Solved Have a virus/malware and can't download things

[windowman]

I do have ESET NOD32 & Malware bytes on my PC and it did take alot of things off of it.
But I still can't download and still takes a while to get to web pages.

I did download (FRST) and tried to post the scan results but it would not let me.
What do I need to do so I can?

Thanks

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

Please attach FRST logs.

 

[windowman]

I can't post the file for some reason, this is what is says.

Should I attach the text file to this post?


Please correct the following errors:

• Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator.
• Please enter a message with no more than 50000 characters.

 

[windowman]

It says its spam like, not sure how to get around that.

 

[Broni]

As I said, attach both logs.

 

[windowman]

OK see attached logs.

 

[Broni]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by Michael (administrator) on MICHAEL-PC (09-01-2018 16:02:52)
Running from C:\Users\Michael\AppData\Local\Temp
Loaded Profiles: Michael (Available Profiles: Michael)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\vdaiwetsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
() C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
() C:\Windows\System32\PnkBstrA.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Users\Michael\AppData\Local\cgntzrw\cgntzrw.exe
() C:\Users\Michael\AppData\Local\nieurpt\vscptgh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Michael\AppData\Local\cgntzrw\pwrvdzc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Electronic Arts, Inc.) C:\Program Files (x86)\Common Files\EAInstaller\Peggle\Cleanup.exe
(Farbar) C:\Users\Michael\AppData\Local\Temp\62BA.tmp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2013-12-30] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-09-14] (Acronis)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-01] (Logitech Inc.)
HKLM\...\Run: [quake3] => C;\Quake3\startserver.bat
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [medias] => "C:\Program Files (x86)\Mec\trays.exe"
HKLM\...\Run: [mediaskarsten] => "C:\Program Files (x86)\predesignated\worse.exe"
HKLM\...\Run: [mediasmedias] => "C:\Program Files (x86)\Anarchists\trays.exe"
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-09] (AVAST Software)
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1202216 2011-04-06] ()
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2595480 2007-09-14] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [905056 2007-09-14] (Acronis)
HKLM-x32\...\Run: [Appandora device service] => C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe [736768 2014-05-19] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [FonePaw iPhone Data RecoveryAppService] => C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe [81512 2016-05-30] ()
HKLM-x32\...\Run: [aleck] => "C:\Program Files (x86)\Mec\trays.exe"
HKLM-x32\...\Run: [aleckdiscusses] => "C:\Program Files (x86)\predesignated\worse.exe"
HKLM-x32\...\Run: [aleckaleck] => "C:\Program Files (x86)\Anarchists\trays.exe"
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [Google Update] => C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-15] (Google Inc.)
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [discusses] => "C:\Program Files (x86)\Mec\trays.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [discussesaleck] => "C:\Program Files (x86)\predesignated\worse.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [discussesdiscusses] => "C:\Program Files (x86)\Anarchists\trays.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [karsten] => "C:\Program Files (x86)\Mec\trays.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [karstenmedias] => "C:\Program Files (x86)\predesignated\worse.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [karstenkarsten] => "C:\Program Files (x86)\Anarchists\trays.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [entrails] => "C:\Program Files (x86)\inoperative\entrails.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [width] => "C:\Program Files (x86)\Mec\trays.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.76.152.1 208.76.152.9 76.14.0.8
Tcpip\..\Interfaces\{A3EDE4B2-F09D-4B27-B12A-0C2DD81D7311}: [DhcpNameServer] 208.76.152.1 208.76.152.9 76.14.0.8

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-867915027-2464976829-1762966156-1000 -> DefaultScope {9104B9F1-CD1F-4B72-B5B7-EF4DDF432144} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-867915027-2464976829-1762966156-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-867915027-2464976829-1762966156-1000 -> {9104B9F1-CD1F-4B72-B5B7-EF4DDF432144} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-14] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-01-09] (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-10-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-14] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-01-09] (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-10-19] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-02-02] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-11-14] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Michael\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Michael\AppData\Roaming\IDM\idmmzcc5 [2018-01-09] [Legacy] [not signed]
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-867915027-2464976829-1762966156-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-867915027-2464976829-1762966156-1000: @talk.google.com/O1DPlugin -> C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-867915027-2464976829-1762966156-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-867915027-2464976829-1762966156-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default [2018-01-09]
CHR Extension: (Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Downloads) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2015-09-27]
CHR Extension: (Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Facebook HD Video Downloader) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aojppbnmiahgnpbceadajdiplffpmohl [2016-11-05]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Honey) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-12-22]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-10-31]
CHR Extension: (Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Google Voice (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-02-19]
CHR Extension: (Zoho CRM) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-04-29]
CHR Extension: (Video Downloader [FVD]) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-05-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Unlimited Phone Lookups) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nalnlngcaoochiekdicepcpkakacpaai [2014-11-20]
CHR Extension: (F.B. Purity For Facebook) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-07-14]
CHR Extension: (Google Hangouts) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-02]
CHR Extension: (IDM Integration Module) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Warez-BB Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfeeplagpidgdgceaicggccompdgcon [2016-12-22]
CHR Extension: (Social Profile view notification) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pegkceflonohbcefcbflfpficfkmpeod [2017-08-31]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-02]
CHR HKU\S-1-5-21-867915027-2464976829-1762966156-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-02]

 

[Broni]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\mtgbr <==== ATTENTION (Rootkit!)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-12-30] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-12-30] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-12-30] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2013-12-30] (ASUSTeK Computer Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-09] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2015-07-11] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2010-09-01] (Apache Software Foundation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2016-12-31] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2016-12-31] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-07-09] ()
S4 quake3; C:\Program Files\FireDaemon\FireDaemon.exe [98640 2013-10-07] (FireDaemon Technologies Limited)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
S4 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [492600 2007-09-14] ()
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [493792 2017-10-24] (Wondershare)
S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
S2 apexpsvc; "C:\Users\Michael\AppData\Local\vkxcs\apexpsvc.exe" /svc [X]
S2 backlh; C:\ProgramData\Logic Cramble\set.exe [X] <==== ATTENTION
S2 FlashruptService64; C:\Program Files (x86)\Flashrupt\FlashruptService64.exe [X]
S2 tiser; "C:\ProgramData\tiser\run.exe" [X]
S3 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\DrFone for iOS\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-12-30] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-12-30] ()
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-09] (AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-09] (AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-09] (AVAST Software)
S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-09] (AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-09] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-09] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146664 2018-01-09] (AVAST Software)
S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-09] (AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457400 2018-01-09] (AVAST Software)
S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-09] (AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-09] (AVAST Software)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-02-24] ()
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0025.sys [28768 2014-07-13] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 aehknr; system32\drivers\hknrux.sys [X]
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
U3 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 netfilter64; system32\drivers\netfilter64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-09 14:47 - 2018-01-09 14:47 - 000016408 _____ C:\Users\Michael\Downloads\download
2018-01-09 14:22 - 2018-01-09 14:22 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-09 14:21 - 2018-01-09 14:21 - 000000000 ___HD C:\OneDriveTemp
2018-01-09 14:20 - 2018-01-09 14:20 - 000142672 ____N C:\Windows\system32\Drivers\cgiwadgj.sys
2018-01-09 13:57 - 2018-01-09 13:57 - 005513832 _____ (COMODO) C:\Users\Michael\Downloads\cispremium_installer.exe
2018-01-09 13:53 - 2018-01-09 13:53 - 000000000 ____D C:\Users\Michael\AppData\Roaming\AVAST Software
2018-01-09 13:52 - 2018-01-09 13:53 - 000002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-01-09 13:52 - 2018-01-09 13:52 - 015065792 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\mseinstall64.exe
2018-01-09 13:52 - 2018-01-09 13:52 - 001142072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 001001272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-01-09 13:52 - 2018-01-09 13:52 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000000342 ____H C:\Windows\Tasks\Avast Emergency Update.job
2018-01-09 13:52 - 2018-01-09 13:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-01-09 13:52 - 2018-01-09 13:52 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-09 13:52 - 2018-01-09 13:52 - 000000000 ____D C:\Program Files\AVAST Software
2018-01-09 13:51 - 2018-01-09 14:35 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-09 13:51 - 2018-01-09 13:51 - 006334848 _____ (AVAST Software) C:\Users\Michael\Downloads\avast_free_antivirus_setup.exe
2018-01-09 13:51 - 2018-01-09 13:51 - 000000039 _____ C:\Users\Michael\Downloads\Stats.ini
2018-01-09 13:34 - 2018-01-09 13:58 - 000165712 _____ C:\Windows\ntbtlog.txt
2018-01-09 08:16 - 2018-01-09 15:38 - 000058192 _____ C:\Users\Michael\Desktop\FRST.txt
2018-01-09 08:15 - 2018-01-09 15:38 - 000109267 _____ C:\Users\Michael\Desktop\Addition.txt
2018-01-09 08:02 - 2018-01-09 16:02 - 000000000 ____D C:\FRST
2018-01-09 08:01 - 2018-01-09 08:01 - 006336512 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2018-01-09 07:43 - 2018-01-09 07:43 - 000316639 _____ C:\Users\Michael\Downloads\Unconfirmed 534501.crdownload
2018-01-09 06:49 - 2018-01-09 06:49 - 005660870 _____ (Swearware) C:\Users\Michael\Downloads\mycombo.exe
2018-01-09 06:46 - 2018-01-09 06:46 - 000881904 _____ (Plumbytes Software) C:\Users\Michael\Downloads\mywaresetup.exe
2018-01-09 06:29 - 2018-01-09 06:29 - 011201632 _____ (Piriform Ltd) C:\Users\Michael\Downloads\ccsetup538.exe
2018-01-09 06:21 - 2018-01-09 06:21 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-09 06:21 - 2018-01-09 06:21 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-08 17:01 - 2018-01-09 08:14 - 000000949 _____ C:\Users\Michael\Desktop\Logitech Gaming Software 8.70.lnk
2018-01-08 12:15 - 2018-01-08 12:15 - 000000202 _____ C:\Users\Michael\Documents\ibackupbot5.5.3 crack.txt
2018-01-08 10:28 - 2018-01-09 15:38 - 000000000 ____D C:\Users\Michael\AppData\Local\lskevxu
2018-01-08 10:18 - 2018-01-08 10:18 - 000000000 ____D C:\Program Files\Bonjour
2018-01-08 10:18 - 2018-01-08 10:18 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-01-08 10:15 - 2018-01-09 16:02 - 000000000 ____D C:\Users\Michael\AppData\Local\cgntzrw
2018-01-08 10:15 - 2018-01-08 10:28 - 000000000 ____D C:\Users\Michael\AppData\Local\nieurpt
2018-01-08 10:13 - 2018-01-09 14:21 - 002888192 _____ (TOSHIBA CORPORATION) C:\Windows\system32\vdaiwetsvc.exe
2018-01-08 10:06 - 2018-01-08 10:12 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2018-01-08 10:06 - 2018-01-08 10:06 - 001895381 _____ C:\Users\Michael\AppData\Local\Spanstrong.bin
2018-01-08 10:06 - 2018-01-08 10:06 - 000140800 _____ C:\Users\Michael\AppData\Local\installer.dat
2018-01-08 10:06 - 2018-01-08 10:06 - 000000000 ____D C:\Users\Michael\AppData\Local\AdvinstAnalytics
2018-01-08 10:06 - 2018-01-08 10:06 - 000000000 ____D C:\Program Files (x86)\Microleaves
2018-01-08 10:05 - 2018-01-08 10:10 - 000000000 ____D C:\Users\Michael\AppData\Roaming\AGData
2018-01-08 10:05 - 2018-01-08 10:10 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget
2018-01-08 10:04 - 2018-01-08 10:53 - 000000000 ____D C:\Program Files (x86)\predesignated
2018-01-08 10:04 - 2018-01-08 10:52 - 000000000 ____D C:\Program Files (x86)\Mec
2018-01-08 10:04 - 2018-01-08 10:27 - 000000000 ___HD C:\Program Files (x86)\inoperative
2018-01-08 10:04 - 2018-01-08 10:16 - 000000000 ___HD C:\Program Files (x86)\Anarchists
2018-01-08 10:04 - 2018-01-08 10:04 - 000000020 _____ C:\Windows\b22880632
2018-01-08 10:04 - 2018-01-08 10:04 - 000000000 ____D C:\Windows\SysWOW64\scikleg
2018-01-08 10:04 - 2018-01-08 10:04 - 000000000 ____D C:\Windows\system32\scikleg
2018-01-08 10:04 - 2018-01-08 10:04 - 000000000 ____D C:\Users\Michael\AppData\Roaming\et
2018-01-08 10:04 - 2018-01-08 10:04 - 000000000 ____D C:\Program Files (x86)\airliners
2018-01-08 10:03 - 2018-01-08 10:27 - 000000000 ____D C:\Users\Michael\AppData\Local\AdService
2018-01-08 10:03 - 2018-01-08 10:11 - 000000000 ____D C:\Program Files\Flashrupt
2018-01-08 09:35 - 2018-01-08 09:35 - 000000000 ____D C:\Users\Michael\Documents\New folder
2018-01-05 22:54 - 2018-01-05 23:03 - 792149316 _____ C:\Users\Michael\Downloads\The.Departed.2006.mp4
2018-01-04 09:16 - 2018-01-04 09:16 - 006147299 _____ C:\Users\Michael\Downloads\PrinterProDesktopSetup-1_3_5.exe
2018-01-03 17:26 - 2018-01-03 17:26 - 000291646 _____ C:\Users\Michael\Downloads\V2 - Leslie - Uncensored.epub
2018-01-01 21:46 - 2018-01-01 21:46 - 000014391 _____ C:\Users\Michael\Downloads\MEASURE FEE template (1).xlsx
2017-12-29 06:34 - 2018-01-09 06:51 - 000000000 ____D C:\Windows\Minidump
2017-12-28 18:35 - 2017-12-28 18:41 - 000000000 ____D C:\Users\Michael\Desktop\pics everythng worth savimg
2017-12-27 19:12 - 2017-12-27 19:12 - 001299209 _____ C:\Users\Michael\Downloads\krctf01.pk3
2017-12-27 19:02 - 2017-12-27 19:02 - 000000000 ____D C:\Users\Michael\Downloads\rnr_maps
2017-12-27 19:01 - 2017-12-27 19:01 - 003342577 _____ C:\Users\Michael\Downloads\rtctf5.pk3
2017-12-27 19:00 - 2017-12-27 19:00 - 009127505 _____ C:\Users\Michael\Downloads\rnr_maps.zip
2017-12-26 09:05 - 2017-12-26 09:05 - 011123856 _____ C:\Users\Michael\Downloads\iTools4_Setup_4225.exe
2017-12-26 08:57 - 2017-12-26 08:57 - 015975664 _____ C:\Users\Michael\Downloads\iToolsProSetup_EN_3-3-0-6.exe
2017-12-24 18:02 - 2017-12-24 18:02 - 000000000 ____D C:\Users\Michael\Downloads\return.of.the.magnificent.seven.1966.720p.brrip.x264-x0r..mkv
2017-12-24 17:51 - 2017-12-24 17:59 - 713173479 _____ C:\Users\Michael\Downloads\return.of.the.magnificent.seven.1966.720p.brrip.x264-x0r..mkv.part2.rar
2017-12-24 16:41 - 2017-12-24 16:41 - 000000000 ____D C:\Users\Michael\Downloads\Best-Movies.info_-_The.Magnificent.Seven.1960
2017-12-24 16:39 - 2017-12-24 16:40 - 000000000 ____D C:\Users\Michael\Downloads\there.is.something.about.mary.1998.directors.cut.720p.bluray.h264.aac-rarbg_.mp4
2017-12-24 16:36 - 2017-12-24 16:49 - 1047527424 _____ C:\Users\Michael\Downloads\return.of.the.magnificent.seven.1966.720p.brrip.x264-x0r..mkv.part1.rar
2017-12-24 16:09 - 2017-12-24 16:20 - 968053120 _____ C:\Users\Michael\Downloads\Best-Movies.info_-_The.Magnificent.Seven.1960.rar
2017-12-23 17:52 - 2017-12-23 18:04 - 944495479 _____ C:\Users\Michael\Downloads\best-movies.info_I.Am.Sam.2001.720p.Bluray.x264.YIFY.mp4
2017-12-22 13:30 - 2017-12-22 13:30 - 000018870 _____ C:\Users\Michael\Downloads\REMITTANCE ADVICE 12-20-17.PDF
2017-12-22 13:01 - 2017-12-22 13:01 - 000000000 ____D C:\Users\Michael\Documents\DD
2017-12-21 09:34 - 2017-12-21 09:34 - 003776762 _____ C:\Users\Michael\Downloads\Letter re documents.pdf
2017-12-19 08:16 - 2017-12-19 08:16 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-12-19 08:16 - 2017-12-19 08:16 - 000002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-12-18 07:52 - 2017-12-18 07:52 - 000024549 _____ C:\Users\Michael\Documents\Ric-Walter Quote.pdf
2017-12-15 12:48 - 2017-12-15 12:48 - 000000000 ____D C:\Users\Michael\Documents\Custom Office Templates
2017-12-15 09:06 - 2017-12-15 09:06 - 000000000 ___RD C:\Users\Michael\Documents\Scanned Documents
2017-12-15 09:06 - 2017-12-15 09:06 - 000000000 ____D C:\Users\Michael\Documents\Fax
2017-12-14 15:05 - 2017-12-14 15:05 - 000001499 _____ C:\Users\Public\Desktop\FonePaw iPhone Data Recovery.lnk
2017-12-14 15:05 - 2017-12-14 15:05 - 000000000 ____D C:\Users\Michael\AppData\Local\FonePaw
2017-12-14 15:05 - 2017-12-14 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FonePaw
2017-12-14 15:05 - 2017-12-14 15:05 - 000000000 ____D C:\ProgramData\FonePaw
2017-12-14 15:05 - 2017-12-14 15:05 - 000000000 ____D C:\Program Files (x86)\FonePaw
2017-12-14 15:04 - 2017-12-14 15:04 - 000000000 ____D C:\Users\Michael\Downloads\FonePaw iPhone Data Recovery 2.9.0 + _ [4realtorrentz]
2017-12-14 15:03 - 2017-12-14 15:03 - 026137731 _____ C:\Users\Michael\Downloads\FonePaw iPhone Data Recovery 2.9.0 + _ [4realtorrentz].zip
2017-12-14 12:28 - 2017-12-14 12:28 - 000014790 _____ C:\Users\Michael\Downloads\REMITTANCE ADVICE 12-14-17.PDF
2017-12-14 12:26 - 2017-12-14 12:26 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-12-14 12:26 - 2017-12-14 12:26 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2017-12-14 12:26 - 2017-12-14 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-14 12:26 - 2017-12-14 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-12-14 12:26 - 2017-12-14 12:26 - 000000000 ____D C:\Program Files\iPod
2017-12-14 12:26 - 2017-12-14 12:26 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-12-14 12:25 - 2017-12-14 12:26 - 000000000 ____D C:\Program Files\iTunes
2017-12-14 09:03 - 2017-12-14 09:03 - 011586106 _____ C:\Users\Michael\Downloads\GARY DENTON INCOME AND EXPENSE DECLARATION 10.13.17.pdf
2017-12-14 08:52 - 2017-12-14 08:52 - 000766809 _____ C:\Users\Michael\Downloads\Docs to sign.pdf
2017-12-12 09:52 - 2017-12-12 09:52 - 000047104 ___SH C:\Users\Michael\Documents\Thumbs.db
2017-12-12 09:46 - 2018-01-05 11:21 - 000000000 ____D C:\Users\Michael\Documents\quinn
2017-12-11 12:35 - 2017-12-11 12:35 - 000396917 _____ C:\Users\Michael\Downloads\9.27.17 Taulia FAQ's.pdf
2017-12-11 06:43 - 2017-12-11 06:43 - 000273534 _____ C:\Users\Michael\Downloads\12-11-2017.pdf
2017-12-11 06:41 - 2017-12-11 06:41 - 000228490 _____ C:\Users\Michael\Downloads\michael miller 2017 license (1).pdf
2017-12-10 16:57 - 2017-12-10 16:57 - 000000000 ____D C:\Users\Michael\Documents\Qtracker
2017-12-10 15:08 - 2017-12-10 15:08 - 061035400 _____ (Wondershare ) C:\Users\Michael\Downloads\iphone-data-recovery.exe
2017-12-10 15:06 - 2017-12-10 15:06 - 026951000 _____ (EaseUS ) C:\Users\Michael\Downloads\ems_trial.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-09 16:03 - 2014-01-23 19:39 - 000000112 _____ C:\Windows\seqlog
2018-01-09 16:03 - 2013-12-30 11:04 - 000000512 _____ C:\Windows\SysWOW64\za_mv_raid.ev
2018-01-09 16:02 - 2013-12-30 21:24 - 000000000 ____D C:\Program Files (x86)\Origin Games
2018-01-09 16:02 - 2009-07-13 21:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-01-09 16:02 - 2009-07-13 18:34 - 025165824 _____ C:\Windows\system32\config\HARDWARE
2018-01-09 16:01 - 2013-12-30 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2018-01-09 15:59 - 2015-05-17 12:46 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090e29779bdd3.job
2018-01-09 15:57 - 2015-09-18 17:49 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d0f27d7dc6c20a.job
2018-01-09 15:56 - 2015-08-29 10:54 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e28c2b7967a7.job
2018-01-09 15:54 - 2015-05-17 12:48 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d090e2e09fe8e6.job
2018-01-09 15:53 - 2016-05-10 18:48 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d1ab2f929d037d.job
2018-01-09 15:53 - 2016-02-02 18:48 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d15e2d6b9cf42f.job
2018-01-09 15:53 - 2016-02-01 19:46 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15d6c3e71d6cf.job
2018-01-09 15:53 - 2016-01-18 23:11 - 000000322 _____ C:\Windows\Tasks\iToolsDaemon.job
2018-01-09 15:53 - 2015-12-04 18:52 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d12f088e04861.job
2018-01-09 15:53 - 2014-11-15 16:43 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d0013645fcba2c.job
2018-01-09 15:53 - 2014-11-14 18:40 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0007d85a5a2d4.job
2018-01-09 15:52 - 2015-09-18 17:51 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f27dac44aa79.job
2018-01-09 15:51 - 2016-05-10 18:48 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab2f88c90026.job
2018-01-09 15:51 - 2015-12-03 18:47 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e3e22c3f968.job
2018-01-09 15:51 - 2015-02-06 19:48 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04288f94bd0cc.job
2018-01-09 15:48 - 2014-06-25 17:30 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1cf90de3cdb7cf5.job
2018-01-09 15:45 - 2014-06-18 18:28 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b66313c3313.job
2018-01-09 15:19 - 2011-02-23 23:21 - 000209920 _____ C:\Windows\SysWOW64\freqdb.db
2018-01-09 15:06 - 2009-07-13 20:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-09 15:06 - 2009-07-13 20:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-09 14:28 - 2009-07-13 21:13 - 000805514 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-09 14:28 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-01-09 14:21 - 2016-05-10 18:48 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab2f88acec3d.job
2018-01-09 14:21 - 2016-02-27 15:40 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-09 14:21 - 2016-02-01 19:46 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d6c3e55e9f6.job
2018-01-09 14:21 - 2015-12-03 18:47 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e3e22a9ca45.job
2018-01-09 14:21 - 2015-09-23 17:37 - 000000000 ___RD C:\Users\Michael\OneDrive
2018-01-09 14:21 - 2015-09-18 17:51 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f27dac2a7b56.job
2018-01-09 14:21 - 2015-07-15 18:47 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf71c1e2b706.job
2018-01-09 14:21 - 2015-02-06 19:48 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04288f933b492.job
2018-01-09 14:21 - 2014-06-19 19:51 - 000000000 ___RD C:\Users\Michael\Google Drive
2018-01-09 14:21 - 2014-02-15 21:08 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2018-01-09 14:21 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-09 14:20 - 2016-09-05 12:12 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-01-09 14:19 - 2014-03-10 18:55 - 000000000 ____D C:\Users\Michael\AppData\Roaming\DMCache
2018-01-09 13:33 - 2015-08-30 19:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-09 13:14 - 2016-05-03 15:38 - 000000000 ____D C:\Users\Michael\Documents\HomeDepot
2018-01-09 10:08 - 2014-02-14 21:07 - 000000000 ____D C:\Program Files (x86)\Splashtop
2018-01-09 10:08 - 2013-12-30 10:43 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-09 08:14 - 2017-11-13 10:45 - 000001151 _____ C:\Users\Public\Desktop\iBackupBot for iPad iPhone.lnk
2018-01-09 08:14 - 2015-09-16 22:15 - 000000878 _____ C:\Users\Michael\Desktop\MWM Billing - Shortcut.lnk
2018-01-09 06:52 - 2015-04-11 15:29 - 000000000 ____D C:\Users\Michael\AppData\Roaming\IDM
2018-01-09 06:52 - 2013-12-30 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\TS3Client
2018-01-09 06:51 - 2015-07-09 16:49 - 000000000 ___DC C:\Users\Michael\AppData\Local\MigWiz
2018-01-09 06:51 - 2013-12-30 10:22 - 000000000 ____D C:\Windows\Panther
2018-01-09 06:21 - 2015-08-30 19:43 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-01-08 19:53 - 2016-02-02 18:48 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d15e2d6b7d0fa7.job
2018-01-08 19:53 - 2015-05-17 12:48 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d090e2e07c3442.job
2018-01-08 19:53 - 2014-11-15 16:43 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0013645e476e1.job
2018-01-08 18:57 - 2015-09-18 17:49 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0f27d7da30d66.job
2018-01-08 18:53 - 2015-12-04 18:52 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d12f088bfeea8.job
2018-01-08 16:53 - 2016-05-10 18:48 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d1ab2f92866de8.job
2018-01-08 16:48 - 2014-03-10 19:11 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core.job
2018-01-08 12:02 - 2016-12-18 19:47 - 000000308 _____ C:\Users\Michael\AppData\Roaming\com.mobilesyncbrowser.msb6
2018-01-08 11:57 - 2013-12-31 17:43 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2018-01-08 10:35 - 2017-06-28 20:36 - 000000000 ____D C:\Program Files (x86)\Printer Pro Desktop
2018-01-08 10:09 - 2013-12-30 17:02 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-08 10:06 - 2015-12-16 19:49 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla
2017-12-28 08:16 - 2016-01-18 23:11 - 000003304 _____ C:\Windows\System32\Tasks\iToolsDaemon
2017-12-26 09:17 - 2017-10-10 21:51 - 000000000 ____D C:\Program Files (x86)\ThinkSky
2017-12-26 09:07 - 2014-03-23 19:31 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-12-26 09:06 - 2016-01-18 23:11 - 000000000 ____D C:\ProgramData\ThinkSky
2017-12-19 08:16 - 2014-12-26 17:12 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-19 08:16 - 2014-02-17 22:02 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-12-18 15:39 - 2014-03-23 19:32 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Apple Computer
2017-12-17 19:49 - 2014-02-15 21:06 - 000000000 ____D C:\Users\Michael\AppData\Local\ElevatedDiagnostics
2017-12-14 18:07 - 2016-01-29 22:33 - 000002172 _____ C:\Users\Michael\Desktop\Discord.lnk
2017-12-14 18:07 - 2016-01-29 22:33 - 000000000 ____D C:\Users\Michael\AppData\Roaming\discord
2017-12-14 18:07 - 2016-01-29 22:33 - 000000000 ____D C:\Users\Michael\AppData\Local\Discord
2017-12-14 15:53 - 2014-03-23 19:32 - 000000000 ____D C:\Users\Michael\AppData\Local\Apple Computer
2017-12-14 14:50 - 2017-12-05 08:03 - 000000000 ____D C:\Users\Michael\AppData\Roaming\iMazing
2017-12-14 12:26 - 2014-03-23 19:31 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-12-13 08:56 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-10 15:20 - 2016-12-18 19:51 - 000000000 ____D C:\ProgramData\Wondershare
2017-12-10 15:20 - 2016-12-18 19:51 - 000000000 ____D C:\Program Files (x86)\Wondershare
2017-12-10 15:17 - 2014-12-29 21:44 - 000000000 ____D C:\Users\Michael\Downloads\Motorcycle
2017-12-10 15:13 - 2017-07-25 17:39 - 060129644 _____ C:\Users\Michael\Downloads\Tax_Return_Copies.zip

==================== Files in the root of some directories =======

2016-12-18 19:47 - 2018-01-08 12:02 - 000000308 _____ () C:\Users\Michael\AppData\Roaming\com.mobilesyncbrowser.msb6
2014-02-01 23:10 - 2014-02-09 21:48 - 001617996 _____ () C:\Users\Michael\AppData\Local\ASbs.ac
2016-07-02 21:14 - 2016-07-02 21:14 - 000003584 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-01-08 10:06 - 2018-01-08 10:06 - 000140800 _____ () C:\Users\Michael\AppData\Local\installer.dat
2014-01-12 21:31 - 2016-10-12 21:02 - 000007598 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 000000051 _____ () C:\Users\Michael\AppData\Local\setup.txt
2018-01-08 10:06 - 2018-01-08 10:06 - 001895381 _____ () C:\Users\Michael\AppData\Local\Spanstrong.bin

Some files in TEMP:
====================
2018-01-09 16:02 - 2018-01-09 16:02 - 002393088 _____ (Farbar) C:\Users\Michael\AppData\Local\Temp\62BA.tmp.exe
2018-01-09 08:02 - 2018-01-09 08:02 - 002393088 _____ (Farbar) C:\Users\Michael\AppData\Local\Temp\9E33.tmp.exe
2018-01-09 15:34 - 2018-01-09 15:34 - 002393088 _____ (Farbar) C:\Users\Michael\AppData\Local\Temp\B50D.tmp.exe
2018-01-09 08:46 - 2018-01-09 08:46 - 002393088 _____ (Farbar) C:\Users\Michael\AppData\Local\Temp\E63.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-20 19:24] - [2013-12-30 16:24] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-20 19:24] - [2013-12-30 16:24] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\cgiwadgj.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2018-01-08 08:51

==================== End of FRST.txt ============================

 

[Broni]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Michael (09-01-2018 16:03:17)
Running from C:\Users\Michael\AppData\Local\Temp
Windows 7 Ultimate Service Pack 1 (X64) (2013-12-30 18:28:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-867915027-2464976829-1762966156-500 - Administrator - Disabled)
Guest (S-1-5-21-867915027-2464976829-1762966156-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-867915027-2464976829-1762966156-1002 - Limited - Enabled)
Michael (S-1-5-21-867915027-2464976829-1762966156-1000 - Administrator - Enabled) => C:\Users\Michael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image Home (HKLM-x32\...\{E5343B27-55DF-40BD-9FCF-A643C1331E8A}) (Version: 11.0.8027 - Acronis)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.02 - ASUSTeK Computer Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
Backup and Sync from Google (HKLM-x32\...\{908DB568-E5FA-40C7-A2AA-AB340190858B}) (Version: 3.38.7642.3857 - Google, Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BF4 Settings Editor (HKLM\...\{EF4C9459-47DE-4FCD-B9E0-CEB5BA03FC64}) (Version: 1.1 - Realmware)
Catalyst Control Center Next Localization BR (HKLM\...\{5EE7F772-23C0-8082-1408-56986B36B4F6}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{64325882-A095-FB1E-92D9-07B9932E9C24}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{0E162B62-2E18-F4C5-0415-7509FB84C775}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{7DF3274E-5035-0A93-D093-60119CCF4B9C}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EB4409B3-444C-6A32-E6ED-4CBC890126E4}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{B5BC731A-36E6-2851-1447-F0FA197E4480}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{8C50074C-B5F8-6460-9F2C-8B4C9A18408F}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{4B0934FD-8181-D360-5075-994683777700}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{4955E39C-95F0-6C78-ABFB-F44252F00B11}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{090BAC27-0452-0156-8BC0-D425BD407545}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{9BE9FA0F-87F3-4A5A-438F-4FD8B0168970}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{387AD885-3C41-0483-73C1-C4708826B764}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{8F51B1EE-DE4E-DF03-E86F-DE39BCBA67B4}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{ACDA3600-24B1-D89E-CE35-D12BADE03FB1}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{2EBF9D68-48A1-8FCD-155D-58856E290B9D}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{F67F273D-C4FC-17ED-137B-F666277DE00D}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{D2545327-A3CD-A4E0-2F71-F34F583F3120}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{85F8280D-E0EA-BBDA-2EFF-44948E6C87D5}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{51B08B0D-78AD-7F49-09EC-B9AB403E7A79}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{CB9679E4-D6FD-64AD-5D3F-5D625DA64E11}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{4AE73C11-4130-9B7A-E546-056254290033}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
CPUID CPU-Z 1.67.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Discord (HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Discord) (Version: 0.0.299 - Discord Inc.)
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{89B0ECE0-A41F-4A45-98D9-D54C74338117}) (Version: 7.0.302.26 - ESET, spol s r. o.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FireDaemon Pro (HKLM\...\{C0A47779-CB82-41C2-B4A0-F3D2685BDEF6}) (Version: 3.6.2634 - FireDaemon Technologies Limited) Hidden
FireDaemon Pro (HKLM-x32\...\FireDaemon Pro) (Version: 3.6.2634 - FireDaemon Technologies Limited)
FonePaw iPhone Data Recovery 2.9.0 (HKLM-x32\...\{77B09C3A-839E-4ea7-81BA-E5864F6BF388}_is1) (Version: 2.9.0 - FonePaw)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google Voice (HKLM-x32\...\{5B5D4C57-534A-CC38-E7F0-F5993C40F4C6}) (Version: 0.62 - UNKNOWN) Hidden
Google Voice (HKLM-x32\...\com.rstoeber.GoogleVoice.913F9D81260FD6F3F98FE8A907686CD092F1C90D.1) (Version: v0.62 - UNKNOWN)
GVNotifier (HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\25987dd1603e0f3a) (Version: 1.4.3.201 - Dave Amenta)
HP DeskJet 3630 series Basic Device Software (HKLM\...\{2125FB8B-5542-495A-B0F7-CD6DDBE99C2A}) (Version: 40.11.1107.1739 - HP Inc.)
HP DeskJet 3630 series Help (HKLM-x32\...\{5F074370-FEB0-4477-820F-A59DF28A933E}) (Version: 35.0.0 - Hewlett Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iBackupBot 5.5.3 (HKLM-x32\...\iBackupBot) (Version: 5.5.3 - VOW Software)
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
iExplorer 3.9.2.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
iMazing 2.4.0.0 (HKLM\...\iMazing_is1) (Version: 2.4.0.0 - DigiDNA)
iMyfone D-Back 3.7.0.0 (HKLM-x32\...\{5032269A-E8F7-4748-BA16-C7EFC96DDD97}_is1) (Version: 3.7.0.0 - Shenzhen iMyfone Technology Co., Ltd.)
iMyFone Umate Pro 4.1.1.1 (HKLM-x32\...\{43BCA3C0-F974-4730-AAD3-3E07EFF7D115}_is1) (Version: 4.1.1.1 - Shenzhen iMyFone Technology Co., Ltd.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.21.1124 - Intel Corporation)
Intel(R) Network Connections 16.6.126.0 (HKLM\...\PROSetDX) (Version: 16.6.126.0 - Intel)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
ioquake3 (HKLM-x32\...\ioquake3) (Version: - )
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Jailbreak: Prisoners of War (HKLM-x32\...\Jailbreak: Prisoners of War) (Version: - )
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Marvell Storage Utility V4 (HKLM-x32\...\mvMSU) (Version: 4.1.0.1918 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Milgard Standalone (HKLM-x32\...\{468E8618-2C41-4053-AB60-AC9A06B5AE06}) (Version: 2.9.14.5.1.0 - Edgenet, Inc)
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.7 - 3r1c)
MKVToolNix 7.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.0.0 - Moritz Bunkus)
MobileSyncBrowser (HKLM-x32\...\{BEC39F75-2760-4E23-9827-0B5E9A27B3AC}) (Version: 10.0.2.338 - VSC, LLC)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSVC80_x64 (HKLM\...\{68660049-8D48-427C-9FF7-139D8340CDC0}) (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (HKLM-x32\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.3 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Ontrack EasyRecovery Enterprise (HKLM-x32\...\{AE695CA4-8847-4462-98CC-023874D29E72}_is1) (Version: 11.1.0.0 - Kroll Ontrack Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.3.5.6379 - Electronic Arts, Inc.)
PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PlayClaw 5 (HKLM-x32\...\PlayClaw 5_is1) (Version: 5 - )
PlayClaw 5 fast codec (HKLM-x32\...\PlayClaw 5 fast codec_is1) (Version: 5 - )
Product Improvement Study for HP DeskJet 3630 series (HKLM\...\{416B7D0C-0AEC-4FE6-AE40-4E12857CCA55}) (Version: 40.11.1107.1739 - HP Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qtracker (HKLM-x32\...\Qtracker) (Version: 4.92 - )
Quake Live (HKLM-x32\...\Quake Live) (Version: - id Software)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.4.6 - Shark007)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Tenorshare ReiBoot (HKLM-x32\...\Tenorshare ReiBoot) (Version: - Tenorshare, Inc.)
TinyUmbrella 8.2.0.60 (HKLM\...\4851-8548-9863-1993) (Version: 8.2.0.60 - )
version 1.0.6.4 (HKLM-x32\...\{A877D2BD-19D7-443E-95FD-DA0A8ECB88FA}_is1) (Version: - Dynojet Research Inc.)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Resource Kit Tools (HKLM-x32\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinWay Resume Deluxe (HKLM-x32\...\{970704F5-579F-4430-A6A8-B562561B4D3D}) (Version: 14.00.011 - WinWay Corporation)
WinZip Corporate (HKLM-x32\...\{866FEF35-C429-4131-86FE-8B11F067485F}) (Version: 1.1.0 - WinZip)
Wondershare PDF Password Remover (Build 1.5.2) (HKLM-x32\...\{1719FAD6-2F6A-4F5E-BF2B-1F6F6F1E3806_PasswordRemover}_is1) (Version: - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-09] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-09] (AVAST Software)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2013-09-12] (ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2013-09-12] (ESET)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-09] (AVAST Software)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-09] (AVAST Software)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2013-09-12] (ESET)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

 

[Broni]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BEB07DC-372B-4E90-8164-60038E7F268E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0e2e7a42c55c7 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {18B6CBC1-D23E-4A99-8A08-078762D54C81} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {1B4F46EE-A2E8-4378-BDE2-B09B01B25952} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d12f088bfeea8 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {22568154-36DE-45E0-B0A6-5B95FD826B3B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d1e92a8f4baef8 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3F416EE2-169D-48FB-89C5-200273816F32} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab2f88c90026 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4BBC0D62-73D6-4653-BFF1-FA6B71C836D8} - System32\Tasks\GoogleUpdateTaskMachineUA1d04288f94bd0cc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4E57ACCC-D373-4D17-AA76-1B70A315D4E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d041bfcfa0bbc1 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {52298B4A-CC68-418D-9E92-4CF843FDE114} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f27dac2a7b56 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {55C4322B-AE79-42DC-B5F6-A246020E1E0F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d12f088e04861 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5F3FB36D-A6B1-4FC1-B090-7509BA19998A} - System32\Tasks\GoogleUpdateTaskMachineUA1d090e29779bdd3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {60B843E8-C0CA-4B4D-8855-8EE7B139E9B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6448BF61-E2B2-4855-9C7E-CD62BD08A478} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d15e2d6b7d0fa7 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6D7EEB2C-5A24-4E62-BA37-72941B94625A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab2f88acec3d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {78FEB339-1289-40D8-B8F7-42EB8669D827} - System32\Tasks\HPCustPartic.exe_{0D37923E-2A3F-4711-BFCF-0A587F131585} => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [2017-02-08] (HP Inc.)
Task: {8301453B-749A-4BDA-94BB-ED2959DCD34F} - System32\Tasks\{738025E2-E11F-4453-8BDA-1B3329458542} => C:\Windows\system32\pcalua.exe -a "C:\Users\Michael\Downloads\vpsamz.WinWay.Resume.Deluxe.14.v14.00.014\WinWay Resume Deluxe 14 v14.00.014\Setup\Setup.exe" -d "C:\Users\Michael\Downloads\vpsamz.WinWay.Resume.Deluxe.14.v14.00.014\WinWay Resume Deluxe 14 v14.00.014\Setup"
Task: {839D1E41-6987-4A66-A844-33AD46E3D2F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0013645e476e1 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {88E5C7D3-98E9-43CD-97FF-AFC266894067} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f27dac44aa79 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8D2A9DA2-7674-4E91-90DC-EFCA2C75247B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d1ab2f92866de8 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8E381E02-1ADC-416C-A828-37B48230CE28} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {922C8C1C-EF86-4A19-B1B4-A70D325DF467} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-19] (Microsoft Corporation)
Task: {956DBEA4-66C9-4B59-8A73-AE625B78666E} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {98A2178B-56EB-4472-9DA3-EA21ADF45A25} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d1ab2f929d037d => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9FBE8E0F-794D-42C8-A1C2-5BC19553D9EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0bf71f7496361 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A214B2EB-6676-4629-B54B-FE04D566F520} - System32\Tasks\GoogleUpdateTaskMachineUA1d0007d85a5a2d4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A4964A03-B21D-436D-B219-588B4201E2EC} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8b66313c3313 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A7623C11-10AA-4586-8C08-D175288D3C73} - System32\Tasks\{A613817D-2B0A-4EC4-B687-46941F8D40A1} => C:\Windows\system32\pcalua.exe -a "C:\Users\Michael\Desktop\Linksys wrt45g\Compressed\BlueSoleil_1.4.9.3\BlueSoleil_1.4.9.3\Setup.exe" -d "C:\Users\Michael\Desktop\Linksys wrt45g\Compressed\BlueSoleil_1.4.9.3\BlueSoleil_1.4.9.3"
Task: {AAE6E747-2959-42A1-9CD7-F0E303E07781} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d1e92a8f62925a => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AD19C874-78F7-481D-9908-19F811BB8334} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e92a49f0f6c4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AF239A90-F7AA-40A0-89A7-BF06D6CCEA0D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d090e2e09fe8e6 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B1474BA7-BCE2-4BE2-9D02-5F887FBFBB80} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d090e2e07c3442 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B481DD01-E2DD-4723-A872-14135CC37F9C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1cf90de3cdb7cf5 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {BD9F13BA-2642-452D-B83A-1000C3ECDCBF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0f27d7da30d66 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {BFD03EDE-B94D-4376-A007-FC94008304E6} - System32\Tasks\GoogleUpdateTaskMachineCore1d04288f933b492 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C0BE83D1-2C0A-4611-9C90-B0B70F6C6370} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d0f27d7dc6c20a => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C66E11B9-BE2B-4F49-8558-4B8C29D09730} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2016-12-04] (Advanced Micro Devices, Inc.)
Task: {CC62F6E8-80F8-4F31-B7CF-149D7838E5FA} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf71c1e2b706 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CC946CDF-3699-4DCE-B34B-126589BB7125} - System32\Tasks\GoogleUpdateTaskMachineUA1d15d6c3e71d6cf => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D1072683-3B11-4B15-8410-34DD127363B9} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e92a4a098830 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DA2D10D3-6BCB-4250-B312-69797B09A67A} - System32\Tasks\GoogleUpdateTaskMachineCore1d15d6c3e55e9f6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DF15093E-4BD0-4139-8770-850C7FF23664} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {E0F8EF3E-A6A1-43D5-975A-5465F271E72D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d15e2d6b9cf42f => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E197C7D4-8F25-42FD-AE64-E22C39559513} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {E9B2B22C-A19D-40FC-BBE2-F1145705A1A4} - System32\Tasks\GoogleUpdateTaskMachineUA1d12e3e22c3f968 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EBD59F8A-0424-40D4-94F5-A74DA75D5FF0} - System32\Tasks\HPCustParticipation HP DeskJet 3630 series => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [2017-02-08] (HP Inc.)
Task: {F00584EF-AAC0-47DE-A350-830EF751F3A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d0013645fcba2c => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F1857F77-38C5-43ED-92CA-9A29ACC0DDF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {F2CEF694-4AB1-43AC-B7EB-B871E37A5D2B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {F68B406C-D200-46B6-82CC-CBA123DA03AB} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
Task: {FA5ABD75-2D7A-4221-A9D2-CA9E2BF44DE5} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e28c2b7967a7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {FAAAF605-B0FA-4AB1-839E-3B2937D568C7} - System32\Tasks\GoogleUpdateTaskMachineCore1d12e3e22a9ca45 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04288f933b492.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf71c1e2b706.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f27dac2a7b56.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e3e22a9ca45.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d6c3e55e9f6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab2f88acec3d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b66313c3313.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0007d85a5a2d4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04288f94bd0cc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090e29779bdd3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e28c2b7967a7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f27dac44aa79.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e3e22c3f968.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15d6c3e71d6cf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab2f88c90026.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0013645e476e1.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d041bfcfa0bbc1.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d090e2e07c3442.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0bf71f7496361.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0e2e7a42c55c7.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0f27d7da30d66.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d12f088bfeea8.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d15e2d6b7d0fa7.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d1ab2f92866de8.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1cf90de3cdb7cf5.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d0013645fcba2c.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d090e2e09fe8e6.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d0f27d7dc6c20a.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d12f088e04861.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d15e2d6b9cf42f.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d1ab2f929d037d.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\iToolsDaemon.job => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Michael\Desktop\Tor Browser\Stаrt Тоr Вrоwsеr.lnk -> C:\Users\Michael\Desktop\Tor Browser\Browser\firefox.bat (No File)
Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stаrt Тоr Вrоwsеr.lnk -> C:\Users\Michael\Desktop\Tor Browser\Browser\firefox.bat (No File)
Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quаkе Livе.lnk -> C:\Program Files (x86)\Quake Live\Launcher.bat (No File)
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Public\Desktop\Quаkе Livе.lnk -> C:\Program Files (x86)\Quake Live\Launcher.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2014-05-12 01:49 - 2014-05-12 01:49 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-12-30 17:27 - 2013-12-30 17:27 - 000920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2015-03-06 16:07 - 2015-03-06 16:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-07-01 16:28 - 2015-07-01 16:28 - 001095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 16:07 - 2015-03-06 16:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-07-01 16:28 - 2015-07-01 16:28 - 000240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-11-20 15:27 - 2017-11-20 15:27 - 041061856 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
2011-04-06 18:55 - 2011-04-06 18:55 - 001202216 _____ () C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
2014-06-01 13:42 - 2014-05-19 12:42 - 000736768 _____ () C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe
2017-12-14 15:05 - 2016-05-30 02:49 - 000081512 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe
2016-09-14 22:30 - 2016-09-14 22:30 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2014-07-02 19:30 - 2014-07-10 19:11 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2018-01-08 15:53 - 2018-01-03 01:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-08 15:53 - 2018-01-03 01:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 005853008 _____ () C:\Program Files\AVAST Software\Avast\defs\18010899\algo.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2013-12-30 17:27 - 2018-01-09 14:21 - 000029184 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-12-30 17:27 - 2013-12-30 17:29 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2017-12-08 08:33 - 2017-12-08 08:33 - 000102088 _____ () C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2016-03-21 05:49 - 2016-12-04 08:56 - 000240008 _____ () C:\Windows\SysWOW64\GameManager32.dll
2016-02-27 15:41 - 2017-11-28 21:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-02-27 15:41 - 2016-08-31 17:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-02-27 15:41 - 2016-08-31 17:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-02-27 15:41 - 2016-08-31 17:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-02-27 15:41 - 2017-12-15 11:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-14 14:36 - 2017-11-03 17:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-14 14:36 - 2017-11-03 17:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-14 14:36 - 2017-11-03 17:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-14 14:36 - 2017-11-03 17:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-14 14:36 - 2017-11-03 17:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2016-02-27 15:41 - 2017-12-15 11:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 15:13 - 2016-07-04 14:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2007-09-14 01:45 - 2007-09-14 01:45 - 001328408 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2014-06-01 13:42 - 2014-05-12 12:31 - 000380416 _____ () C:\Program Files (x86)\Appandora\DuiLib.dll
2014-06-01 13:42 - 2013-09-22 11:03 - 000059904 _____ () C:\Program Files (x86)\Appandora\zlib.dll
2014-06-01 13:42 - 2013-09-22 11:03 - 000526848 _____ () C:\Program Files (x86)\Appandora\sqlite3.dll
2014-06-01 13:42 - 2013-12-19 13:03 - 000671744 _____ () C:\Program Files (x86)\Appandora\hashab.dll
2017-10-11 09:47 - 2013-07-24 08:24 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-12-14 15:06 - 2016-04-06 07:19 - 000887808 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\Framework.dll
2017-12-14 15:05 - 2011-03-24 10:25 - 009843200 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtWebKit4.dll
2017-12-14 15:05 - 2011-03-24 09:06 - 000232960 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\phonon4.dll
2017-12-14 15:05 - 2011-03-24 08:56 - 007981056 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtGui4.dll
2017-12-14 15:05 - 2011-03-24 08:42 - 002145792 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtCore4.dll
2017-12-14 15:05 - 2011-03-24 09:06 - 002530816 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtXmlPatterns4.dll
2017-12-14 15:05 - 2011-03-24 08:43 - 000934912 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtNetwork4.dll
2017-12-14 15:05 - 2011-03-24 08:42 - 000334848 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtXml4.dll
2017-12-14 15:05 - 2015-11-24 06:18 - 000013824 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\Utility.dll
2017-12-14 15:05 - 2016-01-22 10:12 - 002827776 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\IosDevice.dll
2017-12-14 15:05 - 2015-11-24 06:18 - 000987136 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\libxml2.dll
2017-12-14 15:05 - 2015-11-24 06:18 - 000077824 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\zlib1.dll
2017-12-14 15:05 - 2015-11-24 06:18 - 000562072 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\SQLite3.dll
2017-12-14 15:05 - 2011-03-24 10:37 - 000025600 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qgif4.dll
2017-12-14 15:05 - 2011-03-24 10:37 - 000027648 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qico4.dll
2017-12-14 15:05 - 2011-03-24 10:37 - 000119808 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qjpeg4.dll
2017-12-14 15:05 - 2011-03-24 10:37 - 000220672 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qmng4.dll
2017-12-14 15:05 - 2011-03-24 10:37 - 000278528 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qtiff4.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2013-12-30 17:27 - 2011-07-12 19:14 - 000147456 ____N () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2013-12-30 17:27 - 2010-10-05 08:22 - 000253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2013-12-30 17:27 - 2012-10-08 17:07 - 000972288 ____N () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2013-12-30 17:31 - 2013-05-08 16:22 - 001040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2013-12-30 17:27 - 2012-05-25 10:33 - 000883712 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2013-12-30 17:27 - 2012-05-28 21:27 - 001622528 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2013-12-30 17:27 - 2011-09-19 20:18 - 001243136 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2013-12-30 17:27 - 2011-07-21 09:06 - 000846848 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2013-12-30 17:27 - 2012-08-29 18:09 - 000875520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2013-12-30 17:27 - 2011-06-08 11:15 - 000651264 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Thermal Radar\ThermalRadar.dll
2013-12-30 17:27 - 2013-12-30 17:26 - 000662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2013-12-30 17:27 - 2010-10-05 08:22 - 000208896 ____N () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2017-06-08 06:21 - 2017-09-06 18:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-12 21:25 - 2017-10-30 20:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-02-27 15:41 - 2015-09-24 15:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2008-01-17 09:17 - 2008-01-17 09:17 - 000073782 _____ () C:\Program Files (x86)\Marvell\storage\Apache2\bin\zlib1.dll
2018-01-09 14:21 - 2018-01-09 14:21 - 000088064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\_ctypes.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000919552 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\_hashlib.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000098816 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\win32api.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000110080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\pywintypes27.dll
2018-01-09 14:21 - 2018-01-09 14:21 - 000364544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\pythoncom27.dll
2018-01-09 14:21 - 2018-01-09 14:21 - 000686080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\unicodedata.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000320512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\win32com.shell.shell.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 001177088 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\wx._core_.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000806912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\wx._gdi_.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000816640 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\wx._windows_.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 001067520 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\wx._controls_.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000733696 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\wx._misc_.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000736256 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\pysqlite2._sqlite.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000119808 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\win32file.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000108544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\win32security.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000007168 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\hashobjs_ext.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000017920 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\thumbnails_ext.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000082432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\usb_ext.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000013824 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\common.time34.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000018432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\win32event.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000027648 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\windows.conditional.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\windows.winwrap.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000089088 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\windows.volumes.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000167936 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\win32gui.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000046080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\_socket.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 001311744 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\_ssl.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000129536 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\_elementtree.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000127488 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\pyexpat.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000038912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\win32inet.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000077824 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\wx._html2.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000036864 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\_psutil_windows.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000524248 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\windows._lib_cacheinvalidation.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000011264 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\win32crypt.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000218624 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\PIL._imaging.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000027648 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\_multiprocessing.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000020480 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\_yappi.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000035840 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\win32process.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000024064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\win32pipe.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000010240 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\select.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000025600 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\win32pdh.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000059392 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\windows.device_monitor.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\win32profile.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000022528 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI30442\win32ts.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000088064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\_ctypes.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000919552 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\_hashlib.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000098816 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\win32api.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000110080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\pywintypes27.dll
2018-01-09 14:21 - 2018-01-09 14:21 - 000364544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\pythoncom27.dll
2018-01-09 14:21 - 2018-01-09 14:21 - 000686080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\unicodedata.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000320512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\win32com.shell.shell.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 001177088 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\wx._core_.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000806912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\wx._gdi_.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000816640 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\wx._windows_.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 001067520 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\wx._controls_.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000733696 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\wx._misc_.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000736256 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\pysqlite2._sqlite.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000119808 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\win32file.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000108544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\win32security.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000007168 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\hashobjs_ext.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000017920 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\thumbnails_ext.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000082432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\usb_ext.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000013824 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\common.time34.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000018432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\win32event.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000027648 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\windows.conditional.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\windows.winwrap.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000089088 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\windows.volumes.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000167936 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\win32gui.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000046080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\_socket.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 001311744 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\_ssl.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000129536 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\_elementtree.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000127488 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\pyexpat.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000038912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\win32inet.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000077824 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\wx._html2.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000036864 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\_psutil_windows.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000524248 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\windows._lib_cacheinvalidation.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000011264 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\win32crypt.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000218624 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\PIL._imaging.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000027648 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\_multiprocessing.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000020480 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\_yappi.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000035840 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\win32process.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000024064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\win32pipe.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000010240 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\select.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000025600 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\win32pdh.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000059392 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\windows.device_monitor.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\win32profile.pyd
2018-01-09 14:21 - 2018-01-09 14:21 - 000022528 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI42442\win32ts.pyd
2013-12-30 17:27 - 2009-08-12 20:15 - 000253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll

 

[Broni]

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [149]
AlternateDataStreams: C:\ProgramData\TEMP:B6418BC9 [412]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2017-11-08 12:23 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-867915027-2464976829-1762966156-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.76.152.1 - 208.76.152.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{B6A4C95F-E86A-4530-8459-4E9DFA8F0AD2}C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe] => (Allow) C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe
FirewallRules: [UDP Query User{1790ADF7-D31E-421A-8F16-E74A81FC75ED}C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe] => (Allow) C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe
FirewallRules: [{B685B85D-9BD4-43B0-B91D-B1A032D4F19A}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{0B68C425-D469-4E40-8EC4-AA3C458F457C}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [TCP Query User{0A338CBB-27AF-4ADD-B971-21F876AA1EB4}C:\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [UDP Query User{7795FBE5-27CD-4060-BA44-AC8DB7F94D7A}C:\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [TCP Query User{AC184875-930D-474D-85FE-BD721A13DD66}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe
FirewallRules: [UDP Query User{28ECC9DC-E6EC-4E2F-B303-FF1802F80B8C}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe
FirewallRules: [TCP Query User{F02A9AC0-2F63-4F2D-9D14-01200D4041D3}C:\program files (x86)\quake iii arena\quake3.exe] => (Allow) C:\program files (x86)\quake iii arena\quake3.exe
FirewallRules: [UDP Query User{3DE33DBD-6C28-4484-9B70-998816B8BABF}C:\program files (x86)\quake iii arena\quake3.exe] => (Allow) C:\program files (x86)\quake iii arena\quake3.exe
FirewallRules: [TCP Query User{924F6128-3381-4B19-8A90-35CAA57C6776}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe
FirewallRules: [UDP Query User{E83C3C20-84E4-4167-B700-36A17F573C24}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe
FirewallRules: [TCP Query User{D44E1DB6-81EA-465A-881B-DB78CF1389F8}C:\program files (x86)\quake iii arena\quake3.exe] => (Allow) C:\program files (x86)\quake iii arena\quake3.exe
FirewallRules: [UDP Query User{C843F957-34A4-457F-A986-0C0DC8308A9E}C:\program files (x86)\quake iii arena\quake3.exe] => (Allow) C:\program files (x86)\quake iii arena\quake3.exe
FirewallRules: [TCP Query User{A0BF2B87-CDA8-4F8F-A31B-E4039B8110DA}E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe
FirewallRules: [UDP Query User{9B1572BB-1024-4AE0-8870-82ECF5A7AF67}E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe
FirewallRules: [TCP Query User{68F1569C-6935-4DF3-8CC6-F667739314B7}E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe
FirewallRules: [UDP Query User{2CDE4F9B-FB94-41A1-A6A3-0F5FD0FB5F42}E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe
FirewallRules: [TCP Query User{4B414FCA-1120-49D6-B745-D92562F14DD7}C:\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [UDP Query User{4926E91A-D690-4F5C-8F9F-9A97AD3864DB}C:\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [TCP Query User{65B9EC6D-E70C-4F37-9A30-3CE0FF4B9060}C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe
FirewallRules: [UDP Query User{B53DBFAB-B19E-4DD2-B889-C24B65B2AEC8}C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe
FirewallRules: [TCP Query User{98AD544A-4019-4DCF-986B-E5BBE9787A05}C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe
FirewallRules: [UDP Query User{E2C7DB3E-D809-4272-824D-FD3CD2FBD428}C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe
FirewallRules: [TCP Query User{2B91A404-A9AC-43E7-94B0-9C61B6533484}C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe
FirewallRules: [UDP Query User{0A2BA017-5119-40B7-B71F-E858C6A5E376}C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe
FirewallRules: [TCP Query User{D967AB7A-985B-4EC0-953D-19D7356A7B40}C:\users\michael\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\michael\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [UDP Query User{451EDDD4-8919-4CF8-8B6C-4A123A46A925}C:\users\michael\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\michael\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [TCP Query User{AE4D5BE9-B1FE-49B3-AC81-790CABC82FEF}C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe
FirewallRules: [UDP Query User{6AF33C71-5D84-48B1-88AF-7913CC355FB7}C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe
FirewallRules: [TCP Query User{DCE72FC5-D207-4ADB-AAEB-6B51ABEA4AE5}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe] => (Allow) C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe
FirewallRules: [UDP Query User{53096CB1-BABB-4981-974B-75D7924AF8ED}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe] => (Allow) C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe
FirewallRules: [TCP Query User{1753F6F8-571F-48CB-9835-D118073A70BD}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe] => (Allow) C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe
FirewallRules: [UDP Query User{AFF1B732-D59D-4B51-BAD2-E57430B8AAB7}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe] => (Allow) C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe
FirewallRules: [TCP Query User{1BB91BDD-CDD5-4A9E-8CC7-F72E833152CD}C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe] => (Allow) C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe
FirewallRules: [UDP Query User{39F89396-8ED7-4428-90A1-A857A77FF358}C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe] => (Allow) C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe
FirewallRules: [TCP Query User{AEB79769-B6C5-4081-A43E-B6A9F9AEAB6E}C:\program files (x86)\quake3\quake3.exe] => (Allow) C:\program files (x86)\quake3\quake3.exe
FirewallRules: [UDP Query User{CA11DBD0-86E9-4C08-A37D-1CF3D034C11E}C:\program files (x86)\quake3\quake3.exe] => (Allow) C:\program files (x86)\quake3\quake3.exe
FirewallRules: [TCP Query User{F539445D-8DB6-4FF9-8B24-1579C5C28E6E}C:\quake3\quake3.exe] => (Allow) C:\quake3\quake3.exe
FirewallRules: [UDP Query User{B723BAD3-6FD1-4BD2-AA83-A257A83C65D2}C:\quake3\quake3.exe] => (Allow) C:\quake3\quake3.exe
FirewallRules: [{04A73492-8B97-4A39-A8B3-FEFF590268EE}] => (Allow) C:\Users\Michael\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D39928D6-E6E2-4453-9E59-BC46E8F8EBD5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C11B1E74-F777-4A5C-80AE-F2D2129C6F49}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2A515CE4-7636-43F5-AC12-D3F534792BE6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A96A44BA-4054-4F8F-8DC7-E2C0DA236F23}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E1137CCA-C364-468D-B09F-0996F940D820}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{F48ACDA6-B89A-457D-A005-6626B9AEF224}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{8A58361A-2050-4C01-8871-3AC77F7DD471}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{18C78A7A-26D0-412B-B378-4534E12F5B2B}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [TCP Query User{F103634B-8748-428D-A5BF-F573264942B1}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{DF7055C8-C110-46ED-9769-94AD80028E1E}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{BDBCC489-5444-4D31-8F51-358A8216A1FB}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{71091386-A603-4C9D-A9BB-9A830A5AADFC}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{32226528-8C9A-4342-8F69-6C5BE7B4B65A}] => (Allow) C:\Users\Michael\AppData\Local\Temp\uttF7D2.tmp.exe
FirewallRules: [{64B0AD2D-A9B3-4A25-B9D2-582CDB152E7E}] => (Allow) C:\Users\Michael\AppData\Local\Temp\uttF7D2.tmp.exe
FirewallRules: [TCP Query User{423A9A98-ACED-49A8-ADFE-A17F1F422B47}C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe] => (Allow) C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe
FirewallRules: [UDP Query User{84FF9419-2CDB-41DE-9107-5E99FAD38C39}C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe] => (Allow) C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe
FirewallRules: [TCP Query User{FE2E0167-A7EE-4179-92B1-BAE27C7A03A2}C:\users\michael\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\michael\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [UDP Query User{B0E6D7AF-3420-4733-949A-14EC1365DF3A}C:\users\michael\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\michael\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [TCP Query User{F8887741-89C2-4DB8-8480-4E8A9047C02B}C:\users\michael\downloads\programs\tinyumbrella-7.11.00.exe] => (Allow) C:\users\michael\downloads\programs\tinyumbrella-7.11.00.exe
FirewallRules: [UDP Query User{54B96CE3-FE84-4ACA-8A83-6CB504DA8338}C:\users\michael\downloads\programs\tinyumbrella-7.11.00.exe] => (Allow) C:\users\michael\downloads\programs\tinyumbrella-7.11.00.exe
FirewallRules: [TCP Query User{80AE1205-5A76-4892-A65D-91718A29938C}E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe
FirewallRules: [UDP Query User{75C5277E-6022-4915-A8E4-FAE8372F6A99}E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe
FirewallRules: [TCP Query User{68BF2775-9CBD-4A49-8159-EB73590D5983}E:\michaels drive\iphone stuff\tinyumbrella-5.10.03.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-5.10.03.exe
FirewallRules: [UDP Query User{B83656F9-D8AC-41B1-B7D6-823751989E03}E:\michaels drive\iphone stuff\tinyumbrella-5.10.03.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-5.10.03.exe
FirewallRules: [TCP Query User{BBA7ACB8-BC0D-429D-B6A3-FFF98EF25C72}E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe
FirewallRules: [UDP Query User{7BD715BE-4638-4821-B4B9-963F44014196}E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe
FirewallRules: [{9E013379-7F3E-4813-8FA1-0B3D78F0B9C9}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{C77B24FA-A51E-46C4-BA8E-EC32768C4339}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{D5AF4EA3-0FB5-4F9A-973B-418EE8F21394}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E1AC5DA1-BDC0-421A-A942-D611BBBDE9FA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{757DBBAF-E665-4C60-BC3A-AD0854FB752B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C1A1D706-896D-4279-93A8-EDFB2C7EFCAC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6541A072-521E-461D-A658-86F9122CFE2F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{827DD498-92D7-402E-BBDB-1EDA1A856BCD}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{C254BFA4-DDFC-4BAE-82B1-5B58DF9920E8}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E3D0019B-FF08-4E97-AF28-5669EB8DDFED}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E840F857-91AC-4A13-8B76-1B7D9FF5FDB2}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{204A02DF-1DC0-4C14-A03E-75F18642C5F1}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{097477AB-7D01-40FD-A054-72BAAD63C27E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{A0200994-DEFF-41A3-A34B-783EC6022F80}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{AF419DC7-8161-46E8-BE58-5FB01549888B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{B545CF1E-6517-4C43-9135-DFB225A1BAE2}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{375B27CF-4FA2-4850-8630-5BDDE835417E}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{BAACDBD8-4D08-4ECE-9E12-925713BDDAC7}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{D511F487-60B3-4480-85EA-CF67062CC6BA}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{CF5EFD92-CF6A-4586-AB44-397E287C6189}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{22F805ED-CB7D-4150-882C-53E70EFCD46C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{0BACFC13-70DD-4174-85F9-B3C99D65CC42}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{4034A3CA-EEB5-4F4D-BDA9-E3BC95B6070C}G:\quake3\quake3.exe] => (Block) G:\quake3\quake3.exe
FirewallRules: [UDP Query User{2B150704-74A3-4BEF-9B51-3E60E4B31615}G:\quake3\quake3.exe] => (Block) G:\quake3\quake3.exe
FirewallRules: [{C62794B3-F2CF-4832-B4FC-910D274BD304}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{E8FF6F7D-1EA1-4AB9-ACB5-0B6D5C71C4AA}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{E1931FFB-B89A-4467-9DC9-DDA0C9955D88}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{7695D04D-6660-4A3D-A76D-2DB0D921D5D7}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [TCP Query User{A2A751F3-0C25-4F79-81AC-E4675B303433}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{DF318E58-9672-4B4F-AB60-D65EB07C943F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{8E87BFB8-C288-4010-9D7C-F11EF0EE5C9A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{8A4608F3-DE56-4395-B0DF-C4E9BE3507C8}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{8B0E4B6A-9521-4AE3-95F8-2442CFE9CCEE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{C35959D2-306B-485D-8579-3B51100DD2E9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{E044A225-6D41-47FB-80D8-70B301821671}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{15AE8794-43AD-488D-8B1C-588FAB0F8F6F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{FD7D5627-DE24-496C-8F66-D825657E6C22}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{71D4442B-75AB-44F4-BA55-6C46AF54D9D0}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{09A425E3-F461-4E7C-80A9-53075004315C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{3941A6BC-F467-4585-BCD3-B5F189B29E66}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1390511B-B8EC-4541-A4FF-60823C8B0C8A}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{37633F17-0C73-4DBF-BD90-19BC821335BD}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{4AEE10DC-4C42-4691-88B2-8DBDD39AC359}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D71C492-E814-44E7-98CB-113FFBBA5B5D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F472EC2C-459E-44F3-BFBE-73D7E6AF79F2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{84448ACF-E6CA-4CA8-9805-3C921FD4E78D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{B86351E0-7D0E-48B3-886D-6458A57D2428}C:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe] => (Allow) C:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe
FirewallRules: [UDP Query User{38F4E0C2-DFD5-4CB9-8CCD-7599D0BC4C80}C:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe] => (Allow) C:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe
FirewallRules: [TCP Query User{3C26636D-3288-4613-8C71-EE2737B824D4}C:\program files (x86)\ioquake3\ioquake3.x86.exe] => (Allow) C:\program files (x86)\ioquake3\ioquake3.x86.exe
FirewallRules: [UDP Query User{C11684A7-CA51-4BBF-B3C6-E26584892CC0}C:\program files (x86)\ioquake3\ioquake3.x86.exe] => (Allow) C:\program files (x86)\ioquake3\ioquake3.x86.exe
FirewallRules: [TCP Query User{36608FBD-511D-496A-B13F-8D90B248179E}C:\program files (x86)\ioquake3\ioq3ded.x86.exe] => (Allow) C:\program files (x86)\ioquake3\ioq3ded.x86.exe
FirewallRules: [UDP Query User{C58A95B4-D402-4CD6-BDC4-1F940741535B}C:\program files (x86)\ioquake3\ioq3ded.x86.exe] => (Allow) C:\program files (x86)\ioquake3\ioq3ded.x86.exe
FirewallRules: [{C4389490-C7DD-4751-8020-83BACA776052}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{408E1D11-C27F-42C3-8E98-F921413B2F10}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{04E18282-7C64-439C-A101-F8F052E8D200}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CFFD7EBB-305E-4B4F-AAC0-906483983497}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9211C93C-A575-4E62-B68E-05FD673BEF83}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A7C4D263-7246-4EA4-A383-1A948A9ABF21}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8D277ED3-508C-4586-B720-2B251F6D8626}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Capture Pro\Apowersoft Screen Capture Pro.exe
FirewallRules: [{659BE573-91ED-4C34-8E67-1FA8C00791F5}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Capture Pro\Apowersoft Screen Capture Pro.exe
FirewallRules: [{7DA1BD69-5466-4377-B44A-F1542BB6C6D1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{2615A072-F2A9-4011-8C2C-3ECB4F271A00}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{BAE842D6-E296-497F-934F-3B6418C08471}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{C9B09217-37F0-4013-833A-199386FFA75B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{284D3570-831B-4C98-BA83-F3EE4D40BE8F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{77A4918B-10EF-4740-8EE0-DAEFF3FDBA17}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E205927C-E074-4DEE-9626-9995B5D5213E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FE48DA1E-FD7E-4AB8-B99E-828746C75827}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [{9C504FB7-A2F7-4A14-B6A7-DBBCC2A94479}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [{17409893-F906-421A-BB88-0CE39BB07EB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{B6F9F154-7505-4690-BFBD-814DEB578880}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{EEA88CD4-F75B-445F-92F5-A5BAA25224A4}] => (Allow) LPort=33300
FirewallRules: [TCP Query User{ACB7E5CE-32F7-4A06-9F63-A92A00F41C20}C:\program files (x86)\printer pro desktop\printerprodesktop.exe] => (Allow) C:\program files (x86)\printer pro desktop\printerprodesktop.exe
FirewallRules: [{AE37AA83-8065-428E-BA2E-A3661E340B07}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe
FirewallRules: [{16218004-9C28-4260-A955-CF5DF32B4A10}] => (Allow) LPort=5357
FirewallRules: [{4F0D8B2C-9A30-49A5-8AA3-0F15B3733F84}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{C44987DC-119F-4939-8855-D422704B4295}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS0409\HPDiagnosticCoreUI.exe
FirewallRules: [{8EE4968A-FEBE-49C8-A775-0196ED64EF83}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS0409\HPDiagnosticCoreUI.exe
FirewallRules: [{90699AF5-B19B-44B9-873D-53346162F6CE}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS13F8\HPDiagnosticCoreUI.exe
FirewallRules: [{3F5D1E16-264D-4BB7-AA45-343F28A034AC}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS13F8\HPDiagnosticCoreUI.exe
FirewallRules: [{73364859-11D6-43E8-BCA6-B75774369268}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS4F58\HPDiagnosticCoreUI.exe
FirewallRules: [{DE598F48-CE09-4E12-BFE4-6E73CEB8D8DF}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS4F58\HPDiagnosticCoreUI.exe
FirewallRules: [{453E558A-9E22-4AB8-96ED-4410D1DF6EE9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1863D1F3-BEC6-4819-A441-B0CD7F9BBBF8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{40257185-5827-43CA-BE21-828057FD8939}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{61BF6E2A-1B8C-42AB-B2E6-2BE377CD1129}] => (Allow) C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe
FirewallRules: [{8D9924B1-E600-4061-97AC-81530512ED71}] => (Allow) C:\Program Files (x86)\ThinkSky\iTools 4\TSUpd4.exe
FirewallRules: [{2089B874-FEC5-4648-97EB-984398F983FE}] => (Allow) C:\Program Files (x86)\ThinkSky\iTools 4\TSDiag.exe
FirewallRules: [{4B51A2C2-C717-460D-B90C-4F9D6B339858}] => (Allow) C:\Program Files (x86)\ThinkSky\iTools 4\thunder\download\MiniThunderPlatform.exe
FirewallRules: [{2988FD3F-8E68-4AA7-A394-D8D3E2DE9825}] => (Allow) C:\Program Files (x86)\Mec\trays.exe
FirewallRules: [{D790CE8A-C5D7-49A6-81C6-0BE683DA6F05}] => (Allow) C:\Program Files (x86)\Anarchists\trays.exe
FirewallRules: [{7D3F54A0-D368-4AA1-B94A-61CD92ED85CF}] => (Allow) C:\Program Files (x86)\predesignated\worse.exe
FirewallRules: [{D5157F8D-D4D0-4E1F-8068-6DF0C7DC7144}] => (Allow) C:\Program Files (x86)\Anarchists\worse.exe

==================== Restore Points =========================

05-07-2015 14:42:51 Removed Monopoly
09-01-2018 16:01:43 Removed Multiplayer Monopoly Online Game

==================== Faulty Device Manager Devices =============

Name: ArcCtrl
Description: ArcCtrl
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ArcCtrl
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: netfilter64
Description: netfilter64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: netfilter64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2018 03:11:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7600.16385, time stamp: 0x4a5bcdd0
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0003bcc8
Faulting process id: 0x2058
Faulting application start time: 0x01d3899f1cc09940
Faulting application path: C:\Windows\sysWow64\SearchProtocolHost.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 5c67d2b4-f592-11e7-a164-00acce2b8d08

Error: (01/09/2018 02:22:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/09/2018 02:22:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/09/2018 02:21:21 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.0.2 for ServerName .

Error: (01/09/2018 02:08:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7600.16385, time stamp: 0x4a5bcdd0
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0003bcc8
Faulting process id: 0x1554
Faulting application start time: 0x01d389966521d8f1
Faulting application path: C:\Windows\sysWow64\SearchProtocolHost.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: a30060b7-f589-11e7-b742-00acce2b8d08

Error: (01/09/2018 02:06:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7600.16385, time stamp: 0x4a5bcdd0
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0003bce6
Faulting process id: 0x1e18
Faulting application start time: 0x01d389961bde3147
Faulting application path: C:\Windows\sysWow64\SearchProtocolHost.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 59ae70cb-f589-11e7-b742-00acce2b8d08

Error: (01/09/2018 02:05:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7600.16385, time stamp: 0x4a5bcdd0
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0003bcaa
Faulting process id: 0x1f40
Faulting application start time: 0x01d3899601e4dae8
Faulting application path: C:\Windows\sysWow64\SearchProtocolHost.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 3fa9338b-f589-11e7-b742-00acce2b8d08

Error: (01/09/2018 02:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7600.16385, time stamp: 0x4a5bcdd0
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0003bcaa
Faulting process id: 0x2154
Faulting application start time: 0x01d38995e517fc53
Faulting application path: C:\Windows\sysWow64\SearchProtocolHost.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 22dc54f6-f589-11e7-b742-00acce2b8d08

Error: (01/09/2018 02:05:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7600.16385, time stamp: 0x4a5bcdd0
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0003bcc8
Faulting process id: 0x1760
Faulting application start time: 0x01d38995e4d7b72b
Faulting application path: C:\Windows\sysWow64\SearchProtocolHost.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 229c0fce-f589-11e7-b742-00acce2b8d08

Error: (01/09/2018 02:04:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7600.16385, time stamp: 0x4a5bcdd0
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0003bcaa
Faulting process id: 0x2080
Faulting application start time: 0x01d38995e23ad47e
Faulting application path: C:\Windows\sysWow64\SearchProtocolHost.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 213bc426-f589-11e7-b742-00acce2b8d08


System errors:
=============
Error: (01/09/2018 03:41:52 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 12.

Error: (01/09/2018 02:54:51 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/09/2018 02:30:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/09/2018 02:30:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/09/2018 02:30:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/09/2018 02:30:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/09/2018 02:30:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/09/2018 02:30:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/09/2018 02:30:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (01/09/2018 02:30:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


CodeIntegrity:
===================================
Date: 2018-01-09 14:21:21.208
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-09 14:21:21.191
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-09 14:21:05.744
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-09 14:21:05.744
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-09 14:00:38.246
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-09 14:00:38.229
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-09 14:00:21.697
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-09 14:00:21.697
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-09 13:34:38.117
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-09 13:34:38.117
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz
Percentage of memory in use: 36%
Total physical RAM: 16323.25 MB
Available physical RAM: 10364.38 MB
Total Virtual: 32644.68 MB
Available Virtual: 26431.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:447.05 GB) (Free:102.1 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:378.8 GB) (Free:98.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:1397.26 GB) (Free:586.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.2 GB) (Disk ID: 2B629864)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3241878)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1397.3 GB) (Disk ID: B202AEE4)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

You're infected with Smartservice rootkit.
It can't be fixed from within Windows so you must follow these instructions.
Please pay attention to every single step.
http://www.smartestcomputing.us.com/topic/102856-smartservice-rootkit/?do=findComment&comment=351953

 

[windowman]

Thanks, I have everything downloaded and I’m almost done making the USB stick on my laptop and will pop it in my pc once I get home today in a few hours then I’ll update you.

 

[windowman]

This is the FRST.txt report it made.
See attached.
I then scanned it with Malwarebytes and it quarantined 14 items.

 

[Broni]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by SYSTEM on MININT-VD3GIEG (10-01-2018 10:07:02)
Running from E:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool:

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2013-12-30] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-09-14] (Acronis)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-01] (Logitech Inc.)
HKLM\...\Run: [quake3] => C;\Quake3\startserver.bat
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [medias] => "C:\Program Files (x86)\Mec\trays.exe"
HKLM\...\Run: [mediaskarsten] => "C:\Program Files (x86)\predesignated\worse.exe"
HKLM\...\Run: [mediasmedias] => "C:\Program Files (x86)\Anarchists\trays.exe"
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-09] (AVAST Software)
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1202216 2011-04-06] ()
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2595480 2007-09-14] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [905056 2007-09-14] (Acronis)
HKLM-x32\...\Run: [Appandora device service] => C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe [736768 2014-05-19] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [FonePaw iPhone Data RecoveryAppService] => C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe [81512 2016-05-30] ()
HKLM-x32\...\Run: [aleck] => "C:\Program Files (x86)\Mec\trays.exe"
HKLM-x32\...\Run: [aleckdiscusses] => "C:\Program Files (x86)\predesignated\worse.exe"
HKLM-x32\...\Run: [aleckaleck] => "C:\Program Files (x86)\Anarchists\trays.exe"
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\Michael\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
HKU\Michael\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\Michael\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\Michael\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\Michael\...\Run: [Google Update] => C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-15] (Google Inc.)
HKU\Michael\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\Michael\...\Run: [discusses] => "C:\Program Files (x86)\Mec\trays.exe"
HKU\Michael\...\Run: [discussesaleck] => "C:\Program Files (x86)\predesignated\worse.exe"
HKU\Michael\...\Run: [discussesdiscusses] => "C:\Program Files (x86)\Anarchists\trays.exe"
HKU\Michael\...\Run: [karsten] => "C:\Program Files (x86)\Mec\trays.exe"
HKU\Michael\...\Run: [karstenmedias] => "C:\Program Files (x86)\predesignated\worse.exe"
HKU\Michael\...\Run: [karstenkarsten] => "C:\Program Files (x86)\Anarchists\trays.exe"
HKU\Michael\...\Run: [entrails] => "C:\Program Files (x86)\inoperative\entrails.exe"
HKU\Michael\...\Run: [width] => "C:\Program Files (x86)\Mec\trays.exe"
HKU\Michael\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"HKLM\System\ControlSet001\Services\mtgbr" => removed successfully
C:\Windows\System32\drivers\cgidgjnq.sys => moved successfully
C:\Users\Michael\AppData\Local\cgntzrw\cgntzrw.exe => moved successfully
C:\Users\Michael\AppData\Local\cgntzrw\pwrvdzc.exe => moved successfully
C:\Users\Michael\AppData\Local\nieurpt\vscptgh.exe => moved successfully
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-12-30] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-12-30] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-12-30] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2013-12-30] (ASUSTeK Computer Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-09] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-09] (AVAST Software)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2010-09-01] (Apache Software Foundation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2016-12-31] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2016-12-31] (Electronic Arts)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-10] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-07-09] ()
S4 quake3; C:\Program Files\FireDaemon\FireDaemon.exe [98640 2013-10-07] (FireDaemon Technologies Limited)
S4 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [492600 2007-09-14] ()
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [493792 2017-10-24] (Wondershare)
S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
S2 apexpsvc; "C:\Users\Michael\AppData\Local\vkxcs\apexpsvc.exe" /svc [X]
S2 backlh; C:\ProgramData\Logic Cramble\set.exe [X] <==== ATTENTION
S2 FlashruptService64; C:\Program Files (x86)\Flashrupt\FlashruptService64.exe [X]
S2 tiser; "C:\ProgramData\tiser\run.exe" [X]
S3 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\DrFone for iOS\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-12-30] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-12-30] ()
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-09] (AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-09] (AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-09] (AVAST Software)
S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-09] (AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-09] (AVAST Software)
S1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-09] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146664 2018-01-09] (AVAST Software)
S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-09] (AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-09] (AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457400 2018-01-09] (AVAST Software)
S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-09] (AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-09] (AVAST Software)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
S5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
S3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-02-24] ()
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0025.sys [28768 2014-07-13] (SoftEther VPN Project at University of Tsukuba, Japan.)
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
S3 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 netfilter64; system32\drivers\netfilter64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-09 14:47 - 2018-01-09 14:47 - 000016408 _____ C:\Users\Michael\Downloads\download
2018-01-09 13:57 - 2018-01-09 13:57 - 005513832 _____ (COMODO) C:\Users\Michael\Downloads\cispremium_installer.exe
2018-01-09 13:53 - 2018-01-09 13:53 - 000000000 ____D C:\Users\Michael\AppData\Roaming\AVAST Software
2018-01-09 13:52 - 2018-01-09 13:53 - 000002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-01-09 13:52 - 2018-01-09 13:52 - 015065792 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\mseinstall64.exe
2018-01-09 13:52 - 2018-01-09 13:52 - 001142072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 001025176 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 001001272 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 000457400 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000365680 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2018-01-09 13:52 - 2018-01-09 13:52 - 000358672 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000343768 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbloga.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000321512 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000204456 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000199448 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsha.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000185096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000149344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHdsKe.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000146664 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000110336 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000084384 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000057696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbuniva.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000046976 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2018-01-09 13:52 - 2018-01-09 13:52 - 000000342 ____H C:\Windows\Tasks\Avast Emergency Update.job
2018-01-09 13:52 - 2018-01-09 13:52 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-09 13:52 - 2018-01-09 13:52 - 000000000 ____D C:\Program Files\AVAST Software
2018-01-09 13:51 - 2018-01-09 14:35 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-09 13:51 - 2018-01-09 13:51 - 006334848 _____ (AVAST Software) C:\Users\Michael\Downloads\avast_free_antivirus_setup.exe
2018-01-09 13:51 - 2018-01-09 13:51 - 000000039 _____ C:\Users\Michael\Downloads\Stats.ini
2018-01-09 13:34 - 2018-01-09 13:58 - 000165712 _____ C:\Windows\ntbtlog.txt
2018-01-09 08:16 - 2018-01-09 16:04 - 000057928 _____ C:\Users\Michael\Desktop\FRST.txt
2018-01-09 08:15 - 2018-01-09 16:03 - 000108716 _____ C:\Users\Michael\Desktop\Addition.txt
2018-01-09 08:02 - 2018-01-09 16:03 - 000000000 ____D C:\FRST
2018-01-09 08:01 - 2018-01-09 08:01 - 006336512 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2018-01-09 07:43 - 2018-01-09 07:43 - 000316639 _____ C:\Users\Michael\Downloads\Unconfirmed 534501.crdownload
2018-01-09 06:49 - 2018-01-09 06:49 - 005660870 _____ (Swearware) C:\Users\Michael\Downloads\mycombo.exe
2018-01-09 06:46 - 2018-01-09 06:46 - 000881904 _____ (Plumbytes Software) C:\Users\Michael\Downloads\mywaresetup.exe
2018-01-09 06:29 - 2018-01-09 06:29 - 011201632 _____ (Piriform Ltd) C:\Users\Michael\Downloads\ccsetup538.exe
2018-01-09 06:21 - 2018-01-09 06:21 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-09 06:21 - 2018-01-09 06:21 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-08 17:01 - 2018-01-09 08:14 - 000000949 _____ C:\Users\Michael\Desktop\Logitech Gaming Software 8.70.lnk
2018-01-08 12:15 - 2018-01-08 12:15 - 000000202 _____ C:\Users\Michael\Documents\ibackupbot5.5.3 crack.txt
2018-01-08 10:28 - 2018-01-09 20:02 - 000000000 ____D C:\Users\Michael\AppData\Local\lskevxu
2018-01-08 10:18 - 2018-01-08 10:18 - 000000000 ____D C:\Program Files\Bonjour
2018-01-08 10:18 - 2018-01-08 10:18 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-01-08 10:15 - 2018-01-10 10:07 - 000000000 ____D C:\Users\Michael\AppData\Local\nieurpt
2018-01-08 10:15 - 2018-01-10 10:07 - 000000000 ____D C:\Users\Michael\AppData\Local\cgntzrw
2018-01-08 10:13 - 2018-01-09 14:21 - 002888192 _____ C:\Windows\System32\vdaiwetsvc.exe
2018-01-08 10:06 - 2018-01-08 10:06 - 001895381 _____ C:\Users\Michael\AppData\Local\Spanstrong.bin
2018-01-08 10:06 - 2018-01-08 10:06 - 000140800 _____ C:\Users\Michael\AppData\Local\installer.dat
2018-01-08 10:06 - 2018-01-08 10:06 - 000000000 ____D C:\Users\Michael\AppData\Local\AdvinstAnalytics
2018-01-08 10:06 - 2018-01-08 10:06 - 000000000 ____D C:\Program Files (x86)\Microleaves
2018-01-08 10:05 - 2018-01-08 10:10 - 000000000 ____D C:\Users\Michael\AppData\Roaming\AGData
2018-01-08 10:05 - 2018-01-08 10:10 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget
2018-01-08 10:04 - 2018-01-08 10:53 - 000000000 ____D C:\Program Files (x86)\predesignated
2018-01-08 10:04 - 2018-01-08 10:52 - 000000000 ____D C:\Program Files (x86)\Mec
2018-01-08 10:04 - 2018-01-08 10:27 - 000000000 ___HD C:\Program Files (x86)\inoperative
2018-01-08 10:04 - 2018-01-08 10:16 - 000000000 ___HD C:\Program Files (x86)\Anarchists
2018-01-08 10:04 - 2018-01-08 10:04 - 000000020 _____ C:\Windows\b22880632
2018-01-08 10:04 - 2018-01-08 10:04 - 000000000 ____D C:\Windows\SysWOW64\scikleg
2018-01-08 10:04 - 2018-01-08 10:04 - 000000000 ____D C:\Windows\System32\scikleg
2018-01-08 10:04 - 2018-01-08 10:04 - 000000000 ____D C:\Users\Michael\AppData\Roaming\et
2018-01-08 10:04 - 2018-01-08 10:04 - 000000000 ____D C:\Program Files (x86)\airliners
2018-01-08 10:03 - 2018-01-08 10:27 - 000000000 ____D C:\Users\Michael\AppData\Local\AdService
2018-01-08 10:03 - 2018-01-08 10:11 - 000000000 ____D C:\Program Files\Flashrupt
2018-01-08 09:35 - 2018-01-08 09:35 - 000000000 ____D C:\Users\Michael\Documents\New folder
2018-01-05 22:54 - 2018-01-05 23:03 - 792149316 _____ C:\Users\Michael\Downloads\The.Departed.2006.mp4
2018-01-04 09:16 - 2018-01-04 09:16 - 006147299 _____ C:\Users\Michael\Downloads\PrinterProDesktopSetup-1_3_5.exe
2018-01-03 17:26 - 2018-01-03 17:26 - 000291646 _____ C:\Users\Michael\Downloads\V2 - Leslie - Uncensored.epub
2018-01-01 21:46 - 2018-01-01 21:46 - 000014391 _____ C:\Users\Michael\Downloads\MEASURE FEE template (1).xlsx
2017-12-29 06:34 - 2018-01-09 06:51 - 000000000 ____D C:\Windows\Minidump
2017-12-28 18:35 - 2017-12-28 18:41 - 000000000 ____D C:\Users\Michael\Desktop\pics everythng worth savimg
2017-12-27 19:12 - 2017-12-27 19:12 - 001299209 _____ C:\Users\Michael\Downloads\krctf01.pk3
2017-12-27 19:02 - 2017-12-27 19:02 - 000000000 ____D C:\Users\Michael\Downloads\rnr_maps
2017-12-27 19:01 - 2017-12-27 19:01 - 003342577 _____ C:\Users\Michael\Downloads\rtctf5.pk3
2017-12-27 19:00 - 2017-12-27 19:00 - 009127505 _____ C:\Users\Michael\Downloads\rnr_maps.zip
2017-12-26 09:05 - 2017-12-26 09:05 - 011123856 _____ C:\Users\Michael\Downloads\iTools4_Setup_4225.exe
2017-12-26 08:57 - 2017-12-26 08:57 - 015975664 _____ C:\Users\Michael\Downloads\iToolsProSetup_EN_3-3-0-6.exe
2017-12-24 18:02 - 2017-12-24 18:02 - 000000000 ____D C:\Users\Michael\Downloads\return.of.the.magnificent.seven.1966.720p.brrip.x264-x0r..mkv
2017-12-24 17:51 - 2017-12-24 17:59 - 713173479 _____ C:\Users\Michael\Downloads\return.of.the.magnificent.seven.1966.720p.brrip.x264-x0r..mkv.part2.rar
2017-12-24 16:41 - 2017-12-24 16:41 - 000000000 ____D C:\Users\Michael\Downloads\Best-Movies.info_-_The.Magnificent.Seven.1960
2017-12-24 16:39 - 2017-12-24 16:40 - 000000000 ____D C:\Users\Michael\Downloads\there.is.something.about.mary.1998.directors.cut.720p.bluray.h264.aac-rarbg_.mp4
2017-12-24 16:36 - 2017-12-24 16:49 - 1047527424 _____ C:\Users\Michael\Downloads\return.of.the.magnificent.seven.1966.720p.brrip.x264-x0r..mkv.part1.rar
2017-12-24 16:09 - 2017-12-24 16:20 - 968053120 _____ C:\Users\Michael\Downloads\Best-Movies.info_-_The.Magnificent.Seven.1960.rar
2017-12-23 17:52 - 2017-12-23 18:04 - 944495479 _____ C:\Users\Michael\Downloads\best-movies.info_I.Am.Sam.2001.720p.Bluray.x264.YIFY.mp4
2017-12-22 13:30 - 2017-12-22 13:30 - 000018870 _____ C:\Users\Michael\Downloads\REMITTANCE ADVICE 12-20-17.PDF
2017-12-22 13:01 - 2017-12-22 13:01 - 000000000 ____D C:\Users\Michael\Documents\DD
2017-12-21 09:34 - 2017-12-21 09:34 - 003776762 _____ C:\Users\Michael\Downloads\Letter re documents.pdf
2017-12-19 08:16 - 2017-12-19 08:16 - 000002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-12-18 07:52 - 2017-12-18 07:52 - 000024549 _____ C:\Users\Michael\Documents\Ric-Walter Quote.pdf
2017-12-15 12:48 - 2017-12-15 12:48 - 000000000 ____D C:\Users\Michael\Documents\Custom Office Templates
2017-12-15 09:06 - 2017-12-15 09:06 - 000000000 ___RD C:\Users\Michael\Documents\Scanned Documents
2017-12-15 09:06 - 2017-12-15 09:06 - 000000000 ____D C:\Users\Michael\Documents\Fax
2017-12-14 15:05 - 2017-12-14 15:05 - 000001499 _____ C:\Users\Public\Desktop\FonePaw iPhone Data Recovery.lnk
2017-12-14 15:05 - 2017-12-14 15:05 - 000000000 ____D C:\Users\Michael\AppData\Local\FonePaw
2017-12-14 15:05 - 2017-12-14 15:05 - 000000000 ____D C:\ProgramData\FonePaw
2017-12-14 15:05 - 2017-12-14 15:05 - 000000000 ____D C:\Program Files (x86)\FonePaw
2017-12-14 15:04 - 2017-12-14 15:04 - 000000000 ____D C:\Users\Michael\Downloads\FonePaw iPhone Data Recovery 2.9.0 + _ [4realtorrentz]
2017-12-14 15:03 - 2017-12-14 15:03 - 026137731 _____ C:\Users\Michael\Downloads\FonePaw iPhone Data Recovery 2.9.0 + _ [4realtorrentz].zip
2017-12-14 12:28 - 2017-12-14 12:28 - 000014790 _____ C:\Users\Michael\Downloads\REMITTANCE ADVICE 12-14-17.PDF
2017-12-14 12:26 - 2017-12-14 12:26 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-12-14 12:26 - 2017-12-14 12:26 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2017-12-14 12:26 - 2017-12-14 12:26 - 000000000 ____D C:\Program Files\iPod
2017-12-14 12:26 - 2017-12-14 12:26 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-12-14 12:25 - 2017-12-14 12:26 - 000000000 ____D C:\Program Files\iTunes
2017-12-14 09:03 - 2017-12-14 09:03 - 011586106 _____ C:\Users\Michael\Downloads\GARY DENTON INCOME AND EXPENSE DECLARATION 10.13.17.pdf
2017-12-14 08:52 - 2017-12-14 08:52 - 000766809 _____ C:\Users\Michael\Downloads\Docs to sign.pdf
2017-12-12 09:52 - 2017-12-12 09:52 - 000047104 ___SH C:\Users\Michael\Documents\Thumbs.db
2017-12-12 09:46 - 2018-01-05 11:21 - 000000000 ____D C:\Users\Michael\Documents\quinn
2017-12-11 12:35 - 2017-12-11 12:35 - 000396917 _____ C:\Users\Michael\Downloads\9.27.17 Taulia FAQ's.pdf
2017-12-11 06:43 - 2017-12-11 06:43 - 000273534 _____ C:\Users\Michael\Downloads\12-11-2017.pdf
2017-12-11 06:41 - 2017-12-11 06:41 - 000228490 _____ C:\Users\Michael\Downloads\michael miller 2017 license (1).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-09 20:55 - 2013-12-30 11:04 - 000000512 _____ C:\Windows\SysWOW64\za_mv_raid.ev
2018-01-09 20:55 - 2009-07-13 18:34 - 025165824 _____ C:\Windows\System32\config\HARDWARE
2018-01-09 20:54 - 2016-09-05 12:12 - 000065536 _____ C:\Windows\System32\spu_storage.bin
2018-01-09 20:54 - 2016-02-27 15:40 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-09 20:54 - 2016-02-02 18:48 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d15e2d6b9cf42f.job
2018-01-09 20:54 - 2015-05-17 12:48 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d090e2e09fe8e6.job
2018-01-09 20:54 - 2014-03-10 18:55 - 000000000 ____D C:\Users\Michael\AppData\Roaming\DMCache
2018-01-09 20:54 - 2014-01-23 19:39 - 000000112 _____ C:\Windows\seqlog
2018-01-09 20:53 - 2016-05-10 18:48 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d1ab2f929d037d.job
2018-01-09 20:53 - 2016-02-01 19:46 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15d6c3e71d6cf.job
2018-01-09 20:53 - 2016-01-18 23:11 - 000000322 _____ C:\Windows\Tasks\iToolsDaemon.job
2018-01-09 20:53 - 2015-12-04 18:52 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d12f088e04861.job
2018-01-09 20:53 - 2014-11-15 16:43 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d0013645fcba2c.job
2018-01-09 20:53 - 2014-11-14 18:40 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0007d85a5a2d4.job
2018-01-09 20:52 - 2015-09-18 17:51 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f27dac44aa79.job
2018-01-09 20:51 - 2016-05-10 18:48 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab2f88c90026.job
2018-01-09 20:51 - 2015-12-03 18:47 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e3e22c3f968.job
2018-01-09 20:51 - 2015-02-06 19:48 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04288f94bd0cc.job
2018-01-09 20:48 - 2014-06-25 17:30 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1cf90de3cdb7cf5.job
2018-01-09 20:45 - 2014-06-18 18:28 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b66313c3313.job
2018-01-09 19:59 - 2015-05-17 12:46 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090e29779bdd3.job
2018-01-09 19:57 - 2015-09-18 17:49 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d0f27d7dc6c20a.job
2018-01-09 19:56 - 2015-08-29 10:54 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e28c2b7967a7.job
2018-01-09 19:53 - 2016-02-02 18:48 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d15e2d6b7d0fa7.job
2018-01-09 19:53 - 2016-02-01 19:46 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d6c3e55e9f6.job
2018-01-09 19:53 - 2015-05-17 12:48 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d090e2e07c3442.job
2018-01-09 19:53 - 2014-11-15 16:43 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0013645e476e1.job
2018-01-09 19:53 - 2014-02-15 21:08 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2018-01-09 19:52 - 2015-02-06 19:48 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04288f933b492.job
2018-01-09 19:51 - 2015-12-03 18:47 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e3e22a9ca45.job
2018-01-09 18:57 - 2015-09-18 17:49 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0f27d7da30d66.job
2018-01-09 18:56 - 2015-07-15 18:47 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf71c1e2b706.job
2018-01-09 18:53 - 2015-12-04 18:52 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d12f088bfeea8.job
2018-01-09 18:52 - 2015-09-18 17:51 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f27dac2a7b56.job
2018-01-09 16:53 - 2016-05-10 18:48 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d1ab2f92866de8.job
2018-01-09 16:51 - 2016-05-10 18:48 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab2f88acec3d.job
2018-01-09 16:48 - 2014-03-10 19:11 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core.job
2018-01-09 16:02 - 2013-12-30 21:24 - 000000000 ____D C:\Program Files (x86)\Origin Games
2018-01-09 15:19 - 2011-02-23 23:21 - 000209920 _____ C:\Windows\SysWOW64\freqdb.db
2018-01-09 15:06 - 2009-07-13 20:45 - 000026352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-09 15:06 - 2009-07-13 20:45 - 000026352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-09 14:28 - 2009-07-13 21:13 - 000805514 _____ C:\Windows\System32\PerfStringBackup.INI
2018-01-09 14:28 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-01-09 14:21 - 2015-09-23 17:37 - 000000000 ___RD C:\Users\Michael\OneDrive
2018-01-09 14:21 - 2014-06-19 19:51 - 000000000 ___RD C:\Users\Michael\Google Drive
2018-01-09 14:21 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-09 13:33 - 2015-08-30 19:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-09 13:14 - 2016-05-03 15:38 - 000000000 ____D C:\Users\Michael\Documents\HomeDepot
2018-01-09 10:08 - 2014-02-14 21:07 - 000000000 ____D C:\Program Files (x86)\Splashtop
2018-01-09 10:08 - 2013-12-30 10:43 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-09 08:14 - 2017-11-13 10:45 - 000001151 _____ C:\Users\Public\Desktop\iBackupBot for iPad iPhone.lnk
2018-01-09 08:14 - 2015-09-16 22:15 - 000000878 _____ C:\Users\Michael\Desktop\MWM Billing - Shortcut.lnk
2018-01-09 06:52 - 2015-04-11 15:29 - 000000000 ____D C:\Users\Michael\AppData\Roaming\IDM
2018-01-09 06:52 - 2013-12-30 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\TS3Client
2018-01-09 06:51 - 2015-07-09 16:49 - 000000000 ___DC C:\Users\Michael\AppData\Local\MigWiz
2018-01-09 06:51 - 2013-12-30 10:22 - 000000000 ____D C:\Windows\Panther
2018-01-09 06:21 - 2015-08-30 19:43 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-01-08 12:02 - 2016-12-18 19:47 - 000000308 _____ C:\Users\Michael\AppData\Roaming\com.mobilesyncbrowser.msb6
2018-01-08 11:57 - 2013-12-31 17:43 - 000018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2018-01-08 10:35 - 2017-06-28 20:36 - 000000000 ____D C:\Program Files (x86)\Printer Pro Desktop
2018-01-08 10:09 - 2013-12-30 17:02 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-08 10:06 - 2015-12-16 19:49 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla
2017-12-28 08:16 - 2016-01-18 23:11 - 000003304 _____ C:\Windows\System32\Tasks\iToolsDaemon
2017-12-26 09:17 - 2017-10-10 21:51 - 000000000 ____D C:\Program Files (x86)\ThinkSky
2017-12-26 09:07 - 2014-03-23 19:31 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-12-26 09:06 - 2016-01-18 23:11 - 000000000 ____D C:\ProgramData\ThinkSky
2017-12-19 08:16 - 2014-12-26 17:12 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-19 08:16 - 2014-02-17 22:02 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-12-18 15:39 - 2014-03-23 19:32 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Apple Computer
2017-12-17 19:49 - 2014-02-15 21:06 - 000000000 ____D C:\Users\Michael\AppData\Local\ElevatedDiagnostics
2017-12-14 18:07 - 2016-01-29 22:33 - 000002172 _____ C:\Users\Michael\Desktop\Discord.lnk
2017-12-14 18:07 - 2016-01-29 22:33 - 000000000 ____D C:\Users\Michael\AppData\Roaming\discord
2017-12-14 18:07 - 2016-01-29 22:33 - 000000000 ____D C:\Users\Michael\AppData\Local\Discord
2017-12-14 15:53 - 2014-03-23 19:32 - 000000000 ____D C:\Users\Michael\AppData\Local\Apple Computer
2017-12-14 14:50 - 2017-12-05 08:03 - 000000000 ____D C:\Users\Michael\AppData\Roaming\iMazing
2017-12-13 08:56 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF

Some files in TEMP:
====================
2018-01-09 16:02 - 2018-01-09 16:02 - 002393088 _____ (Farbar) C:\Users\Michael\AppData\Local\Temp\62BA.tmp.exe
2018-01-09 08:02 - 2018-01-09 08:02 - 002393088 _____ (Farbar) C:\Users\Michael\AppData\Local\Temp\9E33.tmp.exe
2018-01-09 15:34 - 2018-01-09 15:34 - 002393088 _____ (Farbar) C:\Users\Michael\AppData\Local\Temp\B50D.tmp.exe
2018-01-09 08:46 - 2018-01-09 08:46 - 002393088 _____ (Farbar) C:\Users\Michael\AppData\Local\Temp\E63.tmp.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2010-11-20 19:24] - [2013-12-30 16:24] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-20 19:24] - [2013-12-30 16:24] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 6%
Total physical RAM: 16323.3 MB
Available physical RAM: 15263.09 MB
Total Virtual: 16323.3 MB
Available Virtual: 15348.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:447.05 GB) (Free:101.73 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:378.8 GB) (Free:98.51 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (ESD-USB) (Removable) (Total:14.57 GB) (Free:11.02 GB) FAT32
Drive g: (FreeAgent GoFlex Drive) (Fixed) (Total:1397.26 GB) (Free:586.25 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.2 GB) (Disk ID: 2B629864)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3241878)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 14.6 GB) (Disk ID: 49161240)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)

========================================================
Disk: 3 (Size: 1397.3 GB) (Disk ID: B202AEE4)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

LastRegBack: 2018-01-08 08:51

==================== End of FRST.txt ============================

 

[Broni]

Very good job!

Restart your computer in normal mode and...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[windowman]

Ok here are the files.

 

[Broni]

Please observe forum rules.
Unless there is some issue with posting, make sure you paste all logs instead of attaching them.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic. Run it from normal mode.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[windowman]

Every time I try to post the results I get an issue that pops up saying it won't post because its spam like.

 

[windowman]

See attached.

 

[Broni]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by Michael (administrator) on MICHAEL-PC (11-01-2018 19:23:47)
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Michael)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
() C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\System32\PnkBstrA.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2013-12-30] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-09-14] (Acronis)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-01] (Logitech Inc.)
HKLM\...\Run: [quake3] => C;\Quake3\startserver.bat
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [medias] => "C:\Program Files (x86)\Mec\trays.exe"
HKLM\...\Run: [mediaskarsten] => "C:\Program Files (x86)\predesignated\worse.exe"
HKLM\...\Run: [mediasmedias] => "C:\Program Files (x86)\Anarchists\trays.exe"
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1202216 2011-04-06] ()
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2595480 2007-09-14] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [905056 2007-09-14] (Acronis)
HKLM-x32\...\Run: [Appandora device service] => C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe [736768 2014-05-19] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [FonePaw iPhone Data RecoveryAppService] => C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe [81512 2016-05-30] ()
HKLM-x32\...\Run: [aleck] => "C:\Program Files (x86)\Mec\trays.exe"
HKLM-x32\...\Run: [aleckdiscusses] => "C:\Program Files (x86)\predesignated\worse.exe"
HKLM-x32\...\Run: [aleckaleck] => "C:\Program Files (x86)\Anarchists\trays.exe"
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [Google Update] => C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-15] (Google Inc.)
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [discusses] => "C:\Program Files (x86)\Mec\trays.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [discussesaleck] => "C:\Program Files (x86)\predesignated\worse.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [discussesdiscusses] => "C:\Program Files (x86)\Anarchists\trays.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [karsten] => "C:\Program Files (x86)\Mec\trays.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [karstenmedias] => "C:\Program Files (x86)\predesignated\worse.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [karstenkarsten] => "C:\Program Files (x86)\Anarchists\trays.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [entrails] => "C:\Program Files (x86)\inoperative\entrails.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Run: [width] => "C:\Program Files (x86)\Mec\trays.exe"
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.76.152.1 208.76.152.9 76.14.0.8
Tcpip\..\Interfaces\{A3EDE4B2-F09D-4B27-B12A-0C2DD81D7311}: [DhcpNameServer] 208.76.152.1 208.76.152.9 76.14.0.8

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-867915027-2464976829-1762966156-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-867915027-2464976829-1762966156-1000 -> DefaultScope {9104B9F1-CD1F-4B72-B5B7-EF4DDF432144} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-867915027-2464976829-1762966156-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-867915027-2464976829-1762966156-1000 -> {9104B9F1-CD1F-4B72-B5B7-EF4DDF432144} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-14] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-10-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-14] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-10-19] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-02-02] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-11-14] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Michael\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Michael\AppData\Roaming\IDM\idmmzcc5 [2018-01-11] [Legacy] [not signed]
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-867915027-2464976829-1762966156-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-867915027-2464976829-1762966156-1000: @talk.google.com/O1DPlugin -> C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-867915027-2464976829-1762966156-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-867915027-2464976829-1762966156-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default [2018-01-11]
CHR Extension: (Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Downloads) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2015-09-27]
CHR Extension: (Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Facebook HD Video Downloader) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aojppbnmiahgnpbceadajdiplffpmohl [2016-11-05]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Honey) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-12-22]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-10-31]
CHR Extension: (Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Google Voice (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-02-19]
CHR Extension: (Zoho CRM) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-04-29]
CHR Extension: (Video Downloader [FVD]) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-05-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Unlimited Phone Lookups) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nalnlngcaoochiekdicepcpkakacpaai [2014-11-20]
CHR Extension: (F.B. Purity For Facebook) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-07-14]
CHR Extension: (Google Hangouts) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-02]
CHR Extension: (IDM Integration Module) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Warez-BB Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfeeplagpidgdgceaicggccompdgcon [2016-12-22]
CHR Extension: (Social Profile view notification) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pegkceflonohbcefcbflfpficfkmpeod [2017-08-31]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-02]
CHR HKU\S-1-5-21-867915027-2464976829-1762966156-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-12-30] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-12-30] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-12-30] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2013-12-30] (ASUSTeK Computer Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2015-07-11] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2010-09-01] (Apache Software Foundation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2016-12-31] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2016-12-31] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-07-09] ()
S4 quake3; C:\Program Files\FireDaemon\FireDaemon.exe [98640 2013-10-07] (FireDaemon Technologies Limited)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
S4 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [492600 2007-09-14] ()
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [493792 2017-10-24] (Wondershare)
S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
S3 ESLoadService; "C:\Program Files (x86)\EaseUS\EaseUS MobiMover\bin\ESLoadService.exe" [X]
S3 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\DrFone for iOS\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-12-30] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-12-30] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-10] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-01-11] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-01-11] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-10] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-01-11] (Malwarebytes)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-02-24] ()
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0025.sys [28768 2014-07-13] (SoftEther VPN Project at University of Tsukuba, Japan.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-01-11] ()
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
U3 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

[Broni]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-11 19:22 - 2018-01-11 19:22 - 002393088 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2018-01-11 19:22 - 2018-01-11 19:22 - 002393088 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2018-01-11 18:53 - 2018-01-11 18:53 - 005057841 _____ C:\Users\Michael\Downloads\DD declaration of disclosure .pdf
2018-01-11 18:40 - 2018-01-11 18:40 - 000001317 _____ C:\Users\Michael\Documents\AdwCleaner[C1].txt
2018-01-11 18:31 - 2018-01-11 18:31 - 000923594 _____ C:\Users\Michael\Downloads\Donna Dentons Preliminary Declaration of Disclosure.pdf
2018-01-11 18:27 - 2018-01-11 18:27 - 000001238 _____ C:\Users\Michael\Documents\Malwarebytes.txt
2018-01-11 17:16 - 2018-01-11 17:16 - 000088652 _____ C:\Users\Michael\Documents\RKreport.txt
2018-01-11 16:24 - 2018-01-11 16:24 - 033463072 _____ (Adlice Software ) C:\Users\Michael\Downloads\RogueKiller_setup_ref3 (1).exe
2018-01-11 10:40 - 2018-01-11 10:40 - 000000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2018-01-10 22:07 - 2018-01-11 18:38 - 000000000 ____D C:\AdwCleaner
2018-01-10 22:01 - 2018-01-11 18:40 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-01-10 22:01 - 2018-01-11 18:40 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-01-10 22:01 - 2018-01-11 18:40 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-01-10 22:01 - 2018-01-10 22:01 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-10 22:01 - 2018-01-10 22:01 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-01-10 22:01 - 2018-01-10 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-10 22:01 - 2018-01-10 22:01 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-01-10 18:28 - 2018-01-11 16:14 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-01-10 18:27 - 2018-01-10 22:04 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-10 18:27 - 2018-01-10 18:27 - 012664904 _____ C:\Users\Michael\Downloads\RogueKiller_old64.exe
2018-01-10 18:24 - 2018-01-11 16:01 - 000000000 ____D C:\Users\Michael\Desktop\RK_Quarantine
2018-01-10 18:22 - 2018-01-10 18:22 - 083316440 _____ (Malwarebytes ) C:\Users\Michael\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374 (1).exe
2018-01-10 18:22 - 2018-01-10 18:22 - 033463072 _____ (Adlice Software ) C:\Users\Michael\Downloads\RogueKiller_setup_ref3.exe
2018-01-10 18:22 - 2018-01-10 18:22 - 008198432 _____ (Malwarebytes) C:\Users\Michael\Downloads\AdwCleaner.exe
2018-01-10 14:29 - 2018-01-10 14:29 - 000000000 ___HD C:\OneDriveTemp
2018-01-10 12:55 - 2018-01-10 12:55 - 000001131 _____ C:\Users\Public\Desktop\iTools 4.lnk
2018-01-10 12:55 - 2018-01-10 12:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTools 4
2018-01-10 12:53 - 2018-01-10 12:54 - 021711416 _____ C:\Users\Michael\Downloads\iTools4_Setup_4305.exe
2018-01-10 12:53 - 2018-01-10 12:54 - 021711416 _____ C:\Users\Michael\Downloads\iTools4_Setup_4305 (1).exe
2018-01-10 12:26 - 2018-01-10 12:37 - 000000000 ____D C:\Users\Michael\AppData\Local\evshutiad
2018-01-10 12:26 - 2018-01-10 12:26 - 000000000 ____D C:\Windows\SysWOW64\zahnimc
2018-01-10 12:26 - 2018-01-10 12:26 - 000000000 ____D C:\Windows\system32\zahnimc
2018-01-10 12:04 - 2018-01-10 12:04 - 000000000 ____D C:\Users\Michael\Downloads\PrintTextMessagesPC
2018-01-10 12:03 - 2018-01-10 12:03 - 003446078 _____ C:\Users\Michael\Downloads\PrintTextMessagesPC.zip
2018-01-10 11:55 - 2018-01-10 12:31 - 000000000 ____D C:\ProgramData\EMM
2018-01-10 11:55 - 2018-01-10 11:55 - 000000000 ____D C:\Users\Michael\AppData\Roaming\SystemAcCrux
2018-01-10 11:53 - 2018-01-10 11:53 - 034121304 _____ (EaseUS ) C:\Users\Michael\Downloads\mobimover_free.exe
2018-01-10 10:44 - 2018-01-10 10:44 - 000002506 _____ C:\Users\Michael\Desktop\Malware scan.txt
2018-01-10 10:12 - 2018-01-10 22:01 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-10 10:12 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-01-10 10:11 - 2018-01-10 10:11 - 083316440 _____ (Malwarebytes ) C:\Users\Michael\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2018-01-10 10:07 - 2018-01-10 10:07 - 000000000 _____ C:\Recovery.txt
2018-01-09 14:47 - 2018-01-09 14:47 - 000016408 _____ C:\Users\Michael\Downloads\download
2018-01-09 13:57 - 2018-01-09 13:57 - 005513832 _____ (COMODO) C:\Users\Michael\Downloads\cispremium_installer.exe
2018-01-09 13:52 - 2018-01-09 13:52 - 015065792 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\mseinstall64.exe
2018-01-09 13:52 - 2018-01-09 13:52 - 001142072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 001001272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-01-09 13:52 - 2018-01-09 13:52 - 000000342 ____H C:\Windows\Tasks\Avast Emergency Update.job
2018-01-09 13:52 - 2018-01-09 13:52 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-09 13:51 - 2018-01-10 14:29 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-09 13:51 - 2018-01-09 13:51 - 006334848 _____ (AVAST Software) C:\Users\Michael\Downloads\avast_free_antivirus_setup.exe
2018-01-09 13:51 - 2018-01-09 13:51 - 000000039 _____ C:\Users\Michael\Downloads\Stats.ini
2018-01-09 13:34 - 2018-01-09 13:58 - 000165712 _____ C:\Windows\ntbtlog.txt
2018-01-09 08:16 - 2018-01-11 19:24 - 000030541 _____ C:\Users\Michael\Desktop\FRST.txt
2018-01-09 08:15 - 2018-01-09 16:03 - 000108716 _____ C:\Users\Michael\Desktop\Addition.txt
2018-01-09 08:02 - 2018-01-11 19:23 - 000000000 ____D C:\FRST
2018-01-09 07:43 - 2018-01-09 07:43 - 000316639 _____ C:\Users\Michael\Downloads\Unconfirmed 534501.crdownload
2018-01-09 06:49 - 2018-01-09 06:49 - 005660870 _____ (Swearware) C:\Users\Michael\Downloads\mycombo.exe
2018-01-09 06:29 - 2018-01-09 06:29 - 011201632 _____ (Piriform Ltd) C:\Users\Michael\Downloads\ccsetup538.exe
2018-01-09 06:21 - 2018-01-09 06:21 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-08 17:01 - 2018-01-09 08:14 - 000000949 _____ C:\Users\Michael\Desktop\Logitech Gaming Software 8.70.lnk
2018-01-08 12:15 - 2018-01-08 12:15 - 000000202 _____ C:\Users\Michael\Documents\ibackupbot5.5.3 crack.txt
2018-01-08 10:28 - 2018-01-09 20:02 - 000000000 ____D C:\Users\Michael\AppData\Local\lskevxu
2018-01-08 10:18 - 2018-01-08 10:18 - 000000000 ____D C:\Program Files\Bonjour
2018-01-08 10:18 - 2018-01-08 10:18 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-01-08 10:15 - 2018-01-10 10:07 - 000000000 ____D C:\Users\Michael\AppData\Local\nieurpt
2018-01-08 10:15 - 2018-01-10 10:07 - 000000000 ____D C:\Users\Michael\AppData\Local\cgntzrw
2018-01-08 10:13 - 2018-01-09 14:21 - 002888192 _____ C:\Windows\system32\vdaiwetsvc.exe
2018-01-08 10:06 - 2018-01-08 10:06 - 001895381 _____ C:\Users\Michael\AppData\Local\Spanstrong.bin
2018-01-08 10:06 - 2018-01-08 10:06 - 000140800 _____ C:\Users\Michael\AppData\Local\installer.dat
2018-01-08 10:04 - 2018-01-08 10:53 - 000000000 ____D C:\Program Files (x86)\predesignated
2018-01-08 10:04 - 2018-01-08 10:52 - 000000000 ____D C:\Program Files (x86)\Mec
2018-01-08 10:04 - 2018-01-08 10:27 - 000000000 ___HD C:\Program Files (x86)\inoperative
2018-01-08 10:04 - 2018-01-08 10:16 - 000000000 ___HD C:\Program Files (x86)\Anarchists
2018-01-08 10:04 - 2018-01-08 10:04 - 000000020 _____ C:\Windows\b22880632
2018-01-08 10:04 - 2018-01-08 10:04 - 000000000 ____D C:\Windows\SysWOW64\scikleg
2018-01-08 10:04 - 2018-01-08 10:04 - 000000000 ____D C:\Windows\system32\scikleg
2018-01-08 10:04 - 2018-01-08 10:04 - 000000000 ____D C:\Users\Michael\AppData\Roaming\et
2018-01-08 10:04 - 2018-01-08 10:04 - 000000000 ____D C:\Program Files (x86)\airliners
2018-01-08 09:35 - 2018-01-11 18:56 - 000000000 ____D C:\Users\Michael\Documents\New folder
2018-01-05 22:54 - 2018-01-05 23:03 - 792149316 _____ C:\Users\Michael\Downloads\The.Departed.2006.mp4
2018-01-04 09:16 - 2018-01-04 09:16 - 006147299 _____ C:\Users\Michael\Downloads\PrinterProDesktopSetup-1_3_5.exe
2018-01-03 17:26 - 2018-01-03 17:26 - 000291646 _____ C:\Users\Michael\Downloads\V2 - Leslie - Uncensored.epub
2018-01-01 21:46 - 2018-01-01 21:46 - 000014391 _____ C:\Users\Michael\Downloads\MEASURE FEE template (1).xlsx
2017-12-29 06:34 - 2018-01-09 06:51 - 000000000 ____D C:\Windows\Minidump
2017-12-28 18:35 - 2017-12-28 18:41 - 000000000 ____D C:\Users\Michael\Desktop\pics everythng worth savimg
2017-12-27 19:12 - 2017-12-27 19:12 - 001299209 _____ C:\Users\Michael\Downloads\krctf01.pk3
2017-12-27 19:02 - 2017-12-27 19:02 - 000000000 ____D C:\Users\Michael\Downloads\rnr_maps
2017-12-27 19:01 - 2017-12-27 19:01 - 003342577 _____ C:\Users\Michael\Downloads\rtctf5.pk3
2017-12-27 19:00 - 2017-12-27 19:00 - 009127505 _____ C:\Users\Michael\Downloads\rnr_maps.zip
2017-12-26 09:05 - 2017-12-26 09:05 - 011123856 _____ C:\Users\Michael\Downloads\iTools4_Setup_4225.exe
2017-12-26 08:57 - 2017-12-26 08:57 - 015975664 _____ C:\Users\Michael\Downloads\iToolsProSetup_EN_3-3-0-6.exe
2017-12-24 18:02 - 2017-12-24 18:02 - 000000000 ____D C:\Users\Michael\Downloads\return.of.the.magnificent.seven.1966.720p.brrip.x264-x0r..mkv
2017-12-24 17:51 - 2017-12-24 17:59 - 713173479 _____ C:\Users\Michael\Downloads\return.of.the.magnificent.seven.1966.720p.brrip.x264-x0r..mkv.part2.rar
2017-12-24 16:41 - 2017-12-24 16:41 - 000000000 ____D C:\Users\Michael\Downloads\Best-Movies.info_-_The.Magnificent.Seven.1960
2017-12-24 16:39 - 2017-12-24 16:40 - 000000000 ____D C:\Users\Michael\Downloads\there.is.something.about.mary.1998.directors.cut.720p.bluray.h264.aac-rarbg_.mp4
2017-12-24 16:36 - 2017-12-24 16:49 - 1047527424 _____ C:\Users\Michael\Downloads\return.of.the.magnificent.seven.1966.720p.brrip.x264-x0r..mkv.part1.rar
2017-12-24 16:09 - 2017-12-24 16:20 - 968053120 _____ C:\Users\Michael\Downloads\Best-Movies.info_-_The.Magnificent.Seven.1960.rar
2017-12-23 17:52 - 2017-12-23 18:04 - 944495479 _____ C:\Users\Michael\Downloads\best-movies.info_I.Am.Sam.2001.720p.Bluray.x264.YIFY.mp4
2017-12-22 13:30 - 2017-12-22 13:30 - 000018870 _____ C:\Users\Michael\Downloads\REMITTANCE ADVICE 12-20-17.PDF
2017-12-22 13:01 - 2017-12-22 13:01 - 000000000 ____D C:\Users\Michael\Documents\DD
2017-12-21 09:34 - 2017-12-21 09:34 - 003776762 _____ C:\Users\Michael\Downloads\Letter re documents.pdf
2017-12-19 08:16 - 2017-12-19 08:16 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-12-19 08:16 - 2017-12-19 08:16 - 000002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-12-18 07:52 - 2017-12-18 07:52 - 000024549 _____ C:\Users\Michael\Documents\Ric-Walter Quote.pdf
2017-12-15 12:48 - 2017-12-15 12:48 - 000000000 ____D C:\Users\Michael\Documents\Custom Office Templates
2017-12-15 09:06 - 2017-12-15 09:06 - 000000000 ___RD C:\Users\Michael\Documents\Scanned Documents
2017-12-15 09:06 - 2017-12-15 09:06 - 000000000 ____D C:\Users\Michael\Documents\Fax
2017-12-14 15:05 - 2017-12-14 15:05 - 000001499 _____ C:\Users\Public\Desktop\FonePaw iPhone Data Recovery.lnk
2017-12-14 15:05 - 2017-12-14 15:05 - 000000000 ____D C:\Users\Michael\AppData\Local\FonePaw
2017-12-14 15:05 - 2017-12-14 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FonePaw
2017-12-14 15:05 - 2017-12-14 15:05 - 000000000 ____D C:\ProgramData\FonePaw
2017-12-14 15:05 - 2017-12-14 15:05 - 000000000 ____D C:\Program Files (x86)\FonePaw
2017-12-14 15:04 - 2017-12-14 15:04 - 000000000 ____D C:\Users\Michael\Downloads\FonePaw iPhone Data Recovery 2.9.0 + _ [4realtorrentz]
2017-12-14 15:03 - 2017-12-14 15:03 - 026137731 _____ C:\Users\Michael\Downloads\FonePaw iPhone Data Recovery 2.9.0 + _ [4realtorrentz].zip
2017-12-14 12:28 - 2017-12-14 12:28 - 000014790 _____ C:\Users\Michael\Downloads\REMITTANCE ADVICE 12-14-17.PDF
2017-12-14 12:26 - 2017-12-14 12:26 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-12-14 12:26 - 2017-12-14 12:26 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2017-12-14 12:26 - 2017-12-14 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-14 12:26 - 2017-12-14 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-12-14 12:26 - 2017-12-14 12:26 - 000000000 ____D C:\Program Files\iPod
2017-12-14 12:26 - 2017-12-14 12:26 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-12-14 12:25 - 2017-12-14 12:26 - 000000000 ____D C:\Program Files\iTunes
2017-12-14 09:03 - 2017-12-14 09:03 - 011586106 _____ C:\Users\Michael\Downloads\GARY DENTON INCOME AND EXPENSE DECLARATION 10.13.17.pdf
2017-12-14 08:52 - 2017-12-14 08:52 - 000766809 _____ C:\Users\Michael\Downloads\Docs to sign.pdf
2017-12-12 09:52 - 2017-12-12 09:52 - 000047104 ___SH C:\Users\Michael\Documents\Thumbs.db
2017-12-12 09:46 - 2018-01-05 11:21 - 000000000 ____D C:\Users\Michael\Documents\quinn

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-11 19:24 - 2014-01-23 19:39 - 000000112 _____ C:\Windows\seqlog
2018-01-11 19:24 - 2013-12-30 11:04 - 000000512 _____ C:\Windows\SysWOW64\za_mv_raid.ev
2018-01-11 19:24 - 2011-02-23 23:21 - 000215040 _____ C:\Windows\SysWOW64\freqdb.db
2018-01-11 19:20 - 2009-07-13 20:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-11 19:20 - 2009-07-13 20:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-11 18:59 - 2015-05-17 12:46 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090e29779bdd3.job
2018-01-11 18:57 - 2015-09-18 17:49 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d0f27d7dc6c20a.job
2018-01-11 18:57 - 2015-09-18 17:49 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0f27d7da30d66.job
2018-01-11 18:56 - 2015-08-29 10:54 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e28c2b7967a7.job
2018-01-11 18:56 - 2015-07-15 18:47 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf71c1e2b706.job
2018-01-11 18:54 - 2015-05-17 12:48 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d090e2e09fe8e6.job
2018-01-11 18:53 - 2016-05-10 18:48 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d1ab2f929d037d.job
2018-01-11 18:53 - 2016-02-02 18:48 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d15e2d6b9cf42f.job
2018-01-11 18:53 - 2016-02-01 19:46 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15d6c3e71d6cf.job
2018-01-11 18:53 - 2016-01-18 23:11 - 000000322 _____ C:\Windows\Tasks\iToolsDaemon.job
2018-01-11 18:53 - 2015-12-04 18:52 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d12f088e04861.job
2018-01-11 18:53 - 2015-12-04 18:52 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d12f088bfeea8.job
2018-01-11 18:53 - 2014-11-15 16:43 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d0013645fcba2c.job
2018-01-11 18:53 - 2014-11-14 18:40 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0007d85a5a2d4.job
2018-01-11 18:52 - 2015-09-18 17:51 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f27dac44aa79.job
2018-01-11 18:52 - 2015-09-18 17:51 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f27dac2a7b56.job
2018-01-11 18:51 - 2016-05-10 18:48 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab2f88c90026.job
2018-01-11 18:51 - 2015-12-03 18:47 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e3e22c3f968.job
2018-01-11 18:51 - 2015-02-06 19:48 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04288f94bd0cc.job
2018-01-11 18:48 - 2014-06-25 17:30 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1cf90de3cdb7cf5.job
2018-01-11 18:45 - 2014-06-18 18:28 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b66313c3313.job
2018-01-11 18:45 - 2009-07-13 21:13 - 000805514 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-11 18:45 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-01-11 18:39 - 2016-05-10 18:48 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab2f88acec3d.job
2018-01-11 18:39 - 2016-02-27 15:40 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-11 18:39 - 2016-02-01 19:46 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d6c3e55e9f6.job
2018-01-11 18:39 - 2015-12-03 18:47 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e3e22a9ca45.job
2018-01-11 18:39 - 2015-09-23 17:37 - 000000000 ___RD C:\Users\Michael\OneDrive
2018-01-11 18:39 - 2015-02-06 19:48 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04288f933b492.job
2018-01-11 18:39 - 2014-06-19 19:51 - 000000000 ___RD C:\Users\Michael\Google Drive
2018-01-11 18:39 - 2014-02-15 21:08 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2018-01-11 18:39 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-11 18:38 - 2016-09-05 12:12 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-01-11 16:53 - 2016-05-10 18:48 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d1ab2f92866de8.job
2018-01-11 16:48 - 2014-03-10 19:11 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core.job
2018-01-10 23:01 - 2014-03-10 18:55 - 000000000 ____D C:\Users\Michael\AppData\Roaming\DMCache
2018-01-10 22:03 - 2014-01-26 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
2018-01-10 22:01 - 2015-08-30 19:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-10 19:53 - 2016-02-02 18:48 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d15e2d6b7d0fa7.job
2018-01-10 19:53 - 2015-05-17 12:48 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d090e2e07c3442.job
2018-01-10 19:53 - 2014-11-15 16:43 - 000000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0013645e476e1.job
2018-01-10 14:27 - 2014-02-15 21:08 - 000000000 ____D C:\Users\Michael\AppData\Local\Deployment
2018-01-10 12:55 - 2017-10-10 21:51 - 000000000 ____D C:\Program Files (x86)\ThinkSky
2018-01-10 12:35 - 2014-07-28 19:34 - 000000000 ____D C:\Program Files (x86)\EaseUS
2018-01-10 12:07 - 2013-12-30 16:50 - 000797752 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-01-10 11:47 - 2016-12-18 19:47 - 000000307 _____ C:\Users\Michael\AppData\Roaming\com.mobilesyncbrowser.msb6
2018-01-10 11:29 - 2016-05-03 15:38 - 000000000 ____D C:\Users\Michael\Documents\HomeDepot
2018-01-10 10:18 - 2016-01-29 22:33 - 000000000 ____D C:\Users\Michael\AppData\Roaming\discord
2018-01-10 10:17 - 2016-01-29 22:33 - 000002132 _____ C:\Users\Michael\Desktop\Discord.lnk
2018-01-10 10:17 - 2016-01-29 22:33 - 000000000 ____D C:\Users\Michael\AppData\Local\Discord
2018-01-09 20:55 - 2009-07-13 18:34 - 025165824 _____ C:\Windows\system32\config\HARDWARE
2018-01-09 16:02 - 2013-12-30 21:24 - 000000000 ____D C:\Program Files (x86)\Origin Games
2018-01-09 16:02 - 2009-07-13 21:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-01-09 16:01 - 2013-12-30 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2018-01-09 10:08 - 2014-02-14 21:07 - 000000000 ____D C:\Program Files (x86)\Splashtop
2018-01-09 10:08 - 2013-12-30 10:43 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-09 08:14 - 2017-11-13 10:45 - 000001151 _____ C:\Users\Public\Desktop\iBackupBot for iPad iPhone.lnk
2018-01-09 06:52 - 2015-04-11 15:29 - 000000000 ____D C:\Users\Michael\AppData\Roaming\IDM
2018-01-09 06:52 - 2013-12-30 23:13 - 000000000 ____D C:\Users\Michael\AppData\Roaming\TS3Client
2018-01-09 06:51 - 2015-07-09 16:49 - 000000000 ___DC C:\Users\Michael\AppData\Local\MigWiz
2018-01-09 06:51 - 2013-12-30 10:22 - 000000000 ____D C:\Windows\Panther
2018-01-09 06:21 - 2015-08-30 19:43 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-01-08 11:57 - 2013-12-31 17:43 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2018-01-08 10:35 - 2017-06-28 20:36 - 000000000 ____D C:\Program Files (x86)\Printer Pro Desktop
2018-01-08 10:09 - 2013-12-30 17:02 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-08 10:06 - 2015-12-16 19:49 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Mozilla
2017-12-28 08:16 - 2016-01-18 23:11 - 000003304 _____ C:\Windows\System32\Tasks\iToolsDaemon
2017-12-26 09:07 - 2014-03-23 19:31 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-12-26 09:06 - 2016-01-18 23:11 - 000000000 ____D C:\ProgramData\ThinkSky
2017-12-19 08:16 - 2014-12-26 17:12 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-19 08:16 - 2014-02-17 22:02 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-12-18 15:39 - 2014-03-23 19:32 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Apple Computer
2017-12-17 19:49 - 2014-02-15 21:06 - 000000000 ____D C:\Users\Michael\AppData\Local\ElevatedDiagnostics
2017-12-14 15:53 - 2014-03-23 19:32 - 000000000 ____D C:\Users\Michael\AppData\Local\Apple Computer
2017-12-14 14:50 - 2017-12-05 08:03 - 000000000 ____D C:\Users\Michael\AppData\Roaming\iMazing
2017-12-14 12:26 - 2014-03-23 19:31 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-12-13 08:56 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2016-12-18 19:47 - 2018-01-10 11:47 - 000000307 _____ () C:\Users\Michael\AppData\Roaming\com.mobilesyncbrowser.msb6
2014-02-01 23:10 - 2014-02-09 21:48 - 001617996 _____ () C:\Users\Michael\AppData\Local\ASbs.ac
2016-07-02 21:14 - 2016-07-02 21:14 - 000003584 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-01-08 10:06 - 2018-01-08 10:06 - 000140800 _____ () C:\Users\Michael\AppData\Local\installer.dat
2014-01-12 21:31 - 2016-10-12 21:02 - 000007598 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 000000051 _____ () C:\Users\Michael\AppData\Local\setup.txt
2018-01-08 10:06 - 2018-01-08 10:06 - 001895381 _____ () C:\Users\Michael\AppData\Local\Spanstrong.bin

Some files in TEMP:
====================
2018-01-09 16:02 - 2018-01-09 16:02 - 002393088 _____ (Farbar) C:\Users\Michael\AppData\Local\Temp\62BA.tmp.exe
2018-01-09 08:02 - 2018-01-09 08:02 - 002393088 _____ (Farbar) C:\Users\Michael\AppData\Local\Temp\9E33.tmp.exe
2018-01-09 15:34 - 2018-01-09 15:34 - 002393088 _____ (Farbar) C:\Users\Michael\AppData\Local\Temp\B50D.tmp.exe
2018-01-10 18:27 - 2014-02-19 20:41 - 001732032 _____ (Microsoft Corporation) C:\Users\Michael\AppData\Local\Temp\dllnt_dump.dll
2018-01-09 08:46 - 2018-01-09 08:46 - 002393088 _____ (Farbar) C:\Users\Michael\AppData\Local\Temp\E63.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-20 19:24] - [2013-12-30 16:24] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-20 19:24] - [2013-12-30 16:24] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-08 08:51

==================== End of FRST.txt ============================

 

[Broni]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Michael (11-01-2018 19:24:19)
Running from C:\Users\Michael\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-12-30 18:28:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-867915027-2464976829-1762966156-500 - Administrator - Disabled)
Guest (S-1-5-21-867915027-2464976829-1762966156-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-867915027-2464976829-1762966156-1002 - Limited - Enabled)
Michael (S-1-5-21-867915027-2464976829-1762966156-1000 - Administrator - Enabled) => C:\Users\Michael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image Home (HKLM-x32\...\{E5343B27-55DF-40BD-9FCF-A643C1331E8A}) (Version: 11.0.8027 - Acronis)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.02 - ASUSTeK Computer Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
Backup and Sync from Google (HKLM-x32\...\{908DB568-E5FA-40C7-A2AA-AB340190858B}) (Version: 3.38.7642.3857 - Google, Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BF4 Settings Editor (HKLM\...\{EF4C9459-47DE-4FCD-B9E0-CEB5BA03FC64}) (Version: 1.1 - Realmware)
Catalyst Control Center Next Localization BR (HKLM\...\{5EE7F772-23C0-8082-1408-56986B36B4F6}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{64325882-A095-FB1E-92D9-07B9932E9C24}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{0E162B62-2E18-F4C5-0415-7509FB84C775}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{7DF3274E-5035-0A93-D093-60119CCF4B9C}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EB4409B3-444C-6A32-E6ED-4CBC890126E4}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{B5BC731A-36E6-2851-1447-F0FA197E4480}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{8C50074C-B5F8-6460-9F2C-8B4C9A18408F}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{4B0934FD-8181-D360-5075-994683777700}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{4955E39C-95F0-6C78-ABFB-F44252F00B11}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{090BAC27-0452-0156-8BC0-D425BD407545}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{9BE9FA0F-87F3-4A5A-438F-4FD8B0168970}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{387AD885-3C41-0483-73C1-C4708826B764}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{8F51B1EE-DE4E-DF03-E86F-DE39BCBA67B4}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{ACDA3600-24B1-D89E-CE35-D12BADE03FB1}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{2EBF9D68-48A1-8FCD-155D-58856E290B9D}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{F67F273D-C4FC-17ED-137B-F666277DE00D}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{D2545327-A3CD-A4E0-2F71-F34F583F3120}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{85F8280D-E0EA-BBDA-2EFF-44948E6C87D5}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{51B08B0D-78AD-7F49-09EC-B9AB403E7A79}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{CB9679E4-D6FD-64AD-5D3F-5D625DA64E11}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{4AE73C11-4130-9B7A-E546-056254290033}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
CPUID CPU-Z 1.67.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Discord (HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{89B0ECE0-A41F-4A45-98D9-D54C74338117}) (Version: 7.0.302.26 - ESET, spol s r. o.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FireDaemon Pro (HKLM\...\{C0A47779-CB82-41C2-B4A0-F3D2685BDEF6}) (Version: 3.6.2634 - FireDaemon Technologies Limited) Hidden
FireDaemon Pro (HKLM-x32\...\FireDaemon Pro) (Version: 3.6.2634 - FireDaemon Technologies Limited)
FonePaw iPhone Data Recovery 2.9.0 (HKLM-x32\...\{77B09C3A-839E-4ea7-81BA-E5864F6BF388}_is1) (Version: 2.9.0 - FonePaw)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google Voice (HKLM-x32\...\{5B5D4C57-534A-CC38-E7F0-F5993C40F4C6}) (Version: 0.62 - UNKNOWN) Hidden
Google Voice (HKLM-x32\...\com.rstoeber.GoogleVoice.913F9D81260FD6F3F98FE8A907686CD092F1C90D.1) (Version: v0.62 - UNKNOWN)
GVNotifier (HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\25987dd1603e0f3a) (Version: 1.4.3.201 - Dave Amenta)
HP DeskJet 3630 series Basic Device Software (HKLM\...\{2125FB8B-5542-495A-B0F7-CD6DDBE99C2A}) (Version: 40.11.1107.1739 - HP Inc.)
HP DeskJet 3630 series Help (HKLM-x32\...\{5F074370-FEB0-4477-820F-A59DF28A933E}) (Version: 35.0.0 - Hewlett Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iBackupBot 5.5.3 (HKLM-x32\...\iBackupBot) (Version: 5.5.3 - VOW Software)
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
iExplorer 3.9.2.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
iMazing 2.4.0.0 (HKLM\...\iMazing_is1) (Version: 2.4.0.0 - DigiDNA)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.21.1124 - Intel Corporation)
Intel(R) Network Connections 16.6.126.0 (HKLM\...\PROSetDX) (Version: 16.6.126.0 - Intel)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
ioquake3 (HKLM-x32\...\ioquake3) (Version: - )
iTools 4 (HKLM-x32\...\iTools4) (Version: 4.3.0.5 - ThinkSky Technology Co., Ltd)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Jailbreak: Prisoners of War (HKLM-x32\...\Jailbreak: Prisoners of War) (Version: - )
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Marvell Storage Utility V4 (HKLM-x32\...\mvMSU) (Version: 4.1.0.1918 - Marvell)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-867915027-2464976829-1762966156-1000\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Milgard Standalone (HKLM-x32\...\{468E8618-2C41-4053-AB60-AC9A06B5AE06}) (Version: 2.9.14.5.1.0 - Edgenet, Inc)
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.7 - 3r1c)
MKVToolNix 7.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.0.0 - Moritz Bunkus)
MobileSyncBrowser (HKLM-x32\...\{BEC39F75-2760-4E23-9827-0B5E9A27B3AC}) (Version: 10.0.2.338 - VSC, LLC)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSVC80_x64 (HKLM\...\{68660049-8D48-427C-9FF7-139D8340CDC0}) (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (HKLM-x32\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.3 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Ontrack EasyRecovery Enterprise (HKLM-x32\...\{AE695CA4-8847-4462-98CC-023874D29E72}_is1) (Version: 11.1.0.0 - Kroll Ontrack Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.3.5.6379 - Electronic Arts, Inc.)
PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PlayClaw 5 (HKLM-x32\...\PlayClaw 5_is1) (Version: 5 - )
PlayClaw 5 fast codec (HKLM-x32\...\PlayClaw 5 fast codec_is1) (Version: 5 - )
Product Improvement Study for HP DeskJet 3630 series (HKLM\...\{416B7D0C-0AEC-4FE6-AE40-4E12857CCA55}) (Version: 40.11.1107.1739 - HP Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qtracker (HKLM-x32\...\Qtracker) (Version: 4.92 - )
Quake Live (HKLM-x32\...\Quake Live) (Version: - id Software)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.4.6 - Shark007)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Tenorshare ReiBoot (HKLM-x32\...\Tenorshare ReiBoot) (Version: - Tenorshare, Inc.)
TinyUmbrella 8.2.0.60 (HKLM\...\4851-8548-9863-1993) (Version: 8.2.0.60 - )
version 1.0.6.4 (HKLM-x32\...\{A877D2BD-19D7-443E-95FD-DA0A8ECB88FA}_is1) (Version: - Dynojet Research Inc.)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Resource Kit Tools (HKLM-x32\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinWay Resume Deluxe (HKLM-x32\...\{970704F5-579F-4430-A6A8-B562561B4D3D}) (Version: 14.00.011 - WinWay Corporation)
WinZip Corporate (HKLM-x32\...\{866FEF35-C429-4131-86FE-8B11F067485F}) (Version: 1.1.0 - WinZip)
Wondershare PDF Password Remover (Build 1.5.2) (HKLM-x32\...\{1719FAD6-2F6A-4F5E-BF2B-1F6F6F1E3806_PasswordRemover}_is1) (Version: - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-867915027-2464976829-1762966156-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2013-09-12] (ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2013-09-12] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2013-09-12] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BEB07DC-372B-4E90-8164-60038E7F268E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0e2e7a42c55c7 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {18B6CBC1-D23E-4A99-8A08-078762D54C81} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {1B4F46EE-A2E8-4378-BDE2-B09B01B25952} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d12f088bfeea8 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {22568154-36DE-45E0-B0A6-5B95FD826B3B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d1e92a8f4baef8 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3F416EE2-169D-48FB-89C5-200273816F32} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab2f88c90026 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4BBC0D62-73D6-4653-BFF1-FA6B71C836D8} - System32\Tasks\GoogleUpdateTaskMachineUA1d04288f94bd0cc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4E57ACCC-D373-4D17-AA76-1B70A315D4E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d041bfcfa0bbc1 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {52298B4A-CC68-418D-9E92-4CF843FDE114} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f27dac2a7b56 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {55C4322B-AE79-42DC-B5F6-A246020E1E0F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d12f088e04861 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5F3FB36D-A6B1-4FC1-B090-7509BA19998A} - System32\Tasks\GoogleUpdateTaskMachineUA1d090e29779bdd3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {60B843E8-C0CA-4B4D-8855-8EE7B139E9B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6448BF61-E2B2-4855-9C7E-CD62BD08A478} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d15e2d6b7d0fa7 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6D7EEB2C-5A24-4E62-BA37-72941B94625A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab2f88acec3d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {78FEB339-1289-40D8-B8F7-42EB8669D827} - System32\Tasks\HPCustPartic.exe_{0D37923E-2A3F-4711-BFCF-0A587F131585} => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [2017-02-08] (HP Inc.)
Task: {8301453B-749A-4BDA-94BB-ED2959DCD34F} - System32\Tasks\{738025E2-E11F-4453-8BDA-1B3329458542} => C:\Windows\system32\pcalua.exe -a "C:\Users\Michael\Downloads\vpsamz.WinWay.Resume.Deluxe.14.v14.00.014\WinWay Resume Deluxe 14 v14.00.014\Setup\Setup.exe" -d "C:\Users\Michael\Downloads\vpsamz.WinWay.Resume.Deluxe.14.v14.00.014\WinWay Resume Deluxe 14 v14.00.014\Setup"
Task: {839D1E41-6987-4A66-A844-33AD46E3D2F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0013645e476e1 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {88E5C7D3-98E9-43CD-97FF-AFC266894067} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f27dac44aa79 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8D2A9DA2-7674-4E91-90DC-EFCA2C75247B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d1ab2f92866de8 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8E381E02-1ADC-416C-A828-37B48230CE28} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {922C8C1C-EF86-4A19-B1B4-A70D325DF467} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-19] (Microsoft Corporation)
Task: {956DBEA4-66C9-4B59-8A73-AE625B78666E} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {98A2178B-56EB-4472-9DA3-EA21ADF45A25} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d1ab2f929d037d => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9FBE8E0F-794D-42C8-A1C2-5BC19553D9EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0bf71f7496361 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A214B2EB-6676-4629-B54B-FE04D566F520} - System32\Tasks\GoogleUpdateTaskMachineUA1d0007d85a5a2d4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A4964A03-B21D-436D-B219-588B4201E2EC} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8b66313c3313 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A7623C11-10AA-4586-8C08-D175288D3C73} - System32\Tasks\{A613817D-2B0A-4EC4-B687-46941F8D40A1} => C:\Windows\system32\pcalua.exe -a "C:\Users\Michael\Desktop\Linksys wrt45g\Compressed\BlueSoleil_1.4.9.3\BlueSoleil_1.4.9.3\Setup.exe" -d "C:\Users\Michael\Desktop\Linksys wrt45g\Compressed\BlueSoleil_1.4.9.3\BlueSoleil_1.4.9.3"
Task: {AAE6E747-2959-42A1-9CD7-F0E303E07781} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d1e92a8f62925a => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AD19C874-78F7-481D-9908-19F811BB8334} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e92a49f0f6c4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AF239A90-F7AA-40A0-89A7-BF06D6CCEA0D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d090e2e09fe8e6 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B1474BA7-BCE2-4BE2-9D02-5F887FBFBB80} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d090e2e07c3442 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B481DD01-E2DD-4723-A872-14135CC37F9C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1cf90de3cdb7cf5 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {BD9F13BA-2642-452D-B83A-1000C3ECDCBF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0f27d7da30d66 => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {BFD03EDE-B94D-4376-A007-FC94008304E6} - System32\Tasks\GoogleUpdateTaskMachineCore1d04288f933b492 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C0BE83D1-2C0A-4611-9C90-B0B70F6C6370} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d0f27d7dc6c20a => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C66E11B9-BE2B-4F49-8558-4B8C29D09730} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2016-12-04] (Advanced Micro Devices, Inc.)
Task: {CC62F6E8-80F8-4F31-B7CF-149D7838E5FA} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf71c1e2b706 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CC946CDF-3699-4DCE-B34B-126589BB7125} - System32\Tasks\GoogleUpdateTaskMachineUA1d15d6c3e71d6cf => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D1072683-3B11-4B15-8410-34DD127363B9} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e92a4a098830 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DA2D10D3-6BCB-4250-B312-69797B09A67A} - System32\Tasks\GoogleUpdateTaskMachineCore1d15d6c3e55e9f6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DF15093E-4BD0-4139-8770-850C7FF23664} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {E0F8EF3E-A6A1-43D5-975A-5465F271E72D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d15e2d6b9cf42f => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E197C7D4-8F25-42FD-AE64-E22C39559513} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {E9B2B22C-A19D-40FC-BBE2-F1145705A1A4} - System32\Tasks\GoogleUpdateTaskMachineUA1d12e3e22c3f968 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EBD59F8A-0424-40D4-94F5-A74DA75D5FF0} - System32\Tasks\HPCustParticipation HP DeskJet 3630 series => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [2017-02-08] (HP Inc.)
Task: {F00584EF-AAC0-47DE-A350-830EF751F3A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d0013645fcba2c => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F1857F77-38C5-43ED-92CA-9A29ACC0DDF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {F2CEF694-4AB1-43AC-B7EB-B871E37A5D2B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {F68B406C-D200-46B6-82CC-CBA123DA03AB} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
Task: {FA5ABD75-2D7A-4221-A9D2-CA9E2BF44DE5} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e28c2b7967a7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {FAAAF605-B0FA-4AB1-839E-3B2937D568C7} - System32\Tasks\GoogleUpdateTaskMachineCore1d12e3e22a9ca45 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

 

[Broni]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04288f933b492.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf71c1e2b706.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f27dac2a7b56.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e3e22a9ca45.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d6c3e55e9f6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab2f88acec3d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b66313c3313.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0007d85a5a2d4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04288f94bd0cc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090e29779bdd3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e28c2b7967a7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f27dac44aa79.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e3e22c3f968.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15d6c3e71d6cf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab2f88c90026.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0013645e476e1.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d041bfcfa0bbc1.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d090e2e07c3442.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0bf71f7496361.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0e2e7a42c55c7.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d0f27d7da30d66.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d12f088bfeea8.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d15e2d6b7d0fa7.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000Core1d1ab2f92866de8.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1cf90de3cdb7cf5.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d0013645fcba2c.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d090e2e09fe8e6.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d0f27d7dc6c20a.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d12f088e04861.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d15e2d6b9cf42f.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867915027-2464976829-1762966156-1000UA1d1ab2f929d037d.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\iToolsDaemon.job => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Michael\Desktop\Tor Browser\Stаrt Тоr Вrоwsеr.lnk -> C:\Users\Michael\Desktop\Tor Browser\Browser\firefox.bat (No File)
Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stаrt Тоr Вrоwsеr.lnk -> C:\Users\Michael\Desktop\Tor Browser\Browser\firefox.bat (No File)
Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quаkе Livе.lnk -> C:\Program Files (x86)\Quake Live\Launcher.bat (No File)
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Public\Desktop\Quаkе Livе.lnk -> C:\Program Files (x86)\Quake Live\Launcher.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-12-30 17:27 - 2013-12-30 17:27 - 000920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2015-03-06 16:07 - 2015-03-06 16:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-07-01 16:28 - 2015-07-01 16:28 - 001095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 16:07 - 2015-03-06 16:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-07-01 16:28 - 2015-07-01 16:28 - 000240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-11-20 15:27 - 2017-11-20 15:27 - 041061856 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
2011-04-06 18:55 - 2011-04-06 18:55 - 001202216 _____ () C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
2014-06-01 13:42 - 2014-05-19 12:42 - 000736768 _____ () C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe
2017-12-14 15:05 - 2016-05-30 02:49 - 000081512 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe
2016-09-14 22:30 - 2016-09-14 22:30 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 22:30 - 2016-09-14 22:30 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-01-08 15:53 - 2018-01-03 01:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-08 15:53 - 2018-01-03 01:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2014-07-02 19:30 - 2014-07-10 19:11 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2018-01-10 10:12 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-01-10 10:12 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-12-30 17:27 - 2018-01-11 18:39 - 000029184 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-12-30 17:27 - 2013-12-30 17:29 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2017-12-08 08:33 - 2017-12-08 08:33 - 000102088 _____ () C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2016-03-21 05:49 - 2016-12-04 08:56 - 000240008 _____ () C:\Windows\SysWOW64\GameManager32.dll
2016-02-27 15:41 - 2017-11-28 21:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-02-27 15:41 - 2016-08-31 17:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-02-27 15:41 - 2016-08-31 17:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-02-27 15:41 - 2016-08-31 17:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-02-27 15:41 - 2017-12-15 11:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-14 14:36 - 2017-11-03 17:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-14 14:36 - 2017-11-03 17:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-14 14:36 - 2017-11-03 17:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-14 14:36 - 2017-11-03 17:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-14 14:36 - 2017-11-03 17:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2016-02-27 15:41 - 2017-12-15 11:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 15:13 - 2016-07-04 14:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2008-01-17 09:17 - 2008-01-17 09:17 - 000073782 _____ () C:\Program Files (x86)\Marvell\storage\Apache2\bin\zlib1.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2007-09-14 01:45 - 2007-09-14 01:45 - 001328408 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2014-06-01 13:42 - 2014-05-12 12:31 - 000380416 _____ () C:\Program Files (x86)\Appandora\DuiLib.dll
2014-06-01 13:42 - 2013-09-22 11:03 - 000059904 _____ () C:\Program Files (x86)\Appandora\zlib.dll
2014-06-01 13:42 - 2013-09-22 11:03 - 000526848 _____ () C:\Program Files (x86)\Appandora\sqlite3.dll
2014-06-01 13:42 - 2013-12-19 13:03 - 000671744 _____ () C:\Program Files (x86)\Appandora\hashab.dll
2013-12-30 17:27 - 2011-07-12 19:14 - 000147456 ____N () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2013-12-30 17:27 - 2010-10-05 08:22 - 000253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2013-12-30 17:27 - 2012-10-08 17:07 - 000972288 ____N () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2013-12-30 17:31 - 2013-05-08 16:22 - 001040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2013-12-30 17:27 - 2012-05-25 10:33 - 000883712 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2013-12-30 17:27 - 2012-05-28 21:27 - 001622528 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2013-12-30 17:27 - 2011-09-19 20:18 - 001243136 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2013-12-30 17:27 - 2011-07-21 09:06 - 000846848 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2013-12-30 17:27 - 2012-08-29 18:09 - 000875520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2013-12-30 17:27 - 2011-06-08 11:15 - 000651264 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Thermal Radar\ThermalRadar.dll
2013-12-30 17:27 - 2013-12-30 17:26 - 000662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2013-12-30 17:27 - 2010-10-05 08:22 - 000208896 ____N () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2017-10-11 09:47 - 2013-07-24 08:24 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-12-14 15:06 - 2016-04-06 07:19 - 000887808 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\Framework.dll
2017-12-14 15:05 - 2011-03-24 10:25 - 009843200 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtWebKit4.dll
2017-12-14 15:05 - 2011-03-24 09:06 - 000232960 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\phonon4.dll
2017-12-14 15:05 - 2011-03-24 08:56 - 007981056 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtGui4.dll
2017-12-14 15:05 - 2011-03-24 08:42 - 002145792 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtCore4.dll
2017-12-14 15:05 - 2011-03-24 09:06 - 002530816 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtXmlPatterns4.dll
2017-12-14 15:05 - 2011-03-24 08:43 - 000934912 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtNetwork4.dll
2017-12-14 15:05 - 2011-03-24 08:42 - 000334848 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtXml4.dll
2017-12-14 15:05 - 2015-11-24 06:18 - 000013824 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\Utility.dll
2017-12-14 15:05 - 2016-01-22 10:12 - 002827776 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\IosDevice.dll
2017-12-14 15:05 - 2015-11-24 06:18 - 000987136 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\libxml2.dll
2017-12-14 15:05 - 2015-11-24 06:18 - 000077824 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\zlib1.dll
2017-12-14 15:05 - 2015-11-24 06:18 - 000562072 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\SQLite3.dll
2017-12-14 15:05 - 2011-03-24 10:37 - 000025600 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qgif4.dll
2017-12-14 15:05 - 2011-03-24 10:37 - 000027648 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qico4.dll
2017-12-14 15:05 - 2011-03-24 10:37 - 000119808 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qjpeg4.dll
2017-12-14 15:05 - 2011-03-24 10:37 - 000220672 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qmng4.dll
2017-12-14 15:05 - 2011-03-24 10:37 - 000278528 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qtiff4.dll
2018-01-11 18:39 - 2018-01-11 18:39 - 000088064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\_ctypes.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000919552 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\_hashlib.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000098816 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\win32api.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000110080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\pywintypes27.dll
2018-01-11 18:39 - 2018-01-11 18:39 - 000364544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\pythoncom27.dll
2018-01-11 18:39 - 2018-01-11 18:39 - 000686080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\unicodedata.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000320512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\win32com.shell.shell.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 001177088 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\wx._core_.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000806912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\wx._gdi_.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000816640 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\wx._windows_.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 001067520 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\wx._controls_.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000733696 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\wx._misc_.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000736256 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\pysqlite2._sqlite.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000119808 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\win32file.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000108544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\win32security.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000007168 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\hashobjs_ext.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000017920 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\thumbnails_ext.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000082432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\usb_ext.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000013824 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\common.time34.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000018432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\win32event.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000027648 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\windows.conditional.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\windows.winwrap.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000089088 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\windows.volumes.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000167936 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\win32gui.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000046080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\_socket.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 001311744 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\_ssl.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000129536 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\_elementtree.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000127488 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\pyexpat.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000038912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\win32inet.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000077824 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\wx._html2.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000036864 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\_psutil_windows.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000524248 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\windows._lib_cacheinvalidation.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000011264 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\win32crypt.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000218624 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\PIL._imaging.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000027648 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\_multiprocessing.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000020480 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\_yappi.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000035840 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\win32process.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000024064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\win32pipe.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000010240 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\select.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000025600 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\win32pdh.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000059392 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\windows.device_monitor.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\win32profile.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000022528 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI24362\win32ts.pyd
2017-06-08 06:21 - 2017-09-06 18:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-12 21:25 - 2017-10-30 20:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-02-27 15:41 - 2015-09-24 15:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2013-12-30 17:27 - 2009-08-12 20:15 - 000253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2018-01-11 18:39 - 2018-01-11 18:39 - 000088064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\_ctypes.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000919552 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\_hashlib.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000098816 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\win32api.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000110080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\pywintypes27.dll
2018-01-11 18:39 - 2018-01-11 18:39 - 000364544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\pythoncom27.dll
2018-01-11 18:39 - 2018-01-11 18:39 - 000686080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\unicodedata.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000320512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\win32com.shell.shell.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 001177088 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\wx._core_.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000806912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\wx._gdi_.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000816640 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\wx._windows_.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 001067520 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\wx._controls_.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000733696 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\wx._misc_.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000736256 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\pysqlite2._sqlite.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000119808 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\win32file.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000108544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\win32security.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000007168 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\hashobjs_ext.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000017920 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\thumbnails_ext.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000082432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\usb_ext.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000013824 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\common.time34.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000018432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\win32event.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000027648 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\windows.conditional.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\windows.winwrap.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000089088 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\windows.volumes.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000167936 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\win32gui.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000046080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\_socket.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 001311744 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\_ssl.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000129536 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\_elementtree.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000127488 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\pyexpat.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000038912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\win32inet.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000077824 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\wx._html2.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000036864 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\_psutil_windows.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000524248 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\windows._lib_cacheinvalidation.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000011264 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\win32crypt.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000218624 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\PIL._imaging.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000027648 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\_multiprocessing.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000020480 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\_yappi.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000035840 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\win32process.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000024064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\win32pipe.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000010240 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\select.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000025600 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\win32pdh.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000059392 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\windows.device_monitor.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\win32profile.pyd
2018-01-11 18:39 - 2018-01-11 18:39 - 000022528 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI50202\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [149]
AlternateDataStreams: C:\ProgramData\TEMP:B6418BC9 [412]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2017-11-08 12:23 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-867915027-2464976829-1762966156-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.76.152.1 - 208.76.152.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{B6A4C95F-E86A-4530-8459-4E9DFA8F0AD2}C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe] => (Allow) C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe
FirewallRules: [UDP Query User{1790ADF7-D31E-421A-8F16-E74A81FC75ED}C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe] => (Allow) C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe
FirewallRules: [{B685B85D-9BD4-43B0-B91D-B1A032D4F19A}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{0B68C425-D469-4E40-8EC4-AA3C458F457C}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [TCP Query User{0A338CBB-27AF-4ADD-B971-21F876AA1EB4}C:\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [UDP Query User{7795FBE5-27CD-4060-BA44-AC8DB7F94D7A}C:\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [TCP Query User{AC184875-930D-474D-85FE-BD721A13DD66}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe
FirewallRules: [UDP Query User{28ECC9DC-E6EC-4E2F-B303-FF1802F80B8C}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe
FirewallRules: [TCP Query User{F02A9AC0-2F63-4F2D-9D14-01200D4041D3}C:\program files (x86)\quake iii arena\quake3.exe] => (Allow) C:\program files (x86)\quake iii arena\quake3.exe
FirewallRules: [UDP Query User{3DE33DBD-6C28-4484-9B70-998816B8BABF}C:\program files (x86)\quake iii arena\quake3.exe] => (Allow) C:\program files (x86)\quake iii arena\quake3.exe
FirewallRules: [TCP Query User{924F6128-3381-4B19-8A90-35CAA57C6776}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe
FirewallRules: [UDP Query User{E83C3C20-84E4-4167-B700-36A17F573C24}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe
FirewallRules: [TCP Query User{D44E1DB6-81EA-465A-881B-DB78CF1389F8}C:\program files (x86)\quake iii arena\quake3.exe] => (Allow) C:\program files (x86)\quake iii arena\quake3.exe
FirewallRules: [UDP Query User{C843F957-34A4-457F-A986-0C0DC8308A9E}C:\program files (x86)\quake iii arena\quake3.exe] => (Allow) C:\program files (x86)\quake iii arena\quake3.exe
FirewallRules: [TCP Query User{A0BF2B87-CDA8-4F8F-A31B-E4039B8110DA}E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe
FirewallRules: [UDP Query User{9B1572BB-1024-4AE0-8870-82ECF5A7AF67}E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe
FirewallRules: [TCP Query User{68F1569C-6935-4DF3-8CC6-F667739314B7}E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe
FirewallRules: [UDP Query User{2CDE4F9B-FB94-41A1-A6A3-0F5FD0FB5F42}E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe
FirewallRules: [TCP Query User{4B414FCA-1120-49D6-B745-D92562F14DD7}C:\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [UDP Query User{4926E91A-D690-4F5C-8F9F-9A97AD3864DB}C:\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\teamspeak3-server_win64\ts3server_win64.exe
FirewallRules: [TCP Query User{65B9EC6D-E70C-4F37-9A30-3CE0FF4B9060}C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe
FirewallRules: [UDP Query User{B53DBFAB-B19E-4DD2-B889-C24B65B2AEC8}C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe
FirewallRules: [TCP Query User{98AD544A-4019-4DCF-986B-E5BBE9787A05}C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe
FirewallRules: [UDP Query User{E2C7DB3E-D809-4272-824D-FD3CD2FBD428}C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe
FirewallRules: [TCP Query User{2B91A404-A9AC-43E7-94B0-9C61B6533484}C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe
FirewallRules: [UDP Query User{0A2BA017-5119-40B7-B71F-E858C6A5E376}C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe
FirewallRules: [TCP Query User{D967AB7A-985B-4EC0-953D-19D7356A7B40}C:\users\michael\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\michael\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [UDP Query User{451EDDD4-8919-4CF8-8B6C-4A123A46A925}C:\users\michael\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\michael\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [TCP Query User{AE4D5BE9-B1FE-49B3-AC81-790CABC82FEF}C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe
FirewallRules: [UDP Query User{6AF33C71-5D84-48B1-88AF-7913CC355FB7}C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 6\utotalmediatheatre6.exe
FirewallRules: [TCP Query User{DCE72FC5-D207-4ADB-AAEB-6B51ABEA4AE5}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe] => (Allow) C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe
FirewallRules: [UDP Query User{53096CB1-BABB-4981-974B-75D7924AF8ED}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe] => (Allow) C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe
FirewallRules: [TCP Query User{1753F6F8-571F-48CB-9835-D118073A70BD}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe] => (Allow) C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe
FirewallRules: [UDP Query User{AFF1B732-D59D-4B51-BAD2-E57430B8AAB7}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe] => (Allow) C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe
FirewallRules: [TCP Query User{1BB91BDD-CDD5-4A9E-8CC7-F72E833152CD}C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe] => (Allow) C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe
FirewallRules: [UDP Query User{39F89396-8ED7-4428-90A1-A857A77FF358}C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe] => (Allow) C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe
FirewallRules: [TCP Query User{AEB79769-B6C5-4081-A43E-B6A9F9AEAB6E}C:\program files (x86)\quake3\quake3.exe] => (Allow) C:\program files (x86)\quake3\quake3.exe
FirewallRules: [UDP Query User{CA11DBD0-86E9-4C08-A37D-1CF3D034C11E}C:\program files (x86)\quake3\quake3.exe] => (Allow) C:\program files (x86)\quake3\quake3.exe
FirewallRules: [TCP Query User{F539445D-8DB6-4FF9-8B24-1579C5C28E6E}C:\quake3\quake3.exe] => (Allow) C:\quake3\quake3.exe
FirewallRules: [UDP Query User{B723BAD3-6FD1-4BD2-AA83-A257A83C65D2}C:\quake3\quake3.exe] => (Allow) C:\quake3\quake3.exe
FirewallRules: [{04A73492-8B97-4A39-A8B3-FEFF590268EE}] => (Allow) C:\Users\Michael\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D39928D6-E6E2-4453-9E59-BC46E8F8EBD5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C11B1E74-F777-4A5C-80AE-F2D2129C6F49}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2A515CE4-7636-43F5-AC12-D3F534792BE6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A96A44BA-4054-4F8F-8DC7-E2C0DA236F23}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E1137CCA-C364-468D-B09F-0996F940D820}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{F48ACDA6-B89A-457D-A005-6626B9AEF224}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{8A58361A-2050-4C01-8871-3AC77F7DD471}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{18C78A7A-26D0-412B-B378-4534E12F5B2B}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [TCP Query User{F103634B-8748-428D-A5BF-F573264942B1}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{DF7055C8-C110-46ED-9769-94AD80028E1E}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{BDBCC489-5444-4D31-8F51-358A8216A1FB}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{71091386-A603-4C9D-A9BB-9A830A5AADFC}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{32226528-8C9A-4342-8F69-6C5BE7B4B65A}] => (Allow) C:\Users\Michael\AppData\Local\Temp\uttF7D2.tmp.exe
FirewallRules: [{64B0AD2D-A9B3-4A25-B9D2-582CDB152E7E}] => (Allow) C:\Users\Michael\AppData\Local\Temp\uttF7D2.tmp.exe
FirewallRules: [TCP Query User{423A9A98-ACED-49A8-ADFE-A17F1F422B47}C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe] => (Allow) C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe
FirewallRules: [UDP Query User{84FF9419-2CDB-41DE-9107-5E99FAD38C39}C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe] => (Allow) C:\program files (x86)\splashtop\splashtop remote\client\strwinclt.exe
FirewallRules: [TCP Query User{FE2E0167-A7EE-4179-92B1-BAE27C7A03A2}C:\users\michael\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\michael\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [UDP Query User{B0E6D7AF-3420-4733-949A-14EC1365DF3A}C:\users\michael\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\michael\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [TCP Query User{F8887741-89C2-4DB8-8480-4E8A9047C02B}C:\users\michael\downloads\programs\tinyumbrella-7.11.00.exe] => (Allow) C:\users\michael\downloads\programs\tinyumbrella-7.11.00.exe
FirewallRules: [UDP Query User{54B96CE3-FE84-4ACA-8A83-6CB504DA8338}C:\users\michael\downloads\programs\tinyumbrella-7.11.00.exe] => (Allow) C:\users\michael\downloads\programs\tinyumbrella-7.11.00.exe
FirewallRules: [TCP Query User{80AE1205-5A76-4892-A65D-91718A29938C}E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe
FirewallRules: [UDP Query User{75C5277E-6022-4915-A8E4-FAE8372F6A99}E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-6.12.00.exe
FirewallRules: [TCP Query User{68BF2775-9CBD-4A49-8159-EB73590D5983}E:\michaels drive\iphone stuff\tinyumbrella-5.10.03.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-5.10.03.exe
FirewallRules: [UDP Query User{B83656F9-D8AC-41B1-B7D6-823751989E03}E:\michaels drive\iphone stuff\tinyumbrella-5.10.03.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-5.10.03.exe
FirewallRules: [TCP Query User{BBA7ACB8-BC0D-429D-B6A3-FFF98EF25C72}E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe
FirewallRules: [UDP Query User{7BD715BE-4638-4821-B4B9-963F44014196}E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe] => (Allow) E:\michaels drive\iphone stuff\tinyumbrella-5.10.06.exe

 

[Broni]

FirewallRules: [{9E013379-7F3E-4813-8FA1-0B3D78F0B9C9}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{C77B24FA-A51E-46C4-BA8E-EC32768C4339}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe
FirewallRules: [{D5AF4EA3-0FB5-4F9A-973B-418EE8F21394}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E1AC5DA1-BDC0-421A-A942-D611BBBDE9FA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{757DBBAF-E665-4C60-BC3A-AD0854FB752B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C1A1D706-896D-4279-93A8-EDFB2C7EFCAC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6541A072-521E-461D-A658-86F9122CFE2F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{827DD498-92D7-402E-BBDB-1EDA1A856BCD}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{C254BFA4-DDFC-4BAE-82B1-5B58DF9920E8}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E3D0019B-FF08-4E97-AF28-5669EB8DDFED}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E840F857-91AC-4A13-8B76-1B7D9FF5FDB2}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{204A02DF-1DC0-4C14-A03E-75F18642C5F1}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{097477AB-7D01-40FD-A054-72BAAD63C27E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{A0200994-DEFF-41A3-A34B-783EC6022F80}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{AF419DC7-8161-46E8-BE58-5FB01549888B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{B545CF1E-6517-4C43-9135-DFB225A1BAE2}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{375B27CF-4FA2-4850-8630-5BDDE835417E}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{BAACDBD8-4D08-4ECE-9E12-925713BDDAC7}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{D511F487-60B3-4480-85EA-CF67062CC6BA}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{CF5EFD92-CF6A-4586-AB44-397E287C6189}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{22F805ED-CB7D-4150-882C-53E70EFCD46C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{0BACFC13-70DD-4174-85F9-B3C99D65CC42}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{4034A3CA-EEB5-4F4D-BDA9-E3BC95B6070C}G:\quake3\quake3.exe] => (Block) G:\quake3\quake3.exe
FirewallRules: [UDP Query User{2B150704-74A3-4BEF-9B51-3E60E4B31615}G:\quake3\quake3.exe] => (Block) G:\quake3\quake3.exe
FirewallRules: [{C62794B3-F2CF-4832-B4FC-910D274BD304}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{E8FF6F7D-1EA1-4AB9-ACB5-0B6D5C71C4AA}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{E1931FFB-B89A-4467-9DC9-DDA0C9955D88}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{7695D04D-6660-4A3D-A76D-2DB0D921D5D7}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [TCP Query User{A2A751F3-0C25-4F79-81AC-E4675B303433}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{DF318E58-9672-4B4F-AB60-D65EB07C943F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{8E87BFB8-C288-4010-9D7C-F11EF0EE5C9A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{8A4608F3-DE56-4395-B0DF-C4E9BE3507C8}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{8B0E4B6A-9521-4AE3-95F8-2442CFE9CCEE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{C35959D2-306B-485D-8579-3B51100DD2E9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{E044A225-6D41-47FB-80D8-70B301821671}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{15AE8794-43AD-488D-8B1C-588FAB0F8F6F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{FD7D5627-DE24-496C-8F66-D825657E6C22}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{71D4442B-75AB-44F4-BA55-6C46AF54D9D0}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{09A425E3-F461-4E7C-80A9-53075004315C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{3941A6BC-F467-4585-BCD3-B5F189B29E66}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1390511B-B8EC-4541-A4FF-60823C8B0C8A}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{37633F17-0C73-4DBF-BD90-19BC821335BD}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{4AEE10DC-4C42-4691-88B2-8DBDD39AC359}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D71C492-E814-44E7-98CB-113FFBBA5B5D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F472EC2C-459E-44F3-BFBE-73D7E6AF79F2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{84448ACF-E6CA-4CA8-9805-3C921FD4E78D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{B86351E0-7D0E-48B3-886D-6458A57D2428}C:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe] => (Allow) C:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe
FirewallRules: [UDP Query User{38F4E0C2-DFD5-4CB9-8CCD-7599D0BC4C80}C:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe] => (Allow) C:\program files (x86)\origin games\need for speed(tm) most wanted\nfs13.exe
FirewallRules: [TCP Query User{3C26636D-3288-4613-8C71-EE2737B824D4}C:\program files (x86)\ioquake3\ioquake3.x86.exe] => (Allow) C:\program files (x86)\ioquake3\ioquake3.x86.exe
FirewallRules: [UDP Query User{C11684A7-CA51-4BBF-B3C6-E26584892CC0}C:\program files (x86)\ioquake3\ioquake3.x86.exe] => (Allow) C:\program files (x86)\ioquake3\ioquake3.x86.exe
FirewallRules: [TCP Query User{36608FBD-511D-496A-B13F-8D90B248179E}C:\program files (x86)\ioquake3\ioq3ded.x86.exe] => (Allow) C:\program files (x86)\ioquake3\ioq3ded.x86.exe
FirewallRules: [UDP Query User{C58A95B4-D402-4CD6-BDC4-1F940741535B}C:\program files (x86)\ioquake3\ioq3ded.x86.exe] => (Allow) C:\program files (x86)\ioquake3\ioq3ded.x86.exe
FirewallRules: [{C4389490-C7DD-4751-8020-83BACA776052}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{408E1D11-C27F-42C3-8E98-F921413B2F10}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{04E18282-7C64-439C-A101-F8F052E8D200}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CFFD7EBB-305E-4B4F-AAC0-906483983497}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9211C93C-A575-4E62-B68E-05FD673BEF83}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A7C4D263-7246-4EA4-A383-1A948A9ABF21}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8D277ED3-508C-4586-B720-2B251F6D8626}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Capture Pro\Apowersoft Screen Capture Pro.exe
FirewallRules: [{659BE573-91ED-4C34-8E67-1FA8C00791F5}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Capture Pro\Apowersoft Screen Capture Pro.exe
FirewallRules: [{7DA1BD69-5466-4377-B44A-F1542BB6C6D1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{2615A072-F2A9-4011-8C2C-3ECB4F271A00}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{BAE842D6-E296-497F-934F-3B6418C08471}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{C9B09217-37F0-4013-833A-199386FFA75B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{284D3570-831B-4C98-BA83-F3EE4D40BE8F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{77A4918B-10EF-4740-8EE0-DAEFF3FDBA17}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E205927C-E074-4DEE-9626-9995B5D5213E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FE48DA1E-FD7E-4AB8-B99E-828746C75827}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [{9C504FB7-A2F7-4A14-B6A7-DBBCC2A94479}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe
FirewallRules: [{17409893-F906-421A-BB88-0CE39BB07EB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{B6F9F154-7505-4690-BFBD-814DEB578880}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{EEA88CD4-F75B-445F-92F5-A5BAA25224A4}] => (Allow) LPort=33300
FirewallRules: [TCP Query User{ACB7E5CE-32F7-4A06-9F63-A92A00F41C20}C:\program files (x86)\printer pro desktop\printerprodesktop.exe] => (Allow) C:\program files (x86)\printer pro desktop\printerprodesktop.exe
FirewallRules: [{AE37AA83-8065-428E-BA2E-A3661E340B07}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe
FirewallRules: [{16218004-9C28-4260-A955-CF5DF32B4A10}] => (Allow) LPort=5357
FirewallRules: [{4F0D8B2C-9A30-49A5-8AA3-0F15B3733F84}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{C44987DC-119F-4939-8855-D422704B4295}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS0409\HPDiagnosticCoreUI.exe
FirewallRules: [{8EE4968A-FEBE-49C8-A775-0196ED64EF83}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS0409\HPDiagnosticCoreUI.exe
FirewallRules: [{90699AF5-B19B-44B9-873D-53346162F6CE}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS13F8\HPDiagnosticCoreUI.exe
FirewallRules: [{3F5D1E16-264D-4BB7-AA45-343F28A034AC}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS13F8\HPDiagnosticCoreUI.exe
FirewallRules: [{73364859-11D6-43E8-BCA6-B75774369268}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS4F58\HPDiagnosticCoreUI.exe
FirewallRules: [{DE598F48-CE09-4E12-BFE4-6E73CEB8D8DF}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS4F58\HPDiagnosticCoreUI.exe
FirewallRules: [{453E558A-9E22-4AB8-96ED-4410D1DF6EE9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1863D1F3-BEC6-4819-A441-B0CD7F9BBBF8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{40257185-5827-43CA-BE21-828057FD8939}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{61BF6E2A-1B8C-42AB-B2E6-2BE377CD1129}] => (Allow) C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe
FirewallRules: [{8D9924B1-E600-4061-97AC-81530512ED71}] => (Allow) C:\Program Files (x86)\ThinkSky\iTools 4\TSUpd4.exe
FirewallRules: [{2089B874-FEC5-4648-97EB-984398F983FE}] => (Allow) C:\Program Files (x86)\ThinkSky\iTools 4\TSDiag.exe
FirewallRules: [{4B51A2C2-C717-460D-B90C-4F9D6B339858}] => (Allow) C:\Program Files (x86)\ThinkSky\iTools 4\thunder\download\MiniThunderPlatform.exe
FirewallRules: [{2988FD3F-8E68-4AA7-A394-D8D3E2DE9825}] => (Allow) C:\Program Files (x86)\Mec\trays.exe
FirewallRules: [{D790CE8A-C5D7-49A6-81C6-0BE683DA6F05}] => (Allow) C:\Program Files (x86)\Anarchists\trays.exe
FirewallRules: [{7D3F54A0-D368-4AA1-B94A-61CD92ED85CF}] => (Allow) C:\Program Files (x86)\predesignated\worse.exe
FirewallRules: [{D5157F8D-D4D0-4E1F-8068-6DF0C7DC7144}] => (Allow) C:\Program Files (x86)\Anarchists\worse.exe

==================== Restore Points =========================

10-01-2018 13:41:39 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: ArcCtrl
Description: ArcCtrl
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ArcCtrl
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2018 06:41:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/11/2018 06:39:39 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.0.2 for ServerName .

Error: (01/11/2018 04:00:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6b0

Start Time: 01d38af533420000

Termination Time: 16

Application Path: C:\Windows\Explorer.EXE

Report Id: 853cacee-f72b-11e7-bcb1-00acce2b8d08

Error: (01/11/2018 10:40:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7600.16385, time stamp: 0x4a5bcdd0
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0003bcaa
Faulting process id: 0x1e28
Faulting application start time: 0x01d38b0bb6d2fc50
Faulting application path: C:\Windows\sysWow64\SearchProtocolHost.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: f51f0363-f6fe-11e7-bcb1-00acce2b8d08

Error: (01/11/2018 08:56:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\Google\Chrome\application\сhrоmе.bаt.exe".
Dependent Assembly 55.0.2883.87,language="&#x2a;",type="win32",version="55.0.2883.87" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/11/2018 08:56:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/11/2018 08:01:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/11/2018 07:59:48 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.0.2 for ServerName .

Error: (01/10/2018 10:12:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/10/2018 10:10:56 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.0.2 for ServerName .


System errors:
=============
Error: (01/11/2018 06:40:56 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (01/11/2018 06:40:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ArcCtrl
cdrom

Error: (01/11/2018 06:40:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/11/2018 06:40:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (01/11/2018 06:39:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Logitech CPU Core Tempurature service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (01/11/2018 06:38:05 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/11/2018 06:38:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSU Web Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/11/2018 06:38:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/11/2018 06:38:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/11/2018 06:38:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2018-01-11 18:39:39.099
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-11 18:39:39.069
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-11 18:39:26.154
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-11 18:39:26.154
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-11 07:59:48.436
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-11 07:59:48.416
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-11 07:59:35.577
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-11 07:59:35.577
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-10 22:10:56.164
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-10 22:10:56.144
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz
Percentage of memory in use: 25%
Total physical RAM: 16323.25 MB
Available physical RAM: 12229.59 MB
Total Virtual: 32644.68 MB
Available Virtual: 28418.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:447.05 GB) (Free:100.03 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:378.8 GB) (Free:108.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:1397.26 GB) (Free:586.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.2 GB) (Disk ID: 2B629864)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3241878)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1397.3 GB) (Disk ID: B202AEE4)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================