC49}] => (Allow) C:\Users\Elvie\Downloads\other stuff\LiquidSkyClient0.2.9.exe No File
FirewallRules: [{3FCB548E-9C56-48B2-8D05-982EF38E36FF}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{DD0C8067-C65E-4F48-9882-E33749695FFF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{A01E2259-9D35-42A6-8E12-3968C203B443}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{50523D72-3FB7-4D59-9CA3-DBA0CFDAFB6B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard)
FirewallRules: [{89A2440A-E423-4ED6-95DC-6E3F342C0893}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{33CE724D-EAA9-4680-B919-0635F3A5BDBD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{FF5C0470-EB15-4917-9C75-3DD48396A995}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{E59626C5-07DC-433A-A935-631045479073}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{0E379FA0-B8A3-4595-A417-F2CEBE68EEBC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2A4C1B01-DBB0-43EE-B10D-5E0BDBB45974}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7E6D30AA-9C55-4502-818F-DB9617D23DB3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{94630820-56A5-4BF6-90A8-F130AFE80909}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{79E08AC3-73F5-45C3-9E49-1DFFC93011F1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BA7F5A1A-A540-48D4-A80E-73747D737485}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{0D61D902-1BB1-4581-BA53-95C22A2B6AB4}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{2DEADD64-7827-4024-85ED-A19D5BCD7F7B}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{09ABCE99-F930-48BB-86E3-5318CC17A633}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{BAD855A0-415C-45D8-B269-8E9EE450A404}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{CCDDC31B-3013-4DFC-8B1E-817FFD0F033D}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{9369AD3B-7C96-4B0F-AD43-6A166A7EF632}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{7F684D9C-7E59-43EF-8DBF-A21EF24027A2}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{68AA8691-97A8-45AE-BE8C-92D9967E743E}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{0ABD5981-CF5B-45B9-9877-BB53642DBAD8}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{1E04C9BF-C99A-4949-91F1-1ADCDA1BB66B}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{A1F357DD-6456-4E41-A8E0-232CABFB27C1}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{F815F21F-D1BB-4741-BD9B-A34B3D470B76}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{E96360EE-3F65-46D4-B272-AFAFA70CE163}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{732AF8DF-D692-4B65-BCAC-C712CE3D0720}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{3BB8C933-265C-4794-92BA-3B586383DE19}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{C1A32430-F871-4367-AF99-1B5FAC700209}] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{528E5C3A-3B04-4068-9DCE-B23898F4DB77}] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{8085D433-9A2D-47B1-B289-7A7946538054}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{732D5820-121E-4A2D-B82F-899645F91AB0}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{E0A124DE-E21C-421D-BB07-824A02070B6A}C:\users\elvie\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\elvie\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [TCP Query User{1261C061-6888-4C2A-88E9-6B3347FDE23A}C:\users\elvie\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\elvie\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{08C178AE-94FB-4491-BA0F-D3FC88E38B1C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe No File
FirewallRules: [{DB59961B-AF0B-4A80-BE54-B4638B59F739}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe No File
FirewallRules: [{BE7A2CC7-8C8E-45C6-B0F7-C7A7424105E0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe No File
FirewallRules: [{B70FEDC5-F832-4046-B4A1-F15C81F9B5EB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe No File
FirewallRules: [{855F3D58-B34A-4114-A6C3-532EEC48B1B7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe No File
FirewallRules: [{CE99D393-F2C3-4946-AA8A-46A610020CA6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe No File
FirewallRules: [{8A074829-346A-40AC-8C2D-7D396A575C30}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe No File
FirewallRules: [{5CB9BE3A-F05C-4E85-92D5-CBD5DE4A6C62}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe No File
FirewallRules: [{56D93E13-DB05-4520-80FC-88AEE10D2A02}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{937A451E-F03F-4CA2-9A34-5D85D85491AB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{C04F8427-172D-4099-A920-F71B61C3EC8E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{BB59B8ED-1088-44F6-83F9-3C4DC4ACB8F0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{C8CD0561-0B21-4FC0-9E9F-4EEF06C59E08}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [{D9BB50B5-46AC-4DDB-BA3C-73A312F49DF8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
FirewallRules: [UDP Query User{77F208FD-8DA4-481C-B9CF-B423D8D7D53E}E:\office proplus 2013 vl (x86 and x64) en\microsoft toolkit 2.5 beta 2 {amanpc}\mtkv25b2\microsoft toolkit.exe] => (Allow) E:\office proplus 2013 vl (x86 and x64) en\microsoft toolkit 2.5 beta 2 {amanpc}\mtkv25b2\microsoft toolkit.exe No File
FirewallRules: [TCP Query User{7FCDCF53-82D3-4280-A217-B12C82BCA96E}E:\office proplus 2013 vl (x86 and x64) en\microsoft toolkit 2.5 beta 2 {amanpc}\mtkv25b2\microsoft toolkit.exe] => (Allow) E:\office proplus 2013 vl (x86 and x64) en\microsoft toolkit 2.5 beta 2 {amanpc}\mtkv25b2\microsoft toolkit.exe No File
FirewallRules: [UDP Query User{CFF2D9B4-79C3-44CA-A843-AB3827C50A6C}C:\users\elvie\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\elvie\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{75F3E765-613D-4E23-A786-F87C8B3DD42A}C:\users\elvie\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\elvie\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{072DB1E8-683C-4EE7-A2C2-0D0450B5EF60}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{0FA596A2-09CE-4898-8A84-74F523366D78}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{33B4F25B-EF7E-475D-8608-A133B8D6C012}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F629F836-451F-4777-836D-9FB158A4FE4B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{4CC95E08-D8A6-4945-AD8F-001310C8111C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{20562C77-54F1-43AF-9B45-573938A62B79}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe No File
FirewallRules: [{D189D5A2-88B5-4B98-B12E-5F350857DF4B}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe No File
FirewallRules: [{773C15F2-5C44-48D6-8691-AEF113704635}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe No File
FirewallRules: [{9C9AFD12-6976-4948-8801-80ACF65D633B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe No File
FirewallRules: [{D6C8E176-951B-4E9F-B41D-755181E75E1F}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{64BA3EFD-A91B-4096-BEC5-23B095085A1F}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{7C5C57EB-44B6-4BD1-AD83-3CF6675ECC40}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{9FB004CA-16D4-460F-8472-C905E0655BBD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD85B9AE-2A3D-44D4-8FDD-5C9C8B5246E2}] => (Allow) LPort=2869
FirewallRules: [{8153757B-1292-4467-B29E-87DFBEB61B29}] => (Allow) LPort=1900
FirewallRules: [{BA0A46D5-C062-4E5A-BC3B-ABAE5BD00CC8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EFFCDDB6-5338-4A16-9E91-B315DEE579C4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{36AC370A-854C-4DE9-B885-6821541A70D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{02D72268-31C8-420E-AE8E-CD5B29A60E80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{745FFEBF-FD80-40FC-A34E-43B914B3338D}] => (Allow) LPort=8317
FirewallRules: [{28804149-5C16-4695-A514-BA69C56D4225}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{9271E608-7895-468D-96DB-5739E7DD9774}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{472DB8F7-523C-4CCC-86A8-0F32B23ED12C}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{47C0C832-00F0-48D7-B9D1-B15E650A8229}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{C5E4A848-0EEF-4343-8484-87373BE43767}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{C6C57758-EAA6-4539-A904-BB60CA408BD9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{7CB32FBD-F5CB-462A-AAB8-19F6F5160372}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{3F688339-B34C-4546-B0ED-370C826B63E5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{D07EC269-4812-462E-BDA8-D51D43A0449B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher Demo\SlimeRancher.exe No File
FirewallRules: [{F99EAEAA-0397-481D-8827-BE88538644B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher Demo\SlimeRancher.exe No File
FirewallRules: [{1871C17E-EDF8-45AC-AF57-D797BEE2807C}] => (Allow) C:\Program Files\iTunes\iTunes.exe No File
FirewallRules: [{6F95BCEB-08B7-477C-B97E-BC20E87B0287}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7A9C5261-FB69-4F53-B36E-6F69A520737E}] => (Allow) C:\Users\Elvie\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{C34E4D63-A179-49AE-921F-663A13FFC272}] => (Allow) C:\Users\Elvie\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{B22E1564-B540-49E8-A6DC-21958F33102F}] => (Allow) C:\Users\Elvie\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{97A88599-FA32-40B4-8C96-FB79E279BA79}] => (Allow) C:\Users\Elvie\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{E8FCDEC8-791B-49AE-A374-8071BBCF6F95}] => (Allow) C:\Users\Elvie\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{7E96D300-81A2-41E0-A289-4B11C9C812AF}] => (Allow) C:\Users\Elvie\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [TCP Query User{FC160BE7-1B25-448C-85A4-5AC600C97C66}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{959BF607-7AC9-4295-A4F9-617F1026B346}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0294B608-FA50-4CB2-9889-8A20FEE50455}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{B02F0396-1B36-4B9A-9C5F-44D7312C5904}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [TCP Query User{B031DAF6-591D-402B-9E1A-8173EF7E53AD}C:\users\elvie\desktop\radge\programs\for games\dolphin ishiiruka\dolphin.exe] => (Allow) C:\users\elvie\desktop\radge\programs\for games\dolphin ishiiruka\dolphin.exe () [File not signed]
FirewallRules: [UDP Query User{A7927151-8A52-4509-B177-8A53E1AF6315}C:\users\elvie\desktop\radge\programs\for games\dolphin ishiiruka\dolphin.exe] => (Allow) C:\users\elvie\desktop\radge\programs\for games\dolphin ishiiruka\dolphin.exe () [File not signed]
FirewallRules: [{E99B5A8D-B919-4F1C-ACB9-82808DDFD022}] => (Block) C:\users\elvie\desktop\radge\programs\for games\dolphin ishiiruka\dolphin.exe () [File not signed]
FirewallRules: [{8BB43402-21EA-4C07-B9A9-BE8D98409E25}] => (Block) C:\users\elvie\desktop\radge\programs\for games\dolphin ishiiruka\dolphin.exe () [File not signed]
FirewallRules: [{AEC4EFA4-43F5-41B1-80F0-39C5159D694D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D0AAF1F5-BF46-4778-9A8B-C6F3374211F9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{07F59E6F-96C5-464F-8DD5-4D378021E823}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EE4CF435-967A-4481-956A-07AF18430064}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CD960087-DB08-4F4F-8A33-7EFB09AF245D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{61545EC2-19FC-4A78-9812-9F8536A9ABE7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{710DB44C-7D4D-49B5-A5C4-ECC85E059BF2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B58FF15F-515B-4148-911F-D0F00FEC9985}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{19CF1E5D-FD90-4B0A-BDE8-7AD716C7BB75}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{406BB439-8019-4993-A600-D48146DD33BE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D7ABC60E-5A1F-4D9A-83DE-27E030D6D9CA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F28766A8-F348-4532-BF08-3E8A4CEEBF92}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{05114A27-6457-484C-93C8-0D23695606D1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{11B103D6-834A-450A-8AD7-46CD7D5D00B9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{36766AA4-38C3-40DA-A627-6CD48DC5A32C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F9D9E465-E6E8-4FA3-B425-C88F8E04A72D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0C9D6E54-734D-41AF-8221-99DEC581E639}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4BF9AF9F-84ED-4A5D-8807-37171860C803}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DD9F9A6D-1B8E-46B0-9BB4-622FE90B9CCB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5920B533-A387-4424-8299-F0C6F88C1FFB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{984EE266-0E0C-4A6D-8AED-B56FBF1FF8CB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{517FB30F-1D46-4765-ADAC-202D94BE4B0B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{488DA2D1-9934-47AE-8483-E6E1C1994869}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AEBCD4CE-991B-4DE1-BEA9-81F9CF9828B5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1DC31C1E-962E-484D-82DE-651A5AEBA9DB}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{DC49C1D0-77FF-47D3-B75F-6A456DE4893E}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{2C67180B-331B-43DC-8183-76C747410050}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{C0DAB132-6589-4A2A-A554-1096973F247B}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{4E78F864-D4FB-4D7A-92C7-6EBADD2374DE}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

==================== Restore Points =========================

28-02-2019 20:20:29 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Microsoft Wi-Fi Direct Virtual Adapter #2
Description: Microsoft Wi-Fi Direct Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2019 11:31:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PickerHost.Exe, version: 10.0.17134.1, time stamp: 0x2fa59209
Faulting module name: ntdll.dll, version: 10.0.17134.556, time stamp: 0x74bed8b0
Exception code: 0xc0000374
Fault offset: 0x00000000000f479b
Faulting process id: 0x48c8
Faulting application start time: 0x01d4d043e319c1e1
Faulting application path: C:\Windows\System32\PickerHost.Exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f897d99a-1fcf-4526-a97b-09f0ca4a00cf
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/01/2019 08:38:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PickerHost.Exe, version: 10.0.17134.1, time stamp: 0x2fa59209
Faulting module name: ntdll.dll, version: 10.0.17134.556, time stamp: 0x74bed8b0
Exception code: 0xc0000374
Fault offset: 0x00000000000f479b
Faulting process id: 0x7168
Faulting application start time: 0x01d4d02b9f7210c1
Faulting application path: C:\Windows\System32\PickerHost.Exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 27eb198b-960a-4c3e-88ec-fe53b9a8ab54
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/01/2019 08:38:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PickerHost.Exe, version: 10.0.17134.1, time stamp: 0x2fa59209
Faulting module name: ntdll.dll, version: 10.0.17134.556, time stamp: 0x74bed8b0
Exception code: 0xc0000374
Fault offset: 0x00000000000f479b
Faulting process id: 0x70f8
Faulting application start time: 0x01d4d02b9e75b15e
Faulting application path: C:\Windows\System32\PickerHost.Exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: edb3f034-30e8-43ed-bfae-898833a4e72c
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/01/2019 07:25:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.17134.1, time stamp: 0x5ace103a
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.17134.556, time stamp: 0xd94c4e1e
Exception code: 0xc000027b
Fault offset: 0x00000000006a6082
Faulting process id: 0x57e8
Faulting application start time: 0x01d4d020ecd98b08
Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: a2dbee1c-49ba-40f5-977c-62a75f4d9a6b
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (03/01/2019 07:22:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.17134.590 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1b30

Start Time: 01d4d020d151bde9

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Report Id: 9e0f1460-e024-4620-a514-11d4443369a6

Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Error: (03/01/2019 06:22:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PickerHost.Exe, version: 10.0.17134.1, time stamp: 0x2fa59209
Faulting module name: ntdll.dll, version: 10.0.17134.556, time stamp: 0x74bed8b0
Exception code: 0xc0000374
Fault offset: 0x00000000000f479b
Faulting process id: 0x4714
Faulting application start time: 0x01d4cfb40bd6fdbf
Faulting application path: C:\Windows\System32\PickerHost.Exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: b88cf126-5d4a-4f76-ae25-c3f4d0e9cf28
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/01/2019 06:22:00 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/28/2019 09:27:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PickerHost.Exe, version: 10.0.17134.1, time stamp: 0x2fa59209
Faulting module name: ntdll.dll, version: 10.0.17134.556, time stamp: 0x74bed8b0
Exception code: 0xc0000374
Fault offset: 0x00000000000f479b
Faulting process id: 0x2a84
Faulting application start time: 0x01d4cf695093c85c
Faulting application path: C:\Windows\System32\PickerHost.Exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 8a1a7286-aa4b-4566-b715-352f857b8c3d
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (03/01/2019 11:56:25 PM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user acer\Elvie SID (S-1-5-21-1752258818-801759960-1543221255-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/01/2019 11:24:27 PM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user acer\Elvie SID (S-1-5-21-1752258818-801759960-1543221255-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/01/2019 11:20:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/01/2019 11:14:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/01/2019 11:06:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (03/01/2019 11:04:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (03/01/2019 11:01:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (03/01/2019 11:01:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.


Windows Defender:
===================================
Date: 2019-03-01 23:39:27.798
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {50D05E61-0F70-4CFC-A171-9F1BA3920EEC}
Scan Type: Antimalware
Scan Parameters: Custom Scan

Date: 2019-03-01 23:11:03.001
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BF9630A8-1DD2-4B39-B70C-D5868E0A3128}
Scan Type: Antimalware
Scan Parameters: Custom Scan

Date: 2019-03-01 22:05:47.686
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BFBCE106-2064-4C2D-B87D-016E78542563}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-03-01 19:27:10.079
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Worm:JS/Bondat.A!lnk&threatid=2147690142&enterprise=0
Name: Worm:JS/Bondat.A!lnk
ID: 2147690142
Severity: Severe
Category: Worm
Path: file:_C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk->[CMDEmbedded]
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SearchProtocolHost.exe
Signature Version: AV: 1.289.106.0, AS: 1.289.106.0, NIS: 1.289.106.0
Engine Version: AM: 1.1.15700.9, NIS: 1.1.15700.9

Date: 2019-03-01 19:23:34.710
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Worm:JS/Bondat.A!lnk&threatid=2147690142&enterprise=0
Name: Worm:JS/Bondat.A!lnk
ID: 2147690142
Severity: Severe
Category: Worm
Path: file:_C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk->[CMDEmbedded]
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SearchProtocolHost.exe
Signature Version: AV: 1.289.106.0, AS: 1.289.106.0, NIS: 1.289.106.0
Engine Version: AM: 1.1.15700.9, NIS: 1.1.15700.9

Date: 2019-03-01 22:55:01.899
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2019-02-28 19:17:30.792
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.289.103.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15700.9
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2019-02-27 17:01:11.100
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.287.797.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15700.8
Error code: 0x80240022
Error description: The program can't check for definition updates. 

Date: 2019-02-27 17:01:11.100
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.287.797.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15700.8
Error code: 0x80240022
Error description: The program can't check for definition updates. 

Date: 2019-02-26 15:06:41.574
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.287.668.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15700.8
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===================================

Date: 2019-03-01 23:47:12.690
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-03-01 23:47:12.587
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-03-01 23:47:11.866
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-03-01 23:47:09.204
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-03-01 23:47:09.083
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-03-01 23:47:08.789
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2018-12-09 11:21:03.974
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-09 11:21:03.888
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 86%
Total physical RAM: 4019.27 MB
Available physical RAM: 552.8 MB
Total Virtual: 6835.27 MB
Available Virtual: 2326.66 MB

==================== Drives ================================

Drive 😄 (Acer) (Fixed) (Total:223.54 GB) (Free:29.55 GB) NTFS
Drive f: (Movies) (Fixed) (Total:223.27 GB) (Free:33.84 GB) NTFS

\\?\Volume{2ca6fe69-4b2f-43c9-a35c-acca28924d88}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.28 GB) NTFS
\\?\Volume{f5934fb2-3ca2-405c-9bd8-d0d9a914d314}\ () (Fixed) (Total:0.83 GB) (Free:0.45 GB) NTFS
\\?\Volume{7eba37e6-c164-4595-a723-894c9391d8fc}\ (Push Button Reset) (Fixed) (Total:17.11 GB) (Free:1.27 GB) NTFS
\\?\Volume{a296aeb4-d486-4994-a55e-0f5ca6713414}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: FC628B00)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Root Admin

Please uninstall Java from Control Panel, Programs, Add/Remove as you have an old compromised version installed.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

Ron

 

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.