Page 1 of 2 12 Last
  1. #1

    [7SP1HomePre x64] Weird Chinese symbols in registry

    I ran plenty of antivirus scans and anti-malware utility the results always comes out clean , is there a way to trace these symbols back to their origin here is a shot of the registry
    Attached Thumbnails Attached Thumbnails [7SP1HomePre x64] Weird Chinese symbols in registry-weird-reg-keys-png  


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,608

    Re: Weird Chinese symbols in registry

    HKEY_CURRENT_USER contains configuration information for Windows and software specific to the currently logged in user. It seems as though something prompted you to look at the registry and discover that. I don't know what it will show, but suggest you consider posting FRST logs.

    Please download Farbar Recovery Scan Tool (FRST) and save it to your Desktop.

    Note: You need to run the version compatible with your system (32- or 64-bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


    1. Right click to run as administrator. When the tool opens click Yes to disclaimer.
    2. Press Scan button.
    3. The first time FRST is run, it will produce two logs in the same directory the tool is run from -- FRST.txt and (Addition.txt.
    4. Please copy/paste both logs in your reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Weird Chinese symbols in registry

    Hi Corrine I have seen your name on the forum many times and now I have the pleasure of working with a professional such as yourself. How i discovered these characters in the registry is, I was working with PeterJ a tech on the forum on fixing corrupt files from a sfc /scannow logs and I had to export a registry hive and that 's what led me to the registry and then I notice the registry had these weird characters.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2017
    Ran by carl (administrator) on CARL-PC (16-11-2017 14:06:03)
    Running from C:\Users\carl\Desktop
    Loaded Profiles: carl (Available Profiles: carl)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Cheetah Mobile,Inc.) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
    (Cheetah Mobile,Inc.) C:\Program Files (x86)\cmcm\Clean Master\cmtray.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-09] (AVAST Software)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-21-3047833663-3766033810-2322992743-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2017-09-25] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
    Tcpip\..\Interfaces\{B2B249B8-6E3D-456F-93BB-6D9C0E3199B1}: [NameServer] 8.8.4.4,8.8.8.8
    Tcpip\..\Interfaces\{B2B249B8-6E3D-456F-93BB-6D9C0E3199B1}: [DhcpNameServer] 192.168.254.254
    Tcpip\..\Interfaces\{C7ECB7C8-460E-4C50-87C7-C7F69D08D615}: [NameServer] 74.82.42.42

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3047833663-3766033810-2322992743-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3047833663-3766033810-2322992743-1002 -> DefaultScope {956B6C93-66D8-47AB-B2DD-FBE465491773} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-3047833663-3766033810-2322992743-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3047833663-3766033810-2322992743-1002 -> {956B6C93-66D8-47AB-B2DD-FBE465491773} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-09] (AVAST Software)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-09] (AVAST Software)

    FireFox:
    ========
    FF DefaultProfile: uv2ieb9s.default
    FF ProfilePath: C:\Users\carl\AppData\Roaming\Mozilla\Firefox\Profiles\uv2ieb9s.default [2017-11-16]
    FF Extension: (Click&Clean) - C:\Users\carl\AppData\Roaming\Mozilla\Firefox\Profiles\uv2ieb9s.default\Extensions\clickclean@hotcleaner.com [2017-09-27] [Lagacy]
    FF Extension: (Avast SafePrice) - C:\Users\carl\AppData\Roaming\Mozilla\Firefox\Profiles\uv2ieb9s.default\Extensions\sp@avast.com.xpi [2017-10-27]
    FF Extension: (uBlock Origin) - C:\Users\carl\AppData\Roaming\Mozilla\Firefox\Profiles\uv2ieb9s.default\Extensions\uBlock0@raymondhill.net.xpi [2017-10-27]
    FF Extension: (Avast Online Security) - C:\Users\carl\AppData\Roaming\Mozilla\Firefox\Profiles\uv2ieb9s.default\Extensions\wrc@avast.com.xpi [2017-11-09]
    FF Extension: (Video DownloadHelper) - C:\Users\carl\AppData\Roaming\Mozilla\Firefox\Profiles\uv2ieb9s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-10-27] [Lagacy]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-26] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-26] (Google Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR NewTab: Default -> Active:"chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
    CHR Profile: C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default [2017-11-16]
    CHR Extension: (Slides) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
    CHR Extension: (Magic Actions for YouTube™) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-11-09]
    CHR Extension: (Docs) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
    CHR Extension: (Google Drive) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-26]
    CHR Extension: (YouTube) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-26]
    CHR Extension: (uBlock Origin) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-11]
    CHR Extension: (Google News) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2017-09-26]
    CHR Extension: (Google Calendar) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-09-26]
    CHR Extension: (Sheets) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
    CHR Extension: (Avira Browser Safety) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-09-26]
    CHR Extension: (Google Docs Offline) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-26]
    CHR Extension: (Click&Clean) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2017-10-27]
    CHR Extension: (The Weather Channel for Chrome) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2017-11-16]
    CHR Extension: (Momentum) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2017-11-14]
    CHR Extension: (Google Maps) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-09-26]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-26]
    CHR Extension: (Click&Clean App) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-10-18]
    CHR Extension: (Gmail) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-26]
    CHR Extension: (Chrome Media Router) - C:\Users\carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-15]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
    S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.) [File not signed]
    S4 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-09] (AVAST Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-09] (AVAST Software)
    R3 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [386912 2017-11-16] (Cheetah Mobile,Inc.)
    S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-10-22] (SurfRight B.V.)
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
    S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2010-11-11] (NTI Corporation)
    S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
    R3 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [294168 2017-10-05] (Reason Software Company Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S3 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [658600 2017-07-06] (WiseCleaner.com)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-09] (AVAST Software)
    R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-09] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-09] (AVAST Software s.r.o.)
    R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-09] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-09] (AVAST Software s.r.o.)
    S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-09] (AVAST Software)
    R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-09] (AVAST Software)
    R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-09] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-09] (AVAST Software)
    R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-09] (AVAST Software)
    R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-15] (AVAST Software)
    R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-09] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-09] (AVAST Software)
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-10-01] (REALiX(tm))
    R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [80560 2017-11-16] (Kingsoft Corporation)
    R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2017-10-01] (Qualcomm Atheros Co., Ltd.)
    S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-16] (Malwarebytes)
    S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [420832 2017-10-01] (Realsil Semiconductor Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [33864 2017-10-04] (wisecleaner.com)
    S4 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-09-26] (Zemana Ltd.)
    S4 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-09-26] (Zemana Ltd.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-11-16 14:06 - 2017-11-16 14:06 - 000014280 _____ C:\Users\carl\Desktop\FRST.txt
    2017-11-16 14:04 - 2017-11-16 14:04 - 002392576 _____ (Farbar) C:\Users\carl\Desktop\FRST64.exe
    2017-11-16 13:06 - 2017-11-16 13:06 - 000060416 _____ C:\Users\carl\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-11-16 13:04 - 2017-11-16 13:04 - 000000000 ____D C:\Users\carl\AppData\Roaming\kcleaner
    2017-11-16 13:02 - 2017-11-16 13:02 - 000001037 _____ C:\Users\Public\Desktop\Clean Master.lnk
    2017-11-16 13:02 - 2017-11-16 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clean Master
    2017-11-16 13:02 - 2017-11-16 13:02 - 000000000 ____D C:\ProgramData\cmcm
    2017-11-16 13:02 - 2017-11-16 13:02 - 000000000 ____D C:\Program Files (x86)\cmcm
    2017-11-16 12:55 - 2017-11-16 12:56 - 021675616 _____ (Cheetah Mobile,Inc.) C:\Users\carl\Desktop\clean_master_8_1.exe
    2017-11-16 10:42 - 2017-11-16 10:42 - 000000000 ____D C:\ProgramData\SWCUTemp
    2017-11-16 08:34 - 2017-11-16 13:27 - 000097754 _____ C:\Windows\ntbtlog.txt
    2017-11-16 08:34 - 2017-11-16 08:35 - 000272416 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-11-15 17:50 - 2017-11-15 17:50 - 000000000 ____D C:\Users\carl\AppData\Roaming\Macromedia
    2017-11-15 17:38 - 2017-11-15 17:45 - 000000000 ____D C:\Users\carl\Desktop\backups
    2017-11-15 14:15 - 2017-11-15 14:15 - 000000000 ____D C:\Users\carl\AppData\Roaming\Windows Live Writer
    2017-11-15 07:46 - 2017-11-15 07:55 - 000000000 ____D C:\Windows\system32\MRT
    2017-11-15 07:25 - 2017-10-18 02:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-11-15 07:25 - 2017-10-18 01:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-11-15 07:25 - 2017-10-17 21:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2017-11-15 07:25 - 2017-10-17 21:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2017-11-15 07:25 - 2017-10-17 21:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2017-11-15 07:25 - 2017-10-17 21:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2017-11-15 07:25 - 2017-10-17 21:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2017-11-15 07:25 - 2017-10-17 21:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2017-11-15 07:25 - 2017-10-17 21:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2017-11-15 07:25 - 2017-10-16 18:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2017-11-15 07:25 - 2017-10-16 17:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-11-15 07:25 - 2017-10-16 16:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
    2017-11-15 07:25 - 2017-10-14 03:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-11-15 07:25 - 2017-10-14 03:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-11-15 07:25 - 2017-10-14 03:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-11-15 07:25 - 2017-10-14 03:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-11-15 07:25 - 2017-10-14 03:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-11-15 07:25 - 2017-10-14 03:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-11-15 07:25 - 2017-10-14 03:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-11-15 07:25 - 2017-10-14 03:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-11-15 07:25 - 2017-10-14 03:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-11-15 07:25 - 2017-10-14 03:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-11-15 07:25 - 2017-10-14 03:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-11-15 07:25 - 2017-10-14 03:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-11-15 07:25 - 2017-10-14 03:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-11-15 07:25 - 2017-10-14 03:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-11-15 07:25 - 2017-10-14 03:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-11-15 07:25 - 2017-10-14 03:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-11-15 07:25 - 2017-10-14 03:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-11-15 07:25 - 2017-10-14 02:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-11-15 07:25 - 2017-10-14 02:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-11-15 07:25 - 2017-10-14 02:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2017-11-15 07:25 - 2017-10-14 02:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-11-15 07:25 - 2017-10-14 02:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-11-15 07:25 - 2017-10-14 02:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-11-15 07:25 - 2017-10-14 02:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-11-15 07:25 - 2017-10-14 02:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-11-15 07:25 - 2017-10-14 02:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-11-15 07:25 - 2017-10-14 02:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-11-15 07:25 - 2017-10-14 02:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-11-15 07:25 - 2017-10-14 02:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-11-15 07:25 - 2017-10-14 02:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-11-15 07:25 - 2017-10-14 02:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-11-15 07:25 - 2017-10-14 02:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-11-15 07:25 - 2017-10-14 02:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-11-15 07:25 - 2017-10-14 02:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-11-15 07:25 - 2017-10-14 02:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-11-15 07:25 - 2017-10-14 02:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-11-15 07:25 - 2017-10-14 01:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-11-15 07:25 - 2017-10-14 01:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-11-15 07:25 - 2017-10-14 01:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-11-15 07:25 - 2017-10-14 01:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-11-15 07:25 - 2017-10-14 01:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-11-15 07:25 - 2017-10-14 01:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-11-15 07:25 - 2017-10-14 01:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-11-15 07:25 - 2017-10-14 01:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-11-15 07:25 - 2017-10-14 01:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-11-15 07:25 - 2017-10-14 01:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-11-15 07:25 - 2017-10-14 01:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-11-15 07:25 - 2017-10-14 01:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-11-15 07:25 - 2017-10-14 01:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-11-15 07:25 - 2017-10-14 01:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-11-15 07:25 - 2017-10-14 01:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2017-11-15 07:25 - 2017-10-14 01:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-11-15 07:25 - 2017-10-14 01:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-11-15 07:25 - 2017-10-14 01:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-11-15 07:25 - 2017-10-14 01:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-11-15 07:25 - 2017-10-14 01:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-11-15 07:25 - 2017-10-14 01:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-11-15 07:25 - 2017-10-14 01:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-11-15 07:25 - 2017-10-14 01:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-11-15 07:25 - 2017-10-14 01:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-11-15 07:25 - 2017-10-14 01:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-11-15 07:25 - 2017-10-14 01:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-11-15 07:25 - 2017-10-14 01:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-11-15 07:25 - 2017-10-14 01:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-11-15 07:25 - 2017-10-14 01:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-11-15 07:25 - 2017-10-14 01:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-11-15 07:25 - 2017-10-11 19:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-11-15 07:25 - 2017-10-11 19:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2017-11-15 07:25 - 2017-10-11 19:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2017-11-15 07:25 - 2017-10-11 19:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
    2017-11-15 07:25 - 2017-10-11 19:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
    2017-11-15 07:25 - 2017-10-11 19:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-11-15 07:25 - 2017-10-11 19:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-11-15 07:25 - 2017-10-11 19:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-11-15 07:25 - 2017-10-11 19:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-11-15 07:25 - 2017-10-11 19:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2017-11-15 07:25 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2017-11-15 07:25 - 2017-10-11 19:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2017-11-15 07:25 - 2017-10-11 19:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-11-15 07:25 - 2017-10-11 19:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2017-11-15 07:25 - 2017-10-11 19:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2017-11-15 07:25 - 2017-10-11 19:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
    2017-11-15 07:25 - 2017-10-11 19:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
    2017-11-15 07:25 - 2017-10-11 19:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-11-15 07:25 - 2017-10-11 19:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-11-15 07:25 - 2017-10-11 19:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-11-15 07:25 - 2017-10-11 19:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2017-11-15 07:25 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2017-11-15 07:25 - 2017-10-11 19:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2017-11-15 07:25 - 2017-10-11 19:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
    2017-11-15 07:25 - 2017-10-11 19:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-11-14 21:34 - 2017-11-14 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
    2017-11-14 21:34 - 2017-11-14 21:34 - 000000000 ____D C:\Program Files (x86)\Western Digital Corporation
    2017-11-14 21:22 - 2017-11-15 21:14 - 000000000 ____D C:\Users\carl\Desktop\test harddrive
    2017-11-14 20:55 - 2017-11-14 21:15 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
    2017-11-14 20:55 - 2017-11-14 20:55 - 000000000 ____D C:\Windows\System32\Tasks\HardDiskSentinel
    2017-11-14 20:55 - 2017-11-14 20:55 - 000000000 ____D C:\Users\carl\AppData\Roaming\Hard Disk Sentinel
    2017-11-14 20:55 - 2017-11-14 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
    2017-11-14 14:01 - 2017-11-14 14:01 - 000000000 ____D C:\Users\carl\AppData\Local\Adobe
    2017-11-14 12:39 - 2017-11-14 12:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
    2017-11-14 12:39 - 2017-11-14 12:39 - 000000000 ____D C:\Program Files (x86)\Seagate
    2017-11-14 10:26 - 2017-11-14 10:26 - 000000000 ____D C:\ProgramData\Emsisoft
    2017-11-13 16:48 - 2017-11-13 16:48 - 000000296 _____ C:\Users\carl\Documents\symbols2.reg
    2017-11-13 16:47 - 2017-11-13 16:47 - 000000392 _____ C:\Users\carl\Documents\symbols1.reg
    2017-11-13 16:40 - 2017-11-13 16:40 - 000000000 ____D C:\Windows\RegBak
    2017-11-12 12:35 - 2017-11-12 12:35 - 000000000 ____D C:\Users\carl\AppData\Local\CEF
    2017-11-12 12:34 - 2017-11-12 12:34 - 000000000 ____D C:\Users\carl\AppData\Roaming\Google
    2017-11-12 12:33 - 2017-11-12 12:33 - 000000000 ____D C:\Windows\System32\Tasks\WPD
    2017-11-11 17:59 - 2017-11-11 17:59 - 000000000 ____D C:\Program Files (x86)\VirusTotalUploader2
    2017-11-10 21:38 - 2017-11-16 08:52 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2017-11-10 16:52 - 2017-11-09 16:35 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2017-11-10 16:03 - 2017-11-10 17:52 - 000000396 _____ C:\Windows\Tasks\Gateway Registration - Reminder Recall task.job
    2017-11-09 16:35 - 2017-11-09 16:35 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
    2017-11-09 09:52 - 2017-11-16 14:06 - 000000000 ____D C:\FRST
    2017-11-09 08:08 - 2017-11-09 08:08 - 000053824 ____N C:\bootsqm.dat
    2017-11-08 21:28 - 2017-11-08 21:28 - 000022550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-11-08 19:14 - 2017-11-08 19:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-11-08 19:14 - 2017-11-08 19:14 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-11-08 19:14 - 2017-11-08 19:14 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-11-08 19:14 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-11-08 18:07 - 2017-11-08 18:07 - 000000000 ____D C:\ProgramData\MB3CoreBackup
    2017-11-08 18:05 - 2017-11-08 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2017-11-08 18:05 - 2017-11-08 18:05 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
    2017-11-08 13:49 - 2017-11-09 11:02 - 000000000 _____ C:\Windows\SysWOW64\last.dump
    2017-11-07 21:38 - 2017-10-17 21:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2017-11-07 21:38 - 2017-10-17 21:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2017-11-07 21:38 - 2017-10-15 17:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2017-11-07 21:38 - 2017-10-04 08:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2017-11-07 21:38 - 2017-10-04 08:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2017-11-07 21:38 - 2017-10-04 08:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2017-11-07 21:38 - 2017-10-04 08:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2017-11-07 21:38 - 2017-10-04 08:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2017-11-07 21:38 - 2017-10-04 08:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2017-11-07 21:38 - 2017-10-04 08:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2017-11-02 20:11 - 2017-11-16 13:02 - 000131800 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi_ev.sys
    2017-11-02 20:11 - 2017-11-16 13:02 - 000123568 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
    2017-11-02 20:11 - 2017-11-16 13:02 - 000088792 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64_ev.sys
    2017-11-02 20:11 - 2017-11-16 13:02 - 000080560 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
    2017-11-02 20:11 - 2017-11-02 20:12 - 000000000 ____D C:\ProgramData\Kingsoft
    2017-11-02 20:11 - 2017-11-02 20:11 - 000000000 ____D C:\Users\carl\AppData\Roaming\kingsoft
    2017-10-31 13:49 - 2017-11-01 15:22 - 000000000 ____D C:\Users\carl\AppData\Roaming\Skype
    2017-10-31 13:49 - 2017-10-31 13:49 - 000000000 ___RD C:\Program Files (x86)\Skype
    2017-10-31 13:49 - 2017-10-31 13:49 - 000000000 ____D C:\Users\carl\AppData\Local\Skype
    2017-10-29 19:16 - 2017-10-29 19:16 - 000000000 ____D C:\Windows\SysWOW64\sda
    2017-10-29 16:02 - 2017-10-29 16:02 - 000000023 _____ C:\Users\carl\Documents\booster driver.txt
    2017-10-29 15:21 - 2017-10-29 15:21 - 000000000 ____D C:\Users\carl\AppData\Roaming\ChemTable Software
    2017-10-29 15:20 - 2017-10-29 15:21 - 000000000 ____D C:\Users\carl\AppData\Local\ChemTable Software
    2017-10-29 15:20 - 2017-10-29 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft Organizer
    2017-10-29 15:20 - 2017-10-29 15:20 - 000000000 ____D C:\Program Files (x86)\Soft Organizer
    2017-10-28 07:40 - 2017-10-28 07:40 - 000000062 _____ C:\Users\carl\cbs.txt
    2017-10-27 14:04 - 2017-11-02 19:16 - 000002884 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (carl)
    2017-10-27 10:59 - 2017-10-27 10:59 - 000000059 _____ C:\Users\carl\Documents\sfcdetails.txt
    2017-10-23 12:58 - 2017-10-23 12:58 - 000314547 _____ C:\Users\carl\Desktop\CCEnhancer-4.5.1-multilingual.zip
    2017-10-23 12:55 - 2017-10-26 21:51 - 000002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2017-10-23 12:55 - 2017-10-23 12:58 - 000000000 ____D C:\Program Files\CCleaner
    2017-10-23 12:55 - 2017-10-23 12:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2017-10-22 20:35 - 2017-10-22 20:35 - 001004649 _____ C:\Users\carl\Desktop\ProcessMonitor.zip
    2017-10-22 19:04 - 2017-11-15 18:05 - 000000000 ____D C:\Users\carl\Desktop\anti viruses
    2017-10-22 15:36 - 2017-10-22 19:08 - 000000000 ____D C:\Program Files\UVK - Ultra Virus Killer
    2017-10-22 15:36 - 2017-10-22 19:06 - 000000000 ____D C:\ProgramData\UVK
    2017-10-22 15:11 - 2017-10-22 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    2017-10-22 15:11 - 2017-10-22 15:11 - 000000000 ____D C:\Program Files\HitmanPro
    2017-10-22 15:10 - 2017-11-12 22:22 - 000000000 ____D C:\ProgramData\HitmanPro
    2017-10-22 13:19 - 2017-10-22 13:19 - 000000207 _____ C:\Windows\tweaking.com-regbackup-CARL-PC-Windows-7-Home-Premium-(64-bit).dat
    2017-10-22 13:19 - 2017-10-22 13:19 - 000000000 ____D C:\RegBackup
    2017-10-21 07:17 - 2017-09-07 08:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2017-10-21 07:17 - 2017-09-07 08:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2017-10-21 06:54 - 2017-10-21 06:54 - 000466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
    2017-10-21 06:54 - 2017-10-21 06:54 - 000444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2017-10-21 06:54 - 2017-10-21 06:54 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
    2017-10-21 06:54 - 2017-10-21 06:54 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2017-10-21 06:54 - 2017-10-21 06:54 - 000000000 ____D C:\Program Files (x86)\OpenAL
    2017-10-21 06:52 - 2017-10-21 06:52 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA
    2017-10-21 06:39 - 2017-11-14 12:39 - 000000000 ____D C:\ProgramData\Package Cache
    2017-10-21 06:36 - 2017-10-21 06:36 - 000000000 ____D C:\Windows\SysWOW64\xlive
    2017-10-21 06:36 - 2017-10-21 06:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
    2017-10-21 06:36 - 2017-10-21 06:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2017-10-21 06:27 - 2010-06-02 03:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2017-10-21 06:27 - 2010-06-02 03:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
    2017-10-21 06:27 - 2010-06-02 03:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
    2017-10-21 06:27 - 2010-06-02 03:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
    2017-10-21 06:27 - 2010-06-02 03:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
    2017-10-21 06:27 - 2010-06-02 03:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2017-10-21 06:27 - 2010-05-26 10:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
    2017-10-21 06:27 - 2010-05-26 10:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2017-10-21 06:27 - 2010-05-26 10:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
    2017-10-21 06:27 - 2010-05-26 10:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
    2017-10-21 06:27 - 2010-05-26 10:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
    2017-10-21 06:27 - 2010-05-26 10:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2017-10-21 06:26 - 2010-05-26 10:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
    2017-10-21 06:26 - 2010-05-26 10:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2017-10-21 06:26 - 2010-05-26 10:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
    2017-10-21 06:26 - 2010-05-26 10:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
    2017-10-21 06:26 - 2010-02-04 09:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
    2017-10-21 06:26 - 2010-02-04 09:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2017-10-21 06:26 - 2010-02-04 09:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2017-10-21 06:26 - 2010-02-04 09:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
    2017-10-21 06:26 - 2010-02-04 09:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
    2017-10-21 06:26 - 2010-02-04 09:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2017-10-21 06:26 - 2010-02-04 09:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
    2017-10-21 06:26 - 2010-02-04 09:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2017-10-21 06:26 - 2009-09-04 16:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
    2017-10-21 06:26 - 2009-09-04 16:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
    2017-10-21 06:26 - 2009-09-04 16:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
    2017-10-21 06:26 - 2009-09-04 16:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
    2017-10-21 06:26 - 2009-09-04 16:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
    2017-10-21 06:26 - 2009-09-04 16:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
    2017-10-21 06:26 - 2009-09-04 16:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
    2017-10-21 06:26 - 2009-09-04 16:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
    2017-10-21 06:26 - 2009-09-04 16:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2017-10-21 06:26 - 2009-09-04 16:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2017-10-21 06:26 - 2009-09-04 16:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
    2017-10-21 06:26 - 2009-09-04 16:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2017-10-21 06:26 - 2009-03-16 13:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
    2017-10-21 06:26 - 2009-03-16 13:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2017-10-21 06:26 - 2009-03-16 13:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2017-10-21 06:26 - 2009-03-16 13:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
    2017-10-21 06:26 - 2009-03-16 13:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
    2017-10-21 06:26 - 2009-03-16 13:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2017-10-21 06:26 - 2009-03-09 14:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
    2017-10-21 06:26 - 2009-03-09 14:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2017-10-21 06:26 - 2009-03-09 14:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
    2017-10-21 06:26 - 2009-03-09 14:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
    2017-10-21 06:26 - 2008-10-27 09:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
    2017-10-21 06:26 - 2008-10-27 09:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
    2017-10-21 06:26 - 2008-10-27 09:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
    2017-10-21 06:26 - 2008-10-27 09:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
    2017-10-21 06:26 - 2008-10-27 09:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
    2017-10-21 06:26 - 2008-10-27 09:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
    2017-10-21 06:26 - 2008-10-27 09:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
    2017-10-21 06:26 - 2008-10-27 09:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
    2017-10-21 06:26 - 2008-10-15 05:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
    2017-10-21 06:26 - 2008-10-15 05:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
    2017-10-21 06:26 - 2008-10-15 05:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
    2017-10-21 06:26 - 2008-10-15 05:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2017-10-21 06:26 - 2008-10-15 05:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
    2017-10-21 06:26 - 2008-10-15 05:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2017-10-21 06:26 - 2008-07-31 09:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
    2017-10-21 06:26 - 2008-07-31 09:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
    2017-10-21 06:26 - 2008-07-31 09:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
    2017-10-21 06:26 - 2008-07-31 09:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2017-10-21 06:26 - 2008-07-31 09:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
    2017-10-21 06:26 - 2008-07-31 09:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2017-10-21 06:26 - 2008-07-10 10:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2017-10-21 06:26 - 2008-07-10 10:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
    2017-10-21 06:26 - 2008-07-10 10:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2017-10-21 06:26 - 2008-07-10 10:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
    2017-10-21 06:26 - 2008-07-10 10:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2017-10-21 06:26 - 2008-07-10 10:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
    2017-10-21 06:26 - 2008-05-30 13:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
    2017-10-21 06:26 - 2008-05-30 13:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2017-10-21 06:26 - 2008-05-30 13:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2017-10-21 06:26 - 2008-05-30 13:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
    2017-10-21 06:26 - 2008-05-30 13:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
    2017-10-21 06:26 - 2008-05-30 13:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2017-10-21 06:26 - 2008-05-30 13:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2017-10-21 06:26 - 2008-05-30 13:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
    2017-10-21 06:26 - 2008-05-30 13:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
    2017-10-21 06:26 - 2008-05-30 13:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2017-10-21 06:26 - 2008-05-30 13:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
    2017-10-21 06:26 - 2008-05-30 13:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
    2017-10-21 06:26 - 2008-05-30 13:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
    2017-10-21 06:26 - 2008-05-30 13:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
    2017-10-21 06:26 - 2008-03-05 15:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
    2017-10-21 06:26 - 2008-03-05 15:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
    2017-10-21 06:26 - 2008-03-05 15:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
    2017-10-21 06:26 - 2008-03-05 15:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
    2017-10-21 06:26 - 2008-03-05 15:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
    2017-10-21 06:26 - 2008-03-05 15:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
    2017-10-21 06:26 - 2008-03-05 14:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
    2017-10-21 06:26 - 2008-03-05 14:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
    2017-10-21 06:26 - 2008-03-05 14:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
    2017-10-21 06:26 - 2008-03-05 14:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
    2017-10-21 06:26 - 2008-02-05 22:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
    2017-10-21 06:26 - 2008-02-05 22:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
    2017-10-21 06:26 - 2007-10-22 02:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
    2017-10-21 06:26 - 2007-10-22 02:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
    2017-10-21 06:26 - 2007-10-12 14:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
    2017-10-21 06:26 - 2007-10-12 14:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
    2017-10-21 06:26 - 2007-10-12 14:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
    2017-10-21 06:26 - 2007-10-12 14:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
    2017-10-21 06:26 - 2007-10-02 08:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
    2017-10-21 06:26 - 2007-10-02 08:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
    2017-10-21 06:26 - 2007-07-19 23:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
    2017-10-21 06:26 - 2007-07-19 23:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
    2017-10-21 06:26 - 2007-07-19 17:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
    2017-10-21 06:26 - 2007-07-19 17:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
    2017-10-21 06:26 - 2007-07-19 17:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
    2017-10-21 06:26 - 2007-07-19 17:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
    2017-10-21 06:25 - 2007-10-22 02:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
    2017-10-21 06:25 - 2007-10-22 02:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
    2017-10-21 06:25 - 2007-07-19 17:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
    2017-10-21 06:25 - 2007-07-19 17:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
    2017-10-21 06:25 - 2007-06-20 19:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
    2017-10-21 06:25 - 2007-06-20 19:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
    2017-10-21 06:25 - 2007-05-16 15:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
    2017-10-21 06:25 - 2007-05-16 15:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
    2017-10-21 06:25 - 2007-05-16 15:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
    2017-10-21 06:25 - 2007-05-16 15:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
    2017-10-21 06:25 - 2007-05-16 15:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
    2017-10-21 06:25 - 2007-05-16 15:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
    2017-10-21 06:25 - 2007-04-04 17:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
    2017-10-21 06:25 - 2007-04-04 17:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
    2017-10-21 06:25 - 2007-04-04 17:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
    2017-10-21 06:25 - 2007-04-04 17:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2017-10-21 06:25 - 2007-03-15 15:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
    2017-10-21 06:25 - 2007-03-15 15:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
    2017-10-21 06:25 - 2007-03-12 15:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
    2017-10-21 06:25 - 2007-03-12 15:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2017-10-21 06:25 - 2007-03-12 15:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
    2017-10-21 06:25 - 2007-03-12 15:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
    2017-10-21 06:25 - 2007-03-05 11:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
    2017-10-21 06:25 - 2007-03-05 11:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
    2017-10-21 06:25 - 2007-01-24 14:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
    2017-10-21 06:25 - 2007-01-24 14:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
    2017-10-21 06:25 - 2006-12-08 11:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
    2017-10-21 06:25 - 2006-12-08 11:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
    2017-10-21 06:25 - 2006-11-29 12:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
    2017-10-21 06:25 - 2006-11-29 12:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
    2017-10-21 06:25 - 2006-09-28 15:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
    2017-10-21 06:25 - 2006-09-28 15:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2017-10-21 06:25 - 2006-09-28 15:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
    2017-10-21 06:25 - 2006-09-28 15:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
    2017-10-21 06:25 - 2006-07-28 08:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
    2017-10-21 06:25 - 2006-07-28 08:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
    2017-10-21 06:25 - 2006-07-28 08:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
    2017-10-21 06:25 - 2006-07-28 08:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
    2017-10-21 06:25 - 2006-05-31 06:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
    2017-10-21 06:25 - 2006-05-31 06:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
    2017-10-21 06:25 - 2006-03-31 11:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
    2017-10-21 06:25 - 2006-03-31 11:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
    2017-10-21 06:25 - 2006-03-31 11:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
    2017-10-21 06:25 - 2006-03-31 11:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2017-10-21 06:25 - 2006-03-31 11:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
    2017-10-21 06:25 - 2006-03-31 11:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2017-10-21 06:25 - 2006-02-03 07:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
    2017-10-21 06:25 - 2006-02-03 07:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
    2017-10-21 06:25 - 2006-02-03 07:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
    2017-10-21 06:25 - 2006-02-03 07:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
    2017-10-21 06:25 - 2006-02-03 07:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
    2017-10-21 06:25 - 2006-02-03 07:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2017-10-21 06:25 - 2005-12-05 17:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
    2017-10-21 06:25 - 2005-12-05 17:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
    2017-10-21 06:25 - 2005-07-22 18:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
    2017-10-21 06:25 - 2005-07-22 18:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2017-10-21 06:25 - 2005-05-26 14:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
    2017-10-21 06:25 - 2005-05-26 14:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
    2017-10-21 06:25 - 2005-03-18 16:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
    2017-10-21 06:25 - 2005-03-18 16:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2017-10-21 06:25 - 2005-02-05 18:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
    2017-10-21 06:25 - 2005-02-05 18:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
    2017-10-20 21:16 - 2017-10-20 21:16 - 000000000 ____D C:\Users\carl\AppData\Local\ESET
    2017-10-20 18:50 - 2017-11-12 18:19 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2017-10-20 18:48 - 2017-11-12 18:18 - 000000000 ____D C:\ProgramData\RogueKiller
    2017-10-20 14:26 - 2017-10-20 14:26 - 000000000 ____D C:\Windows\CheckSur
    2017-10-19 13:43 - 2017-11-16 10:32 - 000000000 ____D C:\Users\carl\AppData\Local\niemiro
    2017-10-19 12:54 - 2017-10-19 13:11 - 564744309 _____ C:\Users\carl\Desktop\Windows6.1-KB947821-v34-x64.msu
    2017-10-18 17:55 - 2017-10-18 18:19 - 000000000 ____D C:\Users\carl\AppData\Local\ashampoo
    2017-10-18 17:54 - 2017-10-20 13:37 - 000000000 ____D C:\ProgramData\Ashampoo
    2017-10-18 17:54 - 2017-10-18 17:54 - 000000000 ____D C:\Program Files (x86)\Ashampoo

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-11-16 14:05 - 2017-10-01 01:03 - 000000000 ____D C:\Users\carl\AppData\Roaming\brave
    2017-11-16 14:00 - 2017-09-26 13:29 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-11-16 14:00 - 2017-09-26 13:29 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-11-16 14:00 - 2017-09-26 13:29 - 000004326 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-11-16 14:00 - 2017-09-26 13:29 - 000000000 ____D C:\Windows\system32\Macromed
    2017-11-16 14:00 - 2010-12-22 08:50 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2017-11-16 13:14 - 2017-09-28 13:28 - 000000000 ____D C:\Program Files (x86)\System Ninja
    2017-11-16 13:04 - 2017-10-04 08:11 - 000000000 ____D C:\Users\carl\AppData\Roaming\Wise Care 365
    2017-11-16 13:04 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
    2017-11-16 12:56 - 2017-09-26 14:53 - 000000000 ____D C:\Users\carl\AppData\Local\Everything
    2017-11-16 12:56 - 2017-09-26 14:48 - 000000000 ____D C:\Users\carl\AppData\Roaming\Everything
    2017-11-16 10:49 - 2009-07-13 23:45 - 000009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-11-16 10:49 - 2009-07-13 23:45 - 000009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-11-16 10:41 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-11-15 22:24 - 2010-01-01 04:40 - 000001425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2017-11-15 17:07 - 2017-09-26 12:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2017-11-15 07:45 - 2017-10-11 14:01 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
    2017-11-15 07:45 - 2017-09-25 14:53 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-11-15 07:41 - 2017-09-26 12:28 - 000455376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2017-11-15 07:36 - 2009-07-13 23:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2017-11-14 14:01 - 2017-09-25 14:45 - 000000000 ____D C:\Users\carl\AppData\Roaming\Adobe
    2017-11-14 10:41 - 2017-09-26 16:06 - 000000000 ____D C:\Windows_Repair_Toolbox
    2017-11-13 16:40 - 2017-09-27 13:06 - 000000078 _____ C:\Windows\system32\CARL-PC.Windows 7 Home Premium, 64-bit Service Pack 1 (build 7601).txt
    2017-11-12 17:19 - 2009-07-14 00:32 - 000000000 ____D C:\Program Files\Windows Sidebar
    2017-11-12 11:30 - 2017-09-27 16:49 - 000000000 ____D C:\Users\carl\AppData\Roaming\Mozilla
    2017-11-12 11:30 - 2017-09-26 12:24 - 000000000 ____D C:\ProgramData\AVAST Software
    2017-11-12 11:30 - 2017-09-25 14:44 - 000000000 ____D C:\Users\carl
    2017-11-12 11:15 - 2017-09-26 17:03 - 000000000 ____D C:\AdwCleaner
    2017-11-12 10:26 - 2017-09-28 13:21 - 000000000 ____D C:\Users\carl\Desktop\optimizers
    2017-11-10 17:50 - 2017-09-25 16:15 - 000003468 _____ C:\Windows\System32\Tasks\Gateway Registration - Reminder Recall task
    2017-11-10 16:53 - 2017-09-26 12:30 - 000001929 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2017-11-10 16:53 - 2017-09-26 12:29 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
    2017-11-10 00:45 - 2009-07-14 00:13 - 000748782 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-11-10 00:37 - 2009-07-13 21:34 - 061603840 _____ C:\Windows\system32\config\SOFTWARE.BAK
    2017-11-10 00:37 - 2009-07-13 21:34 - 014942208 _____ C:\Windows\system32\config\SYSTEM.BAK
    2017-11-10 00:37 - 2009-07-13 21:34 - 000262144 _____ C:\Windows\system32\config\SECURITY.BAK
    2017-11-10 00:37 - 2009-07-13 21:34 - 000262144 _____ C:\Windows\system32\config\SAM.BAK
    2017-11-10 00:37 - 2009-07-13 21:34 - 000262144 _____ C:\Windows\system32\config\DEFAULT.BAK
    2017-11-09 16:35 - 2017-09-26 12:28 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2017-11-09 16:35 - 2017-09-26 12:28 - 000203976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2017-11-09 16:35 - 2017-09-26 12:28 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2017-11-09 16:35 - 2017-09-26 12:28 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2017-11-09 16:35 - 2017-09-26 12:28 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2017-11-09 16:35 - 2017-09-26 12:28 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2017-11-09 16:34 - 2017-09-26 12:28 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2017-11-09 16:34 - 2017-09-26 12:28 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
    2017-11-09 16:34 - 2017-09-26 12:28 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
    2017-11-09 16:34 - 2017-09-26 12:28 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
    2017-11-09 16:34 - 2017-09-26 12:28 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
    2017-11-08 21:26 - 2017-09-26 12:13 - 000000000 ____D C:\Program Files (x86)\Google
    2017-11-08 21:26 - 2017-09-26 12:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-11-08 21:26 - 2010-12-22 08:33 - 000000000 ____D C:\ProgramData\OEM
    2017-11-08 21:26 - 2010-12-22 08:29 - 000000000 ____D C:\ProgramData\BackupManager
    2017-11-08 18:08 - 2017-09-26 12:14 - 000002162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-11-08 18:08 - 2017-09-26 12:14 - 000002150 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-11-08 18:05 - 2017-09-26 12:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    2017-11-08 14:16 - 2017-10-01 10:46 - 000000000 ____D C:\Users\carl\AppData\Local\ElevatedDiagnostics
    2017-11-07 21:38 - 2017-09-26 10:24 - 000000000 ____D C:\Windows\system32\appraiser
    2017-11-02 11:16 - 2017-09-27 20:57 - 000000000 ____D C:\Users\carl\AppData\Roaming\vlc
    2017-10-31 13:49 - 2010-12-22 08:25 - 000002697 _____ C:\Users\Public\Desktop\Skype.lnk
    2017-10-31 13:49 - 2010-12-22 08:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2017-10-29 22:53 - 2017-10-01 08:20 - 000002245 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
    2017-10-27 14:04 - 2017-10-01 08:20 - 000000000 ____D C:\ProgramData\IObit
    2017-10-26 22:06 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Msdtc
    2017-10-26 12:27 - 2017-09-27 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Backup and Restore
    2017-10-23 13:20 - 2017-09-26 14:48 - 000000000 ____D C:\Program Files\Everything
    2017-10-23 13:20 - 2010-01-01 04:26 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
    2017-10-22 16:12 - 2017-09-26 16:30 - 000040278 _____ C:\Windows\ZAM.krnl.trace
    2017-10-22 16:12 - 2017-09-26 16:30 - 000013015 _____ C:\Windows\ZAM_Guard.krnl.trace
    2017-10-22 15:43 - 2017-09-26 12:15 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2017-10-22 15:43 - 2017-09-25 19:03 - 000000000 ____D C:\Windows\pss
    2017-10-22 15:43 - 2010-12-22 07:32 - 000000000 ___HD C:\OEM
    2017-10-21 15:09 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
    2017-10-21 07:22 - 2017-09-25 20:05 - 000745182 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-10-21 06:36 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2017-10-20 13:35 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
    2017-10-20 12:22 - 2017-09-27 20:42 - 000007601 _____ C:\Users\carl\AppData\Local\Resmon.ResmonCfg

    ==================== Files in the root of some directories =======

    2017-09-27 20:42 - 2017-10-20 12:22 - 000007601 _____ () C:\Users\carl\AppData\Local\Resmon.ResmonCfg

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-11-08 00:26

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2017
    Ran by carl (16-11-2017 14:07:28)
    Running from C:\Users\carl\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2017-09-25 19:44:36)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3047833663-3766033810-2322992743-500 - Administrator - Disabled)
    carl (S-1-5-21-3047833663-3766033810-2322992743-1002 - Administrator - Enabled) => C:\Users\carl
    Guest (S-1-5-21-3047833663-3766033810-2322992743-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3047833663-3766033810-2322992743-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
    Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
    Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
    Advertising Center (HKLM-x32\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
    ATI Catalyst Install Manager (HKLM\...\{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
    Backup Manager V3 (HKLM-x32\...\{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation) Hidden
    Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
    Bing Bar Platform (HKLM-x32\...\{77C4850C-3592-4A2F-B652-ACB77A1EF77C}) (Version: 6.0.2282.0 - Microsoft Corporation) Hidden
    Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Brave (HKU\S-1-5-21-3047833663-3766033810-2322992743-1002\...\brave) (Version: 0.18.36 - Brave Software)
    ccc-core-static (HKLM-x32\...\{9C0E3DA8-408A-39D3-855D-3440E38F3D83}) (Version: 2010.1118.1603.28745 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
    Clean Master (HKLM-x32\...\cmpc) (Version: 6.0 - Cheetah Mobile)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.30.0 - Conexant)
    CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2326.52 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
    Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.0.3 - IObit)
    Empty Folder Cleaner (remove only) (HKLM\...\Empty Folder Cleaner) (Version: - )
    ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
    Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter)
    Gateway MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
    Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Gateway Incorporated)
    Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Gateway Incorporated)
    Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3003 - Gateway Incorporated)
    Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.1022.2010 - Gateway Incorporated)
    Google Chrome (HKLM\...\{4B96C879-1410-3F7C-BC3E-F46784C3D9E1}) (Version: 61.0.3163.100 - Google, Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.01 - Janos Mathe)
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Gateway Incorporated)
    ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
    Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.3 - Gateway)
    Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
    Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Mozilla Firefox 56.0 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0 (x64 en-US)) (Version: 56.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nero 9 Essentials (HKLM-x32\...\{31f0f193-85f3-42b8-b44c-024074d8984d}) (Version: - Nero AG)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
    Registry Backup and Restore (HKLM\...\Registry Backup and Restore_is1) (Version: - Acelogix)
    Registry Defragmenter and Compactor 1.6 (HKLM\...\Registry Compactor_is1) (Version: - Acelogix)
    Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
    SeaTools for Windows 1.4.0.6 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.6 - Seagate Technology)
    Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
    Soft Organizer version 6.15 (HKLM-x32\...\Soft Organizer_is1) (Version: 6.15 - ChemTable Software)
    SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
    System Ninja version 3.1.8 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.1.8 - SingularLabs)
    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
    Times Reader (HKLM-x32\...\{491ADA37-04EE-2ECE-9F86-DDC0106047AC}) (Version: 2.055 - The New York Times Company) Hidden
    Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
    Unchecky v1.1 (HKLM-x32\...\Unchecky) (Version: 1.1 - Reason Software Company Inc.)
    UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 10.7.6.1 - Carifred)
    Video Web Camera (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1216 - CyberLink Corp.) Hidden
    Video Web Camera (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1216 - CyberLink Corp.)
    VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - )
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3007 - Gateway Incorporated)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Repair Toolbox version 2.0.0.1 (HKLM-x32\...\{A8D7DA31-9E70-437D-97C4-C4887752E029}_is1) (Version: 2.0.0.1 - Alexandre Coelho)
    WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
    WinX HD Video Converter Deluxe 5.9.9 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
    Wise Care 365 4.7.2 (HKLM-x32\...\Wise Care 365_is1) (Version: 4.7.2 - WiseCleaner.com, Inc.)
    WMV9/VC-1 Video Playback (HKLM\...\{EE24C28A-6BE1-5138-7CC7-854E9EB3757C}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-09] (AVAST Software)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-09] (AVAST Software)
    ContextMenuHandlers1-x32: [cm_32bit] -> {D84432AF-3514-45a1-BD9C-1D6767EACD2E} => c:\program files (x86)\cmcm\Clean Master\cmmenu.dll [2017-11-16] (Cheetah Mobile,Inc.)
    ContextMenuHandlers1-x32: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => c:\program files (x86)\cmcm\Clean Master\cmmenu64.dll [2017-11-16] (Cheetah Mobile,Inc.)
    ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
    ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
    ContextMenuHandlers2-x32: [cm_32bit] -> {D84432AF-3514-45a1-BD9C-1D6767EACD2E} => c:\program files (x86)\cmcm\Clean Master\cmmenu.dll [2017-11-16] (Cheetah Mobile,Inc.)
    ContextMenuHandlers2-x32: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => c:\program files (x86)\cmcm\Clean Master\cmmenu64.dll [2017-11-16] (Cheetah Mobile,Inc.)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-09] (AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers4-x32: [cm_32bit] -> {D84432AF-3514-45a1-BD9C-1D6767EACD2E} => c:\program files (x86)\cmcm\Clean Master\cmmenu.dll [2017-11-16] (Cheetah Mobile,Inc.)
    ContextMenuHandlers4-x32: [cm_64bit] -> {69E19770-EA24-49e2-B997-405EDBEF4C05} => c:\program files (x86)\cmcm\Clean Master\cmmenu64.dll [2017-11-16] (Cheetah Mobile,Inc.)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-09] (AVAST Software)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2088F4E2-F398-439D-B19A-E3E71017A163} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-16] (Adobe Systems Incorporated)
    Task: {261D073D-6021-4468-B2A5-69054F067939} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-26] (Google Inc.)
    Task: {26DA12F8-D84F-48C4-A3E7-5AE3E57F83BE} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_carl => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2017-03-09] (H.D.S. Hungary)
    Task: {5E1EB0AA-65EE-4E10-B8E6-0AC2F89520FF} - System32\Tasks\Driver Booster SkipUAC (carl) => C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe [2017-09-22] (IObit)
    Task: {7E737A15-4F80-4A53-A3DE-C647F0FBC780} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
    Task: {C2F18F3E-0BC9-4118-920C-1E6EB17DCEBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-26] (Google Inc.)
    Task: {EE63C676-B249-4FAC-9E17-C761EBC86DDC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-09] (AVAST Software)
    Task: {F375704F-6EEA-4F4D-91EA-75294AA69834} - System32\Tasks\Gateway Registration - Reminder Recall task => C:\Program Files (x86)\Gateway\Registration\GREG.exe [2010-04-27] (Acer Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Gateway Registration - Reminder Recall task.job => C:\Program Files (x86)\Gateway\Registration\GREG.exe
    Task: C:\Windows\Tasks\Gateway Registration - Reminder Recall task.job_ => C:\Program Files (x86)\Gateway\Registration\GREG.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.gateway.com/redirect.aspx?rid=09000002

    ==================== Loaded Modules (Whitelisted) ==============

    2017-11-09 16:35 - 2017-11-09 16:35 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
    2017-11-09 16:34 - 2017-11-09 16:34 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
    2017-11-09 16:35 - 2017-11-09 16:35 - 000859216 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
    2017-11-09 16:35 - 2017-11-09 16:35 - 000292408 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
    2017-11-09 16:34 - 2017-11-09 16:34 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
    2017-11-09 16:34 - 2017-11-09 16:34 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2017-11-09 16:34 - 2017-11-09 16:34 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
    2017-11-09 16:34 - 2017-11-09 16:35 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
    2017-11-09 16:34 - 2017-11-09 16:34 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
    2017-11-16 07:26 - 2017-11-16 07:26 - 005881408 _____ () C:\Program Files\AVAST Software\Avast\defs\17111604\algo.dll
    2017-11-09 16:34 - 2017-11-09 16:34 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2017-11-09 16:34 - 2017-11-09 16:34 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2017-09-26 12:26 - 2017-09-26 12:26 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2017-11-09 16:34 - 2017-11-09 16:34 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
    2017-07-17 12:30 - 2017-07-17 12:30 - 000863744 _____ () C:\Windows\mod_frst.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2017-11-16 10:41 - 000002103 _____ C:\Windows\system32\Drivers\etc\hosts

    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 api.recommendedsw.com
    0.0.0.0 rp.yefeneri2.com
    0.0.0.0 os.yefeneri2.com
    0.0.0.0 os2.yefeneri2.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3047833663-3766033810-2322992743-1002\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 8.8.4.4 - 8.8.8.8
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: !SASCORE => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: AMD FUEL Service => 2
    MSCONFIG\Services: AMD Reservation Manager => 2
    MSCONFIG\Services: cmcore => 2
    MSCONFIG\Services: DsiWMIService => 2
    MSCONFIG\Services: ePowerSvc => 2
    MSCONFIG\Services: GameConsoleService => 3
    MSCONFIG\Services: GREGService => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: MBAMService => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 3
    MSCONFIG\Services: NOBU => 2
    MSCONFIG\Services: NTI IScheduleSvc => 2
    MSCONFIG\Services: TeamViewer => 3
    MSCONFIG\Services: Unchecky => 3
    MSCONFIG\Services: Updater Service => 2
    MSCONFIG\Services: WiseBootAssistant => 3
    MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{5BDF6B3F-856F-4ACE-B9F6-185969C81164}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{041A71EA-0FA7-49BC-962C-13223C21A567}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{D15AA4F7-91C9-4F60-A89B-B6266D4691FC}] => (Allow) LPort=2869
    FirewallRules: [{98DE6D38-1730-4D40-AA05-0357514D83A2}] => (Allow) LPort=1900
    FirewallRules: [{3C3AEBB3-661C-43ED-BA6D-19048A92A524}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{19FC591D-571E-4EBE-8475-E50600936AE6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{9633A95B-F64A-466B-B5BF-C03E36675090}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{7AE9D87A-9360-4851-953B-735E9B0421CD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{A8410CA1-086C-4032-82E7-55519B4C0F57}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{566F25A9-C10F-42B8-8AF4-B6346D45FFBC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{6F23A533-00A2-4AFC-B8EF-2A35B0A5790F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{3B96340B-772D-45ED-ABF3-8D8E90E58501}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{7F5811FC-BA73-4DBD-825A-037A9F614C08}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{C27068B1-E4E5-4B53-8A82-7ECD3FEF90FA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe
    FirewallRules: [{054C07C5-9013-47CA-98EA-B19EC511F8BF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe
    FirewallRules: [{FC97AF5E-3623-48E3-85D4-A5F342AB98DD}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DBDownloader.exe
    FirewallRules: [{1FF2C9D1-53FD-4512-9263-906ED8CFD7DA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\DBDownloader.exe
    FirewallRules: [{812E8099-0E1B-4FBD-8451-C2BBB24CF666}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\AutoUpdate.exe
    FirewallRules: [{670CA50C-E6F1-4D5A-90B1-87405CE72093}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.0.3\AutoUpdate.exe
    FirewallRules: [{F842050F-33D4-4E9D-ABFD-D650B1BCC46A}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe
    FirewallRules: [{8F8CACC7-2BED-4B2C-9956-1B4F7A9F1A21}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe
    FirewallRules: [{E5F6CFDA-B96E-4AC4-98BF-6D34318B3E60}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe
    FirewallRules: [{DA456F24-E094-4877-B1B8-34D6D78F3235}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

    ==================== Restore Points =========================

    13-11-2017 16:45:01 11-13-2017
    13-11-2017 18:54:35 Created by Wise Care 365
    14-11-2017 12:39:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    14-11-2017 17:29:31 Windows Update
    15-11-2017 07:27:47 Windows Update
    15-11-2017 07:44:42 Windows Update
    15-11-2017 14:19:16 Windows Update
    15-11-2017 19:15:25 Windows Update
    16-11-2017 10:13:59 Ultra Adware Killer adware removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/15/2017 09:14:18 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered
    .


    Operation:
    Instantiating VSS server

    Error: (11/15/2017 09:14:18 PM) (Source: VSS) (EventID: 22) (User: )
    Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
    This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
    The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
    ].


    Operation:
    Instantiating VSS server


    System errors:
    =============
    Error: (11/16/2017 10:33:52 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (11/16/2017 09:32:44 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (01/01/2010 12:02:37 AM) (Source: Schannel) (EventID: 4113) (User: NT AUTHORITY)
    Description: The certificate received from the remote server has either expired or is not yet valid. The SSL connection request has failed. The attached data contains the server certificate.

    Error: (01/01/2010 12:02:37 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 45. The internal error state is 552.

    Error: (01/01/2010 12:02:35 AM) (Source: Schannel) (EventID: 4113) (User: NT AUTHORITY)
    Description: The certificate received from the remote server has either expired or is not yet valid. The SSL connection request has failed. The attached data contains the server certificate.

    Error: (01/01/2010 12:02:35 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 45. The internal error state is 552.

    Error: (01/01/2010 12:02:33 AM) (Source: Schannel) (EventID: 4113) (User: NT AUTHORITY)
    Description: The certificate received from the remote server has either expired or is not yet valid. The SSL connection request has failed. The attached data contains the server certificate.

    Error: (01/01/2010 12:02:33 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 45. The internal error state is 552.

    Error: (01/01/2010 12:02:32 AM) (Source: Schannel) (EventID: 4113) (User: NT AUTHORITY)
    Description: The certificate received from the remote server has either expired or is not yet valid. The SSL connection request has failed. The attached data contains the server certificate.

    Error: (01/01/2010 12:02:32 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 45. The internal error state is 552.


    CodeIntegrity:
    ===================================
    Date: 2017-09-26 06:31:53.321
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-09-26 06:31:53.321
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-09-26 01:42:26.667
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-09-26 01:42:26.667
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-09-26 00:46:34.825
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-09-26 00:46:34.825
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-09-26 13:32:22.810
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-09-26 13:32:22.794
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2009-12-31 23:41:33.638
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2009-12-31 23:41:33.638
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD E-350 Processor
    Percentage of memory in use: 34%
    Total physical RAM: 3818.9 MB
    Available physical RAM: 2499.27 MB
    Total Virtual: 9961.09 MB
    Available Virtual: 8877.98 MB

    ==================== Drives ================================

    Drive c: (Gateway) (Fixed) (Total:277.99 GB) (Free:240.28 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 14C4079C)
    Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=278 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
    Attached Files Attached Files
    Last edited by Corrine; 11-16-2017 at 08:21 PM. Reason: Paste Logs

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,608

    Re: Weird Chinese symbols in registry

    Hi, Carl.

    First things first, I do not recommend registry cleaners, system optimizers and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

    Clean Master (HKLM-x32\...\cmpc) (Version: 6.0 - Cheetah Mobile)
    UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 10.7.6.1 - Carifred)
    Wise Care 365 4.7.2 (HKLM-x32\...\Wise Care 365_is1) (Version: 4.7.2 - WiseCleaner.com, Inc.)

    Note: Using CCleaner for managing cookies is not considered an issue but, again, using the registry cleaner part of the program is generally not recommended.

    In the event you elect to uninstall these programs, please do so now. In the meantime, nothing jumped out at me that is the reason for those characters. However, I will consult with other members of the team and one of us will get back to you.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,977

    Re: Weird Chinese symbols in registry

    Carl. I'm going to take a look with Corrine. Please zip up the following folder, upload to a file sharing service and provide me the link in a PM so private information isn't available in the public forum.

    C:\FRST\Hives
    Corrine says thanks for this.

  6. #6

    Re: Weird Chinese symbols in registry

    Corrine I agree with you a 100% BrianDrab your colleague has repeatedly admonished me on the perils of using registry cleaners. I used whose three software utilities for different optimizations. I believe I must have downloaded something that produce this registry alteration.
    Corrine says thanks for this.

  7. #7
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,977

    Re: Weird Chinese symbols in registry

    Thanks for the info carl. Please do the following exactly!

    1. Get back in to your registry using regedit and click directly on the HKEY_CURRENT_USER key.
    [7SP1HomePre x64] Weird Chinese symbols in registry-capture-jpg

    2. Select the File menu Export... and change the File name: to HKCU and Save as type to Text files(*.txt) and save to your desktop.

    [7SP1HomePre x64] Weird Chinese symbols in registry-capture-jpg

    3. Zip up and attach or upload your HKCU.txt file on your desktop. Thank you.
    Corrine says thanks for this.

  8. #8

    Re: Weird Chinese symbols in registry

    Good morning forum I just finished my physical exercises now I am ready for computer trouble shooting exercises .Download hkcu.zip from Sendspace.com - send big files the easy way

  9. #9
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,977

    Re: Weird Chinese symbols in registry

    It doesn't look like you followed the instructions properly. Please repeat the instructions and go step-by-step. Thank you!

  10. #10

    Re: Weird Chinese symbols in registry

    I apologize about that here is the corrected file.Download hkcu.zip from Sendspace.com - send big files the easy way

  11. #11
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,977

    Re: Weird Chinese symbols in registry

    OK, I have a theory and would like to pursue it. Please uninstall the following program and let me know when you are done.
    Code:
    Avast Free Antivirus

    My reasoning is below. Many of the corrupt keys have a value in common.
    Code:
    [HKEY_CURRENT_USER\@燚]
    "cl"=dword:00000003
    The program that shares this value is Avast.

    Code:
    [HKEY_CURRENT_USER\Software\Avast Software\Avast Browser Cleanup]
    "BCU_GUID"="{786774DE-A9F9-4272-B56C-D79754C6BE7F}"
    "cl"=dword:00000003
    I know it's a stretch but I would like to start here.
    Corrine says thanks for this.

  12. #12

    Re: Weird Chinese symbols in registry

    avast is thoroughly uninstall

  13. #13
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,977

    Re: Weird Chinese symbols in registry

    Thanks. When you go back into your registry, do you still see the characters?

  14. #14

    Re: Weird Chinese symbols in registry

    Yes they are still there. HEY Brian if I backup my registry and delete those keys and run process monitor and take a snapshot with process monitor after I Delete the keys and if they return take another snapshot and compare the two views then can we see what launched those keys?

  15. #15
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,977

    Re: Weird Chinese symbols in registry

    HEY Brian if I backup my registry and delete those keys and run process monitor and take a snapshot with process monitor after I Delete the keys and if they return take another snapshot and compare the two views then can we see what launched those keys?
    We'll get there. We already have a backup of your registry so go ahead and delete the keys with those Chinese characters. Let me know when complete.

  16. #16

    Re: Weird Chinese symbols in registry

    Okay Brian all done

  17. #17
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,977

    Re: Weird Chinese symbols in registry

    Great. Now please do the following. This is assuming that the Chinese characters are still completely gone BEFORE you follow these instructions.

    Step#1 - Enable Registry Auditing
    1. Right-click on the Start button and select Command Prompt (Admin)
    2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
    auditpol /set /subcategory:"Registry" /success:enable

    3. You should get a message within the command-prompt that states "The command was successfully executed."

    Step#2 - Designate Registry Key to Monitor
    1. Type regedit in the command-prompt window and hit enter.
    2. The Registry Editor will open.
    3. Scroll all the way to the top of the screen using the vertical scroll bar. You will see several root keys named HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, etc.
    4. Select the HKEY_CURRENT_USER key.
    5. Right-click on this key and choose Permissions...
    6. Click the Advanced button.
    7. Click the Auditing tab.
    8. Click the Add button and then click the "Select a principal" link at the top of that form.
    9. Type Everyone in the text box and click OK.
    10. Click the Show advanced permissions link.
    11. Check the box that says "Set Value". Uncheck all other options.
    12. Click OK on this screen and the click OK again and then OK again to get out of all the screens.
    13. You may close the registry editor and the command-prompt now.

    Let me know when this is complete.

  18. #18

    Re: Weird Chinese symbols in registry

    Okay brilliant Brian I think I've followed you correctly if not I will try again

  19. #19
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,977

    Re: Weird Chinese symbols in registry

    Does everything still look good in the registry?

  20. #20

    Re: Weird Chinese symbols in registry

    Oh yes everything still looks good in the registry. I see how you set things in motion to monitor the registry what a brilliant move, I learn so much from you guys, Joining the forum was one of my most wisest decision I have ever made.
    Corrine says thanks for this.

Page 1 of 2 12 Last

Similar Threads

  1. Win 10 9926 ISO'S and Symbols on MSDN
    By zigzag3143 in forum Windows 10
    Replies: 0
    Last Post: 01-23-2015, 02:23 PM
  2. Microsoft Windows 8 Banned By Chinese Government
    By JMH in forum News You Can Use
    Replies: 1
    Last Post: 05-25-2014, 05:56 AM

Log in

Log in