Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

My laptop seems to be infected. [Solved]


  • This topic is locked This topic is locked
32 replies to this topic

#1 bhp

bhp

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 30 January 2020 - 07:50 AM

My Acer  E1-771  seems to be infected. It is taking long to boot and is running very slow.
I need help


    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 30 January 2020 - 11:01 AM

Hello and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner by clicking on Scan Now
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
  • if it asks to reboot, allow the reboot
  • on reboot, click on View Log File; please attach the content of the log to your next reply.

===================================================

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

  • run the program
  • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
  • click on the ‘Scan’ tab, (directly below the Dashboard tab)
  • select the Threat Scan option
  • slick the Scan Now button
  • Threat Scan will begin
  • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
  • if prompted to restart the computer, close all other programs and click Yes to restart your computer
  • once you are back at your desktop, open MBAM once more
  • click on the ‘Reports’ tab
  • double-click on the most recent Scan Report
  • click on Export, then Copy to Clipboard

Logs to include with the next post:

AdwCleaner log
Mbam.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 bhp

bhp

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 02 February 2020 - 03:32 AM

Here goes...Thanks

# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build:    01-27-2020
# Database: 2020-01-24.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-02-2020
# Duration: 00:00:05
# OS:       Windows 7 Home Premium
# Cleaned:  50
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Program Files\Enigma Software Group
Deleted       C:\Users\chakotay\AppData\Roaming\Enigma Software Group
Deleted       C:\Users\chakotay\AppData\Roaming\RPEng
Deleted       C:\sh4ldr
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted       HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe
Deleted       HKLM\Software\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted       HKLM\Software\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
Deleted       HKLM\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted       HKLM\Software\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted       HKLM\Software\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Deleted       HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted       HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Deleted       HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted       HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
 
***** [ Chromium (and derivatives) ] *****
 
Deleted       MSN Homepage & Bing Search Engine
Deleted       gjkpcnacdgdlpfejlgflolpaigoicibh
Deleted       ogminpmldncgcmokldnmmapddoccmhfl
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [10846 octets] - [02/02/2020 05:17:18]
AdwCleaner[S01].txt - [10908 octets] - [02/02/2020 05:22:12]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########


#4 bhp

bhp

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 02 February 2020 - 05:22 AM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 2/2/20
Scan Time: 5:45 AM
Log File: c244b940-45a0-11ea-8352-2025648ad16f.json
 
-Software Information-
Version: 3.8.3.2965
Components Version: 
Update Package Version: 
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: BHP\chakotay
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 306738
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 32 min, 26 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 2
PUP.Optional.OpenCandy, C:\USERS\CHAKOTAY\APPDATA\ROAMING\BITTORRENT\UPDATES\7.9.2_36321.EXE, Quarantined, [1155], [640283],
Adware.InstallCore, C:\USERS\CHAKOTAY\DOWNLOADS\SAFARI-5-1-7-ES-EN-FR-DE-IT-WIN_0833418148.EXE, Quarantined, [443], [700679],
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)


#5 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 02 February 2020 - 06:23 AM

Thanks for those. They have cleaned up a few things so let's see what else is lurking.

 

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

Frst.txt
Addition.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#6 bhp

bhp

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 02 February 2020 - 10:30 AM

Thanks.
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-02-2020 01
Ran by chakotay (02-02-2020 12:21:38)
Running from C:\Users\chakotay\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-09-17 19:34:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3430744594-213253022-3560247601-500 - Administrator - Disabled)
chakotay (S-1-5-21-3430744594-213253022-3560247601-1000 - Administrator - Enabled) => C:\Users\chakotay
Guest (S-1-5-21-3430744594-213253022-3560247601-501 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kingsoft Antivirus System Defense (Enabled - Up to date) {B6A51389-A795-5AC9-13BA-F569D73F3FE8}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kingsoft Antivirus System Defense (Enabled - Up to date) {0DC4F26D-81AF-5547-290A-CE1BACB87555}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.105 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.) Hidden
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3507 - Acer Incorporated)
Acoustica Mixcraft 7 (64-bit) (HKLM-x32\...\Mixcraft 7-64) (Version: 7.0.0.251 - Acoustica)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
AltaCast Winamp version 1.1 (HKLM-x32\...\{B1EDEEF4-922B-4847-AEDD-F57B1F020197}_is1) (Version: 1.1 - AltaCast)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM-x32\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version:  - ArcSoft)
Backup Manager V3 (HKLM-x32\...\{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.105 - NTI Corporation) Hidden
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 79.1.2.43 - Brave Software Inc)
Business-in-a-Box 2019 (HKLM-x32\...\Business-in-a-Box 2019) (Version: 7.3.7 - Biztree Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Capture NX 2 (HKLM-x32\...\Capture NX 2) (Version: 2.0.0 - NIKON CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform)
clear.fi SDK - MVP 2 (HKLM-x32\...\{A3AD65CC-B2CE-49da-AE4E-CC2ECF4EC0F8}) (Version: 2.0.1702 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (HKLM-x32\...\{DAF7BB88-6392-40aa-A714-8392C4BDBD2C}) (Version: 2.0.1707 - CyberLink Corp.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cool Edit Pro 2.0 (HKLM-x32\...\Cool Edit Pro 2.0) (Version:  - )
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink PowerDirector 11 (HKLM\...\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2418 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2418 - CyberLink Corp.)
DaVinci Resolve (HKLM\...\{3A2C86D3-248C-47EB-A791-AE7AC6F19C23}) (Version: 14.2.0012 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{332552D0-B8EE-49BF-B904-E038A72BD2B2}) (Version: 1.1.2.0 - Blackmagic Design)
DJ Intro version 1.3.0 (HKLM-x32\...\{36625871-9D4B-4046-A837-677974F51CAC}_is1) (Version: 1.3.0 - Serato Audio Research)
Driver Install 64-Bit (HKLM-x32\...\{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China) Hidden
Driver Install 64-Bit (HKLM-x32\...\InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China)
dslrBooth 5.27.0213.1 (HKLM\...\{19FB8BF8-8E63-4542-8C79-D2B76CEDAB3F}) (Version: 5.27.0213.1 - Lumasoft)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.1.1169 - Steinberg Media Technologies GmbH)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.6.4.001_WHQL (HKLM\...\Elantech) (Version: 11.6.4.001 - ELAN Microelectronic Corp.)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
EZ Grabber (HKLM-x32\...\{8543A572-5993-4101-BACC-C83884E183A4}) (Version: 2.00.0000 - EZ Grabber)
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.1.1 - Nikon)
FileZilla Client 3.46.3 (HKLM-x32\...\FileZilla Client) (Version: 3.46.3 - Tim Kosse)
FlowPaper Desktop Publisher version 3.2.9 (HKLM-x32\...\{79A0360C-F7E5-47D5-A7F9-A9938438AC61}_is1) (Version: 3.2.9 - Devaldi Ltd)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 10.7.0.16576 (HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\GoToMeeting) (Version: 10.7.0.16576 - LogMeIn, Inc.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
HP Deskjet 4620 series Basic Device Software (HKLM\...\{6D790D6C-EF5F-40AC-A9BF-2ADF638C02AD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 4620 series Help (HKLM-x32\...\{5773FBCB-BA2C-4F3E-9904-48247BF752FC}) (Version: 6.0.0 - Hewlett Packard)
HP Deskjet 4620 series Product Improvement Study (HKLM\...\{8703F965-1B1F-491F-ACCF-2B0626732065}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 4640 series Basic Device Software (HKLM\...\{81DC7FEB-87CF-4E3E-8A1C-83C837215DC7}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 4640 series Help (HKLM-x32\...\{8DF1C066-BBD8-4B9F-A5BC-AC555C9A872F}) (Version: 31.0.0 - Hewlett Packard)
HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
Hydrogen (Advanced drum machine for GNU/Linux) (HKLM-x32\...\ON) (Version: 0.9.7 - Hydrogen Developers)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{4E727621-3550-4CE0-883E-F27D7D7E0D2C}) (Version: 7.16.0.15 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3503 - Acer Incorporated)
Imaging Edge (Remote/Viewer/Edit) (HKLM\...\{ED58F865-600B-424F-99E7-2618DD5236C3}) (Version: 2.0.00.08020 - Sony Imaging Products & Solutions, Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
iTunes (HKLM\...\{9C96D8AC-EE43-4B47-877C-D11595511C8E}) (Version: 12.10.3.1 - Apple Inc.)
Java SE Development Kit 8 Update 111 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180111}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 8 Update 74 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180740}) (Version: 8.0.740.2 - Oracle Corporation)
Kingsoft Antivirus 2012 (HKLM-x32\...\Kingsoft Internet Security) (Version: 2012.5.7 - Kingsoft Internet Security)
KinoniDrivers 2.9.4 (HKLM-x32\...\KinoniDrivers) (Version: 2.9.4 - Kinoni)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.12 - Acer Inc.)
MagicCamera 8.5.0 (HKLM-x32\...\{70376A8D-C6E7-4A61-9E30-42AD268CD45D}_is1) (Version: 8.5.0 - ShiningMorning Inc.)
MagicYUV Lossless Video Codec version 1.0 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 1.0 - INNOMAGIC, Ltd.)
MAGIX Connect (HKLM\...\{B0C73D27-EB3E-4D0E-B40D-0141DAF708CC}) (Version: 3.0.0.1 - MAGIX Software GmbH) Hidden
MAGIX Connect (HKLM\...\MX.{B0C73D27-EB3E-4D0E-B40D-0141DAF708CC}) (Version: 3.0.0.1 - MAGIX Software GmbH)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX PC Check & Tuning 2020 (HKLM-x32\...\PC Check Tuning 2020_is1) (Version: 2.9.2.1755 - MAGIX Software GmbH)
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{33B6A911-B0DC-4528-96C3-54A607EFFBDC}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mirrorscript Pro 3.2 (HKLM-x32\...\Mirrorscript Pro 3.2) (Version:  - )
Mixxx 2.0.0 (64-bit) (HKLM-x32\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MP3jam 1.1.1.11 (HKLM-x32\...\MP3jam_is1) (Version: 1.1.1.11 - MP3jam)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Maker (HKLM\...\{DC21CFD5-02AC-4C89-8D35-85506A9FEB55}) (Version: 28.0.0.12 - MAGIX Software GmbH) Hidden
Music Maker (HKLM-x32\...\MX.{DC21CFD5-02AC-4C89-8D35-85506A9FEB55}) (Version: 28.0.0.12 - MAGIX Software GmbH)
MyWinLocker (HKLM\...\{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}) (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (HKLM-x32\...\{39F15B50-A977-4CA6-B1C3-6A8724CDA025}) (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
newsXpresso (HKLM-x32\...\{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Node.js (HKLM\...\{68EDB54E-2CFB-454E-BBF0-3E41E157E552}) (Version: 6.2.2 - Node.js Foundation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.3 - Notepad++ Team)
NTI Media Maker 9 (HKLM-x32\...\{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.1.0 - OBS Project)
One Touch Video Capture (HKLM-x32\...\{C3A6202F-8F3E-424C-83B8-189F92A1AB43}) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PassportPhoto (remove) (HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\PassportPhoto) (Version:  - )
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.3 - Nikon)
PowerDirector (HKLM\...\{2599B6F1-92AC-472C-BE60-9F17565E4938}) (Version: 11.0 - CyberLink Corp.) Hidden
ProppFrexx ONAIR (HKLM\...\{4909C7F2-1944-4E15-8C8B-AE23DEBA6FB4}) (Version: 4.0.0117 - radio42)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.312 - Qualcomm Atheros Communications)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.19 - Qualcomm Atheros Inc.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.21 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RadioBOSS 5.0.0.9 (HKLM-x32\...\RadioBOSS) (Version: 5.0.0.9 - DJSoft.Net)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.28145 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHOUTcast DNAS Server v2.5 (HKLM-x32\...\SHOUTcast DNAS Server) (Version: 2.5.0.715 - Radionomy SA)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype version 8.41 (HKLM-x32\...\Skype_is1) (Version: 8.41 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
Steinberg Cubase LE AI Elements 8 64bit (HKLM\...\{C801D1E6-30E3-46BE-368D-0106B42CCE17}) (Version: 8.0.40 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE 64bit (HKLM\...\{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}) (Version: 4.2.20 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE Acoustic Agent (HKLM-x32\...\{F34EA13C-F078-4003-AE21-43EAB2680EC5}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE Content (HKLM-x32\...\{AFC9D1CE-F050-437C-35A5-62DEDB262DC7}) (Version: 1.2.20 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 2.0.2 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 2.0.1 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.2 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
TeleKast version 1.0.1 (HKLM-x32\...\{11827A9E-CF58-4A00-944D-2BF1C253E80E}_is1) (Version: 1.0.1 - Greg Marine and Contributors)
TortoiseSVN 1.8.10.26129 (64 bit) (HKLM\...\{A9E679EC-8FD4-49D8-A5A5-ACE462515A9E}) (Version: 1.8.26129 - TortoiseSVN)
TuneUp Utilities Language Pack (en-US) (HKLM-x32\...\{A95A76C9-6F65-477E-83A0-9F884B6DC21B}) (Version: 12.0.3600.181 - TuneUp Software) Hidden
Turbonett móvil (HKLM-x32\...\Turbonett móvil) (Version: 11.302.09.09.519 - Huawei Technologies Co.,Ltd)
UFRaw 0.19.2 (HKLM-x32\...\UFRaw_is1) (Version:  - Udi Fuchs)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version:  - Microsoft)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Veetle Broadcaster 0.9.18 (HKLM-x32\...\Veetle Broadcaster) (Version: 0.9.18 - Veetle, Inc)
VidBlasterX (HKLM-x32\...\VidBlasterX) (Version:  - )
ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.2.0 - Nikon)
Vita Concert Grand LE (HKLM\...\{78999604-A81E-4ACF-9799-74F52D07A367}) (Version: 2.4.0.96 - MAGIX Software GmbH) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
vMix (HKLM-x32\...\{93D664E9-E81E-4277-9E90-6CDABAC7208F}_is1) (Version:  - StudioCoast)
vMix Social (HKLM-x32\...\{1A0C8557-EB4A-4DD1-B4F9-A974ADEFE05F}_is1) (Version:  - StudioCoast Pty Ltd)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.12 - VSO Software)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Wire (HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\wire) (Version: 3.3.2868 - Wire)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Zoom (HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-05-29] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-05-29] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-05-29] (Mega Limited -> )
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-05-29] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-05-29] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-05-29] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (Stefan Kueng. Open Source Developer -> hxxp://tortoisesvn.net)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] () [File not signed]
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2013-11-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG -> Nero AG)
ContextMenuHandlers1-x32: [duba_32bit] -> {D21D88E8-4123-48BA-B0B1-3FDBE4AE5FA4} => c:\program files (x86)\kingsoft\kingsoft antivirus\kavmenu.dll [2014-11-28] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)
ContextMenuHandlers1: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => c:\program files (x86)\kingsoft\kingsoft antivirus\kavmenu64.dll [2014-11-28] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)
ContextMenuHandlers1: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} => C:\Program Files\File Association Helper\FAHDll.dll [2014-01-28] (WinZip Computing LLC -> Nico Mak Computing)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-05-29] (Mega Limited -> )
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-12-09] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-12-17] (Open Source Developer, Stefan KUENG -> )
ContextMenuHandlers2-x32: [duba_32bit] -> {D21D88E8-4123-48BA-B0B1-3FDBE4AE5FA4} => c:\program files (x86)\kingsoft\kingsoft antivirus\kavmenu.dll [2014-11-28] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)
ContextMenuHandlers2: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => c:\program files (x86)\kingsoft\kingsoft antivirus\kavmenu64.dll [2014-11-28] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-05-29] (Mega Limited -> )
ContextMenuHandlers2: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-12-17] (Open Source Developer, Stefan KUENG -> )
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2013-11-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-05-29] (Mega Limited -> )
ContextMenuHandlers3: [MWLIVShellExt] -> {B1B294FE-EC1E-4fef-AF68-D34CE3E38157} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll [2011-06-21] (EGIS TECHNOLOGY INC. -> Egis Technology Inc. )
ContextMenuHandlers3: [ShredderContextMenu] -> {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [2011-03-29] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers4-x32: [duba_32bit] -> {D21D88E8-4123-48BA-B0B1-3FDBE4AE5FA4} => c:\program files (x86)\kingsoft\kingsoft antivirus\kavmenu.dll [2014-11-28] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)
ContextMenuHandlers4: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => c:\program files (x86)\kingsoft\kingsoft antivirus\kavmenu64.dll [2014-11-28] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2019-05-29] (Mega Limited -> )
ContextMenuHandlers4: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-12-17] (Open Source Developer, Stefan KUENG -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-05-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-12-17] (Open Source Developer, Stefan KUENG -> )
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-12-17] (Open Source Developer, Stefan KUENG -> )
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.MAGY] => C:\Windows\system32\magicyuv.dll [1019392 2015-03-04] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3filter] => C:\Windows\system32\ac3filter64.acm [2231296 2013-04-05] () [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\system32\vorbis.acm [1562432 2017-03-01] (Image Line -> HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-13] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.MAGY] => C:\Windows\SysWOW64\magicyuv.dll [886784 2015-03-04] () [File not signed]
HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-09-21] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-09-21] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-09-21] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.ac3filter] => C:\Windows\SysWOW64\ac3filter.acm [1679360 2013-04-05] () [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1456448 2017-03-01] (Image Line -> HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\chakotay\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
ShortcutWithArgument: C:\Users\chakotay\Desktop\Instagram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=maonlnecdeecdljpahhnnlmhbmalehlm
ShortcutWithArgument: C:\Users\chakotay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\chakotay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Instagram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=maonlnecdeecdljpahhnnlmhbmalehlm
ShortcutWithArgument: C:\Users\chakotay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Private Email Web-Based Hosting - Nam.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=efnidniecfifbdcfbgfofhaefgjkdofe
ShortcutWithArgument: C:\Users\chakotay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Roku URL Player and Remote.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=hmglgdjfekkcdeidadacihdocmdpgdkf
ShortcutWithArgument: C:\Users\chakotay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2020-01-15 20:56 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-01-15 20:56 - 2016-10-08 16:48 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-09-22 10:57 - 2002-04-06 10:49 - 000126976 _____ () [File not signed] C:\Program Files (x86)\coolpro2\Noclick.xfm
2016-09-22 10:57 - 2002-04-06 10:49 - 000065536 _____ () [File not signed] C:\Program Files (x86)\coolpro2\Normal.xfm
2009-01-21 20:45 - 2009-01-21 20:45 - 001401856 _____ () [File not signed] C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2018-08-16 08:54 - 2018-08-16 08:54 - 001484800 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam\avcodec-58.dll
2018-08-16 08:52 - 2018-08-16 08:52 - 000556544 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam\avutil-56.dll
2018-08-16 08:54 - 2018-08-16 08:54 - 000190464 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam\swresample-3.dll
2018-08-16 08:55 - 2018-08-16 08:55 - 000514048 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam\swscale-5.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 000222720 _____ () [File not signed] C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-11-29 01:32 - 2013-11-29 01:32 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2015-10-05 20:51 - 2014-08-06 18:54 - 001004032 _____ () [File not signed] C:\Program Files (x86)\vMix\filters64\vMixVideo.ax
2018-06-14 12:18 - 2018-06-14 12:18 - 000011776 _____ () [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\libEGL.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 002013696 _____ () [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\libGLESv2.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000739840 _____ () [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\QtQuick\Controls\qtquickcontrolsplugin.dll
2013-07-20 11:48 - 2009-10-21 15:37 - 001643008 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\hpfui101.dll
2015-01-03 22:24 - 2015-01-03 22:24 - 000080384 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2002-01-05 12:03 - 2002-01-05 12:03 - 000176128 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL
2002-01-05 19:05 - 2002-01-05 19:05 - 000180224 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL
2014-11-28 01:11 - 2014-11-28 01:11 - 000548864 _____ (Microsoft Corporation) [File not signed] c:\program files (x86)\kingsoft\kingsoft antivirus\MSVCP80.dll
2014-11-28 01:11 - 2014-11-28 01:11 - 000626688 _____ (Microsoft Corporation) [File not signed] c:\program files (x86)\kingsoft\kingsoft antivirus\MSVCR80.dll
2014-11-24 07:06 - 2014-11-24 07:06 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2014-11-24 07:06 - 2014-11-24 07:06 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2013-11-29 01:38 - 2013-11-29 01:38 - 000107648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll
2013-11-29 01:38 - 2013-11-29 01:38 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\CommApi.dll
2013-11-29 01:39 - 2013-11-29 01:39 - 000203392 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\FolderViewImpl.dll
2013-11-29 01:39 - 2013-11-29 01:39 - 000085632 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\GattI.dll
2013-11-29 01:39 - 2013-11-29 01:39 - 000126592 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\gatts.DLL
2013-11-29 01:39 - 2013-11-29 01:39 - 000083072 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Handsfree.dll
2013-11-29 01:39 - 2013-11-29 01:39 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ipc.dll
2013-11-29 01:39 - 2013-11-29 01:39 - 000063104 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ModuleManager.dll
2013-11-29 01:39 - 2013-11-29 01:39 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\OutLookLib.dll
2013-11-29 01:39 - 2013-11-29 01:39 - 000291456 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll
2013-11-29 01:39 - 2013-11-29 01:39 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\TCPConnection.dll
2013-11-29 01:39 - 2013-11-29 01:39 - 000115328 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\utils.dll
2013-11-29 01:33 - 2013-11-29 01:33 - 000308224 _____ (Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\LE\LE.dll
2013-11-29 01:34 - 2013-11-29 01:34 - 000210944 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dll
2013-11-29 01:35 - 2013-11-29 01:35 - 000162304 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll
2013-11-29 01:35 - 2013-11-29 01:35 - 000177152 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BIP\BIP.dll
2013-11-29 01:33 - 2013-11-29 01:33 - 000018432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\DID\DId.dll
2013-11-29 01:32 - 2013-11-29 01:32 - 000035840 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FAX\Fax.dll
2013-11-29 01:34 - 2013-11-29 01:34 - 000421888 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll
2013-11-29 01:35 - 2013-11-29 01:35 - 000096256 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\GapSdp\GapSdp.dll
2013-11-29 01:30 - 2013-11-29 01:30 - 000097792 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\goep\goep.dll
2013-11-29 01:32 - 2013-11-29 01:32 - 000029696 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HCRP\Hcrp.dll
2013-11-29 01:33 - 2013-11-29 01:33 - 000142848 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HealthDevice\HDP.dll
2013-11-29 01:35 - 2013-11-29 01:35 - 000091136 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\L2capLib\l2caplib.dll
2013-11-29 01:35 - 2013-11-29 01:35 - 000066048 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\OppOperation.dll
2013-11-29 01:34 - 2013-11-29 01:34 - 000067072 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\pbap\pbap.dll
2013-11-29 01:35 - 2013-11-29 01:35 - 000063488 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll
2013-11-29 01:34 - 2013-11-29 01:34 - 000097280 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\sap\sap.dll
2013-11-29 01:35 - 2013-11-29 01:35 - 000087552 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\SesMgr\sesmgr.dll
2013-11-29 01:34 - 2013-11-29 01:34 - 000055296 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\spp\spp.dll
2013-11-29 01:34 - 2013-11-29 01:34 - 000064512 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Sync\Sync.dll
2018-09-18 12:43 - 2018-09-18 12:43 - 000213504 _____ (simplitec GmbH) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\MrStyler.dll
2018-09-18 12:43 - 2018-09-18 12:43 - 000288256 _____ (simplitec GmbH) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\MrTracker.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000045568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\bearer\qgenericbearer.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000047616 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\bearer\qnativewifibearer.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\imageformats\qdds.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\imageformats\qgif.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\imageformats\qicns.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\imageformats\qico.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\imageformats\qjp2.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\imageformats\qjpeg.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\imageformats\qmng.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\imageformats\qsvg.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\imageformats\qtga.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\imageformats\qtiff.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\imageformats\qwbmp.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\imageformats\qwebp.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 001212928 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\platforms\qwindows.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 005500416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\Qt5Core.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\Qt5Gui.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 001064448 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\Qt5Network.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 003189248 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\Qt5Qml.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 002928128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\Qt5Quick.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\Qt5Svg.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 005446144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\Qt5Widgets.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000015360 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\QtQuick.2\qtquick2plugin.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000072192 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-06-14 12:18 - 2018-06-14 12:18 - 000015360 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\QtQuick\Window.2\windowplugin.dll
2020-01-15 20:56 - 2016-10-08 16:49 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:6E951145 [135]
AlternateDataStreams: C:\ProgramData\Temp:8E236DBE [136]
AlternateDataStreams: C:\ProgramData\Temp:A7D26093 [124]
AlternateDataStreams: C:\Users\chakotay\AppData\Local\Temporary Internet Files:e4HGVDlquN4U2E0PgNO1fHY1Twz [2176]
AlternateDataStreams: C:\Users\chakotay\AppData\Local\y3MRxgN3l:RKFHd2Pgq95QDNJ71iNHKHckksBM [1870]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\EgisTec MyWinLocker\x64;C:\Program Files (x86)\EgisTec MyWinLocker\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\TortoiseSVN\bin;C:\Program Files\nodejs\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\chakotay\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\startupfolder: C:^Users^chakotay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Audition CC 2014 7.0 Multilanguage (64-Bit) + Patch [ATOM].lnk => C:\Windows\pss\Adobe Audition CC 2014 7.0 Multilanguage (64-Bit) + Patch [ATOM].lnk.Startup
MSCONFIG\startupfolder: C:^Users^chakotay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Karaoke-4,499 songs.lnk => C:\Windows\pss\Karaoke-4,499 songs.lnk.Startup
MSCONFIG\startupfolder: C:^Users^chakotay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^peter tosh - Downpressor man.lnk => C:\Windows\pss\peter tosh - Downpressor man.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{696900F2-C519-451C-8FFC-B59D8F1F58FD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{2631D757-D086-4091-8658-23D29A0E69C7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{2EDE97B0-8031-4C54-A000-803CB50C19D5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{2BF4D63B-15C7-4208-9114-08104003B544}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe (Acer Incorporated -> acer)
FirewallRules: [{1230DA12-5580-429A-A002-B356ADED78A0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{799F77FF-8752-43D1-8447-E514F9AF2A48}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{7F5417A2-A2F3-46D9-B84C-B0294BC33169}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{BDCA150D-A8B0-4174-8D6B-B31DDEF44CED}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{216BEFD4-94C1-4C3A-ABAC-E9EDBA388FF2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\VideoPlayer.exe (CyberLink -> )
FirewallRules: [{5B00ED62-A053-4F02-8009-F9AF44B8A2C2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\MusicPlayer.exe (CyberLink -> )
FirewallRules: [{FDE280EB-CDA0-4DAE-A523-90CAC900C1ED}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C55A959B-219A-4D68-8CE3-AAC19B63D10D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E03024F2-32FF-4490-84CB-EBEEB121D894}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{88D48036-EA14-4D22-8CE1-8366EF38186E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{41D7EE51-7C31-40A3-B0B9-B84766B391D7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{12B85B91-A17C-47F1-AF49-C14CADEFCDE2}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{A09F173D-F041-4D93-8028-CB772ED4AD35}C:\program files (x86)\vmix\vmix64.exe] => (Allow) C:\program files (x86)\vmix\vmix64.exe (StudioCoast Pty Ltd -> StudioCoast Pty Ltd)
FirewallRules: [UDP Query User{4C2B69A1-E07D-4B70-B84B-EEB1BFCBEA66}C:\program files (x86)\vmix\vmix64.exe] => (Allow) C:\program files (x86)\vmix\vmix64.exe (StudioCoast Pty Ltd -> StudioCoast Pty Ltd)
FirewallRules: [TCP Query User{4D1180A2-36E5-4CB6-BE18-25341AE2744A}C:\program files (x86)\vmix\vmix.exe] => (Allow) C:\program files (x86)\vmix\vmix.exe (StudioCoast Pty Ltd -> StudioCoast Pty Ltd)
FirewallRules: [UDP Query User{75851E82-10CC-443A-B3D7-D956E949769C}C:\program files (x86)\vmix\vmix.exe] => (Allow) C:\program files (x86)\vmix\vmix.exe (StudioCoast Pty Ltd -> StudioCoast Pty Ltd)
FirewallRules: [TCP Query User{D3881386-B789-4CA4-BA8D-018C17657DED}C:\program files (x86)\vmix\vmixdesktopcapture.exe] => (Allow) C:\program files (x86)\vmix\vmixdesktopcapture.exe () [File not signed]
FirewallRules: [UDP Query User{973CEB0F-3A2D-4663-9294-6179AFE2CA93}C:\program files (x86)\vmix\vmixdesktopcapture.exe] => (Allow) C:\program files (x86)\vmix\vmixdesktopcapture.exe () [File not signed]
FirewallRules: [TCP Query User{AAC6DEF4-64EA-40C0-9CC1-D86E4BB45813}C:\program files (x86)\vmixsocial\vmixsocial.exe] => (Allow) C:\program files (x86)\vmixsocial\vmixsocial.exe (StudioCoast Pty Ltd) [File not signed]
FirewallRules: [UDP Query User{76EA0F6E-EAB2-4972-8533-90041086A072}C:\program files (x86)\vmixsocial\vmixsocial.exe] => (Allow) C:\program files (x86)\vmixsocial\vmixsocial.exe (StudioCoast Pty Ltd) [File not signed]
FirewallRules: [{62A423FF-38B9-4D80-A1A6-06B6A43D23A0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{067A6EC2-BBC3-4123-9CC8-7BB9C6E75067}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [TCP Query User{94AEC4B2-F89C-4B56-91C8-6F2C2C77308B}C:\program files (x86)\vmix\vmix64.exe] => (Allow) C:\program files (x86)\vmix\vmix64.exe (StudioCoast Pty Ltd -> StudioCoast Pty Ltd)
FirewallRules: [UDP Query User{A6F85450-3BA9-4A3A-BA03-81774D48210A}C:\program files (x86)\vmix\vmix64.exe] => (Allow) C:\program files (x86)\vmix\vmix64.exe (StudioCoast Pty Ltd -> StudioCoast Pty Ltd)
FirewallRules: [TCP Query User{6146B76E-36BE-4E2F-9B46-F6756FDE7A90}C:\program files (x86)\radioboss\radioboss.exe] => (Allow) C:\program files (x86)\radioboss\radioboss.exe (djsoft.net © 2003-2013) [File not signed]
FirewallRules: [UDP Query User{9EF9FFAC-883F-4A5D-889E-F884B4E4CDD3}C:\program files (x86)\radioboss\radioboss.exe] => (Allow) C:\program files (x86)\radioboss\radioboss.exe (djsoft.net © 2003-2013) [File not signed]
FirewallRules: [{99C5F9CF-FFFB-470D-A0ED-743EAF0AAF3C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F668A504-BE5A-4B1E-B6AB-F00D071A5D6C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{96355800-5F68-4CE5-99EB-F92B62FF8F95}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8F7B4D63-4AFF-4337-A5A5-EAEFDB0E1B87}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7C03C433-FA7D-40C1-84DC-DF72F0A0576A}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe] => (Block) C:\program files (x86)\nero\nero 7\nero home\nerohome.exe (Nero AG -> Nero AG)
FirewallRules: [UDP Query User{973A5C17-4611-42EE-BC26-1F1C397BD695}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe] => (Block) C:\program files (x86)\nero\nero 7\nero home\nerohome.exe (Nero AG -> Nero AG)
FirewallRules: [{1C00D75B-0AF5-48BC-A3CF-AAA981BD3CB0}] => (Allow) LPort=5357
FirewallRules: [TCP Query User{991CE2B9-8BC5-4C12-BF07-D7F7357B3DF6}C:\program files\java\jdk1.8.0_74\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_74\bin\jmc.exe (Oracle America, Inc. -> )
FirewallRules: [UDP Query User{581EE88E-0074-4D82-ADCE-9363420DCD2C}C:\program files\java\jdk1.8.0_74\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_74\bin\jmc.exe (Oracle America, Inc. -> )
FirewallRules: [TCP Query User{CFACD5C0-AE92-41DA-9F04-D3721088A437}C:\program files\java\jdk1.8.0_74\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_74\bin\java.exe
FirewallRules: [UDP Query User{F2AC8686-B60D-4F77-8A93-FA28BCE63744}C:\program files\java\jdk1.8.0_74\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_74\bin\java.exe
FirewallRules: [TCP Query User{28154980-8990-4795-8896-C5E361246387}C:\program files (x86)\radio42\proppfrexx onair\4.0\proppfrexx onair.exe] => (Allow) C:\program files (x86)\radio42\proppfrexx onair\4.0\proppfrexx onair.exe (radio42) [File not signed]
FirewallRules: [UDP Query User{CB829ABF-4B6C-4DC8-AD35-D6D903591A70}C:\program files (x86)\radio42\proppfrexx onair\4.0\proppfrexx onair.exe] => (Allow) C:\program files (x86)\radio42\proppfrexx onair\4.0\proppfrexx onair.exe (radio42) [File not signed]
FirewallRules: [{60F7FB2F-9887-4FDB-9245-90B820AA9567}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AEFC9F6A-2D83-4B62-A948-8A45DE9ECC5B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4B692FAA-9815-47CF-9901-DDE265FA596A}] => (Allow) C:\Program Files\HP\HP Deskjet 4620 series\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{5711CC77-B3C6-4452-862F-775003B376C6}] => (Allow) C:\Program Files\HP\HP Deskjet 4620 series\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{311871BD-0076-4B8D-AEEE-755EFD63E7A4}] => (Allow) C:\Program Files\HP\HP Deskjet 4620 series\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{15499831-5182-4DA8-ACA5-D9AA0907EC3D}] => (Allow) C:\Program Files\HP\HP Deskjet 4620 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{AA0732A2-BE05-4C76-9A54-DA4EDE77EFFB}] => (Allow) C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F0BCE700-7702-4DD1-BBBA-840B89317BCB}] => (Allow) C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{CE6244DE-9151-4876-A170-0EE8DF88065F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{FE7FB06B-989F-4A79-BBF6-B509DD3E0FDF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe () [File not signed]
FirewallRules: [{FFA738BC-0389-43CC-A084-F008D2F44B13}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe () [File not signed]
FirewallRules: [{936DA605-3BC7-45B8-8FB0-3776EF85D429}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe () [File not signed]
FirewallRules: [{419934D7-290C-4E75-BF45-6E575CC15B19}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe () [File not signed]
FirewallRules: [{3A3F630A-8A74-4E3E-A165-8D0F0582518D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe () [File not signed]
FirewallRules: [{B1593DCC-8401-4035-90B6-C93C74A8C02C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe () [File not signed]
FirewallRules: [{9D3F1745-3FB0-4D8C-A32F-AFE389231BD2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe () [File not signed]
FirewallRules: [{3E308BEA-E882-4F29-8671-DD8BEAD5CC32}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{C6675D11-E153-403C-A500-C5033C9B8C53}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{7A91025E-3A35-40C6-8711-5EE6A77EF9D2}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Block) C:\program files (x86)\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [UDP Query User{9069F472-E54F-40B9-A101-2D799F03CEC8}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Block) C:\program files (x86)\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [{4ABEC8A3-6877-4F5E-B89A-73FDE8D07C5F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6408C36C-A220-40FC-8DC1-520812CB7417}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D2A54495-9EF1-4B2F-B3E1-FA7C51C01640}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1B7BEE5E-CC03-4E64-B577-D5CFE14162DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{B6C2A4DA-BA09-47D9-B197-30D5AFCDBD05}C:\program files (x86)\stream what you hear\swyh.exe] => (Allow) C:\program files (x86)\stream what you hear\swyh.exe (Sebastien.warin.fr) [File not signed]
FirewallRules: [UDP Query User{FE0A1F24-5066-4C75-BD71-593AC3C548BB}C:\program files (x86)\stream what you hear\swyh.exe] => (Allow) C:\program files (x86)\stream what you hear\swyh.exe (Sebastien.warin.fr) [File not signed]
FirewallRules: [{E24F490F-1D1B-46EF-82E4-9133D1BE532B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4765F38-E04E-4324-B2DE-1353A1BA1DAE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{20F8C797-C229-407A-A583-BA25034C7427}C:\program files (x86)\dslrbooth\dslrbooth.exe] => (Allow) C:\Program Files (x86)\dslrBooth\dslrbooth.exe (Hope Pictures LLC -> Lumasoft)
FirewallRules: [UDP Query User{4A722B89-FE06-4AA8-B476-621160062FA7}C:\program files (x86)\dslrbooth\dslrbooth.exe] => (Allow) C:\Program Files (x86)\dslrBooth\dslrbooth.exe (Hope Pictures LLC -> Lumasoft)
FirewallRules: [TCP Query User{4FF47F88-E5EE-425D-A239-ADD0D883306C}C:\program files\java\jdk1.8.0_111\bin\jmc.exe] => (Block) C:\program files\java\jdk1.8.0_111\bin\jmc.exe (Oracle America, Inc. -> )
FirewallRules: [UDP Query User{D7CE66CD-CEEC-4C9B-8230-56D7C44A2A8F}C:\program files\java\jdk1.8.0_111\bin\jmc.exe] => (Block) C:\program files\java\jdk1.8.0_111\bin\jmc.exe (Oracle America, Inc. -> )
FirewallRules: [TCP Query User{0E943B26-AE37-481D-8119-10DC48CC30B1}C:\program files\java\jdk1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{CA610485-F5FB-4FB2-9DD1-D3F39CF736EE}C:\program files\java\jdk1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_111\bin\javaw.exe
FirewallRules: [{99F54E88-EF07-40C1-820B-C2C4AB12D5F1}] => (Allow) C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\QMxNetworkSync.exe (MAGIX Software GmbH -> MAGIX)
FirewallRules: [{1E219ED5-111A-4449-BEF6-14A6791D14BE}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker\28\MusicMaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [{F6264C90-0914-476E-9864-DB62405689A6}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FA0176B7-413E-47F4-B44C-A3202AC7A2CD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A18DEE60-CFC8-4219-B1B1-9DDF3BB6CBBB}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
 
==================== Restore Points =========================
 
27-01-2020 23:28:39 Windows Update
 
==================== Faulty Device Manager Devices ============
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/02/2020 12:12:57 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (02/02/2020 12:12:57 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (02/02/2020 11:38:19 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.
 
Error: (02/02/2020 11:03:49 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.
 
Error: (02/02/2020 10:53:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (02/02/2020 09:26:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4041
 
Error: (02/02/2020 09:26:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4041
 
Error: (02/02/2020 09:26:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (02/02/2020 10:54:15 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/02/2020 10:54:12 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/02/2020 10:53:12 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (02/02/2020 10:53:11 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/02/2020 09:26:45 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/02/2020 07:22:03 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/02/2020 07:22:02 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/02/2020 07:21:08 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
 
Windows Defender:
===================================
Date: 2020-01-04 06:28:13.094
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{BD20820F-3AE9-44E1-B01D-AF8328D98133}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2019-09-08 06:11:38.757
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{8E90ACA2-9D20-4283-B75E-9E9A4F02A831}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2019-08-14 09:11:39.080
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{D34843E1-F5A8-4D03-9739-6B2096C9BF58}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2019-05-23 15:25:34.465
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{668CE81A-30AF-438C-8758-2AB5A6964A4D}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2019-05-23 15:25:24.530
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{1B69045A-49C9-494B-8C43-E97534BEDC94}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
CodeIntegrity:
===================================
 
Date: 2015-08-06 14:20:11.747
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ANDROIDUSB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2015-08-06 14:20:11.688
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ANDROIDUSB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2015-08-06 14:19:27.713
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ANDROIDUSB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2015-08-06 14:19:27.660
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ANDROIDUSB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2015-08-06 14:19:24.009
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ANDROIDUSB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2015-08-06 14:19:23.951
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ANDROIDUSB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2015-08-06 14:18:07.506
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ANDROIDUSB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2015-08-06 14:18:07.450
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ANDROIDUSB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
BIOS: Insyde Corp. V1.17 12/17/2013
Motherboard: Acer EA70_HC
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 86%
Total physical RAM: 5982.36 MB
Available physical RAM: 809.39 MB
Total Virtual: 11962.86 MB
Available Virtual: 6434.01 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:446.66 GB) (Free:29.7 GB) NTFS
Drive d: (PRJ_20100604) (CDROM) (Total:3.9 GB) (Free:0 GB) UDF
Drive i: (StephenOne) (Fixed) (Total:297.79 GB) (Free:250.02 GB) NTFS
 
\\?\Volume{f7652d92-ba50-11e3-8b46-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{f7652d91-ba50-11e3-8b46-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:19 GB) (Free:2.25 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7C819AB2)
Partition 1: (Not Active) - (Size=19 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.7 GB) - (Type=07 NTFS)
 
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: A5175000)
Partition 1: (Active) - (Size=297.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================


#7 bhp

bhp

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 02 February 2020 - 10:30 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2020 01
Ran by chakotay (administrator) on BHP (Acer Aspire E1-771) (02-02-2020 12:13:46)
Running from C:\Users\chakotay\Desktop
Loaded Profiles: chakotay (Available Profiles: chakotay)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\Kinoni\EpocCam\KinoniSvc.exe
() [File not signed] C:\ProgramData\DatacardService\DCService.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
(Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe
(Biztree Inc. -> ) C:\Program Files (x86)\Business-in-a-Box 2019\BIBLauncher.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(EGIS TECHNOLOGY INC. -> Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Huawei Technologies Co., Ltd.) [File not signed] C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(MAGIX Software GmbH -> MAGIX) C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\QMxNetworkSync.exe
(MAGIX Software GmbH -> simplitec GmbH) C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2020\Autopilot.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> © 2015 Microsoft Corporation) C:\Users\chakotay\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NTI Corporation -> NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(NTI Corporation -> NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Syntrillium Software Corporation) [File not signed] C:\Program Files (x86)\coolpro2\coolpro2.exe
(WinZip Computing LLC -> Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated -> Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (WinZip Computing LLC -> Nico Mak Computing)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-12-09] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297024 2012-09-26] (NTI Corporation -> NTI Corporation)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [kxesc] => c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe [1595056 2014-11-28] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-12-08] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-11-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\Run: [BingSvc] => C:\Users\chakotay\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-02] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-12-09] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\Run: [GoogleChromeAutoLaunch_1CC016AB5FEEBA70CA47B00B2FD13FB3] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\Run: [Discord] => C:\Users\chakotay\AppData\Local\Discord\app-0.0.301\Discord.exe
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\Run: [BIBLauncher] => C:\Program Files (x86)\Business-in-a-Box 2019\BIBLauncher.exe [2725248 2018-12-14] (Biztree Inc. -> )
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\Run: [QMxNetworkSync] => C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\QMxNetworkSync.exe [851704 2018-11-13] (MAGIX Software GmbH -> MAGIX)
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\MountPoints2: {377237db-0f84-11e5-b616-2025648ad16f} - F:\AutoRun.exe
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\MountPoints2: {cf758d48-0996-11e5-9c81-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\MountPoints2: {cf758dc4-0996-11e5-9c81-2025648ad16f} - F:\AutoRun.exe
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\MountPoints2: {cf758ddc-0996-11e5-9c81-2025648ad16f} - E:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> 
HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> 
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> 
HKLM\Software\...\AppCompatFlags\InstalledSDB\{4da5ab0d-0e52-4c1e-8a52-10e2c9b30e63}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{4da5ab0d-0e52-4c1e-8a52-10e2c9b30e63}.sdb
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-16] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\79.1.2.43\Installer\chrmstp.exe [2020-01-18] (Brave Software, Inc.) [File not signed]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> 
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-11-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-11-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {122557F2-EE12-41F0-93EC-8598382CD15A} - System32\Tasks\G2MUpdateTask-S-1-5-21-3430744594-213253022-3560247601-1000 => C:\Users\chakotay\AppData\Local\GoToMeeting\16576\g2mupdate.exe [32256 2020-01-25] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {1B0F03AE-22E9-412D-BADA-417A086093DD} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-08-24] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {2258DE29-2A50-40CE-8DA0-34294130A9CE} - System32\Tasks\{293AE5C3-917E-4D71-8DED-A9B77DED10F1} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {2D721CE7-DE86-483F-9AD0-A7B60287D6AE} - System32\Tasks\{CA6A25F2-B0ED-4BB5-8969-283D4FD9584E} => C:\Windows\system32\pcalua.exe -a C:\Users\chakotay\Downloads\QuickTimeInstaller.exe -d C:\Users\chakotay\Downloads
Task: {33227727-D9A3-4D40-97A6-5065A7A0D851} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3430744594-213253022-3560247601-1000 => C:\ProgramData\MEGAsync\MEGAupdater.exe [615160 2019-05-29] (Mega Limited -> Mega Limited)
Task: {336BA5F7-9894-46FA-B295-14135601A8C8} - System32\Tasks\{99F0566A-3978-4660-A395-18F9C92CF30E} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {3738A5A8-2B99-4B8C-8E1A-8C44B1148DD6} - System32\Tasks\{0750E579-12D8-41F8-ABE7-245FA68EE652} => C:\Program Files (x86)\kingsoft\kingsoft antivirus\kismain.exe [44208 2014-11-28] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)
Task: {3766A2A3-8C00-4874-BF81-DE22BAC8555E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {3AF0A0F3-40DE-47B1-B7B4-0EF79D097CB3} - System32\Tasks\{A3C7E78D-B6B7-4135-A935-E03E31EFF19E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\CombiTech\VidBlaster\Uninstal.exe" -d "C:\Program Files (x86)\CombiTech\VidBlaster"
Task: {3D113F50-EFF3-4C32-8EF7-59E0C57CD504} - System32\Tasks\MAGIX PC Check & Tuning 2020 => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2020\PCCT.exe [2449992 2019-07-22] (MAGIX Software GmbH -> MAGIX Software GmbH)
Task: {4B590BBB-19EF-454A-B4FF-29A5BE7F5520} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-22] (Google Inc -> Google Inc.)
Task: {4DC47FBE-7EC7-4043-833F-EE0214056C2C} - System32\Tasks\HP Photo Creations Communicator => C:\Users\chakotay\AppData\Roaming\HP Photo Creations\Communicator.exe [186080 2016-10-12] (RocketLife -> )
Task: {4DF4E208-D684-4B1D-B7DE-F057FCF23CBE} - System32\Tasks\MAGIX PC Check & Tuning 2020 (Autopilot.exe) => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2020\Autopilot.exe [1754696 2019-07-22] (MAGIX Software GmbH -> simplitec GmbH)
Task: {531DAFD3-384E-4817-A6E0-BE2E0693BFE9} - System32\Tasks\G2MUploadTask-S-1-5-21-3430744594-213253022-3560247601-1000 => C:\Users\chakotay\AppData\Local\GoToMeeting\16576\g2mupload.exe [32256 2020-01-25] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {60C09FC5-8F35-42F3-9224-01A59A654543} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {6B2746C2-0BF5-4968-9245-BD665BF1FA91} - System32\Tasks\HPCustParticipation HP Deskjet 4640 series => C:\Program Files\HP\HP Deskjet 4640 series\Bin\HPCustPartic.exe
Task: {6F44620D-B2FF-46F2-AA07-5522C34F8C39} - System32\Tasks\{B472276A-A9B2-42D6-BABF-6EFC38DA4A1F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Picexa\uninstall.exe"
Task: {7405B96A-7EC3-49FC-8A34-23504A57FE30} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {79262722-605C-49AA-BBBF-EA704250D666} - System32\Tasks\{121251DE-FBB3-419E-9EDB-24189CD589F5} => C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe [598086 2004-07-26] (DVD Shrink) [File not signed]
Task: {7AA29476-3887-44CF-AE0A-1A79DBABAC9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-22] (Google Inc -> Google Inc.)
Task: {8B48926E-86F5-40C9-9A14-DE742D711B04} - System32\Tasks\{CAA64F76-9505-49A7-9930-2ECBBDBAC512} => C:\Windows\system32\pcalua.exe -a C:\Users\chakotay\AppData\Local\TNT2\2.0.0.1918\TNT2User.exe -c /UNINSTALL PARTNER=11187
Task: {A6027471-5E4F-47BD-9814-A8CDF7EF6E31} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe
Task: {A82D1DC5-9944-403F-BE80-690340FC37DC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
Task: {AE6E3F71-83ED-4740-B39C-7DE59B160636} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [22392 2012-04-05] (Acer Incorporated -> Acer Incorporated)
Task: {AE91A892-3F73-494E-A77B-3ED15EBAC8A1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {B634ADD5-D2FE-4E37-B9BD-EA1F453FBE34} - System32\Tasks\{6545B3D7-8D40-4C4C-A44E-A33EB8BFB88D} => C:\Windows\system32\pcalua.exe -a C:\Users\chakotay\Downloads\SetupVidBlaster.exe -d C:\Users\chakotay\Downloads
Task: {B656EF60-87CC-4D07-88B8-3DC5A2BE2B4F} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [994416 2012-09-18] (CyberLink -> CyberLink)
Task: {C98B8E8E-0EC4-4A3F-9B49-6E2C050F587B} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-08-24] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {CBF1F544-8AC3-4D7F-BB11-4AC5F3613D82} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD0B4B59-4C7A-4C14-A8C7-F289BE9C03CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D5B12116-0B7A-4247-A943-5A3053FC5887} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3430744594-213253022-3560247601-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2013-04-29] (Microsoft Windows -> Microsoft Corporation)
Task: {E3798C5E-863B-457D-A2B9-1232E67A264F} - System32\Tasks\HPCustParticipation HP Deskjet 4620 series => C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {E461C2C8-6F68-4AD2-A965-2FBADD0B95EE} - System32\Tasks\{DBBAC505-D848-4C65-AA52-72976B37BFF8} => C:\Windows\system32\pcalua.exe -a C:\Users\chakotay\Desktop\DOWNLOADS\vac409\setup.exe -d C:\Users\chakotay\Desktop\DOWNLOADS\vac409
Task: {F27C63A4-8D91-497F-81BD-0749B2DFC46C} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [452976 2011-03-28] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3430744594-213253022-3560247601-1000.job => C:\Users\chakotay\AppData\Local\GoToMeeting\16576\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3430744594-213253022-3560247601-1000.job => C:\Users\chakotay\AppData\Local\GoToMeeting\16576\g2mupload.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\chakotay\AppData\Roaming\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\MAGIX PC Check & Tuning 2020 (Autopilot.exe).job => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2020\Autopilot.exe C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2020\chakotay-MAGIX PC Check & Tuning 2020 (Autopilot.exe
Task: C:\Windows\Tasks\MAGIX PC Check & Tuning 2020.job => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2020\PCCT.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{2BF3A20D-9269-4620-A48C-CDAC8C9EEC48}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{354DBCE8-1F69-407E-8480-6035C1646AFF}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{3A89E837-3B8A-4E72-A331-E4FF113B6654}: [NameServer] 205.214.219.201 205.214.222.193
Tcpip\..\Interfaces\{FAE97252-6038-418F-804C-1DCC4B89A53E}: [NameServer] 10.235.35.162 10.235.35.163
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = facebook.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\Software\Microsoft\Internet Explorer\Main,Start Page = facebook.com
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=SL5F&ocid=SL5FDHP&osmkt=en-us
SearchScopes: HKLM-x32 -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3430744594-213253022-3560247601-1000 -> DefaultScope {F067FFDD-323E-4DBB-B6F2-7AD3D3677B43} URL = 
SearchScopes: HKU\S-1-5-21-3430744594-213253022-3560247601-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5FDF&PC=SL5F&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3430744594-213253022-3560247601-1000 -> {F067FFDD-323E-4DBB-B6F2-7AD3D3677B43} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) [File not signed]
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 5c71mnjx.default
FF ProfilePath: C:\Users\chakotay\AppData\Roaming\Mozilla\Firefox\Profiles\5c71mnjx.default [2020-02-02]
FF Homepage: Mozilla\Firefox\Profiles\5c71mnjx.default -> hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
FF Notifications: Mozilla\Firefox\Profiles\5c71mnjx.default -> hxxps://www.instagram.com
FF Extension: (Bing Search) - C:\Users\chakotay\AppData\Roaming\Mozilla\Firefox\Profiles\5c71mnjx.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-09-11] [Legacy]
FF SearchPlugin: C:\Users\chakotay\AppData\Roaming\Mozilla\Firefox\Profiles\5c71mnjx.default\searchplugins\bing-.xml [2017-09-11]
FF ProfilePath: C:\Users\chakotay\AppData\Roaming\Lightscape\TeleKast\Profiles\m5o4a85b.default [2018-09-19]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-08-24] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-08-24] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @veetle.com/vbp;version=0.9.18 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [2010-09-29] (Veetle Inc. -> Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3430744594-213253022-3560247601-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\chakotay\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (Visan Industries -> RocketLife, LLP)
FF Plugin HKU\S-1-5-21-3430744594-213253022-3560247601-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\chakotay\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-01-16] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Default [2019-10-13]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (Google Slides) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-13]
CHR Extension: (Google Docs) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-13]
CHR Extension: (YouTube) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-11]
CHR Extension: (Google Search) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Google Sheets) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-17]
CHR Extension: (SaveFrom.net helper) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2015-06-15] [UpdateUrl:hxxp://sf-addon.com/helper/chrome/updates-3.xml] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Profile: C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-10-13]
CHR DownloadDir: C:\Users\chakotay\Desktop\Music Videos
CHR HomePage: Profile 1 -> hxxp://google.com/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR Extension: (Google Slides) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-25]
CHR Extension: (Google Docs) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-25]
CHR Extension: (Google Drive) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (ChatWork) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cdnfjpioepnoeojoighemmpnaogcfagj [2015-06-25]
CHR Extension: (Google Search) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (HelloSign for Gmail) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dciflieigdmogpmamcgbigingaodhnil [2017-09-18]
CHR Extension: (Google+) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-12-09]
CHR Extension: (Google Sheets) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-25]
CHR Extension: (Google Docs Offline) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Roku URL Player and Remote) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmglgdjfekkcdeidadacihdocmdpgdkf [2016-09-30]
CHR Extension: (BeLive Desktop) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jcgoegpgdgklohplpnopagfbipaaddcl [2017-07-23]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2015-06-25]
CHR Extension: (Google Hangouts) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-08-21]
CHR Extension: (Google Hangouts) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-05-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-25]
CHR Extension: (Chrome Media Router) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR Profile: C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\System Profile [2019-10-13]
CHR Extension: (Google Slides) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-25]
CHR Extension: (Google Docs) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-25]
CHR Extension: (Google Drive) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-25]
CHR Extension: (YouTube) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-25]
CHR Extension: (Google Search) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-25]
CHR Extension: (Google Sheets) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-25]
CHR Extension: (Gmail) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-25]
CHR HKU\S-1-5-21-3430744594-213253022-3560247601-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKU\S-1-5-21-3430744594-213253022-3560247601-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [mdpljndcmbeikfnlflcggaipgnhiedbl] - hxxp://sf-addon.com/helper/chrome/updates-3.xml
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-11-29] (Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed]
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-08-24] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-08-24] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation)
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam\KinoniSvc.exe [743936 2019-01-25] () [File not signed]
R2 kxescore; c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [123992 2014-11-28] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256576 2012-09-26] (NTI Corporation -> NTI Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-12] (CyberLink -> )
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [4028928 2013-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [235904 2010-01-06] (Beijing Geniatech Inc. Ltd. -> Conexant Systems, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [73384 2017-03-10] (NTONYX Ltd. -> Eugene V. Muzychenko)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [252928 2010-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [114560 2010-03-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation)
R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [83456 2010-05-22] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [120704 2010-03-25] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R0 kavbootc; C:\Windows\System32\drivers\kavbootc64.sys [31848 2014-11-28] (Zhuhai  Kingsoft Software Co.,Ltd -> Kingsoft Corporation)
R1 KDHacker; c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [164696 2014-11-28] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)
R3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [282824 2019-02-01] (Kinoni Oy -> Windows ® Win 7 DDK provider)
R3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2019-01-04] (Kinoni Oy -> Windows ® Win 7 DDK provider)
R2 kisknl; C:\Windows\system32\drivers\kisknl.sys [210296 2014-11-28] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)
R4 KUsbGuard; C:\Program Files (x86)\kingsoft\kingsoft antivirus\kusbquery64.sys [18296 2014-11-28] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-06-19] (Qualcomm Atheros -> Qualcomm Atheros Co., Ltd.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2020-02-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2020-02-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2020-02-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2020-02-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [106344 2020-02-02] (Malwarebytes Corporation -> Malwarebytes)
R3 mcdevice; C:\Windows\System32\DRIVERS\mcdevice.sys [334400 2011-05-19] (Hefei GreenXin Technology Co. Ltd. -> ShiningMorning Inc.)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
S3 sparkocam; C:\Windows\System32\DRIVERS\sparkocam.sys [37200 2016-09-01] (Sparkosoft Inc -> Sparkosoft)
S3 sparkocammic; C:\Windows\System32\drivers\sparkocammic.sys [34640 2018-01-10] (Sparkosoft Inc -> Sparkosoft)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 UsbFltr; C:\Windows\System32\Drivers\UsbFltr.sys [12288 2007-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Waytech Development, Inc.)
S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1995624 2017-06-21] (Mixlr Ltd -> ShiningMorning Inc.)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows ® Win 7 DDK provider)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-25] (Splitmedialabs Limited -> SplitmediaLabs Limited)
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-02-02 12:13 - 2020-02-02 12:16 - 000046882 _____ C:\Users\chakotay\Desktop\FRST.txt
2020-02-02 12:08 - 2020-02-02 12:12 - 002280448 _____ (Farbar) C:\Users\chakotay\Desktop\FRST64 (1).exe
2020-02-02 12:00 - 2020-02-02 12:00 - 028189744 _____ C:\Users\chakotay\Desktop\Roxanne Radio edit .wav
2020-02-02 05:45 - 2020-02-02 05:45 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-02-02 05:44 - 2020-02-02 05:44 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-02-02 05:44 - 2020-02-02 05:44 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-02-02 05:44 - 2020-02-02 05:44 - 000106344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-02-02 05:44 - 2020-02-02 05:44 - 000000000 ____D C:\Users\chakotay\AppData\Local\mbamtray
2020-02-02 05:44 - 2020-02-02 05:44 - 000000000 ____D C:\Users\chakotay\AppData\Local\mbam
2020-02-02 05:41 - 2020-02-02 05:44 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-02-02 05:40 - 2020-02-02 05:40 - 000001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-02-02 05:40 - 2020-02-02 05:40 - 000001871 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-02-02 05:40 - 2020-02-02 05:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-02-02 05:40 - 2020-02-02 05:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-02-02 05:40 - 2020-02-02 05:40 - 000000000 ____D C:\Program Files\Malwarebytes
2020-02-02 05:40 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-02-02 05:34 - 2020-02-02 05:35 - 064333800 _____ (Malwarebytes ) C:\Users\chakotay\Desktop\mb3-setup-1878.1878-3.8.3.2965.exe
2020-02-02 05:15 - 2020-02-02 05:15 - 008356016 _____ (Malwarebytes) C:\Users\chakotay\Desktop\adwcleaner_8.0.2.exe
2020-02-01 10:13 - 2020-02-01 10:13 - 000027272 _____ C:\Users\chakotay\.recently-used.xbel
2020-01-31 15:52 - 2020-01-31 15:52 - 000094403 _____ C:\Users\chakotay\Desktop\Stephen Lovell-cov-letter.pdf
2020-01-31 15:09 - 2020-01-31 15:09 - 000079282 _____ C:\Users\chakotay\Desktop\RES-lovell, stephen ..pdf
2020-01-31 14:41 - 2020-01-31 14:41 - 000161537 _____ C:\Users\chakotay\Desktop\DL 2-2 - lovell, stephen D..pdf
2020-01-30 20:20 - 2020-01-30 20:20 - 000145199 _____ C:\Users\chakotay\Desktop\TOR-CE-Video-Producer.pdf
2020-01-30 19:39 - 2020-01-30 19:39 - 055756176 _____ C:\Users\chakotay\Desktop\CARGO BGI Feb 5th  .wav
2020-01-30 19:16 - 2020-01-30 19:16 - 000029696 ___SH C:\Users\chakotay\Thumbs.db
2020-01-28 08:05 - 2020-01-28 08:06 - 000193065 _____ C:\Users\chakotay\Desktop\FORM_Standard_Release_or_Permission.pdf
2020-01-28 08:04 - 2020-01-28 08:04 - 001948564 _____ C:\Users\chakotay\Desktop\Science as Art Contest Copyright Permission Form 2017.pdf
2020-01-27 08:55 - 2020-01-27 08:55 - 000841266 _____ C:\Users\chakotay\Desktop\Horse.mp4
2020-01-27 00:37 - 2020-01-27 00:37 - 004502844 _____ C:\Users\chakotay\Desktop\ssss2.wav
2020-01-27 00:35 - 2020-01-27 00:35 - 004540756 _____ C:\Users\chakotay\Desktop\SSSS1).wav
2020-01-26 08:42 - 2020-01-26 08:42 - 000000070 _____ C:\Users\chakotay\Downloads\listen (8).m3u
2020-01-26 08:42 - 2020-01-26 08:42 - 000000070 _____ C:\Users\chakotay\Downloads\listen (7).m3u
2020-01-26 08:41 - 2020-01-26 08:41 - 000000070 _____ C:\Users\chakotay\Downloads\listen (6).m3u
2020-01-25 05:32 - 2020-01-25 05:33 - 000000000 ____D C:\Users\chakotay\Desktop\POSTERS
2020-01-24 15:31 - 2020-01-24 15:31 - 000000070 _____ C:\Users\chakotay\Downloads\listen (5).m3u
2020-01-24 10:18 - 2020-01-24 10:19 - 453450556 _____ C:\Users\chakotay\Desktop\MARLEY.wav
2020-01-23 20:56 - 2020-01-23 20:57 - 086178902 _____ C:\Users\chakotay\Desktop\CARGOJan29-.wav
2020-01-22 11:44 - 2020-01-22 11:44 - 000000070 _____ C:\Users\chakotay\Downloads\listen (4).m3u
2020-01-22 11:42 - 2020-01-22 11:42 - 000000070 _____ C:\Users\chakotay\Downloads\listen (3).m3u
2020-01-21 20:35 - 2020-01-21 20:35 - 003819180 _____ C:\Users\chakotay\Desktop\SuperStyle 20.wav
2020-01-21 19:42 - 2020-01-21 19:42 - 091505324 _____ C:\Users\chakotay\Desktop\PROMOS.wav
2020-01-18 20:43 - 2020-01-18 20:43 - 000654557 _____ C:\Users\chakotay\Downloads\_LLCBC_AML-ATFPol_May2019_CRNT.pdf
2020-01-17 09:59 - 2020-01-17 09:59 - 008000936 _____ (Tim Kosse) C:\Users\chakotay\Downloads\FileZilla_3.46.3_win64-setup.exe
2020-01-16 07:42 - 2020-01-16 07:42 - 000000000 ____D C:\Users\chakotay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-01-16 06:55 - 2020-01-16 06:55 - 000000000 ____D C:\ProgramData\Wondershare
2020-01-15 20:56 - 2020-01-15 20:56 - 000000000 ____D C:\Users\chakotay\AppData\Local\Wondershare
2020-01-15 20:55 - 2020-01-15 21:15 - 000000000 ____D C:\Users\chakotay\AppData\Roaming\Wondershare
2020-01-15 19:29 - 2020-01-15 19:48 - 000000000 ____D C:\Users\chakotay\Desktop\lenore
2020-01-15 19:09 - 2020-01-15 19:09 - 000654557 _____ C:\Users\chakotay\Desktop\_LLCBC_AML-ATFPol_May2019_CRNT.pdf
2020-01-15 15:29 - 2020-01-15 15:46 - 000106757 _____ C:\Users\chakotay\Desktop\KISS-intro.pdf
2020-01-15 06:11 - 2020-01-02 23:42 - 004061624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2020-01-15 06:11 - 2020-01-02 23:42 - 003967416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2020-01-15 06:11 - 2020-01-02 23:41 - 001320248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2020-01-15 06:11 - 2020-01-02 23:38 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 005553888 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-01-15 06:11 - 2020-01-02 23:37 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-01-15 06:11 - 2020-01-02 23:37 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-01-15 06:11 - 2020-01-02 23:37 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000263904 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2020-01-15 06:11 - 2020-01-02 23:37 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:36 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2020-01-15 06:11 - 2020-01-02 23:35 - 001671296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 001010688 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:10 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2020-01-15 06:11 - 2020-01-02 23:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2020-01-15 06:11 - 2020-01-02 23:05 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2020-01-15 06:11 - 2020-01-02 23:05 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2020-01-15 06:11 - 2020-01-02 23:05 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2020-01-15 06:11 - 2020-01-02 23:04 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2020-01-15 06:11 - 2020-01-02 23:04 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2020-01-15 06:11 - 2020-01-02 23:04 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2020-01-15 06:11 - 2020-01-02 23:04 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2020-01-15 06:11 - 2020-01-02 23:04 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2020-01-15 06:11 - 2020-01-02 23:02 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2020-01-15 06:11 - 2020-01-02 23:02 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:02 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:02 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:02 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2020-01-15 06:11 - 2020-01-02 23:01 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2020-01-15 06:11 - 2020-01-02 23:01 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2020-01-15 06:11 - 2020-01-02 23:00 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2020-01-15 06:11 - 2020-01-02 22:57 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2020-01-15 06:11 - 2020-01-02 22:57 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2020-01-15 06:11 - 2020-01-02 22:57 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2020-01-15 06:11 - 2020-01-02 22:57 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2020-01-15 06:11 - 2020-01-02 22:57 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2020-01-15 06:11 - 2020-01-02 22:56 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2020-01-15 06:11 - 2020-01-02 22:55 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2020-01-15 06:11 - 2020-01-02 22:55 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2020-01-15 06:11 - 2020-01-02 22:55 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2020-01-15 06:11 - 2020-01-02 22:55 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2020-01-15 06:11 - 2020-01-02 22:55 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2020-01-15 06:11 - 2020-01-02 22:55 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2020-01-15 06:11 - 2020-01-02 22:55 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2020-01-15 06:11 - 2019-12-30 23:04 - 000492032 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2020-01-15 06:11 - 2019-12-18 13:45 - 000390536 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2020-01-15 06:11 - 2019-12-18 12:48 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2020-01-15 06:11 - 2019-12-16 22:39 - 025754624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-01-15 06:11 - 2019-12-16 21:18 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2020-01-15 06:11 - 2019-12-16 21:18 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2020-01-15 06:11 - 2019-12-16 21:06 - 002910720 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2020-01-15 06:11 - 2019-12-16 21:04 - 000580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-01-15 06:11 - 2019-12-16 21:04 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2020-01-15 06:11 - 2019-12-16 21:04 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2020-01-15 06:11 - 2019-12-16 21:04 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2020-01-15 06:11 - 2019-12-16 21:03 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2020-01-15 06:11 - 2019-12-16 20:57 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2020-01-15 06:11 - 2019-12-16 20:56 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2020-01-15 06:11 - 2019-12-16 20:54 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2020-01-15 06:11 - 2019-12-16 20:53 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-01-15 06:11 - 2019-12-16 20:52 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-01-15 06:11 - 2019-12-16 20:52 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2020-01-15 06:11 - 2019-12-16 20:52 - 000797184 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-01-15 06:11 - 2019-12-16 20:52 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2020-01-15 06:11 - 2019-12-16 20:52 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2020-01-15 06:11 - 2019-12-16 20:49 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2020-01-15 06:11 - 2019-12-16 20:45 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2020-01-15 06:11 - 2019-12-16 20:42 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2020-01-15 06:11 - 2019-12-16 20:37 - 000496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-01-15 06:11 - 2019-12-16 20:37 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2020-01-15 06:11 - 2019-12-16 20:36 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2020-01-15 06:11 - 2019-12-16 20:36 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2020-01-15 06:11 - 2019-12-16 20:36 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2020-01-15 06:11 - 2019-12-16 20:35 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2020-01-15 06:11 - 2019-12-16 20:35 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2020-01-15 06:11 - 2019-12-16 20:35 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2020-01-15 06:11 - 2019-12-16 20:33 - 002304000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2020-01-15 06:11 - 2019-12-16 20:32 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2020-01-15 06:11 - 2019-12-16 20:31 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2020-01-15 06:11 - 2019-12-16 20:30 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2020-01-15 06:11 - 2019-12-16 20:30 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2020-01-15 06:11 - 2019-12-16 20:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2020-01-15 06:11 - 2019-12-16 20:28 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2020-01-15 06:11 - 2019-12-16 20:27 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-01-15 06:11 - 2019-12-16 20:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2020-01-15 06:11 - 2019-12-16 20:27 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2020-01-15 06:11 - 2019-12-16 20:26 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2020-01-15 06:11 - 2019-12-16 20:18 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2020-01-15 06:11 - 2019-12-16 20:18 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2020-01-15 06:11 - 2019-12-16 20:16 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-01-15 06:11 - 2019-12-16 20:16 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2020-01-15 06:11 - 2019-12-16 20:14 - 015445504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-01-15 06:11 - 2019-12-16 20:14 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2020-01-15 06:11 - 2019-12-16 20:14 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2020-01-15 06:11 - 2019-12-16 20:14 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2020-01-15 06:11 - 2019-12-16 20:14 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2020-01-15 06:11 - 2019-12-16 20:13 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2020-01-15 06:11 - 2019-12-16 20:11 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2020-01-15 06:11 - 2019-12-16 20:10 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2020-01-15 06:11 - 2019-12-16 20:09 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2020-01-15 06:11 - 2019-12-16 20:08 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2020-01-15 06:11 - 2019-12-16 20:04 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-01-15 06:11 - 2019-12-16 20:03 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-01-15 06:11 - 2019-12-16 20:02 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2020-01-15 06:11 - 2019-12-16 20:01 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2020-01-15 06:11 - 2019-12-16 20:01 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2020-01-15 06:11 - 2019-12-16 20:00 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2020-01-15 06:11 - 2019-12-16 19:56 - 013838336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-01-15 06:11 - 2019-12-16 19:52 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-01-15 06:11 - 2019-12-16 19:43 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-01-15 06:11 - 2019-12-16 19:41 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2020-01-15 06:11 - 2019-12-16 19:39 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2020-01-15 06:11 - 2019-12-16 19:38 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2020-01-15 06:11 - 2019-12-11 23:35 - 000271872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2020-01-15 06:11 - 2019-12-11 23:34 - 000253952 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2020-01-15 06:11 - 2019-12-11 23:28 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2020-01-15 06:11 - 2019-12-11 23:27 - 000284160 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2020-01-15 06:11 - 2019-12-10 05:36 - 000375008 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2020-01-15 06:11 - 2019-12-10 04:38 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 000544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaaut.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 000364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 000328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 000203264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadss.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2020-01-15 06:11 - 2019-12-10 04:38 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 002319360 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000583168 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000295424 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000191488 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\sti_ci.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\wiadss.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wiarpc.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\wiatrace.dll
2020-01-15 06:11 - 2019-12-10 04:32 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2020-01-15 06:11 - 2019-12-10 04:23 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2020-01-15 06:11 - 2019-12-10 04:22 - 000428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2020-01-15 06:11 - 2019-12-10 04:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2020-01-15 06:11 - 2019-12-10 04:22 - 000093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2020-01-15 06:11 - 2019-12-10 04:22 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2020-01-15 06:11 - 2019-12-10 04:22 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2020-01-15 06:11 - 2019-12-10 04:22 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiatrace.dll
2020-01-15 06:11 - 2019-12-10 04:22 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2020-01-15 06:11 - 2019-12-10 04:17 - 006136320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-01-15 06:11 - 2019-12-10 04:17 - 002651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2020-01-15 06:11 - 2019-12-10 04:16 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2020-01-15 06:11 - 2019-12-10 04:16 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2020-01-15 06:11 - 2019-12-10 04:16 - 000042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2020-01-15 06:11 - 2019-12-10 04:16 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2020-01-15 06:11 - 2019-12-10 04:16 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2020-01-15 06:11 - 2019-12-10 04:15 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2020-01-15 06:11 - 2019-12-10 04:15 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2020-01-15 06:11 - 2019-12-10 04:14 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2020-01-15 06:11 - 2019-12-10 04:01 - 003233280 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-01-15 06:11 - 2019-12-10 03:56 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2020-01-15 06:11 - 2019-12-10 02:17 - 007084032 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-01-15 06:08 - 2019-12-30 22:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-01-15 06:08 - 2019-12-30 22:32 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-01-10 18:53 - 2020-01-10 18:53 - 000096556 _____ C:\Users\chakotay\Desktop\MyRadioStream - User Area -.html
2020-01-10 05:39 - 2020-01-10 05:39 - 000509054 _____ C:\Users\chakotay\Downloads\Community_Radio_Broadcasting_Use_of_Comm.pdf
2020-01-07 09:23 - 2020-01-07 09:27 - 937205126 _____ C:\Users\chakotay\Desktop\VID_20200106_125644.mp4
2020-01-05 10:34 - 2020-01-05 10:34 - 029794681 _____ C:\Users\chakotay\Desktop\Bottom Bay.MOV
2020-01-03 05:38 - 2020-01-03 05:38 - 015198055 _____ C:\Users\chakotay\Desktop\Feeding monkey.mp4
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-02-02 12:15 - 2015-07-16 13:49 - 000000000 ____D C:\FRST
2020-02-02 11:54 - 2018-06-13 11:44 - 000000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3430744594-213253022-3560247601-1000.job
2020-02-02 11:50 - 2016-09-22 10:58 - 000000000 ____D C:\Temp
2020-02-02 11:39 - 2018-06-13 11:44 - 000000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3430744594-213253022-3560247601-1000.job
2020-02-02 11:29 - 2016-03-17 15:02 - 000000420 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2020-02-02 09:06 - 2019-11-25 18:07 - 000000000 ____D C:\Users\chakotay\AppData\Local\QMxNetworkSync
2020-02-02 05:47 - 2009-07-14 00:45 - 000024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-02-02 05:47 - 2009-07-14 00:45 - 000024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-02-02 05:39 - 2019-11-25 18:10 - 000000512 _____ C:\Windows\Tasks\MAGIX PC Check & Tuning 2020 (Autopilot.exe).job
2020-02-02 05:39 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-02-02 05:17 - 2015-07-21 19:17 - 000000000 ____D C:\AdwCleaner
2020-02-01 22:09 - 2015-01-18 09:22 - 000000000 ____D C:\Users\chakotay\AppData\Local\TSVNCache
2020-02-01 11:00 - 2009-07-14 01:13 - 000782578 _____ C:\Windows\system32\PerfStringBackup.INI
2020-02-01 11:00 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2020-02-01 10:28 - 2015-01-04 06:53 - 000000000 ____D C:\Users\chakotay\.gimp-2.6
2020-02-01 10:13 - 2015-01-04 07:01 - 000000000 ____D C:\Users\chakotay\AppData\Roaming\gtk-2.0
2020-02-01 10:13 - 2014-09-17 15:34 - 000000000 ____D C:\Users\chakotay
2020-02-01 07:59 - 2016-09-01 19:39 - 029185024 ___SH C:\Users\chakotay\Desktop\Thumbs.db
2020-02-01 07:44 - 2017-02-24 21:11 - 000058880 ___SH C:\Users\chakotay\Documents\Thumbs.db
2020-02-01 06:47 - 2014-09-21 00:20 - 000000000 ____D C:\Users\chakotay\AppData\Roaming\vlc
2020-02-01 02:03 - 2018-11-04 07:56 - 000000000 ____D C:\Users\chakotay\Desktop\RAY
2020-01-31 08:30 - 2015-01-04 09:00 - 000000000 ____D C:\Users\chakotay\AppData\Roaming\FileZilla
2020-01-31 08:11 - 2015-01-04 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2020-01-31 08:11 - 2015-01-04 09:00 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2020-01-27 11:03 - 2014-10-17 20:28 - 000000000 ____D C:\Users\chakotay\AppData\Roaming\dvdcss
2020-01-27 01:39 - 2018-06-13 11:44 - 000000000 ____D C:\Users\chakotay\AppData\Local\GoToMeeting
2020-01-27 01:36 - 2019-10-30 06:28 - 000000000 ____D C:\Users\chakotay\Documents\ConvertXtoDVD
2020-01-27 01:27 - 2019-05-12 13:49 - 000000000 ____D C:\Users\chakotay\AppData\Roaming\obs-studio
2020-01-26 08:17 - 2017-06-11 12:21 - 000016896 _____ C:\Users\chakotay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-01-25 17:32 - 2018-06-13 11:44 - 000003674 _____ C:\Windows\system32\Tasks\G2MUploadTask-S-1-5-21-3430744594-213253022-3560247601-1000
2020-01-25 17:32 - 2018-06-13 11:44 - 000003578 _____ C:\Windows\system32\Tasks\G2MUpdateTask-S-1-5-21-3430744594-213253022-3560247601-1000
2020-01-25 05:37 - 2019-07-17 11:57 - 000000000 ____D C:\Users\chakotay\Desktop\RADIO
2020-01-22 17:02 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2020-01-21 05:38 - 2016-03-02 23:58 - 000000000 ____D C:\Users\chakotay\Documents\Letters ect
2020-01-21 05:08 - 2019-03-12 03:26 - 000000000 ____D C:\Users\chakotay\Desktop\CARGO
2020-01-21 05:04 - 2009-07-14 01:08 - 000032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-01-18 10:30 - 2019-08-24 10:34 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2020-01-18 10:30 - 2019-08-24 10:34 - 000002264 _____ C:\Users\Public\Desktop\Brave.lnk
2020-01-18 10:30 - 2019-08-24 10:34 - 000002264 _____ C:\ProgramData\Desktop\Brave.lnk
2020-01-17 10:00 - 2017-01-03 18:35 - 000000000 ____D C:\Users\chakotay\AppData\Local\FileZilla
2020-01-16 18:40 - 2015-04-22 22:50 - 000002188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-16 09:55 - 2018-11-14 12:23 - 000000000 ____D C:\Windows\rescache
2020-01-16 07:42 - 2018-01-13 21:06 - 000000000 ____D C:\Users\chakotay\AppData\Roaming\Zoom
2020-01-16 06:53 - 2009-07-14 00:45 - 005146728 _____ C:\Windows\system32\FNTCACHE.DAT
2020-01-16 06:25 - 2014-11-23 20:39 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2020-01-16 06:22 - 2014-09-21 22:17 - 000000000 ____D C:\Windows\system32\MRT
2020-01-16 06:07 - 2014-09-21 22:17 - 120202352 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-01-16 05:59 - 2014-04-02 06:32 - 000775192 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2020-01-15 21:15 - 2017-04-14 13:07 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2020-01-15 21:15 - 2017-04-14 13:07 - 000000000 ____D C:\ProgramData\Documents\Wondershare
2020-01-15 21:09 - 2014-09-17 15:35 - 000161992 _____ C:\Users\chakotay\AppData\Local\GDIPFONTCACHEV1.DAT
2020-01-09 11:22 - 2019-03-09 08:29 - 000000000 ____D C:\Users\chakotay\Documents\BY-LAWS
 
==================== Files in the root of some directories ========
 
2016-11-03 16:19 - 2016-11-03 16:19 - 000000288 _____ () C:\Users\chakotay\AppData\Roaming\.backup.dm
2015-07-21 19:44 - 2015-08-28 06:56 - 000000024 _____ () C:\Users\chakotay\AppData\Roaming\appdataFr25.bin
2019-02-11 08:04 - 2019-02-11 08:04 - 000000268 ___RH () C:\Users\chakotay\AppData\Roaming\Database
2019-02-11 08:04 - 2019-02-11 08:04 - 000000268 ___RH () C:\Users\chakotay\AppData\Roaming\Definition Bundle
2018-10-07 13:08 - 2018-10-07 13:08 - 000000268 ___RH () C:\Users\chakotay\AppData\Roaming\grep
2014-09-21 00:25 - 2019-10-30 04:20 - 000099384 _____ () C:\Users\chakotay\AppData\Roaming\inst.exe
2015-01-05 18:42 - 2019-12-16 07:35 - 000019964 _____ () C:\Users\chakotay\AppData\Roaming\last.vmix
2014-09-21 00:25 - 2019-10-30 04:20 - 000007859 _____ () C:\Users\chakotay\AppData\Roaming\pcouffin.cat
2014-09-21 00:25 - 2019-10-30 04:20 - 000001167 _____ () C:\Users\chakotay\AppData\Roaming\pcouffin.inf
2014-09-21 00:25 - 2019-10-30 04:20 - 000000055 _____ () C:\Users\chakotay\AppData\Roaming\pcouffin.log
2014-09-21 00:25 - 2019-10-30 04:20 - 000082816 _____ (VSO Software) C:\Users\chakotay\AppData\Roaming\pcouffin.sys
2015-05-21 14:01 - 2018-09-19 14:06 - 000021906 _____ () C:\Users\chakotay\AppData\Roaming\UserTile.png
2017-06-11 12:21 - 2020-01-26 08:17 - 000016896 _____ () C:\Users\chakotay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-03 22:53 - 2017-03-03 22:53 - 000015374 _____ () C:\Users\chakotay\AppData\Local\recently-used.xbel
2015-05-05 11:40 - 2015-05-05 11:40 - 000011838 _____ () C:\Users\chakotay\AppData\Local\Temp-log.txt
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2020-01-28 07:04
==================== End of FRST.txt ========================


#8 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 03 February 2020 - 10:35 AM

Do you know what this is?:

C:\Users\chakotay\Desktop\lenore

If you don’t, please delete it.

================================================

Note: Please follow these instructions in the order given.

================================================

Disable Windows Defender

The old version of Windows Defender was pretty useless and generally only looked for spyware. It’s using up resources so I suggest you turn it off.

To turn real-time protection off:

  • open Windows Defender, (Start > Programs > Windows Defender)
  • click Tools and then General Settings
  • under ‘Real-time protection’, uncheck the Turn on real-time protection (recommended) check box
  • click Save.

================================================

Uninstall Chrome Extension(s)

  • open Google Chrome and type chrome://extensions in the address bar, then press Enter
  • click the trash can icon next to the following extension(s):

    SaveFrom.net helper

 

  • a confirmation dialog will appear, click Remove.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [LManager] => [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\MountPoints2: {377237db-0f84-11e5-b616-2025648ad16f} - F:\AutoRun.exe
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\MountPoints2: {cf758d48-0996-11e5-9c81-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\MountPoints2: {cf758dc4-0996-11e5-9c81-2025648ad16f} - F:\AutoRun.exe
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\MountPoints2: {cf758ddc-0996-11e5-9c81-2025648ad16f} - E:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\InstalledSDB\{4da5ab0d-0e52-4c1e-8a52-10e2c9b30e63}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{4da5ab0d-0e52-4c1e-8a52-10e2c9b30e63}.sdb
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3430744594-213253022-3560247601-1000 -> DefaultScope {F067FFDD-323E-4DBB-B6F2-7AD3D3677B43} URL =
SearchScopes: HKU\S-1-5-21-3430744594-213253022-3560247601-1000 -> {F067FFDD-323E-4DBB-B6F2-7AD3D3677B43} URL =
CHR Extension: (SaveFrom.net helper) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2015-06-15] [UpdateUrl:hxxp://sf-addon.com/helper/chrome/updates-3.xml] <==== ATTENTION
CHR HKU\S-1-5-21-3430744594-213253022-3560247601-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd]
CHR HKLM-x32\...\Chrome\Extension: [mdpljndcmbeikfnlflcggaipgnhiedbl] - hxxp://sf-addon.com/helper/chrome/updates-3.xml
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:6E951145 [135]
AlternateDataStreams: C:\ProgramData\Temp:8E236DBE [136]
AlternateDataStreams: C:\ProgramData\Temp:A7D26093 [124]
AlternateDataStreams: C:\Users\chakotay\AppData\Local\Temporary Internet Files:e4HGVDlquN4U2E0PgNO1fHY1Twz [2176]
AlternateDataStreams: C:\Users\chakotay\AppData\Local\y3MRxgN3l:RKFHd2Pgq95QDNJ71iNHKHckksBM [1870]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
C:\Program Files\Common Files\Bitdefender
C:\Users\chakotay\AppData\Roaming\appdataFr25.bin
C:\Users\chakotay\AppData\Roaming\inst.exe
C:\Users\chakotay\AppData\Roaming\last.vmix
C:\Users\chakotay\AppData\Roaming\pcouffin.cat
C:\Users\chakotay\AppData\Roaming\pcouffin.inf
C:\Users\chakotay\AppData\Roaming\pcouffin.log
C:\Users\chakotay\AppData\Roaming\pcouffin.sys
C:\Users\chakotay\AppData\Roaming\UserTile.png
C:\Users\chakotay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\chakotay\AppData\Local\recently-used.xbel
C:\Users\chakotay\AppData\Local\Temp-log.txt
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Uninstall Google Update Helper and Eset Online Scan

================================================

 

Please run FRST again and make sure there is a checkmark next to ‘Addition.txt’ before you hit Scan.

Logs to include with next post:

Fixlog.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#9 bhp

bhp

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 03 February 2020 - 05:15 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-02-2020 02
Ran by chakotay (03-02-2020 19:12:21) Run:1
Running from C:\Users\chakotay\Desktop\New folder (5)
Loaded Profiles: chakotay (Available Profiles: chakotay)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [LManager] => [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\MountPoints2: {377237db-0f84-11e5-b616-2025648ad16f} - F:\AutoRun.exe
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\MountPoints2: {cf758d48-0996-11e5-9c81-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\MountPoints2: {cf758dc4-0996-11e5-9c81-2025648ad16f} - F:\AutoRun.exe
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\...\MountPoints2: {cf758ddc-0996-11e5-9c81-2025648ad16f} - E:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\InstalledSDB\{4da5ab0d-0e52-4c1e-8a52-10e2c9b30e63}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{4da5ab0d-0e52-4c1e-8a52-10e2c9b30e63}.sdb
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3430744594-213253022-3560247601-1000 -> DefaultScope {F067FFDD-323E-4DBB-B6F2-7AD3D3677B43} URL =
SearchScopes: HKU\S-1-5-21-3430744594-213253022-3560247601-1000 -> {F067FFDD-323E-4DBB-B6F2-7AD3D3677B43} URL =
CHR Extension: (SaveFrom.net helper) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2015-06-15] [UpdateUrl:hxxp://sf-addon.com/helper/chrome/updates-3.xml] <==== ATTENTION
CHR HKU\S-1-5-21-3430744594-213253022-3560247601-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd]
CHR HKLM-x32\...\Chrome\Extension: [mdpljndcmbeikfnlflcggaipgnhiedbl] - hxxp://sf-addon.com/helper/chrome/updates-3.xml
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:6E951145 [135]
AlternateDataStreams: C:\ProgramData\Temp:8E236DBE [136]
AlternateDataStreams: C:\ProgramData\Temp:A7D26093 [124]
AlternateDataStreams: C:\Users\chakotay\AppData\Local\Temporary Internet Files:e4HGVDlquN4U2E0PgNO1fHY1Twz [2176]
AlternateDataStreams: C:\Users\chakotay\AppData\Local\y3MRxgN3l:RKFHd2Pgq95QDNJ71iNHKHckksBM [1870]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
C:\Program Files\Common Files\Bitdefender
C:\Users\chakotay\AppData\Roaming\appdataFr25.bin
C:\Users\chakotay\AppData\Roaming\inst.exe
C:\Users\chakotay\AppData\Roaming\last.vmix
C:\Users\chakotay\AppData\Roaming\pcouffin.cat
C:\Users\chakotay\AppData\Roaming\pcouffin.inf
C:\Users\chakotay\AppData\Roaming\pcouffin.log
C:\Users\chakotay\AppData\Roaming\pcouffin.sys
C:\Users\chakotay\AppData\Roaming\UserTile.png
C:\Users\chakotay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\chakotay\AppData\Local\recently-used.xbel
C:\Users\chakotay\AppData\Local\Temp-log.txt
EmptyTemp:
*****************
 
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\InstallerLauncher" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager" => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot" => removed successfully
"HKU\S-1-5-21-3430744594-213253022-3560247601-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{377237db-0f84-11e5-b616-2025648ad16f} => removed successfully
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf758d48-0996-11e5-9c81-806e6f6e6963} => removed successfully
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf758dc4-0996-11e5-9c81-2025648ad16f} => removed successfully
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf758ddc-0996-11e5-9c81-2025648ad16f} => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\explorer.zza => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{4da5ab0d-0e52-4c1e-8a52-10e2c9b30e63} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-3430744594-213253022-3560247601-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F067FFDD-323E-4DBB-B6F2-7AD3D3677B43} => removed successfully
CHR Extension: (SaveFrom.net helper) - C:\Users\chakotay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2015-06-15] [UpdateUrl:hxxp://sf-addon.com/helper/chrome/updates-3.xml] <==== ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3430744594-213253022-3560247601-1000\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl => removed successfully
HKLM\System\CurrentControlSet\Services\sbapifs => removed successfully
sbapifs => service removed successfully
C:\ProgramData\Temp => ":6E951145" ADS removed successfully
C:\ProgramData\Temp => ":8E236DBE" ADS removed successfully
C:\ProgramData\Temp => ":A7D26093" ADS removed successfully
C:\Users\chakotay\AppData\Local\Temporary Internet Files => ":e4HGVDlquN4U2E0PgNO1fHY1Twz" ADS removed successfully
C:\Users\chakotay\AppData\Local\y3MRxgN3l => ":RKFHd2Pgq95QDNJ71iNHKHckksBM" ADS removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => removed successfully
C:\Program Files\Common Files\Bitdefender => moved successfully
C:\Users\chakotay\AppData\Roaming\appdataFr25.bin => moved successfully
C:\Users\chakotay\AppData\Roaming\inst.exe => moved successfully
C:\Users\chakotay\AppData\Roaming\last.vmix => moved successfully
C:\Users\chakotay\AppData\Roaming\pcouffin.cat => moved successfully
C:\Users\chakotay\AppData\Roaming\pcouffin.inf => moved successfully
C:\Users\chakotay\AppData\Roaming\pcouffin.log => moved successfully
C:\Users\chakotay\AppData\Roaming\pcouffin.sys => moved successfully
C:\Users\chakotay\AppData\Roaming\UserTile.png => moved successfully
C:\Users\chakotay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\chakotay\AppData\Local\recently-used.xbel => moved successfully
C:\Users\chakotay\AppData\Local\Temp-log.txt => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 59777683 B
Java, Flash, Steam htmlcache => 525 B
Windows/system/drivers => 41964204 B
Edge => 0 B
Chrome => 6693414 B
Firefox => 14134381 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 54622 B
systemprofile32 => 109848 B
LocalService => 109976 B
NetworkService => 218874 B


#10 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 03 February 2020 - 05:20 PM

Hello bhp

 

I'll look at these tomorrow as it is 11:20pm here in the UK and I have an early start tomorrow.

 

Cheers

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#11 bhp

bhp

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 03 February 2020 - 05:26 PM

I  can't seem to find  Google Update Helper



#12 bhp

bhp

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 03 February 2020 - 05:27 PM

Ok Thanks.



#13 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 03 February 2020 - 05:51 PM

I  can't seem to find  Google Update Helper

I seem for some reason to have left that out of the ‘fix’.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

You shold be able to uninstall it now after a reboot.

Satchfan

 

 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#14 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 07 February 2020 - 04:59 AM

Hello bhp

 

It has been more than 3 days since I replied to you. Please let me know if you need more help.

 

If I don't hear from you within 24 hours, I'll assume that all is now well and close this as 'solved'.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#15 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 07 February 2020 - 07:16 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users