[SOLVED] Hack tool detected by MSE.

H

Han Solo

Contributor
Joined
Feb 9, 2018
Posts
420
I have been trying to remove and quarantine a hack tool detected with MSE without success. I did however was able to remove a previous detected backdoor with MSE.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-10-2019 02
Ran by honey (administrator) on HONEY-PC (Hewlett-Packard s5-1260) (12-10-2019 20:14:58)
Running from C:\Users\honey\Downloads
Loaded Profiles: honey (Available Profiles: honey)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera_crashreporter.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-08-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3523848 2018-07-03] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\honey\AppData\Local\Microsoft\Teams\Update.exe [1789552 2019-07-31] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_pepper.exe [1453112 2019-09-29] (Adobe Inc. -> Adobe)
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\MountPoints2: {7a10655e-39ff-11e4-8394-2c4138a9b7f0} - E:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-28] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-02-24]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0169E1B7-B536-48FA-A750-B58928F20B33} - System32\Tasks\{8901AA4F-2288-4ACF-9472-878EB7698C53} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.1.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {0183A9F8-933B-47B8-986F-6513B4FB2AC1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-03] (Google Inc -> Google LLC)
Task: {041F0DED-8702-4908-89AE-C88475E8DD7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-08-21] (HP Inc. -> HP Inc.)
Task: {078FA5CA-8761-4E18-8FBB-C3AEF4ADB59E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [143736 2019-09-12] (HP Inc. -> HP Inc.)
Task: {12F62E2A-3043-4504-A301-97E00C546F15} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {263FF756-A709-40CC-99FC-A052A2E937DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-03] (Google Inc -> Google LLC)
Task: {2DC79F64-4407-4283-AA4D-1292C88AF4F2} - System32\Tasks\HP AR Program Upload - e1a0300e7546429686aa7d5c9e0ea8177a0a873dbe314bbb8bc557fe6c28f58d => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {305F5AF0-9A75-41A3-BDA3-E15CBD8CC81E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-10-06] (Adobe Inc. -> Adobe)
Task: {365F9307-7FB0-4948-B8A6-6CFACCFE2B33} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2355848 2019-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {3C6D9D2E-5F51-427F-ABD5-E01C1DBB4CE9} - System32\Tasks\Opera scheduled Autoupdate 1469117722 => C:\Program Files (x86)\Opera\launcher.exe [1357848 2019-10-09] (Opera Software AS -> Opera Software)
Task: {40FF8B07-8EEF-4F3A-8320-E2999B14ABAE} - System32\Tasks\NCH Software\GoldenReminder => C:\Program Files (x86)\NCH Software\Golden\Golden.exe [1729028 2014-10-01] (NCH Software) [File not signed]
Task: {43F0FA31-0F68-4ED2-89E7-1F5330F753E9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27295760 2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {44C3EFD2-0B52-4D15-ADE3-3A5DC85B35B8} - System32\Tasks\{E55B9ED2-94A1-4B39-9585-D903BC8650A1} => C:\Windows\system32\pcalua.exe -a C:\Users\honey\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {4745E3C8-17A6-42B2-9576-24961492BF82} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146000 2019-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {478D33AE-3A2A-4E54-A1F2-538CEE834478} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {4B39A3E9-CE9C-41F3-80F4-4FF4C87C0F9B} - System32\Tasks\AdobeAAMUpdater-1.0-honey-PC-honey => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {4B5F4A62-3DF3-4618-B3C7-5D180BEE9615} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_pepper.exe [1453112 2019-09-29] (Adobe Inc. -> Adobe)
Task: {4C6DF339-E900-40B4-9F24-64E2658DA688} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {504ADE8D-53AD-41F4-A150-C44AAE2FD32F} - System32\Tasks\HPCeeScheduleForhoney => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-24] (Hewlett-Packard Company -> HP Inc.)
Task: {52F7D3E4-D330-409B-9AF9-D737A2969E9B} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {5EF6E241-505A-4C8E-A97A-6F59DE348FDC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [249720 2019-08-19] (HP Inc. -> HP Inc.)
Task: {632F136C-250C-4138-B30D-7E35E8319A70} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.)
Task: {6CA8AC4F-317B-4756-AD88-A86461E1F8C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {730604AD-06A3-4AD4-A113-F558C83D3D57} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {73A8D6DE-9164-42E2-BD03-7AEAE043F58F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2177168 2019-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {73C7C851-6E8F-4094-BB5A-17852FF4143E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [162864 2019-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {74BA7EF2-C74C-46E1-A44A-59B88EA01B28} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {7AD3185F-A40B-4FC5-8A52-0648929945E0} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {7D091B18-36B8-48C9-83FB-70B265EA201E} - System32\Tasks\HP AR Program Upload - 2b96ef6ba8c74a0594e4f206f6677225c10cf07cd91845e98f608a5ba2578cd7 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {7EDC2355-DFFB-4DA8-9BD9-645C5C1665FB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2177168 2019-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {90A8B4A8-0405-4078-81AB-12A84C10B0A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-10-06] (Adobe Inc. -> Adobe)
Task: {90BF968C-CFE1-45B6-B52A-22EA4D8595F4} - System32\Tasks\HP AR Program Upload - 67d6c50ffc9a43a5827c0a40a53c5a1705d9483298c9431aa1172cbd71400a1e => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {99A9AE69-E446-439D-BFC3-6F0E181865D1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27295760 2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {A04C3C48-A8BA-484D-883B-686ECB594CBF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [162864 2019-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {A1D546F8-9713-4A74-A332-E2B175FEE622} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {A2F6D597-75CA-4EA1-A4CB-C66A4EA0736B} - System32\Tasks\{B84DD121-1A93-4031-9700-C7ECBD228184} => C:\Windows\system32\pcalua.exe -a G:\ubuntu\uninstall-wubi.exe -d G:\ubuntu
Task: {A7DEAD99-7A6B-46F5-A6CB-B54DD38F1E56} - System32\Tasks\{9EBA67BE-2107-430C-B5D5-5B6EA9059BBE} => C:\Windows\system32\pcalua.exe -a C:\Users\honey\Downloads\AcroRdrDC1801120035_en_US.exe -d C:\Users\honey\Downloads
Task: {AFB3203A-7E38-4DDC-9D0A-7894B447E73C} - System32\Tasks\HP AR Program Upload - 1f0758f101f44b4f8cc64a7828fdf6aaf8eaff33dc114a2b8c6e284075e9a23f => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {B26E3F61-F187-433D-8F72-D696B03F0606} - System32\Tasks\cFos\Registration Tasks\Open Browser => c:\program files\internet explorer\iexplore.exe "hxxp://www.cfos.de/en/cfosspeed/expiration.htm?sw-10.10.2238&days=-72&ret=11&raw=13&exp=103"
Task: {B52FD053-178D-4D9A-BE14-1514953F5435} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {B541BE90-01B8-44FE-ABDD-8D9EE84C556C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {B68A74E4-7500-4630-82B1-20CC463480E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-08-21] (HP Inc. -> HP Inc.)
Task: {D02875D4-A4F0-4F01-9145-A4048DB1EA49} - System32\Tasks\{DBCAF028-317E-4857-8023-FE39612E1640} => C:\Users\honey\Downloads\kodi-18.4-Leia-x64.exe
Task: {D83FA1DB-6DFB-47F1-963C-6D01C3F1ABEF} - System32\Tasks\{F30508C4-188E-4C34-80DD-53D9F934F86B} => C:\Windows\system32\pcalua.exe -a C:\Users\honey\Downloads\AdobeAIRInstaller(1).exe -d C:\Users\honey\Downloads
Task: {D8CC42C7-E7F7-4067-8ECB-9F895F5AE254} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed]
Task: {D9806E1D-5C57-4516-9A05-7CB28BA015B4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {DB561C93-F22D-4104-9444-520B1A5843F7} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1724928 2019-10-03] () [File not signed]
Task: {DB9FCA76-61A5-4563-A92D-D7701A6AF0A9} - System32\Tasks\{482BA325-2BFA-4F56-84F0-B029EDAC71D4} => C:\Windows\system32\pcalua.exe -a C:\Users\honey\AppData\Local\Temp\jre-9.0.4_windows-x86_bin-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau <==== ATTENTION
Task: {E329F040-2D5B-4C9D-96E1-BE7584FC30E6} - System32\Tasks\Driver Booster SkipUAC (honey) => C:\Program Files (x86)\IObit\Driver Booster\5.3.0\DriverBooster.exe
Task: {F1334C95-C71D-4998-8D0E-1F45738519BD} - System32\Tasks\HP AR Program Upload - dfcb88f1f61d4f16bf90de32685894773c8ba217ebc74ddd85dc35ba23ed5138 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {F45925A8-ACC4-4487-A0F6-EA2514209988} - System32\Tasks\{89E853D0-A00E-4318-898F-019148F59109} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForhoney.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{02FD14B9-3C65-4E96-8DE4-9F354F8093EF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FB95A44C-09DA-444F-9634-F38025F66432}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{FB95A44C-09DA-444F-9634-F38025F66432}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1504722108279
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: x85otvh9.default-1452453708882-1533826311977
FF ProfilePath: C:\Users\honey\AppData\Roaming\Mozilla\Firefox\Profiles\x85otvh9.default-1452453708882-1533826311977 [2019-10-10]
FF Session Restore: Mozilla\Firefox\Profiles\x85otvh9.default-1452453708882-1533826311977 -> is enabled.
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\honey\AppData\Roaming\Mozilla\Firefox\Profiles\x85otvh9.default-1452453708882-1533826311977\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2019-09-16]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\honey\AppData\Roaming\Mozilla\Firefox\Profiles\x85otvh9.default-1452453708882-1533826311977\Extensions\sp@avast.com.xpi [2019-10-09]
FF Extension: (Avast Online Security) - C:\Users\honey\AppData\Roaming\Mozilla\Firefox\Profiles\x85otvh9.default-1452453708882-1533826311977\Extensions\wrc@avast.com.xpi [2019-10-09]
FF Extension: (Bulk Image Downloader) - C:\Users\honey\AppData\Roaming\Mozilla\Firefox\Profiles\x85otvh9.default-1452453708882-1533826311977\Extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi [2019-02-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-10-06] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-10-06] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> bing.com
CHR StartupUrls: Default -> "hxxps://www.facebook.com/photo.php?fbid=1616609611923396&set=pcb.1616614325256258&type=3&theater","hxxps://www.facebook.com/otilia.larreamarriott","chrome://newtab/","hxxps://enelcaminocorrecto.blogspot.com/2014/06/efectos-cientificos-observados-al.html?m=1","hxxps://larepublica.pe/politica/1280908-cesar-hildebrandt-gesto-luego-le-pidieran-definir-alan-garcia-video","hxxps://larepublica.pe/politica/1280204-audios-cnm-comision-justicia-convoca-consejeros","hxxps://larepublica.pe/mundo/1280542-india-cinco-menores-violan-nina-8-anos-despues-ver-pornografia-celular-abuso-infantil-sahaspur","hxxps://www.google.com/search?q=QUE+ARDA+TROYA&oq=QUE+ARDA+TROYA&aqs=chrome..69i57j0l5.15224j0j7&sourceid=chrome&ie=UTF-8","chrome://newtab/","hxxps://www.facebook.com/otilia.larreamarriott","hxxps://www.facebook.com/katia.larrealatorre/posts/1896316593754057?comment_id=1897156217003428&notif_id=1532390651426407&notif_t=feed_comment_reply","hxxps://larepublica.pe/mundo/1284439-estados-unidos-diario-reduce-mitad-redaccion-vengan"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default [2019-10-12]
CHR DownloadDir: C:\Users\honey\Downloads
CHR Extension: (Google Translate) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2019-08-03]
CHR Extension: (Session Manager) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2019-08-03]
CHR Extension: (YouTube) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-03]
CHR Extension: (Bulk Image Downloader) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\facoldpeadablbngjnohbmgaehknhcaj [2019-08-03]
CHR Extension: (AdBlock) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-10-12]
CHR Extension: (Terms of Service; Didn’t Read) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdoplcnndgiblooccencgcggcoihigg [2019-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Peek-a-tab, Tabs Manager for Google Chromeâ„¢) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnpdamdaknpnohmlbnmgphiodghbohop [2019-08-03]
CHR Extension: (Gmail) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-03]
CHR Extension: (Chrome Media Router) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (DuckDuckGo for Opera) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2019-04-03]
OPR Extension: (Bulk Image Downloader) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\facoldpeadablbngjnohbmgaehknhcaj [2019-08-13]
OPR Extension: (MyJDownloader Browser Extension) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbclnkmbcmdfamfeaagadifibbongnmf [2019-08-26]
OPR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\glaedmooikiamindhmfcfccncmmdagge [2019-10-01]
OPR Extension: (Install Chrome Extensions) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-09-19]
OPR Extension: (Terms of Service; Didn’t Read) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\lolkidmnimmcadfncfemieniekkkabcn [2019-06-06]
OPR Extension: (Google Translate) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\mchdgimobfnilobnllpdnompfjkkfdmi [2019-10-02]
OPR Extension: (Amazon Assistant for Opera) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2019-08-22]
OPR Extension: (Mate Translate – translator, dictionary) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\ollghamalkmmhboihmhoaaobmamehjgn [2019-09-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [246784 2015-12-19] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11642376 2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
S4 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885560 2019-05-15] (Intel(R) Software Development Products -> )
S4 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [358264 2019-08-07] (HP Inc. -> HP Inc.)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
S4 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S4 Realtek87B; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-08-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation -> Microsoft Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S4 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [205112 2019-05-15] (Intel(R) Software Development Products -> )
S4 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885560 2019-05-15] (Intel(R) Software Development Products -> )
S3 Visual Studio Analyzer RPC bridge; C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [23240 2016-04-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [21634560 2015-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [665600 2015-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [118184 2018-05-14] (Alcorlink Corp. -> )
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2016-07-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] (ReactOS Foundation -> )
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [87424 2018-08-09] (D3L -> Dokan Project)
R2 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [771224 2014-08-26] (Kasherlab Technology Inc. -> www.ext2fsd.com)
R3 HCW723x; C:\Windows\System32\DRIVERS\HCW723x.sys [1847680 2012-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Hauppauge Computer Works, Inc.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-04-06] (Martin Malik - REALiX -> REALiX(tm))
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-03-28] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2215056 2014-08-14] (MEDIATEK INC. -> MediaTek Inc.)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2502288 2015-12-30] (MEDIATEK INC. -> MediaTek Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R1 npcap; C:\Windows\System32\DRIVERS\npcap.sys [69432 2019-09-04] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\System32\DRIVERS\npcap.sys [69432 2019-09-04] (Insecure.Com LLC -> Insecure.Com LLC.)
R1 npf; C:\Windows\System32\DRIVERS\npf.sys [69432 2019-09-04] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 rspWhySoSlow; C:\Windows\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 RTL8187; C:\Windows\System32\DRIVERS\rtl8187.sys [448512 2010-01-07] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation )
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [43008 2018-07-18] (Intel Corporation -> )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-09] (Synaptics Incorporated -> Synaptics Incorporated)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2015-10-02] (The OpenVPN Project) [File not signed]
S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [8944 1999-05-05] (Microsoft Corporation) [File not signed]
U3 aswbdisk; no ImagePath
U4 npf_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-12 20:14 - 2019-10-12 20:16 - 000047856 _____ C:\Users\honey\Downloads\FRST.txt
2019-10-12 20:14 - 2019-10-12 20:15 - 000000000 ____D C:\FRST
2019-10-12 20:13 - 2019-10-12 20:13 - 001616384 _____ (Farbar) C:\Users\honey\Downloads\FRST64.exe
2019-10-12 19:34 - 2019-10-12 19:34 - 000001799 _____ C:\Users\honey\Desktop\MagicISO.lnk
2019-10-12 19:34 - 2019-10-12 19:34 - 000000000 ____D C:\Users\honey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2019-10-12 19:34 - 2019-10-12 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2019-10-12 18:55 - 2019-10-12 18:55 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2019-10-12 18:55 - 2019-10-12 18:55 - 000002120 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2019-10-12 18:55 - 2019-10-12 18:55 - 000002120 _____ C:\ProgramData\Desktop\Belarc Advisor.lnk
2019-10-12 18:55 - 2019-10-12 18:55 - 000000000 ____D C:\Program Files (x86)\Belarc
2019-10-10 20:19 - 2019-10-10 20:19 - 045267120 _____ (AppWork GmbH) C:\Users\honey\Downloads\JDownloaderSetup.exe
2019-10-10 20:17 - 2019-10-10 20:17 - 000791120 _____ (NCH Software) C:\Users\honey\Downloads\grsetup.exe
2019-10-10 17:22 - 2019-10-10 17:22 - 000002118 _____ C:\Users\honey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2019-10-09 23:02 - 2019-10-04 04:36 - 000000000 ____D C:\Users\honey\Downloads\ffmpeg
2019-10-09 22:42 - 2019-10-09 22:42 - 000000000 ____D C:\Users\honey\Downloads\hjsplit
2019-10-09 20:02 - 2019-10-09 20:02 - 000000979 _____ C:\Users\honey\Desktop\GrabIt.lnk
2019-10-09 20:02 - 2019-10-09 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrabIt
2019-10-09 20:02 - 2019-10-09 20:02 - 000000000 ____D C:\Program Files (x86)\GrabIt
2019-10-09 19:44 - 2019-10-09 19:44 - 000003910 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-10-09 19:35 - 2019-10-09 19:37 - 023903179 _____ C:\Users\honey\Downloads\NZBIndex-download.nzb
2019-10-09 12:49 - 2014-08-14 21:25 - 002215056 _____ (MediaTek Inc.) C:\Windows\system32\Drivers\netr28ux.sys
2019-10-09 12:49 - 2014-08-06 19:17 - 000091412 _____ C:\Windows\system32\Drivers\FW_7662.bin
2019-10-09 12:49 - 2014-07-24 12:08 - 000020626 _____ C:\Windows\system32\Drivers\Patch_7662.bin
2019-10-09 11:58 - 2019-10-07 02:49 - 000390752 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-10-09 11:58 - 2019-10-07 01:57 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-10-09 11:58 - 2019-10-06 00:12 - 025753088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-10-09 11:58 - 2019-10-06 00:00 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-10-09 11:58 - 2019-10-06 00:00 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-10-09 11:58 - 2019-10-05 23:49 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-10-09 11:58 - 2019-10-05 23:48 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-10-09 11:58 - 2019-10-05 23:47 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-10-09 11:58 - 2019-10-05 23:47 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-10-09 11:58 - 2019-10-05 23:47 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-10-09 11:58 - 2019-10-05 23:46 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-10-09 11:58 - 2019-10-05 23:41 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-10-09 11:58 - 2019-10-05 23:40 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-10-09 11:58 - 2019-10-05 23:38 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-10-09 11:58 - 2019-10-05 23:37 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-10-09 11:58 - 2019-10-05 23:37 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-10-09 11:58 - 2019-10-05 23:36 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-10-09 11:58 - 2019-10-05 23:36 - 000797696 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-10-09 11:58 - 2019-10-05 23:34 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-10-09 11:58 - 2019-10-05 23:32 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-10-09 11:58 - 2019-10-05 23:31 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-10-09 11:58 - 2019-10-05 23:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-10-09 11:58 - 2019-10-05 23:28 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-10-09 11:58 - 2019-10-05 23:23 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-10-09 11:58 - 2019-10-05 23:22 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-10-09 11:58 - 2019-10-05 23:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-10-09 11:58 - 2019-10-05 23:19 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-10-09 11:58 - 2019-10-05 23:19 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-10-09 11:58 - 2019-10-05 23:18 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-10-09 11:58 - 2019-10-05 23:18 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-10-09 11:58 - 2019-10-05 23:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-10-09 11:58 - 2019-10-05 23:17 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-10-09 11:58 - 2019-10-05 23:17 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-10-09 11:58 - 2019-10-05 23:16 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-10-09 11:58 - 2019-10-05 23:16 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-10-09 11:58 - 2019-10-05 23:15 - 002302464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-10-09 11:58 - 2019-10-05 23:12 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-10-09 11:58 - 2019-10-05 23:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-10-09 11:58 - 2019-10-05 23:11 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-10-09 11:58 - 2019-10-05 23:10 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-10-09 11:58 - 2019-10-05 23:10 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-10-09 11:58 - 2019-10-05 23:10 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-10-09 11:58 - 2019-10-05 23:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-10-09 11:58 - 2019-10-05 23:05 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-10-09 11:58 - 2019-10-05 23:05 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-10-09 11:58 - 2019-10-05 23:03 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-10-09 11:58 - 2019-10-05 23:03 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-10-09 11:58 - 2019-10-05 23:03 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-10-09 11:58 - 2019-10-05 23:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-10-09 11:58 - 2019-10-05 23:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-10-09 11:58 - 2019-10-05 22:59 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-10-09 11:58 - 2019-10-05 22:58 - 015413760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-10-09 11:58 - 2019-10-05 22:57 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-10-09 11:58 - 2019-10-05 22:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-10-09 11:58 - 2019-10-05 22:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-10-09 11:58 - 2019-10-05 22:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-10-09 11:58 - 2019-10-05 22:55 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-10-09 11:58 - 2019-10-05 22:53 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-10-09 11:58 - 2019-10-05 22:50 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-10-09 11:58 - 2019-10-05 22:49 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-10-09 11:58 - 2019-10-05 22:48 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-10-09 11:58 - 2019-10-05 22:48 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-10-09 11:58 - 2019-10-05 22:45 - 013808640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-10-09 11:58 - 2019-10-05 22:45 - 001566208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-10-09 11:58 - 2019-10-05 22:35 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-10-09 11:58 - 2019-10-05 22:34 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-10-09 11:58 - 2019-10-05 22:32 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-10-09 11:58 - 2019-10-05 22:30 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-10-09 11:58 - 2019-09-19 00:27 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2019-10-09 11:58 - 2019-09-16 22:32 - 004060896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-10-09 11:58 - 2019-09-16 22:32 - 003966688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-10-09 11:58 - 2019-09-16 22:32 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-10-09 11:58 - 2019-09-16 22:32 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-10-09 11:58 - 2019-09-16 22:31 - 005552864 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-10-09 11:58 - 2019-09-16 22:31 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-10-09 11:58 - 2019-09-16 22:31 - 000263904 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-10-09 11:58 - 2019-09-16 22:31 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-10-09 11:58 - 2019-09-16 22:31 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-10-09 11:58 - 2019-09-16 22:30 - 001670784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:04 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-10-09 11:58 - 2019-09-16 22:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-10-09 11:58 - 2019-09-16 22:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-10-09 11:58 - 2019-09-16 22:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-10-09 11:58 - 2019-09-16 22:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-10-09 11:58 - 2019-09-16 21:59 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-10-09 11:58 - 2019-09-16 21:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-10-09 11:58 - 2019-09-16 21:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-10-09 11:58 - 2019-09-16 21:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-10-09 11:58 - 2019-09-16 21:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-10-09 11:58 - 2019-09-16 21:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-10-09 11:58 - 2019-09-16 21:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 21:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 21:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 21:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 21:56 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-10-09 11:58 - 2019-09-16 21:56 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-10-09 11:58 - 2019-09-16 21:55 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-10-09 11:58 - 2019-09-16 21:53 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-10-09 11:58 - 2019-09-16 21:53 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-10-09 11:58 - 2019-09-16 21:52 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-10-09 11:58 - 2019-09-16 21:52 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-10-09 11:58 - 2019-09-16 21:52 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-10-09 11:58 - 2019-09-16 21:52 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-10-09 11:58 - 2019-09-16 21:51 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-10-09 11:58 - 2019-09-16 21:51 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-10-09 11:58 - 2019-09-16 21:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-10-09 11:58 - 2019-09-16 21:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-10-09 11:58 - 2019-09-16 21:51 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-10-09 11:58 - 2019-09-16 21:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-10-09 11:58 - 2019-09-16 20:13 - 000455392 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-10-09 11:58 - 2019-09-11 00:56 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-10-09 11:58 - 2019-09-11 00:56 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-10-09 11:58 - 2019-09-09 22:27 - 000383488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-10-09 11:58 - 2019-09-09 22:27 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-10-09 11:58 - 2019-09-09 22:27 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-10-09 11:58 - 2019-09-09 22:24 - 001281536 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-10-09 11:58 - 2019-09-09 22:24 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-10-09 11:58 - 2019-09-09 22:24 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-10-09 11:58 - 2019-09-09 22:24 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-10-09 11:58 - 2019-09-09 22:24 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-10-09 11:58 - 2019-09-09 22:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-10-09 11:58 - 2019-09-09 22:02 - 006135296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-10-09 11:58 - 2019-09-09 22:00 - 000361472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-10-09 11:58 - 2019-09-09 22:00 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-10-09 11:58 - 2019-09-09 22:00 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-10-09 11:58 - 2019-09-09 22:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-10-09 11:58 - 2019-09-09 22:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-10-09 11:58 - 2019-09-09 21:54 - 003231744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-10-09 11:58 - 2019-09-09 21:53 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-10-09 11:58 - 2019-09-09 21:53 - 000152576 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-10-09 11:58 - 2019-09-09 21:53 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-10-09 11:58 - 2019-09-09 21:53 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-10-09 11:58 - 2019-09-09 21:52 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2019-10-09 11:58 - 2019-09-09 21:49 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-10-09 11:58 - 2019-09-09 20:09 - 007082496 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-10-09 11:58 - 2019-09-09 20:09 - 003187712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-10-08 15:17 - 2019-10-08 15:17 - 000002960 _____ C:\Windows\system32\Tasks\{DBCAF028-317E-4857-8023-FE39612E1640}
2019-10-08 15:17 - 2019-10-08 15:17 - 000000000 ____D C:\Users\honey\AppData\Roaming\Kodi
2019-10-08 15:17 - 2019-10-08 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2019-10-08 15:17 - 2019-10-08 15:17 - 000000000 ____D C:\Program Files\Kodi
2019-10-05 13:36 - 2019-10-10 20:23 - 000000000 ____D C:\Users\honey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2019-10-04 13:44 - 2009-06-10 16:41 - 000000256 _____ C:\Windows\system32\Drivers\brmsl07a.bin
2019-10-04 10:42 - 2019-09-11 23:53 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-10-04 10:42 - 2019-09-11 23:52 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-10-04 10:42 - 2019-09-11 23:52 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-10-04 10:42 - 2019-09-11 23:44 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-10-04 10:42 - 2019-09-11 23:44 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-10-04 10:42 - 2019-09-11 23:44 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-10-04 10:42 - 2019-09-11 23:44 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-10-04 10:42 - 2019-09-11 23:44 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-10-04 10:42 - 2019-09-11 23:24 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-10-03 19:49 - 2019-10-03 20:24 - 000000508 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2019-09-30 15:14 - 2019-09-30 15:14 - 000000000 ____D C:\Users\honey\AppData\Local\PackageAware
2019-09-28 16:09 - 2019-09-28 16:09 - 001151544 _____ (Google LLC) C:\Users\honey\Downloads\ChromeSetup.exe
2019-09-24 14:11 - 2019-09-24 14:11 - 000000000 ____D C:\Users\honey\AppData\Local\GHISLER
2019-09-24 14:10 - 2019-09-24 14:11 - 000000000 ____D C:\totalcmd
2019-09-24 14:10 - 2019-09-24 14:10 - 000000646 _____ C:\Users\honey\Desktop\Total Commander 64 bit.lnk
2019-09-24 14:10 - 2019-09-24 14:10 - 000000000 ____D C:\Users\honey\AppData\Roaming\GHISLER
2019-09-23 15:11 - 2019-09-23 15:11 - 000000000 ____D C:\ProgramData\CleverFiles
2019-09-23 15:10 - 2019-09-23 17:52 - 000000000 ____D C:\Users\honey\AppData\Local\DiskDrill
2019-09-23 15:10 - 2019-09-23 15:10 - 000000000 ____D C:\Program Files\Dokan
2019-09-23 15:10 - 2018-08-09 15:31 - 000087424 _____ (Dokan Project) C:\Windows\system32\Drivers\dokan1.sys
2019-09-23 15:08 - 2019-09-23 15:08 - 000000000 ____D C:\Users\honey\Downloads\cports-x64
2019-09-23 15:07 - 2019-09-23 15:07 - 000081030 _____ C:\Users\honey\Downloads\produkey-x64.zip
2019-09-23 15:07 - 2019-09-23 15:07 - 000000000 ____D C:\Users\honey\Downloads\produkey-x64
2019-09-23 15:04 - 2019-09-23 15:04 - 000131114 _____ C:\Users\honey\Downloads\cports-x64.zip
2019-09-23 14:59 - 2019-09-23 15:07 - 000000000 ____D C:\Users\honey\Downloads\filetypesman-x64
2019-09-23 14:59 - 2019-09-23 14:59 - 000096810 _____ C:\Users\honey\Downloads\filetypesman-x64.zip
2019-09-23 14:54 - 2019-09-23 15:01 - 000000000 ____D C:\Users\honey\Downloads\appnetworkcounter-x64
2019-09-23 14:54 - 2019-09-23 14:56 - 000000000 ____D C:\Users\honey\Downloads\livetcpudpwatch-x64
2019-09-23 14:53 - 2019-09-23 14:56 - 000000000 ____D C:\Users\honey\AppData\Roaming\Wireshark
2019-09-23 14:53 - 2019-09-23 14:53 - 000001746 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2019-09-23 14:52 - 2019-09-23 17:52 - 000000000 ____D C:\Program Files\Npcap
2019-09-23 14:52 - 2019-09-23 14:52 - 000003096 _____ C:\Windows\system32\Tasks\npcapwatchdog
2019-09-23 14:52 - 2019-09-23 14:52 - 000000000 ____D C:\Windows\SysWOW64\Npcap
2019-09-23 14:52 - 2019-09-23 14:52 - 000000000 ____D C:\Windows\system32\Npcap
2019-09-23 14:51 - 2019-09-23 14:53 - 000000000 ____D C:\Program Files\Wireshark
2019-09-23 14:50 - 2019-09-24 14:12 - 000000546 _____ C:\Users\honey\advanced_ip_scanner_MAC.bin
2019-09-23 14:50 - 2019-09-24 14:12 - 000000015 _____ C:\Users\honey\advanced_ip_scanner_Comments.bin
2019-09-23 14:50 - 2019-09-24 14:12 - 000000015 _____ C:\Users\honey\advanced_ip_scanner_Aliases.bin
2019-09-23 14:49 - 2019-09-23 14:49 - 000071244 _____ C:\Users\honey\Downloads\appnetworkcounter-x64.zip
2019-09-23 14:48 - 2019-09-23 14:48 - 000083573 _____ C:\Users\honey\Downloads\livetcpudpwatch-x64.zip
2019-09-23 14:45 - 2019-09-23 14:46 - 059271840 _____ (Wireshark development team) C:\Users\honey\Downloads\Wireshark-win64-3.0.5.exe
2019-09-23 14:39 - 2019-09-23 14:39 - 000000981 _____ C:\Users\Public\Desktop\Advanced IP Scanner.lnk
2019-09-23 14:39 - 2019-09-23 14:39 - 000000981 _____ C:\ProgramData\Desktop\Advanced IP Scanner.lnk
2019-09-23 14:39 - 2019-09-23 14:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
2019-09-23 14:39 - 2019-09-23 14:39 - 000000000 ____D C:\Program Files (x86)\Advanced IP Scanner
2019-09-22 14:58 - 2019-09-22 15:00 - 000000000 ____D C:\Users\honey\Downloads\Viejos Amigos - Película Peruana Completa
2019-09-15 13:36 - 2019-09-15 13:36 - 000000923 _____ C:\Users\honey\Desktop\Fast Duplicate File Finder.lnk
2019-09-15 13:36 - 2019-09-15 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Duplicate File Finder
2019-09-15 13:36 - 2019-09-15 13:36 - 000000000 ____D C:\Program Files\Fast Duplicate File Finder
2019-09-12 18:34 - 2019-10-12 19:32 - 000001714 _____ C:\Users\honey\Desktop\SFCFix.txt
2019-09-12 13:54 - 2019-09-12 13:54 - 000001038 _____ C:\Users\honey\Desktop\URLSnooper 2.lnk
2019-09-12 13:54 - 2019-09-12 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URLSnooper2
2019-09-12 13:54 - 2019-09-12 13:54 - 000000000 ____D C:\Program Files (x86)\WinPcap
2019-09-12 13:54 - 2019-09-12 13:54 - 000000000 ____D C:\Program Files (x86)\URLSnooper2

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-12 20:11 - 2016-07-26 11:57 - 000000000 ____D C:\Users\honey\AppData\Local\JDownloader 2.0
2019-10-12 20:09 - 2019-07-29 12:41 - 000000000 ____D C:\Users\honey\Downloads\\
2019-10-12 19:34 - 2014-04-06 19:18 - 000000000 ____D C:\Program Files (x86)\MagicISO
2019-10-12 19:32 - 2018-05-31 20:39 - 000000000 ____D C:\SFCFix
2019-10-12 19:32 - 2016-01-25 19:38 - 000000000 ____D C:\Users\honey\AppData\Local\niemiro
2019-10-12 19:01 - 2009-07-14 00:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-10-12 19:01 - 2009-07-14 00:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-10-12 17:32 - 2014-02-09 16:38 - 000000000 ____D C:\Users\honey\Downloads\AUTODESK.AUTOCAD.V2014.WIN32-ISO
2019-10-12 16:19 - 2018-03-17 13:49 - 000003926 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{20D74601-D866-4B96-B4D0-83F83FBD47F5}
2019-10-12 10:01 - 2018-02-22 10:56 - 000000000 ____D C:\Users\honey\AppData\Local\Adobe
2019-10-12 09:56 - 2016-01-15 15:12 - 000811318 _____ C:\Windows\system32\perfh00A.dat
2019-10-12 09:56 - 2016-01-15 15:12 - 000183486 _____ C:\Windows\system32\perfc00A.dat
2019-10-12 09:56 - 2009-07-14 01:13 - 001863536 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-12 09:56 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2019-10-12 09:51 - 2015-10-20 20:52 - 000000093 _____ C:\HaxLogs.txt
2019-10-12 09:51 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-11 14:41 - 2019-07-23 10:32 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-11 14:41 - 2018-05-31 11:46 - 000000000 ____D C:\Program Files\Microsoft Office
2019-10-11 14:41 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-10-10 20:16 - 2014-10-01 17:55 - 000000000 ____D C:\Windows\system32\Tasks\NCH Software
2019-10-10 20:15 - 2014-10-01 17:55 - 000000000 ____D C:\Users\honey\AppData\Roaming\NCH Software
2019-10-10 20:15 - 2014-10-01 17:55 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-10-10 20:14 - 2014-10-01 17:55 - 000000000 ____D C:\ProgramData\NCH Software
2019-10-10 20:08 - 2014-01-02 00:10 - 000000000 ____D C:\ProgramData\AVAST Software
2019-10-10 17:22 - 2019-07-23 10:36 - 000003174 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-404867302-3797044342-2971219209-1000
2019-10-10 17:22 - 2019-07-23 10:36 - 000000000 ___RD C:\Users\honey\OneDrive
2019-10-10 14:19 - 2014-01-15 17:21 - 000000000 ___RD C:\Users\honey\Documents\Scanned Documents
2019-10-10 10:41 - 2017-09-14 11:29 - 000000000 ____D C:\Users\honey\Downloads\minerd-x11-gost
2019-10-10 10:08 - 2018-08-09 10:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-10-09 22:47 - 2018-06-07 11:57 - 000003222 _____ C:\Windows\system32\Tasks\klcp_update
2019-10-09 22:47 - 2018-02-27 20:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2019-10-09 22:47 - 2018-02-27 20:34 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2019-10-09 22:46 - 2014-01-01 23:40 - 000000000 ____D C:\Users\honey
2019-10-09 20:04 - 2018-08-09 10:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-09 20:04 - 2016-11-18 15:03 - 000000000 ____D C:\Users\honey\AppData\LocalLow\Mozilla
2019-10-09 19:59 - 2018-01-24 13:40 - 000003846 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1469117722
2019-10-09 19:59 - 2016-07-21 12:14 - 000000000 ____D C:\Program Files (x86)\Opera
2019-10-09 19:33 - 2015-06-17 11:18 - 000000000 ____D C:\Users\honey\Documents\Bulk Image Downloader
2019-10-09 16:45 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2019-10-09 12:54 - 2014-12-05 16:39 - 000000000 ____D C:\ProgramData\Package Cache
2019-10-09 12:49 - 2014-01-02 00:12 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-10-09 12:41 - 2018-09-26 10:20 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForhoney.job
2019-10-09 12:41 - 2016-05-17 21:58 - 003780424 _____ C:\Windows\system32\FNTCACHE.DAT
2019-10-09 12:40 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-10-09 12:06 - 2014-02-25 21:23 - 001842680 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-10-09 12:06 - 2014-01-02 00:39 - 000000000 ____D C:\Windows\system32\MRT
2019-10-09 12:00 - 2014-01-02 00:39 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-10-09 10:16 - 2018-09-26 10:20 - 000003186 _____ C:\Windows\system32\Tasks\HPCeeScheduleForhoney
2019-10-08 14:11 - 2009-07-13 23:20 - 000000000 __RHD C:\Users\Public\Libraries
2019-10-08 13:18 - 2017-10-16 10:50 - 000000000 ____D C:\Program Files\Malwarebytes
2019-10-08 13:18 - 2014-11-21 20:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-07 20:52 - 2019-08-03 17:43 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-07 20:52 - 2019-08-03 17:43 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-07 20:49 - 2014-01-02 00:18 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-07 09:45 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2019-10-07 00:00 - 2015-10-28 11:16 - 000000000 ____D C:\Users\honey\AppData\Local\ElevatedDiagnostics
2019-10-06 15:45 - 2019-08-07 12:07 - 000000000 ____D C:\Users\honey\Downloads\2019-05-27-0310
2019-10-06 09:39 - 2018-03-13 17:27 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-10-06 09:39 - 2018-03-09 12:56 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-10-06 09:39 - 2018-03-09 12:56 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-10-06 09:39 - 2018-03-09 12:56 - 000004324 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-10-06 09:39 - 2014-01-02 11:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-10-06 09:39 - 2014-01-02 11:37 - 000000000 ____D C:\Windows\system32\Macromed
2019-10-04 13:44 - 2017-12-23 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tenda Wireless
2019-10-04 13:44 - 2017-12-23 13:15 - 000000000 ____D C:\Program Files (x86)\Tenda
2019-10-04 10:50 - 2018-02-28 11:47 - 000003718 _____ C:\Windows\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-10-02 19:25 - 2019-01-31 14:52 - 000001002 _____ C:\Users\honey\Downloads\New Text Document (11).txt
2019-10-01 14:10 - 2019-08-23 14:04 - 000893802 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2019-10-01 14:10 - 2018-08-26 16:17 - 000002159 _____ C:\Users\honey\Desktop\Tweaking.com - Windows Repair.lnk
2019-09-29 11:18 - 2018-10-16 12:23 - 000004474 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-09-28 16:13 - 2019-08-03 17:43 - 000002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-28 16:13 - 2019-08-03 17:43 - 000002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-28 16:13 - 2019-08-03 17:43 - 000002255 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-09-24 20:01 - 2014-09-05 14:50 - 000051832 _____ C:\Users\honey\Documents\untitled.fdff
2019-09-19 14:04 - 2015-06-17 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Image Downloader
2019-09-19 14:04 - 2015-06-17 11:09 - 000000000 ____D C:\Program Files (x86)\Bulk Image Downloader
2019-09-18 14:43 - 2015-04-15 07:21 - 000000000 ____D C:\Users\honey\AppData\Local\CrashDumps
2019-09-16 17:04 - 2015-01-13 20:14 - 000000000 ____D C:\Users\honey\AppData\Roaming\HandBrake
2019-09-12 18:22 - 2018-07-31 15:59 - 000000000 ____D C:\Windows\SoftwareDistribution-WinUpdFix-Old
2019-09-12 13:54 - 2015-07-20 16:48 - 000000000 ____D C:\Users\honey\Documents\DonationCoder

==================== Files in the root of some directories ================

2017-09-07 12:27 - 2017-09-07 12:58 - 007649280 _____ () C:\Program Files (x86)\GUT4730.tmp
2014-04-20 11:09 - 2016-04-08 20:25 - 000000132 _____ () C:\Users\honey\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-13 14:26 - 2015-01-13 14:26 - 000099384 _____ () C:\Users\honey\AppData\Roaming\inst.exe
2015-01-13 14:26 - 2015-01-13 14:26 - 000007859 _____ () C:\Users\honey\AppData\Roaming\pcouffin.cat
2015-01-13 14:26 - 2015-01-13 14:26 - 000001167 _____ () C:\Users\honey\AppData\Roaming\pcouffin.inf
2015-01-13 14:26 - 2015-01-13 14:26 - 000082816 _____ (VSO Software) C:\Users\honey\AppData\Roaming\pcouffin.sys
2015-03-05 21:40 - 2015-03-05 21:43 - 000000164 _____ () C:\Users\honey\AppData\Roaming\PLGComp.ini
2015-01-08 14:20 - 2015-01-08 19:12 - 000000600 _____ () C:\Users\honey\AppData\Roaming\winscp.rnd
2014-01-06 22:06 - 2016-05-09 16:45 - 000001456 _____ () C:\Users\honey\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-04-05 18:18 - 2014-04-05 18:18 - 000220543 _____ () C:\Users\honey\AppData\Local\debuggee.mdmp
2015-07-20 16:48 - 2015-07-20 16:48 - 000000058 _____ () C:\Users\honey\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-09-30 16:29 - 2016-02-13 23:02 - 000000600 _____ () C:\Users\honey\AppData\Local\PUTTY.RND
2017-12-27 11:35 - 2017-12-27 11:35 - 000000017 _____ () C:\Users\honey\AppData\Local\resmon.resmoncfg
2016-08-12 10:41 - 2016-08-12 10:47 - 000000000 _____ () C:\Users\honey\AppData\Local\{46640771-B048-4412-BD25-92639EF3890A}
2018-09-27 09:57 - 2018-09-27 09:57 - 000000000 _____ () C:\Users\honey\AppData\Local\{63CAEF5A-0DA1-4B1E-9444-74105835B8C6}
2018-12-21 11:12 - 2018-12-21 11:12 - 000000000 _____ () C:\Users\honey\AppData\Local\{6B5613CD-1521-4049-828C-4CDD5E0AC55C}
2018-12-21 11:12 - 2018-12-21 11:12 - 000000000 _____ () C:\Users\honey\AppData\Local\{6D1E2517-5415-44EB-A953-CBF3D1D8DA93}
2016-07-23 10:45 - 2016-07-23 10:45 - 000000000 _____ () C:\Users\honey\AppData\Local\{8219B69E-E1E9-4066-8B28-390A4A955369}
2015-01-01 10:27 - 2015-01-01 10:27 - 000000000 _____ () C:\Users\honey\AppData\Local\{88776969-F896-4B93-A57E-F32DE3EF4D36}
2018-09-27 09:57 - 2018-09-27 09:57 - 000000000 _____ () C:\Users\honey\AppData\Local\{8F1CBB7B-C05D-432B-ABEE-3037B0DA8502}
2016-08-12 10:41 - 2016-08-12 10:47 - 000000000 _____ () C:\Users\honey\AppData\Local\{B9D9E880-9DEF-4903-A9B5-544C31EA3A2D}

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\Windows\SysWOW64\vfpodbc.dll [1998-06-16] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-10-10 13:10
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019 02
Ran by honey (12-10-2019 20:20:18)
Running from C:\Users\honey\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-01-02 03:40:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-404867302-3797044342-2971219209-500 - Administrator - Disabled)
Guest (S-1-5-21-404867302-3797044342-2971219209-501 - Limited - Enabled)
honey (S-1-5-21-404867302-3797044342-2971219209-1000 - Administrator - Enabled) => C:\Users\honey
VUSR_HONEY-PC (S-1-5-21-404867302-3797044342-2971219209-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink)
A1 Sitemap Generator (HKLM-x32\...\8FA512B2AB9F48E48319F817302934AC_is1) (Version: 2.2.0 - Microsys)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.255 - Adobe)
Adobe Premiere Pro CS5.5 (HKLM-x32\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
Advanced IP Scanner 2.5 (HKLM-x32\...\{816038FA-53B2-4F36-A9F2-8F6B8B81C7B0}) (Version: 2.5.3850 - Famatech)
AdWords Editor (HKLM-x32\...\{64427C94-5A22-4743-8772-B2D9B9FD5283}) (Version: 11.0.3 - Google)
AMD Catalyst Install Manager (HKLM\...\{D2A53F8D-3924-E600-6023-883B255E3812}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
AVI to DVD Converter (HKLM-x32\...\AVI to DVD Converter) (Version: 3.0.26.0314 - Xilisoft)
Belarc Advisor 9.0 (HKLM-x32\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.)
BleachBit 2.2 (HKLM-x32\...\BleachBit) (Version: 2.2 - BleachBit)
BS1 General Ledger 2014.2 (HKLM-x32\...\BS1 General Ledger 2014.2_is1) (Version: - Davis Software)
Bulk Image Downloader v5.48.0.0 (HKLM-x32\...\Bulk Image Downloader_is1) (Version: 5.48 - Antibody Software)
Bulk Rename Utility 2.7.1.3 (HKLM-x32\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
CD Recovery Toolbox Free 2.1 (HKLM-x32\...\CD Recovery Toolbox Free_is1) (Version: - Recovery Toolbox, Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
CuteFTP 8 Professional (HKLM-x32\...\{91F34319-08DE-457a-99C0-0BCDFAC145B9}) (Version: 8.3.4 - GlobalSCAPE)
davehope.co.uk Product Key Finder (HKLM-x32\...\Product Key Finder_is1) (Version: - davehope.co.uk)
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
DMG Extractor (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\DMG Extractor) (Version: 1.3.15.0 - Reincubate Ltd)
Dokan Library 1.2.0.1000 (x64) (HKLM\...\{65A3A964-3DC3-0102-0000-180809151012}) (Version: 1.2.0.1000 - Dokany Project) Hidden
Dokan Library 1.2.0.1000 Bundle (HKLM-x32\...\{c2f619b0-68fd-4433-970e-cd66cd7a2775}) (Version: 1.2.0.1000 - Dokany Project)
DotNetBar for Windows Forms (HKLM-x32\...\{316FC9F6-6343-42AC-BC26-6337C9CD1A8E}) (Version: 10.0.0.3 - DevComponents)
dpeg Cicada (HKLM-x32\...\dpeg_Cicada) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Easy HTML5 Video (HKLM-x32\...\Easy HTML5 Video_is1) (Version: - )
Email Extractor (HKLM-x32\...\{30482B99-CAD6-4370-8A3B-8939BCDC90EC}) (Version: 5.5 - WebPro Solutions) Hidden
Email Extractor (HKLM-x32\...\Email Extractor) (Version: 5.5 - WebPro Solutions)
Ext2Fsd 0.53 (HKLM\...\Ext2Fsd_is1) (Version: 0.53 - Matt Wu)
FancyElements (HKLM-x32\...\FancyElements_is1) (Version: - )
Fast Duplicate File Finder 5.4.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 5.4.0.1 - MindGems, Inc.)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
FileZilla Client 3.27.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.1 - Tim Kosse)
Focus Magic 4.02 (HKLM-x32\...\Focus Magic_is1) (Version: 4.02 - Acclaim Software Ltd)
Folder Size 3.8.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.8.0.0 - MindGems, Inc.)
FUTURA CE-250 Software (HKLM-x32\...\{4C31E401-C8D5-4133-8B29-DE5D6B8B9DB0}) (Version: 3.0.0.4 - Default Company Name) Hidden
FUTURA CE-250 Software (HKLM-x32\...\{A8C74A7C-F2F4-4F6C-90AA-6C351570419F}) (Version: 3.0.0.4 - )
GDR 5538 for SQL Server 2008 (KB3045305) (64-bit) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
Golden Records Vinyl to CD Converter (HKLM-x32\...\Golden) (Version: - NCH Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GrabIt 1.7.5 Beta (build 1016) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
HandBrake 1.2.2 (HKLM-x32\...\HandBrake) (Version: 1.2.2 - )
HFSExplorer 0.22.1 (HKLM-x32\...\HFSExplorer) (Version: 0.22.1 - Catacombae Software)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{77d93eea-f5c2-4db5-9c2d-25bc5a2e0ec9}) (Version: 28.0.1316.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{F322B446-B157-4257-B44F-4F22D41F8EDB}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{930B5F2B-8DB9-42F4-90E4-5D3DC30541C3}) (Version: 12.12.32.3 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HydraVision (HKLM-x32\...\{91F7C67B-C1A2-F1DB-C286-7F56A07C6B49}) (Version: 4.2.212.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{85B6BF0F-EF1B-4F0F-892D-E68BD798950C}) (Version: 2.4.04669 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{FA9F8623-B4C9-452D-A989-CC3AC01A4E27}) (Version: 1.1.5 - Intel Corporation)
iWisoft Flash SWF to Video Converter 3.4 (HKLM-x32\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.4.0 - www.flash-swf-converter.com)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 15.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.2.0 - KLCP)
Kodi (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\Kodi) (Version: - XBMC Foundation)
Macrium Reflect Free Edition (HKLM\...\{1A399324-9784-4384-927F-0FEA922BC516}) (Version: 7.1.3317 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
MediaInfo 19.09 (HKLM\...\MediaInfo) (Version: 19.09 - MediaArea.net)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.12026.20320 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{F43ADE73-2880-4A95-B995-4FE386ECF667}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\Teams) (Version: 1.2.00.17057 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Enterprise Edition (HKLM-x32\...\Visual Studio 6.0 Enterprise Edition) (Version: - )
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version: - )
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 3.69 - NCH Software)
MKVToolNix 37.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 37.0.0 - Moritz Bunkus)
Mozilla Firefox 69.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0.2 (x64 en-US)) (Version: 69.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5 - Notepad++ Team)
Npcap 0.9983 (HKLM-x32\...\NpcapInst) (Version: 0.9983 - Nmap Project)
Numerology Calculator (HKLM-x32\...\Numerology Calculator_is1) (Version: 3.41 - )
Numerology Calculator Select (HKLM-x32\...\Numerology Calculator Select_is1) (Version: 1.41 - )
Numerology Healing Tones (HKLM-x32\...\Numerology Healing Tones_is1) (Version: 1.50 - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12026.20320 - Microsoft Corporation) Hidden
Opanda IExif 2.3 (HKLM-x32\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
Opanda PowerExif 1.2 Professional Trial (HKLM-x32\...\Opanda PowerExif Professional Trial_is1) (Version: 1.2 - Opanda Studio)
Opera Stable 64.0.3417.54 (HKLM-x32\...\Opera 64.0.3417.54) (Version: 64.0.3417.54 - Opera Software)
OpticFilm 120 (HKLM-x32\...\{AD13719F-9FE1-46C2-AB8B-716B5F256BF8}) (Version: 5.0.2 - )
OpticFilm 8200i (HKLM-x32\...\{086AA359-A8F0-46BB-B66D-21AE29420B81}) (Version: 5.0.0 - )
PerformanceTest v9.0 (HKLM\...\PerformanceTest 9_is1) (Version: 9.0.1031.0 - Passmark Software)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}) (Version: 1.00.0145 - ALFA NETWORK INC.)
Recover Keys (HKLM\...\Recover Keys_is1) (Version: 11.0.4.229 - Recover Keys)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Registry Backup and Restore (HKLM\...\Registry Backup and Restore_is1) (Version: - Acelogix)
RentMaster (HKLM-x32\...\RentMaster) (Version: 11.2.0 - )
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.1.2010 - Samsung Electronics)
Screenshot Captor 4.12.0 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - )
SendBlaster 2 (HKLM-x32\...\{CF950023-9C75-4843-8B68-FD8A5D641B4B}) (Version: 002.000.13800 - eDisplay srl)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SilverFast 8.5.0r7 (64bit) (HKLM-x32\...\SilverFast 8 x64) (Version: 8.5.0r7 - LaserSoft Imaging AG)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 6.0.0.0 - Stellar Information Systems Ltd)
Stellarium 0.19.1.1 (HKLM\...\Stellarium_is1) (Version: 0.19.1.1 - Stellarium team)
Sublime Text Build 3047 (HKLM-x32\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.65 - NCH Software)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.17057 - Microsoft Corporation)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22a - Ghisler Software GmbH)
Tweaking.com - Hardware Identify (HKLM-x32\...\Tweaking.com - Hardware Identify) (Version: 2.1.1 - Tweaking.com)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Tweaking.com - Technicians Toolbox (HKLM-x32\...\Tweaking.com - Technicians Toolbox) (Version: 1.2.0 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.6.0 - Tweaking.com)
TweetAdder4 (HKLM-x32\...\{911174C5-85BF-4972-B5E0-4882B32E9396}_is1) (Version: 4.1.140929 - TweetAdder.com)
URL Snooper v2.42.01 (HKLM-x32\...\URLSnooper 2_is1) (Version: - DonationCoder.com)
USB Disk Storage Format Tool 5.0 (HKLM\...\USB Disk Storage Format Tool_is1) (Version: - Authorsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VisualLightBox (HKLM-x32\...\VisualLightBox_is1) (Version: - )
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.13 - VSO Software)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.96 - NCH Software)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WhySoSlow 1.00 (HKLM\...\WhySoSlowHome_is1) (Version: - Resplendence Software Projects Sp.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
WindowsUpdateFixer version 2.1.2 (HKLM-x32\...\{D3D13DC2-4E58-4359-9F36-55334748A38B}_is1) (Version: 2.1.2 - Zerobyte Developments)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinSCP 5.9.6 (HKLM-x32\...\winscp3_is1) (Version: 5.9.6 - Martin Prikryl)
Wireshark 3.0.5 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.5 - The Wireshark developer community, hxxps://www.wireshark.org)
WOW Slider (HKLM-x32\...\WOW Slider_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-404867302-3797044342-2971219209-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\honey\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19127.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-404867302-3797044342-2971219209-1000_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\honey\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19127.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-15] (Notepad++ -> )
ContextMenuHandlers1-x32: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files (x86)\Bulk Rename Utility\BRUhere.dll [2014-06-24] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers1-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.) [File not signed]
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files (x86)\Bulk Rename Utility\BRUhere.dll [2014-06-24] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers2-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.) [File not signed]
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4-x32: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files (x86)\Bulk Rename Utility\BRUhere.dll [2014-06-24] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers4-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.) [File not signed]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-10-24] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [475936 2007-05-10] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416544 2007-05-10] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [180224 2008-12-04] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-04-11 20:20 - 2011-04-11 20:20 - 000098304 _____ () [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-11 20:20 - 2011-04-11 20:20 - 000028672 _____ () [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000044032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000034816 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000021504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2011-10-24 05:16 - 2011-10-24 05:16 - 000033280 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2011-10-24 05:16 - 2011-10-24 05:16 - 000014848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll
2011-10-24 05:16 - 2011-10-24 05:16 - 000018944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000253952 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeskMan.HydraVision.Shared.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000094208 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Grid.HydraVision.Dashboard.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000010240 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Grid.HydraVision.Shared.dll
2011-10-24 05:15 - 2011-10-24 05:15 - 000111104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MDProp.HydraVision.Dashboard.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000010240 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MDProp.HydraVision.Shared.dll
2011-10-24 05:15 - 2011-10-24 05:15 - 000250880 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000009728 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiDesk.HydraVision.Shared.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000096768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Settings.HydraVision.Dashboard.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000014848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Settings.HydraVision.Shared.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000019968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000010752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000172032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 001003520 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2011-10-24 05:16 - 2011-10-24 05:16 - 000007680 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll
2011-10-24 05:16 - 2011-10-24 05:16 - 000011264 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll
2011-10-24 05:16 - 2011-10-24 05:16 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll
2011-10-24 05:16 - 2011-10-24 05:16 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.HydraVision.Aspects.Runtime.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000007680 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000060928 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 001286144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000286720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000029184 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2011-06-08 05:26 - 2011-06-08 05:26 - 000020992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CoreAudioApi.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000047104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000095744 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2011-06-30 08:48 - 2011-06-30 08:48 - 000085504 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000065536 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2011-10-24 05:08 - 2011-10-24 05:08 - 000837632 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2011-10-24 05:11 - 2011-10-24 05:11 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000036352 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000376832 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000057344 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2009-06-17 09:27 - 2009-06-17 09:27 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000294912 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000439296 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000168960 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000008704 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000294912 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000180224 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2014-01-01 22:41 - 2011-09-09 05:28 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2010-03-04 04:27 - 2010-03-04 04:27 - 000016384 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2009-04-22 16:13 - 2009-04-22 16:13 - 000045056 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2015-11-23 11:18 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-01-01 22:41 - 2011-09-09 05:28 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2019-10-12 19:34 - 2008-05-22 23:25 - 000043520 _____ (MagicISO, Inc.) [File not signed] C:\Program Files (x86)\MagicISO\misosh64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [180]
AlternateDataStreams: C:\Users\honey\Local Settings:oK6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\honey\Local Settings:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
AlternateDataStreams: C:\Users\honey\AppData\Local:oK6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\honey\AppData\Local:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
AlternateDataStreams: C:\Users\honey\AppData\Local\Application Data:oK6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\honey\AppData\Local\Application Data:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\sharepoint.com -> hxxps://teatrolatea-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-09-07 12:16 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

2019-10-03 19:49 - 2019-10-03 20:24 - 000000508 _____ C:\Windows\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn;c:\Program Files\Microsoft SQL Server\100\Tools\Binn;c:\Program Files\Microsoft SQL Server\100\DTS\Binn;C:\Program Files\Windows Imaging\
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\honey\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: EaseUS Agent => 2
MSCONFIG\Services: ESRV_SVC_QUEENCREEK => 2
MSCONFIG\Services: Guard Agent => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hpqcaslwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: Intel(R) SUR QC SAM => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MacriumService => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MediatekRegistryWriter => 2
MSCONFIG\Services: MediatekRegistryWriter64 => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Realtek87B => 2
MSCONFIG\Services: ReflectService.exe => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: SystemUsageReportSvc_QUEENCREEK => 2
MSCONFIG\Services: USER_ESRV_SVC_QUEENCREEK => 3
MSCONFIG\Services: VyprVPN => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Tenda Wireless Utility.lnk => C:\Windows\pss\Tenda Wireless Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^honey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - .lnk => C:\Windows\pss\Monitor Ink Alerts - .lnk.Startup
MSCONFIG\startupfolder: C:^Users^honey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk.Startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C16FBD02-A15A-42E1-AD7D-46997BB5A44A}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe] => (Block) C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe (GlobalSCAPE, Inc.) [File not signed]
FirewallRules: [UDP Query User{7704C02C-071A-4768-A663-3C89233091D1}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe] => (Block) C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe (GlobalSCAPE, Inc.) [File not signed]
FirewallRules: [TCP Query User{EB8831FF-2188-42B1-B92C-832DD4E16393}C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe] => (Allow) C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{4988F528-BA77-467F-B0B4-5B3CD2686D08}C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe] => (Allow) C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{756FCE78-EDC6-4B00-B8FF-BA2EEBB92B72}C:\apache24\bin\httpd.exe] => (Allow) C:\apache24\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{FC03FF4C-54E2-4E65-92F9-6990136FCA33}C:\apache24\bin\httpd.exe] => (Allow) C:\apache24\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [{454ED93C-8BBA-44CA-BBC0-AF45A8DD69BC}] => (Allow) C:\Users\honey\Downloads\Tech tool store tools\TechToolStore64.exe (Alfredo Anibal Santos Silva -> Carifred)
FirewallRules: [{7D86FE7D-A561-4763-B8F9-B2A33B0B64D0}] => (Allow) C:\Users\honey\Downloads\Tech tool store tools\TechToolStore64.exe (Alfredo Anibal Santos Silva -> Carifred)
FirewallRules: [{52FC53AF-F179-4382-A4E0-E60D397D0E18}] => (Allow) C:\Users\honey\Downloads\Tech tool store tools\TechToolStore64.exe (Alfredo Anibal Santos Silva -> Carifred)
FirewallRules: [TCP Query User{02D439D2-6A2E-4A22-959B-2FE402DBE1F0}C:\users\honey\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe] => (Allow) C:\users\honey\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe () [File not signed]
FirewallRules: [UDP Query User{3ED4978A-DEDD-4E7E-BC38-9312CBC5D8ED}C:\users\honey\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe] => (Allow) C:\users\honey\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe () [File not signed]
FirewallRules: [TCP Query User{E4299DE6-951E-495B-81C9-1B2720D79B27}C:\users\honey\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe] => (Allow) C:\users\honey\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe () [File not signed]
FirewallRules: [UDP Query User{30DE5082-F81C-4AE0-A51F-B16BA47A308D}C:\users\honey\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe] => (Allow) C:\users\honey\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe () [File not signed]
FirewallRules: [{BA7BB4B1-6369-40DB-8961-38F8E06ABF22}] => (Allow) C:\Program Files (x86)\Tenda\Common\RaUI.exe (SHENZHEN JIXIANG TENDA TECHNOLOGY CO.,LTD -> Tenda Inc.) [File not signed]
FirewallRules: [{E916B498-1FB9-4FDB-92C1-53C47CB5533A}] => (Allow) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{7891498E-FA20-4E01-A828-1524D50679F7}] => (Allow) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{6E58E825-69EF-4665-A88E-5B2A2C85539F}] => (Allow) LPort=1542
FirewallRules: [{74C6FA26-D5BA-46B4-9B79-3F91ABFF2F98}] => (Allow) LPort=1542
FirewallRules: [{4D1570CE-6D39-4866-A11E-E896840A4EEE}] => (Allow) LPort=53
FirewallRules: [{6CD25C81-77F0-4A0D-8478-C08FD6D51DAE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9ECF3F6A-C86A-4BE3-BFCB-8D5A4AA7DEA5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{1D853698-C05B-43FF-AD3B-BD0C3404BD62}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{A17A2D1E-1EBA-41FA-98BE-D1D36FFF593D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{554E8BB8-F0E2-4A63-8684-E8D87ECA2245}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{2FE3BEC6-97B1-43C7-A013-6270FB5A3D18}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{29BDF56D-CCE2-4E1E-8F96-E0C7586903CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{91A3B001-8CB3-42E6-A001-C320A0734736}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AF3B461E-1DFD-48A2-B215-857565C9AB73}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{9EDEF159-9A99-4509-AF45-A2EF7E301B2F}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{B6739E01-8819-4BE6-88F9-BBA9041955EE}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{5F893A65-5F36-41F6-A90F-85B050CAB4D6}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [TCP Query User{FB89028C-7AEA-44B9-BA00-5717722B8735}C:\users\honey\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\honey\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{BF7CC505-99CA-495A-AFA9-C2697ED25950}C:\users\honey\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\honey\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{89F5F9A0-836D-4D72-A1E3-C8794D85D565}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{01101417-0A25-4AB9-8F1A-1AD3FA8504C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{43E673C5-C03C-4166-A4B4-25207973D5C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A7C63E47-F07B-4A1C-9E76-8E96351CFF8A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E478025E-E9E5-465E-BB9A-DF996ED76F7D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{51AF18CA-4238-4F9E-9DB2-A02383F480B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2040F752-6FE9-403C-BB4D-D49A15E8BCF0}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe No File
FirewallRules: [{F903C6FA-8C29-48ED-866E-501442738A19}] => (Allow) C:\Program Files (x86)\Opera\63.0.3368.107\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{5EFC5BD8-99F0-4643-8B5A-E658E1DF112D}] => (Allow) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

09-10-2019 12:49:05 Removed Mediatek Wireless LAN
09-10-2019 12:54:20 Disk Drill 4.0.487
11-10-2019 22:48:35 Microsoft Antimalware Checkpoint
12-10-2019 12:56:40 Windows Update
12-10-2019 18:47:15 Revo Uninstaller's restore point - Belarc Advisor 8.5c

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GbE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2019 09:51:38 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (10/11/2019 10:54:57 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (10/10/2019 08:25:20 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (10/10/2019 08:08:48 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (10/10/2019 11:36:31 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (10/10/2019 10:08:21 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (10/09/2019 12:42:00 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (10/09/2019 12:41:21 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.


System errors:
=============
Error: (10/12/2019 09:51:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (10/12/2019 09:51:38 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated with service-specific error %%3417.

Error: (10/11/2019 10:54:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (10/11/2019 10:54:57 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated with service-specific error %%3417.

Error: (10/10/2019 08:25:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/10/2019 08:25:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (10/10/2019 08:25:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated with service-specific error %%3417.

Error: (10/10/2019 08:22:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.


Windows Defender:
===================================
Date: 2016-05-10 13:39:29.816
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Stallmonitz&threatid=225956
Name:SoftwareBundler:Win32/Stallmonitz
ID:225956
Severity:High
Category:Software Bundler
Path Found:containerfile:C:\Users\honey\Desktop\BlueStacks-SplitInstaller_native.exe;file:C:\Users\honey\Desktop\BlueStacks-SplitInstaller_native.exe->(nsis-instdata)
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:c:\program files\windows defender\MpCmdRun.exe

Date: 2015-05-14 02:55:17.260
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
SoftwareBundler:Win32/WinOptimizer threat description - Microsoft Security Intelligence
Name:SoftwareBundler:Win32/WinOptimizer
ID:206677
Severity:High
Category:Software Bundler
Path Found:containerfile:C:\ProgramData\Optimizer\program\newver_10_1.7.0.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_25_1.7.1.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_37_1.7.3.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_38_1.6.9.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_54_1.7.2.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_83_1.7.3.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_95_1.7.2.0.exe;file:C:\Program Files (x86)\Software Update Services\software-update-services.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A1\config\load_config.ini;file:C:\Program Files (x86)\YouTube Downloader Services\A1\load_config.ini;file:C:\Program Files (x86)\YouTube Downloader Services\A1\vmnet.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A1\winphp.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A1\youtubeserv.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A2\config\load_config.ini;file:
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:c:\program files\windows defender\MpCmdRun.exe

Date: 2015-02-13 12:56:09.110
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
SoftwareBundler:Win32/WinOptimizer threat description - Microsoft Security Intelligence
Name:SoftwareBundler:Win32/WinOptimizer
ID:206677
Severity:High
Category:Software Bundler
Path Found:file:C:\Program Files (x86)\YouTube Downloader Services\A2\youtubeserv.exe;process:pid:2072,ProcessStart:130683102609928583;service:YouTubeDownload_A2
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2015-02-13 12:45:18.333
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
SoftwareBundler:Win32/WinOptimizer threat description - Microsoft Security Intelligence
Name:SoftwareBundler:Win32/WinOptimizer
ID:206677
Severity:High
Category:Software Bundler
Path Found:file:C:\Program Files (x86)\YouTube Downloader Services\A2\youtubeserv.exe;process:pid:2072,ProcessStart:130683102609928583
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2014-11-29 22:00:49.112
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
SoftwareBundler:Win32/WinOptimizer threat description - Microsoft Security Intelligence
Name:SoftwareBundler:Win32/WinOptimizer
ID:206677
Severity:High
Category:Software Bundler
Path Found:file:C:\Program Files (x86)\YouTube Downloader Services\P2\vmnet.exe;process:pid:6068
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2016-08-06 12:31:33.975
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:1.1.12902.0
Error code:0x8050a003
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

Date: 2016-08-01 13:30:57.462
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80096010
Error description:The digital signature of the object did not verify.
Signature version:1.225.2702.0
Engine version:1.1.12902.0

Date: 2016-07-19 10:23:40.259
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:1.1.12902.0
Error code:0x8050a003
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

Date: 2016-06-26 10:42:27.755
Description:
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3

Date: 2016-05-15 16:17:59.424
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x800700c1
Error description:Windows Defender is not a valid Win32 application.
Signature version:1.219.1406.0
Engine version:1.1.12706.0

CodeIntegrity:
===================================

Date: 2016-08-27 13:29:06.372
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 11:58:09.638
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 11:54:47.297
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 11:54:47.204
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 11:54:29.778
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 11:54:29.607
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 11:42:13.553
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 11:37:20.645
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: AMI 7.16 03/23/2012
Motherboard: Foxconn 2ABF
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 87%
Total physical RAM: 8172.83 MB
Available physical RAM: 1061.62 MB
Total Virtual: 16343.81 MB
Available Virtual: 8648.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:600.29 GB) (Free:245.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (System Reserved) (Fixed) (Total:130.86 GB) (Free:129.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Backup) (Fixed) (Total:200.36 GB) (Free:79.49 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 981B9614)
Partition 1: (Active) - (Size=600.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=130.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=05)

==================== End of Addition.txt ============================
 
Hi, Han Solo.

1. Flash Player for IE is out of date. The current version is available here: Flash Player for Internet Explorer - ActiveX.

2. Please download Malwarebytes to your desktop.
  • Right-click on the Malwarebytes icon and select Run as Administrator. Follow the on-screen prompts to install Malwarebytes Anti-Malware.
  • Once the installation has finished, launch Malwarebytes.
  • Click on Scan Now and wait for the scan to complete.
  • Malwarebytes will update its databases, then start scanning.
  • If no threats are found, close the Malwarebytes window. If threats are detected, make sure they are all selected and click Quarantine selected.
  • Click on Reports in the left pane, and check the box next to the latest report (at the top). Click on View Report.
  • Select Export in the bottom left corner, and click Text File. Save the file to your desktop, with a name like MBAMLog.txt.
  • Open the Malwarebytes log on your desktop, and copy and paste its contents into your next reply.

3. Please download AdwCleaner and move it to your Desktop.
  1. Click on Scan and follow the prompts. Let it run unhindered.
  2. When done, click on the Clean button, and follow the prompts.
  3. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
  4. The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

4. Please do a scan with ESET Online Scanner. Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.

5. Lastly, please proved fresh FRST logs:
  • Right-click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • Please copy/paste both logs in your reply.
 
Malewarebytes ran very fast and found nothing. Also AdwCleaner seemed to take forever so I closed it prematurely in order to stop it from uninstall an HP application. I have posted the AdwCleaner[S0].txt as well as other files that ended with SO1, SO2 etc.

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-05-2019
# Database: 2019-10-03.2 (Cloud)
# Support: Customer Support & Help Center
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-13-2019
# Duration: 00:00:34
# OS: Windows 7 Ultimate
# Scanned: 35164
# Detected: 83


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\Users\honey\AppData\LocalLow\IObit\Advanced SystemCare V8
PUP.Optional.AdvancedSystemCare C:\Users\honey\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\honey\AppData\Roaming\IObit\Advanced SystemCare V8
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.DriverBooster C:\Users\honey\AppData\Roaming\IOBIT\Driver Booster

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.DriverBooster C:\Windows\System32\Tasks\DRIVER BOOSTER SKIPUAC (HONEY)

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
PUP.Optional.AdvancedSystemCare HKLM\Software\Microsoft\Shared Tools\MSConfig\services\IMFservice
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.DriverBooster HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E329F040-2D5B-4C9D-96E1-BE7584FC30E6}
PUP.Optional.DriverBooster HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E329F040-2D5B-4C9D-96E1-BE7584FC30E6}
PUP.Optional.DriverBooster HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVER BOOSTER SKIPUAC (HONEY)
PUP.Optional.DriverBooster HKLM\Software\Wow6432Node\IObit\Driver Booster
PUP.Optional.Legacy HKCU\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chrome Cleanup Tool logs upload retry
PUP.Optional.Legacy HKLM\Software\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\plsvcv2
PUP.Optional.ReviverSoft HKLM\SOFTWARE\Classes\AppID\SmartAlertsService.exe
PUP.Optional.ReviverSoft HKLM\Software\Classes\AppID\{0F7BFFC3-86AA-43E2-84F3-CB419A72788D}
PUP.Optional.ReviverSoft HKLM\Software\Wow6432Node\\Classes\AppID\SmartAlertsService.exe
PUP.Optional.ReviverSoft HKLM\Software\Wow6432Node\\Classes\AppID\{0F7BFFC3-86AA-43E2-84F3-CB419A72788D}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy MyStart Search

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\honey\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\honey\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{930B5F2B-8DB9-42F4-90E4-5D3DC30541C3}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{F322B446-B157-4257-B44F-4F22D41F8EDB}


AdwCleaner_Debug.log - [22360 octets] - [13/10/2019 14:39:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-05-2019
# Database: 2019-08-27.1 (Local)
# Support: Customer Support & Help Center
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-13-2019
# Duration: 00:00:11
# OS: Windows 7 Ultimate
# Scanned: 35522
# Detected: 4


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy MyStart Search

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{930B5F2B-8DB9-42F4-90E4-5D3DC30541C3}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{F322B446-B157-4257-B44F-4F22D41F8EDB}


AdwCleaner_Debug.log - [61585 octets] - [13/10/2019 14:39:50]
AdwCleaner[S00].txt - [11363 octets] - [13/10/2019 14:40:46]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-05-2019
# Database: 2019-10-03.2 (Cloud)
# Support: Customer Support & Help Center
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-13-2019
# Duration: 00:00:18
# OS: Windows 7 Ultimate
# Scanned: 35164
# Detected: 4


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy MyStart Search

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{930B5F2B-8DB9-42F4-90E4-5D3DC30541C3}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{F322B446-B157-4257-B44F-4F22D41F8EDB}


AdwCleaner_Debug.log - [67349 octets] - [13/10/2019 14:39:50]
AdwCleaner[S00].txt - [11363 octets] - [13/10/2019 14:40:46]
AdwCleaner[S01].txt - [1851 octets] - [13/10/2019 16:13:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-05-2019
# Database: 2019-10-03.2 (Cloud)
# Support: Customer Support & Help Center
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-13-2019
# Duration: 00:00:17
# OS: Windows 7 Ultimate
# Scanned: 35164
# Detected: 3


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{930B5F2B-8DB9-42F4-90E4-5D3DC30541C3}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{F322B446-B157-4257-B44F-4F22D41F8EDB}


AdwCleaner_Debug.log - [80628 octets] - [13/10/2019 14:39:50]
AdwCleaner[S00].txt - [11363 octets] - [13/10/2019 14:40:46]
AdwCleaner[S01].txt - [1851 octets] - [13/10/2019 16:13:24]
AdwCleaner[S02].txt - [1912 octets] - [13/10/2019 16:16:06]
AdwCleaner[C02].txt - [1696 octets] - [13/10/2019 16:16:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

10/13/2019 19:44:12 PM
Files scanned: 1050316
Infected files: 77
Cleaned threats: 77
Total scan time 03:08:06
Scan status: Finished


C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.V potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT\vntldr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.V potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
C:\EzPE3_v9\Projects\Tools\x64\hstart.exe a variant of Win32/HiddenStart.B potentially unsafe application cleaned by deleting
C:\EzPE3_v9\Projects\Tools\x86\hstart.exe a variant of Win32/HiddenStart.B potentially unsafe application cleaned by deleting
C:\EzPE3_v9\Projects\Tools\hstart.exe a variant of Win32/HiddenStart.B potentially unsafe application cleaned by deleting
C:\Program Files\Recover Keys\RecoverKeys.exe a variant of Win32/RecoverKeys.B potentially unsafe application deleted
C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\patch.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application cleaned by deleting
C:\Program Files (x86)\NCH Software\Golden\golden.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting
C:\Program Files (x86)\NCH Software\Golden\grsetup_engl_v1.93.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
C:\Program Files (x86)\NCH Software\Golden\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting
C:\Program Files (x86)\NCH Software\MixPad\mixpad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
C:\Program Files (x86)\NCH Software\MixPad\mixpadsetup_v3.69.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
C:\Program Files (x86)\NCH Software\Switch\switch.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
C:\Program Files (x86)\NCH Software\Switch\switchsetup_v4.65.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
C:\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.96.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
C:\Users\honey\Documents\My Data Sources\Franks USB\PowerISO FULL 5.8 + Serials [ThumperDC]\PowerISO FULL 5.8 + Serials [ThumperDC.com]\PowerISO FULL 5.8 + Serials [ThumperDC]\PowerISO5.exe Win32/OpenCandy potentially unsafe application cleaned by deleting
C:\Users\honey\Documents\Scanned Documents\Otilia\Downloads\BandooV4.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting
C:\Users\honey\Documents\Scanned Documents\Otilia\Downloads\BitTorrent-6.1.2.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting
C:\Users\honey\Documents\Websites\dannysrecord.com\admin\modules\3rdparty\Quantity_Discounts_by_Group\qdpg_lock.php PHP/Obfuscated.F potentially unwanted application cleaned by deleting
C:\Users\honey\Documents\Websites\dannysrecord.com\includes\estelles_mod_store\quantity_discounts.cart2.inc.php PHP/Obfuscated.F potentially unwanted application cleaned by deleting
C:\Users\honey\Documents\Websites\dannysrecord.com\Site Files\admin\modules\3rdparty\Quantity_Discounts_by_Group\qdpg_lock.php PHP/Obfuscated.F potentially unwanted application cleaned by deleting
C:\Users\honey\Documents\Websites\dannysrecord.com\Site Files\images\5_asp;.jpg ASP/Small.A trojan cleaned by deleting
C:\Users\honey\Documents\Websites\dannysrecord.com\Site Files\includes\estelles_mod_store\quantity_discounts.cart2.inc.php PHP/Obfuscated.F potentially unwanted application cleaned by deleting
C:\Users\honey\Documents\Websites\dannysrecord.com\Site Files\sitemap.php PHP/Obfuscated.F potentially unwanted application cleaned by deleting
C:\Users\honey\Documents\Websites\dannysrecord.com\sitemap.php PHP/Obfuscated.F potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\CuteFTP 8 Professional + PrivateKeygen\Patch\patch.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\EASEUS Todo Backup Advanced Server 5.8 Retail + Keygen\EASEUS Todo Backup Advanced\~Get Your Software Here\EaseUS_Todo_Backup_Advanced_Server_5.8.exe a variant of Win32/TFTPD32.A potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\EzPE3_v9\Projects\Tools\x64\hstart.exe a variant of Win32/HiddenStart.B potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\EzPE3_v9\Projects\Tools\x86\hstart.exe a variant of Win32/HiddenStart.B potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\EzPE3_v9\Projects\Tools\hstart.exe a variant of Win32/HiddenStart.B potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\guiminer\poclbm.exe Python/CoinMiner.A potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\NCH Golden Records Vinyl to CD Converter v1.93 with Key [TorDigger]\grsetup_engl.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin\ccminer_cryptonight\ccminer.exe a variant of Win32/CoinMiner.BV potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin\ccminer_klaust\ccminer.exe a variant of Win64/CoinMiner.AP potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin\ccminer_neoscrypt\ccminer.exe a variant of Win32/CoinMiner.BY potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin\ccminer_sp\ccminer.exe a variant of Win32/CoinMiner.BY potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin\excavator\excavator.exe a variant of Win64/CoinMiner.CD potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin\nheqminer_v0.4b\nheqminer.exe a variant of Win64/CoinMiner.BW potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin\xmr-stak-cpu\xmr-stak-cpu.exe a variant of Win64/CoinMiner.CF potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin_3rdparty\claymore_cryptonight\Remote manager\EthMan.exe a variant of Win32/CoinMiner.FS potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin_3rdparty\claymore_cryptonight\NsGpuCNMiner.exe a variant of Win64/CoinMiner.BX potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin_3rdparty\claymore_dual\cuda6.5\EthDcrMiner64.exe a variant of Win64/CoinMiner.BX potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin_3rdparty\claymore_dual\cuda7.5\EthDcrMiner64.exe a variant of Win64/CoinMiner.BX potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin_3rdparty\claymore_dual\Remote manager\EthMan.exe a variant of Win32/CoinMiner.FS potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin_3rdparty\claymore_zcash\Remote manager\EthMan.exe a variant of Win32/CoinMiner.FS potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin_3rdparty\optiminer_zcash_win\Optiminer.exe a variant of Win64/CoinMiner.FX potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\NiceHashMinerLegacy.exe a variant of MSIL/CoinMiner.N potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\pirjv.Speccy.Professional..Technician.1.29.714..Portable\spsetup129.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\PowerISO FULL 5.8 + Serials [ThumperDC]\PowerISO FULL 5.8 + Serials [ThumperDC.com]\PowerISO FULL 5.8 + Serials [ThumperDC]\PowerISO5.exe Win32/OpenCandy potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\produkey-x64\ProduKey.exe a variant of Win64/PSWTool.ProductKey.A potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\GardeningEnthusiastâ„¢ - 1000s of FREE gardening ideas..html JS/Mindspark.G potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\guiminer-20121203.exe Python/CoinMiner.A potentially unsafe application deleted
C:\Users\honey\Downloads\JDownloaderSetup.exe a variant of Win32/WebCompanion.B potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\Recuva 1.52.1086-V3NOMs.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Windows\Installer\30ba89.msi a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted
C:\Windows\SysWOW64\driver_booster_setup (1).exe a variant of Win32/IObit.I potentially unwanted application,a variant of Win32/IObit.N potentially unwanted application,a variant of Win32/IObit.L potentially unwanted application,a variant of Win32/IObit.D potentially unwanted application cleaned by deleting

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-10-2019 02
Ran by honey (administrator) on HONEY-PC (Hewlett-Packard s5-1260) (13-10-2019 19:47:03)
Running from C:\Users\honey\Downloads
Loaded Profiles: honey (Available Profiles: honey)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.54\opera_crashreporter.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-08-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3523848 2018-07-03] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\honey\AppData\Local\Microsoft\Teams\Update.exe [1789552 2019-07-31] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\MountPoints2: {7a10655e-39ff-11e4-8394-2c4138a9b7f0} - E:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-28] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{02FD14B9-3C65-4E96-8DE4-9F354F8093EF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FB95A44C-09DA-444F-9634-F38025F66432}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{FB95A44C-09DA-444F-9634-F38025F66432}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1504722108279
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: x85otvh9.default-1452453708882-1533826311977
FF ProfilePath: C:\Users\honey\AppData\Roaming\Mozilla\Firefox\Profiles\x85otvh9.default-1452453708882-1533826311977 [2019-10-13]
FF Session Restore: Mozilla\Firefox\Profiles\x85otvh9.default-1452453708882-1533826311977 -> is enabled.
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\honey\AppData\Roaming\Mozilla\Firefox\Profiles\x85otvh9.default-1452453708882-1533826311977\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2019-09-16]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\honey\AppData\Roaming\Mozilla\Firefox\Profiles\x85otvh9.default-1452453708882-1533826311977\Extensions\sp@avast.com.xpi [2019-10-09]
FF Extension: (Avast Online Security) - C:\Users\honey\AppData\Roaming\Mozilla\Firefox\Profiles\x85otvh9.default-1452453708882-1533826311977\Extensions\wrc@avast.com.xpi [2019-10-09]
FF Extension: (Bulk Image Downloader) - C:\Users\honey\AppData\Roaming\Mozilla\Firefox\Profiles\x85otvh9.default-1452453708882-1533826311977\Extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi [2019-02-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-10-06] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-10-06] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-08-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> bing.com
CHR StartupUrls: Default -> "hxxps://www.facebook.com/photo.php?fbid=1616609611923396&set=pcb.1616614325256258&type=3&theater","hxxps://www.facebook.com/otilia.larreamarriott","chrome://newtab/","hxxps://enelcaminocorrecto.blogspot.com/2014/06/efectos-cientificos-observados-al.html?m=1","hxxps://larepublica.pe/politica/1280908-cesar-hildebrandt-gesto-luego-le-pidieran-definir-alan-garcia-video","hxxps://larepublica.pe/politica/1280204-audios-cnm-comision-justicia-convoca-consejeros","hxxps://larepublica.pe/mundo/1280542-india-cinco-menores-violan-nina-8-anos-despues-ver-pornografia-celular-abuso-infantil-sahaspur","hxxps://www.google.com/search?q=QUE+ARDA+TROYA&oq=QUE+ARDA+TROYA&aqs=chrome..69i57j0l5.15224j0j7&sourceid=chrome&ie=UTF-8","chrome://newtab/","hxxps://www.facebook.com/otilia.larreamarriott","hxxps://www.facebook.com/katia.larrealatorre/posts/1896316593754057?comment_id=1897156217003428&notif_id=1532390651426407&notif_t=feed_comment_reply","hxxps://larepublica.pe/mundo/1284439-estados-unidos-diario-reduce-mitad-redaccion-vengan"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default [2019-10-13]
CHR DownloadDir: C:\Users\honey\Downloads
CHR Extension: (Google Translate) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2019-08-03]
CHR Extension: (Session Manager) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2019-08-03]
CHR Extension: (YouTube) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-03]
CHR Extension: (Bulk Image Downloader) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\facoldpeadablbngjnohbmgaehknhcaj [2019-08-03]
CHR Extension: (AdBlock) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-10-12]
CHR Extension: (Terms of Service; Didn’t Read) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdoplcnndgiblooccencgcggcoihigg [2019-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Peek-a-tab, Tabs Manager for Google Chromeâ„¢) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnpdamdaknpnohmlbnmgphiodghbohop [2019-08-03]
CHR Extension: (Gmail) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-03]
CHR Extension: (Chrome Media Router) - C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (DuckDuckGo for Opera) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2019-04-03]
OPR Extension: (Bulk Image Downloader) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\facoldpeadablbngjnohbmgaehknhcaj [2019-08-13]
OPR Extension: (MyJDownloader Browser Extension) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbclnkmbcmdfamfeaagadifibbongnmf [2019-08-26]
OPR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\glaedmooikiamindhmfcfccncmmdagge [2019-10-01]
OPR Extension: (Install Chrome Extensions) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-09-19]
OPR Extension: (Terms of Service; Didn’t Read) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\lolkidmnimmcadfncfemieniekkkabcn [2019-06-06]
OPR Extension: (Google Translate) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\mchdgimobfnilobnllpdnompfjkkfdmi [2019-10-02]
OPR Extension: (Amazon Assistant for Opera) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2019-08-22]
OPR Extension: (Mate Translate – translator, dictionary) - C:\Users\honey\AppData\Roaming\Opera Software\Opera Stable\Extensions\ollghamalkmmhboihmhoaaobmamehjgn [2019-09-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [246784 2015-12-19] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11642376 2019-10-04] (Microsoft Corporation -> Microsoft Corporation)
S4 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885560 2019-05-15] (Intel(R) Software Development Products -> )
S4 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
S4 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S4 Realtek87B; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-08-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation -> Microsoft Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S4 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [205112 2019-05-15] (Intel(R) Software Development Products -> )
S4 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885560 2019-05-15] (Intel(R) Software Development Products -> )
S3 Visual Studio Analyzer RPC bridge; C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [23240 2016-04-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [21634560 2015-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [665600 2015-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [118184 2018-05-14] (Alcorlink Corp. -> )
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2016-07-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] (ReactOS Foundation -> )
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [87424 2018-08-09] (D3L -> Dokan Project)
R2 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [771224 2014-08-26] (Kasherlab Technology Inc. -> www.ext2fsd.com)
R3 HCW723x; C:\Windows\System32\DRIVERS\HCW723x.sys [1847680 2012-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Hauppauge Computer Works, Inc.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-04-06] (Martin Malik - REALiX -> REALiX(tm))
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-10-13] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-03-28] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2215056 2014-08-14] (MEDIATEK INC. -> MediaTek Inc.)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2502288 2015-12-30] (MEDIATEK INC. -> MediaTek Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R1 npcap; C:\Windows\System32\DRIVERS\npcap.sys [69432 2019-09-04] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\System32\DRIVERS\npcap.sys [69432 2019-09-04] (Insecure.Com LLC -> Insecure.Com LLC.)
R1 npf; C:\Windows\System32\DRIVERS\npf.sys [69432 2019-09-04] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 rspWhySoSlow; C:\Windows\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 RTL8187; C:\Windows\System32\DRIVERS\rtl8187.sys [448512 2010-01-07] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation )
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [43008 2018-07-18] (Intel Corporation -> )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-09] (Synaptics Incorporated -> Synaptics Incorporated)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2015-10-02] (The OpenVPN Project) [File not signed]
S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [8944 1999-05-05] (Microsoft Corporation) [File not signed]
U3 aswbdisk; no ImagePath
U4 npf_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-13 19:44 - 2019-10-13 19:44 - 000028180 _____ C:\Users\honey\Desktop\ESETlog.txt
2019-10-13 19:44 - 2019-10-13 19:44 - 000003712 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2019-10-13 19:44 - 2019-10-13 19:44 - 000003272 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2019-10-13 16:24 - 2019-10-13 16:24 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-10-13 16:21 - 2019-10-13 16:25 - 000000573 _____ C:\Users\honey\Desktop\ESET Online Scanner.lnk
2019-10-13 16:20 - 2019-10-13 16:20 - 000000000 ____D C:\Users\honey\AppData\Local\ESET
2019-10-13 14:33 - 2019-10-13 14:33 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-10-13 14:33 - 2019-10-13 14:33 - 000001827 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-10-13 14:33 - 2019-10-13 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-10-13 14:33 - 2019-08-27 05:50 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-10-13 13:45 - 2019-10-13 13:47 - 008149816 _____ (ESET spol. s r.o.) C:\Users\honey\Desktop\esetonlinescanner_enu.exe
2019-10-13 13:44 - 2019-10-13 13:46 - 007636680 _____ (Malwarebytes) C:\Users\honey\Desktop\adwcleaner_7.4.1.exe
2019-10-12 20:14 - 2019-10-13 19:47 - 000033990 _____ C:\Users\honey\Downloads\FRST.txt
2019-10-12 20:14 - 2019-10-13 19:46 - 000000000 ____D C:\FRST
2019-10-12 20:13 - 2019-10-12 20:13 - 001616384 _____ (Farbar) C:\Users\honey\Downloads\FRST64.exe
2019-10-12 19:34 - 2019-10-12 19:34 - 000001799 _____ C:\Users\honey\Desktop\MagicISO.lnk
2019-10-12 19:34 - 2019-10-12 19:34 - 000000000 ____D C:\Users\honey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2019-10-12 19:34 - 2019-10-12 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2019-10-12 18:55 - 2019-10-12 18:55 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2019-10-12 18:55 - 2019-10-12 18:55 - 000002120 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2019-10-12 18:55 - 2019-10-12 18:55 - 000002120 _____ C:\ProgramData\Desktop\Belarc Advisor.lnk
2019-10-12 18:55 - 2019-10-12 18:55 - 000000000 ____D C:\Program Files (x86)\Belarc
2019-10-10 20:17 - 2019-10-10 20:17 - 000791120 _____ (NCH Software) C:\Users\honey\Downloads\grsetup.exe
2019-10-10 17:22 - 2019-10-10 17:22 - 000002118 _____ C:\Users\honey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2019-10-09 23:02 - 2019-10-04 04:36 - 000000000 ____D C:\Users\honey\Downloads\ffmpeg
2019-10-09 22:42 - 2019-10-09 22:42 - 000000000 ____D C:\Users\honey\Downloads\hjsplit
2019-10-09 20:02 - 2019-10-09 20:02 - 000000979 _____ C:\Users\honey\Desktop\GrabIt.lnk
2019-10-09 20:02 - 2019-10-09 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrabIt
2019-10-09 20:02 - 2019-10-09 20:02 - 000000000 ____D C:\Program Files (x86)\GrabIt
2019-10-09 19:44 - 2019-10-09 19:44 - 000003910 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-10-09 19:35 - 2019-10-09 19:37 - 023903179 _____ C:\Users\honey\Downloads\NZBIndex-download.nzb
2019-10-09 12:49 - 2014-08-14 21:25 - 002215056 _____ (MediaTek Inc.) C:\Windows\system32\Drivers\netr28ux.sys
2019-10-09 12:49 - 2014-08-06 19:17 - 000091412 _____ C:\Windows\system32\Drivers\FW_7662.bin
2019-10-09 12:49 - 2014-07-24 12:08 - 000020626 _____ C:\Windows\system32\Drivers\Patch_7662.bin
2019-10-09 11:58 - 2019-10-07 02:49 - 000390752 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-10-09 11:58 - 2019-10-07 01:57 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-10-09 11:58 - 2019-10-06 00:12 - 025753088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-10-09 11:58 - 2019-10-06 00:00 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-10-09 11:58 - 2019-10-06 00:00 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-10-09 11:58 - 2019-10-05 23:49 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-10-09 11:58 - 2019-10-05 23:48 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-10-09 11:58 - 2019-10-05 23:47 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-10-09 11:58 - 2019-10-05 23:47 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-10-09 11:58 - 2019-10-05 23:47 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-10-09 11:58 - 2019-10-05 23:46 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-10-09 11:58 - 2019-10-05 23:41 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-10-09 11:58 - 2019-10-05 23:40 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-10-09 11:58 - 2019-10-05 23:38 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-10-09 11:58 - 2019-10-05 23:37 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-10-09 11:58 - 2019-10-05 23:37 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-10-09 11:58 - 2019-10-05 23:36 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-10-09 11:58 - 2019-10-05 23:36 - 000797696 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-10-09 11:58 - 2019-10-05 23:34 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-10-09 11:58 - 2019-10-05 23:32 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-10-09 11:58 - 2019-10-05 23:31 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-10-09 11:58 - 2019-10-05 23:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-10-09 11:58 - 2019-10-05 23:28 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-10-09 11:58 - 2019-10-05 23:23 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-10-09 11:58 - 2019-10-05 23:22 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-10-09 11:58 - 2019-10-05 23:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-10-09 11:58 - 2019-10-05 23:19 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-10-09 11:58 - 2019-10-05 23:19 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-10-09 11:58 - 2019-10-05 23:18 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-10-09 11:58 - 2019-10-05 23:18 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-10-09 11:58 - 2019-10-05 23:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-10-09 11:58 - 2019-10-05 23:17 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-10-09 11:58 - 2019-10-05 23:17 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-10-09 11:58 - 2019-10-05 23:16 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-10-09 11:58 - 2019-10-05 23:16 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-10-09 11:58 - 2019-10-05 23:15 - 002302464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-10-09 11:58 - 2019-10-05 23:12 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-10-09 11:58 - 2019-10-05 23:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-10-09 11:58 - 2019-10-05 23:11 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-10-09 11:58 - 2019-10-05 23:10 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-10-09 11:58 - 2019-10-05 23:10 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-10-09 11:58 - 2019-10-05 23:10 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-10-09 11:58 - 2019-10-05 23:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-10-09 11:58 - 2019-10-05 23:05 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-10-09 11:58 - 2019-10-05 23:05 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-10-09 11:58 - 2019-10-05 23:03 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-10-09 11:58 - 2019-10-05 23:03 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-10-09 11:58 - 2019-10-05 23:03 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-10-09 11:58 - 2019-10-05 23:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-10-09 11:58 - 2019-10-05 23:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-10-09 11:58 - 2019-10-05 22:59 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-10-09 11:58 - 2019-10-05 22:58 - 015413760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-10-09 11:58 - 2019-10-05 22:57 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-10-09 11:58 - 2019-10-05 22:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-10-09 11:58 - 2019-10-05 22:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-10-09 11:58 - 2019-10-05 22:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-10-09 11:58 - 2019-10-05 22:55 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-10-09 11:58 - 2019-10-05 22:53 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-10-09 11:58 - 2019-10-05 22:50 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-10-09 11:58 - 2019-10-05 22:49 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-10-09 11:58 - 2019-10-05 22:48 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-10-09 11:58 - 2019-10-05 22:48 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-10-09 11:58 - 2019-10-05 22:45 - 013808640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-10-09 11:58 - 2019-10-05 22:45 - 001566208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-10-09 11:58 - 2019-10-05 22:35 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-10-09 11:58 - 2019-10-05 22:34 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-10-09 11:58 - 2019-10-05 22:32 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-10-09 11:58 - 2019-10-05 22:30 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-10-09 11:58 - 2019-09-19 00:27 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2019-10-09 11:58 - 2019-09-16 22:32 - 004060896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-10-09 11:58 - 2019-09-16 22:32 - 003966688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-10-09 11:58 - 2019-09-16 22:32 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-10-09 11:58 - 2019-09-16 22:32 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-10-09 11:58 - 2019-09-16 22:31 - 005552864 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-10-09 11:58 - 2019-09-16 22:31 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-10-09 11:58 - 2019-09-16 22:31 - 000263904 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-10-09 11:58 - 2019-09-16 22:31 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-10-09 11:58 - 2019-09-16 22:31 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-10-09 11:58 - 2019-09-16 22:30 - 001670784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 22:04 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-10-09 11:58 - 2019-09-16 22:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-10-09 11:58 - 2019-09-16 22:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-10-09 11:58 - 2019-09-16 22:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-10-09 11:58 - 2019-09-16 22:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-10-09 11:58 - 2019-09-16 21:59 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-10-09 11:58 - 2019-09-16 21:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-10-09 11:58 - 2019-09-16 21:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-10-09 11:58 - 2019-09-16 21:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-10-09 11:58 - 2019-09-16 21:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-10-09 11:58 - 2019-09-16 21:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-10-09 11:58 - 2019-09-16 21:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 21:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 21:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 21:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-10-09 11:58 - 2019-09-16 21:56 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-10-09 11:58 - 2019-09-16 21:56 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-10-09 11:58 - 2019-09-16 21:55 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-10-09 11:58 - 2019-09-16 21:53 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-10-09 11:58 - 2019-09-16 21:53 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-10-09 11:58 - 2019-09-16 21:52 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-10-09 11:58 - 2019-09-16 21:52 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-10-09 11:58 - 2019-09-16 21:52 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-10-09 11:58 - 2019-09-16 21:52 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-10-09 11:58 - 2019-09-16 21:51 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-10-09 11:58 - 2019-09-16 21:51 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-10-09 11:58 - 2019-09-16 21:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-10-09 11:58 - 2019-09-16 21:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-10-09 11:58 - 2019-09-16 21:51 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-10-09 11:58 - 2019-09-16 21:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-10-09 11:58 - 2019-09-16 20:13 - 000455392 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-10-09 11:58 - 2019-09-11 00:56 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-10-09 11:58 - 2019-09-11 00:56 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-10-09 11:58 - 2019-09-09 22:27 - 000383488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-10-09 11:58 - 2019-09-09 22:27 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-10-09 11:58 - 2019-09-09 22:27 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-10-09 11:58 - 2019-09-09 22:24 - 001281536 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-10-09 11:58 - 2019-09-09 22:24 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-10-09 11:58 - 2019-09-09 22:24 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-10-09 11:58 - 2019-09-09 22:24 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-10-09 11:58 - 2019-09-09 22:24 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-10-09 11:58 - 2019-09-09 22:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-10-09 11:58 - 2019-09-09 22:02 - 006135296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-10-09 11:58 - 2019-09-09 22:00 - 000361472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-10-09 11:58 - 2019-09-09 22:00 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-10-09 11:58 - 2019-09-09 22:00 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-10-09 11:58 - 2019-09-09 22:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-10-09 11:58 - 2019-09-09 22:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-10-09 11:58 - 2019-09-09 21:54 - 003231744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-10-09 11:58 - 2019-09-09 21:53 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-10-09 11:58 - 2019-09-09 21:53 - 000152576 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-10-09 11:58 - 2019-09-09 21:53 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-10-09 11:58 - 2019-09-09 21:53 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-10-09 11:58 - 2019-09-09 21:52 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2019-10-09 11:58 - 2019-09-09 21:49 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-10-09 11:58 - 2019-09-09 20:09 - 007082496 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-10-09 11:58 - 2019-09-09 20:09 - 003187712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-10-08 15:17 - 2019-10-08 15:17 - 000002960 _____ C:\Windows\system32\Tasks\{DBCAF028-317E-4857-8023-FE39612E1640}
2019-10-08 15:17 - 2019-10-08 15:17 - 000000000 ____D C:\Users\honey\AppData\Roaming\Kodi
2019-10-08 15:17 - 2019-10-08 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2019-10-08 15:17 - 2019-10-08 15:17 - 000000000 ____D C:\Program Files\Kodi
2019-10-05 13:36 - 2019-10-10 20:23 - 000000000 ____D C:\Users\honey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2019-10-04 13:44 - 2009-06-10 16:41 - 000000256 _____ C:\Windows\system32\Drivers\brmsl07a.bin
2019-10-04 10:42 - 2019-09-11 23:53 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-10-04 10:42 - 2019-09-11 23:52 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-10-04 10:42 - 2019-09-11 23:52 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-10-04 10:42 - 2019-09-11 23:44 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-10-04 10:42 - 2019-09-11 23:44 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-10-04 10:42 - 2019-09-11 23:44 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-10-04 10:42 - 2019-09-11 23:44 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-10-04 10:42 - 2019-09-11 23:44 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-10-04 10:42 - 2019-09-11 23:24 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-10-03 19:49 - 2019-10-03 20:24 - 000000508 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2019-09-30 15:14 - 2019-09-30 15:14 - 000000000 ____D C:\Users\honey\AppData\Local\PackageAware
2019-09-28 16:09 - 2019-09-28 16:09 - 001151544 _____ (Google LLC) C:\Users\honey\Downloads\ChromeSetup.exe
2019-09-24 14:11 - 2019-09-24 14:11 - 000000000 ____D C:\Users\honey\AppData\Local\GHISLER
2019-09-24 14:10 - 2019-10-13 14:24 - 000000000 ____D C:\Users\honey\AppData\Roaming\GHISLER
2019-09-23 15:11 - 2019-09-23 15:11 - 000000000 ____D C:\ProgramData\CleverFiles
2019-09-23 15:10 - 2019-09-23 17:52 - 000000000 ____D C:\Users\honey\AppData\Local\DiskDrill
2019-09-23 15:10 - 2019-09-23 15:10 - 000000000 ____D C:\Program Files\Dokan
2019-09-23 15:10 - 2018-08-09 15:31 - 000087424 _____ (Dokan Project) C:\Windows\system32\Drivers\dokan1.sys
2019-09-23 15:08 - 2019-09-23 15:08 - 000000000 ____D C:\Users\honey\Downloads\cports-x64
2019-09-23 15:07 - 2019-10-13 18:33 - 000000000 ____D C:\Users\honey\Downloads\produkey-x64
2019-09-23 15:07 - 2019-09-23 15:07 - 000081030 _____ C:\Users\honey\Downloads\produkey-x64.zip
2019-09-23 15:04 - 2019-09-23 15:04 - 000131114 _____ C:\Users\honey\Downloads\cports-x64.zip
2019-09-23 14:59 - 2019-09-23 15:07 - 000000000 ____D C:\Users\honey\Downloads\filetypesman-x64
2019-09-23 14:59 - 2019-09-23 14:59 - 000096810 _____ C:\Users\honey\Downloads\filetypesman-x64.zip
2019-09-23 14:54 - 2019-09-23 15:01 - 000000000 ____D C:\Users\honey\Downloads\appnetworkcounter-x64
2019-09-23 14:54 - 2019-09-23 14:56 - 000000000 ____D C:\Users\honey\Downloads\livetcpudpwatch-x64
2019-09-23 14:53 - 2019-09-23 14:56 - 000000000 ____D C:\Users\honey\AppData\Roaming\Wireshark
2019-09-23 14:53 - 2019-09-23 14:53 - 000001746 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2019-09-23 14:52 - 2019-09-23 17:52 - 000000000 ____D C:\Program Files\Npcap
2019-09-23 14:52 - 2019-09-23 14:52 - 000003096 _____ C:\Windows\system32\Tasks\npcapwatchdog
2019-09-23 14:52 - 2019-09-23 14:52 - 000000000 ____D C:\Windows\SysWOW64\Npcap
2019-09-23 14:52 - 2019-09-23 14:52 - 000000000 ____D C:\Windows\system32\Npcap
2019-09-23 14:51 - 2019-09-23 14:53 - 000000000 ____D C:\Program Files\Wireshark
2019-09-23 14:50 - 2019-09-24 14:12 - 000000546 _____ C:\Users\honey\advanced_ip_scanner_MAC.bin
2019-09-23 14:50 - 2019-09-24 14:12 - 000000015 _____ C:\Users\honey\advanced_ip_scanner_Comments.bin
2019-09-23 14:50 - 2019-09-24 14:12 - 000000015 _____ C:\Users\honey\advanced_ip_scanner_Aliases.bin
2019-09-23 14:49 - 2019-09-23 14:49 - 000071244 _____ C:\Users\honey\Downloads\appnetworkcounter-x64.zip
2019-09-23 14:48 - 2019-09-23 14:48 - 000083573 _____ C:\Users\honey\Downloads\livetcpudpwatch-x64.zip
2019-09-23 14:45 - 2019-09-23 14:46 - 059271840 _____ (Wireshark development team) C:\Users\honey\Downloads\Wireshark-win64-3.0.5.exe
2019-09-23 14:39 - 2019-09-23 14:39 - 000000981 _____ C:\Users\Public\Desktop\Advanced IP Scanner.lnk
2019-09-23 14:39 - 2019-09-23 14:39 - 000000981 _____ C:\ProgramData\Desktop\Advanced IP Scanner.lnk
2019-09-23 14:39 - 2019-09-23 14:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
2019-09-23 14:39 - 2019-09-23 14:39 - 000000000 ____D C:\Program Files (x86)\Advanced IP Scanner
2019-09-22 14:58 - 2019-09-22 15:00 - 000000000 ____D C:\Users\honey\Downloads\Viejos Amigos - Película Peruana Completa
2019-09-15 13:36 - 2019-09-15 13:36 - 000000923 _____ C:\Users\honey\Desktop\Fast Duplicate File Finder.lnk
2019-09-15 13:36 - 2019-09-15 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Duplicate File Finder
2019-09-15 13:36 - 2019-09-15 13:36 - 000000000 ____D C:\Program Files\Fast Duplicate File Finder

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-13 18:33 - 2016-05-18 16:18 - 000000000 ____D C:\Users\honey\Downloads\pirjv.Speccy.Professional..Technician.1.29.714..Portable
2019-10-13 18:32 - 2017-09-05 12:23 - 000000000 ____D C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix
2019-10-13 18:31 - 2014-10-01 17:54 - 000000000 ____D C:\Users\honey\Downloads\NCH Golden Records Vinyl to CD Converter v1.93 with Key [TorDigger]
2019-10-13 18:27 - 2017-09-04 10:11 - 000000000 ____D C:\Users\honey\Downloads\guiminer
2019-10-13 18:06 - 2018-03-17 13:49 - 000003926 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{20D74601-D866-4B96-B4D0-83F83FBD47F5}
2019-10-13 16:49 - 2014-10-01 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
2019-10-13 16:43 - 2019-07-23 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recover Keys
2019-10-13 16:43 - 2019-07-23 14:20 - 000000000 ____D C:\Program Files\Recover Keys
2019-10-13 16:38 - 2018-08-09 10:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-10-13 16:38 - 2018-08-09 10:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-13 16:38 - 2016-11-18 15:03 - 000000000 ____D C:\Users\honey\AppData\LocalLow\Mozilla
2019-10-13 16:34 - 2018-02-22 10:56 - 000000000 ____D C:\Users\honey\AppData\Local\Adobe
2019-10-13 16:32 - 2009-07-14 00:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-10-13 16:32 - 2009-07-14 00:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-10-13 16:28 - 2016-01-15 15:12 - 000811318 _____ C:\Windows\system32\perfh00A.dat
2019-10-13 16:28 - 2016-01-15 15:12 - 000183486 _____ C:\Windows\system32\perfc00A.dat
2019-10-13 16:28 - 2009-07-14 01:13 - 001863536 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-13 16:28 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2019-10-13 16:24 - 2015-10-20 20:52 - 000000093 _____ C:\HaxLogs.txt
2019-10-13 16:24 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-13 14:45 - 2018-08-21 12:59 - 000000000 ____D C:\Users\honey\AppData\Roaming\Hewlett-Packard
2019-10-13 14:45 - 2018-08-21 12:14 - 000000000 ____D C:\Users\honey\AppData\Local\Hewlett-Packard
2019-10-13 14:45 - 2018-08-21 12:13 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2019-10-13 14:45 - 2014-12-05 15:32 - 000000000 ____D C:\Users\honey\AppData\Roaming\IObit
2019-10-13 14:45 - 2014-12-05 15:32 - 000000000 ____D C:\Users\honey\AppData\LocalLow\IObit
2019-10-13 14:45 - 2014-01-01 19:17 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2019-10-13 14:40 - 2015-04-11 19:30 - 000000000 ____D C:\AdwCleaner
2019-10-13 14:33 - 2017-10-16 10:50 - 000000000 ____D C:\Program Files\Malwarebytes
2019-10-13 14:33 - 2014-11-21 20:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-13 13:52 - 2018-03-09 12:56 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-10-13 13:52 - 2018-03-09 12:56 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-10-13 13:52 - 2018-03-09 12:56 - 000004324 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-10-13 13:52 - 2014-01-02 11:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-10-13 13:52 - 2014-01-02 11:37 - 000000000 ____D C:\Windows\system32\Macromed
2019-10-13 10:16 - 2018-09-26 10:20 - 000003186 _____ C:\Windows\system32\Tasks\HPCeeScheduleForhoney
2019-10-13 10:16 - 2018-09-26 10:20 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForhoney.job
2019-10-13 09:48 - 2014-03-30 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2019-10-13 09:11 - 2018-10-16 12:23 - 000004474 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-10-12 23:01 - 2009-07-13 23:20 - 000000000 __RHD C:\Users\Public\Libraries
2019-10-12 20:11 - 2016-07-26 11:57 - 000000000 ____D C:\Users\honey\AppData\Local\JDownloader 2.0
2019-10-12 20:09 - 2019-07-29 12:41 - 000000000 ____D C:\Users\honey\Downloads\
2019-10-12 19:34 - 2014-04-06 19:18 - 000000000 ____D C:\Program Files (x86)\MagicISO
2019-10-12 19:32 - 2019-09-12 18:34 - 000001714 _____ C:\Users\honey\Desktop\SFCFix.txt
2019-10-12 19:32 - 2018-05-31 20:39 - 000000000 ____D C:\SFCFix
2019-10-12 19:32 - 2016-01-25 19:38 - 000000000 ____D C:\Users\honey\AppData\Local\niemiro
2019-10-12 17:32 - 2014-02-09 16:38 - 000000000 ____D C:\Users\honey\Downloads\AUTODESK.AUTOCAD.V2014.WIN32-ISO
2019-10-11 14:41 - 2019-07-23 10:32 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-11 14:41 - 2018-05-31 11:46 - 000000000 ____D C:\Program Files\Microsoft Office
2019-10-11 14:41 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-10-10 20:16 - 2014-10-01 17:55 - 000000000 ____D C:\Windows\system32\Tasks\NCH Software
2019-10-10 20:15 - 2014-10-01 17:55 - 000000000 ____D C:\Users\honey\AppData\Roaming\NCH Software
2019-10-10 20:15 - 2014-10-01 17:55 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-10-10 20:14 - 2014-10-01 17:55 - 000000000 ____D C:\ProgramData\NCH Software
2019-10-10 20:08 - 2014-01-02 00:10 - 000000000 ____D C:\ProgramData\AVAST Software
2019-10-10 17:22 - 2019-07-23 10:36 - 000003174 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-404867302-3797044342-2971219209-1000
2019-10-10 17:22 - 2019-07-23 10:36 - 000000000 ___RD C:\Users\honey\OneDrive
2019-10-10 14:19 - 2014-01-15 17:21 - 000000000 ___RD C:\Users\honey\Documents\Scanned Documents
2019-10-10 10:41 - 2017-09-14 11:29 - 000000000 ____D C:\Users\honey\Downloads\minerd-x11-gost
2019-10-09 22:47 - 2018-06-07 11:57 - 000003222 _____ C:\Windows\system32\Tasks\klcp_update
2019-10-09 22:47 - 2018-02-27 20:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2019-10-09 22:47 - 2018-02-27 20:34 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2019-10-09 22:46 - 2014-01-01 23:40 - 000000000 ____D C:\Users\honey
2019-10-09 19:59 - 2018-01-24 13:40 - 000003846 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1469117722
2019-10-09 19:59 - 2016-07-21 12:14 - 000000000 ____D C:\Program Files (x86)\Opera
2019-10-09 19:33 - 2015-06-17 11:18 - 000000000 ____D C:\Users\honey\Documents\Bulk Image Downloader
2019-10-09 16:45 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2019-10-09 12:54 - 2014-12-05 16:39 - 000000000 ____D C:\ProgramData\Package Cache
2019-10-09 12:49 - 2014-01-02 00:12 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-10-09 12:41 - 2016-05-17 21:58 - 003780424 _____ C:\Windows\system32\FNTCACHE.DAT
2019-10-09 12:40 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-10-09 12:06 - 2014-02-25 21:23 - 001842680 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-10-09 12:06 - 2014-01-02 00:39 - 000000000 ____D C:\Windows\system32\MRT
2019-10-09 12:00 - 2014-01-02 00:39 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-10-07 20:52 - 2019-08-03 17:43 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-07 20:52 - 2019-08-03 17:43 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-07 20:49 - 2014-01-02 00:18 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-07 09:45 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2019-10-07 00:00 - 2015-10-28 11:16 - 000000000 ____D C:\Users\honey\AppData\Local\ElevatedDiagnostics
2019-10-06 15:45 - 2019-08-07 12:07 - 000000000 ____D C:\Users\honey\Downloads\2019-05-27-0310
2019-10-06 09:39 - 2018-03-13 17:27 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-10-04 13:44 - 2017-12-23 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tenda Wireless
2019-10-04 13:44 - 2017-12-23 13:15 - 000000000 ____D C:\Program Files (x86)\Tenda
2019-10-04 10:50 - 2018-02-28 11:47 - 000003718 _____ C:\Windows\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-10-02 19:25 - 2019-01-31 14:52 - 000001002 _____ C:\Users\honey\Downloads\New Text Document (11).txt
2019-10-01 14:10 - 2019-08-23 14:04 - 000893802 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2019-10-01 14:10 - 2018-08-26 16:17 - 000002159 _____ C:\Users\honey\Desktop\Tweaking.com - Windows Repair.lnk
2019-09-28 16:13 - 2019-08-03 17:43 - 000002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-28 16:13 - 2019-08-03 17:43 - 000002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-28 16:13 - 2019-08-03 17:43 - 000002255 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-09-24 20:01 - 2014-09-05 14:50 - 000051832 _____ C:\Users\honey\Documents\untitled.fdff
2019-09-19 14:04 - 2015-06-17 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Image Downloader
2019-09-19 14:04 - 2015-06-17 11:09 - 000000000 ____D C:\Program Files (x86)\Bulk Image Downloader
2019-09-18 14:43 - 2015-04-15 07:21 - 000000000 ____D C:\Users\honey\AppData\Local\CrashDumps
2019-09-16 17:04 - 2015-01-13 20:14 - 000000000 ____D C:\Users\honey\AppData\Roaming\HandBrake

==================== Files in the root of some directories ================

2017-09-07 12:27 - 2017-09-07 12:58 - 007649280 _____ () C:\Program Files (x86)\GUT4730.tmp
2014-04-20 11:09 - 2016-04-08 20:25 - 000000132 _____ () C:\Users\honey\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-13 14:26 - 2015-01-13 14:26 - 000099384 _____ () C:\Users\honey\AppData\Roaming\inst.exe
2015-01-13 14:26 - 2015-01-13 14:26 - 000007859 _____ () C:\Users\honey\AppData\Roaming\pcouffin.cat
2015-01-13 14:26 - 2015-01-13 14:26 - 000001167 _____ () C:\Users\honey\AppData\Roaming\pcouffin.inf
2015-01-13 14:26 - 2015-01-13 14:26 - 000082816 _____ (VSO Software) C:\Users\honey\AppData\Roaming\pcouffin.sys
2015-03-05 21:40 - 2015-03-05 21:43 - 000000164 _____ () C:\Users\honey\AppData\Roaming\PLGComp.ini
2015-01-08 14:20 - 2015-01-08 19:12 - 000000600 _____ () C:\Users\honey\AppData\Roaming\winscp.rnd
2014-01-06 22:06 - 2016-05-09 16:45 - 000001456 _____ () C:\Users\honey\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-04-05 18:18 - 2014-04-05 18:18 - 000220543 _____ () C:\Users\honey\AppData\Local\debuggee.mdmp
2015-07-20 16:48 - 2015-07-20 16:48 - 000000058 _____ () C:\Users\honey\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-09-30 16:29 - 2016-02-13 23:02 - 000000600 _____ () C:\Users\honey\AppData\Local\PUTTY.RND
2017-12-27 11:35 - 2017-12-27 11:35 - 000000017 _____ () C:\Users\honey\AppData\Local\resmon.resmoncfg
2016-08-12 10:41 - 2016-08-12 10:47 - 000000000 _____ () C:\Users\honey\AppData\Local\{46640771-B048-4412-BD25-92639EF3890A}
2018-09-27 09:57 - 2018-09-27 09:57 - 000000000 _____ () C:\Users\honey\AppData\Local\{63CAEF5A-0DA1-4B1E-9444-74105835B8C6}
2018-12-21 11:12 - 2018-12-21 11:12 - 000000000 _____ () C:\Users\honey\AppData\Local\{6B5613CD-1521-4049-828C-4CDD5E0AC55C}
2018-12-21 11:12 - 2018-12-21 11:12 - 000000000 _____ () C:\Users\honey\AppData\Local\{6D1E2517-5415-44EB-A953-CBF3D1D8DA93}
2016-07-23 10:45 - 2016-07-23 10:45 - 000000000 _____ () C:\Users\honey\AppData\Local\{8219B69E-E1E9-4066-8B28-390A4A955369}
2015-01-01 10:27 - 2015-01-01 10:27 - 000000000 _____ () C:\Users\honey\AppData\Local\{88776969-F896-4B93-A57E-F32DE3EF4D36}
2018-09-27 09:57 - 2018-09-27 09:57 - 000000000 _____ () C:\Users\honey\AppData\Local\{8F1CBB7B-C05D-432B-ABEE-3037B0DA8502}
2016-08-12 10:41 - 2016-08-12 10:47 - 000000000 _____ () C:\Users\honey\AppData\Local\{B9D9E880-9DEF-4903-A9B5-544C31EA3A2D}

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\Windows\SysWOW64\vfpodbc.dll [1998-06-16] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-10-10 13:10
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019 02
Ran by honey (13-10-2019 19:49:43)
Running from C:\Users\honey\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-01-02 03:40:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-404867302-3797044342-2971219209-500 - Administrator - Disabled)
Guest (S-1-5-21-404867302-3797044342-2971219209-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-404867302-3797044342-2971219209-1017 - Limited - Enabled)
honey (S-1-5-21-404867302-3797044342-2971219209-1000 - Administrator - Enabled) => C:\Users\honey
VUSR_HONEY-PC (S-1-5-21-404867302-3797044342-2971219209-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink)
A1 Sitemap Generator (HKLM-x32\...\8FA512B2AB9F48E48319F817302934AC_is1) (Version: 2.2.0 - Microsys)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.270 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.270 - Adobe)
Adobe Premiere Pro CS5.5 (HKLM-x32\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
Advanced IP Scanner 2.5 (HKLM-x32\...\{816038FA-53B2-4F36-A9F2-8F6B8B81C7B0}) (Version: 2.5.3850 - Famatech)
AdWords Editor (HKLM-x32\...\{64427C94-5A22-4743-8772-B2D9B9FD5283}) (Version: 11.0.3 - Google)
AMD Catalyst Install Manager (HKLM\...\{D2A53F8D-3924-E600-6023-883B255E3812}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
AVI to DVD Converter (HKLM-x32\...\AVI to DVD Converter) (Version: 3.0.26.0314 - Xilisoft)
Belarc Advisor 9.0 (HKLM-x32\...\Belarc Advisor) (Version: 9.0.0.0 - Belarc Inc.)
BleachBit 2.2 (HKLM-x32\...\BleachBit) (Version: 2.2 - BleachBit)
BS1 General Ledger 2014.2 (HKLM-x32\...\BS1 General Ledger 2014.2_is1) (Version: - Davis Software)
Bulk Image Downloader v5.48.0.0 (HKLM-x32\...\Bulk Image Downloader_is1) (Version: 5.48 - Antibody Software)
Bulk Rename Utility 2.7.1.3 (HKLM-x32\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
CD Recovery Toolbox Free 2.1 (HKLM-x32\...\CD Recovery Toolbox Free_is1) (Version: - Recovery Toolbox, Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
CuteFTP 8 Professional (HKLM-x32\...\{91F34319-08DE-457a-99C0-0BCDFAC145B9}) (Version: 8.3.4 - GlobalSCAPE)
davehope.co.uk Product Key Finder (HKLM-x32\...\Product Key Finder_is1) (Version: - davehope.co.uk)
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
DMG Extractor (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\DMG Extractor) (Version: 1.3.15.0 - Reincubate Ltd)
Dokan Library 1.2.0.1000 (x64) (HKLM\...\{65A3A964-3DC3-0102-0000-180809151012}) (Version: 1.2.0.1000 - Dokany Project) Hidden
Dokan Library 1.2.0.1000 Bundle (HKLM-x32\...\{c2f619b0-68fd-4433-970e-cd66cd7a2775}) (Version: 1.2.0.1000 - Dokany Project)
DotNetBar for Windows Forms (HKLM-x32\...\{316FC9F6-6343-42AC-BC26-6337C9CD1A8E}) (Version: 10.0.0.3 - DevComponents)
dpeg Cicada (HKLM-x32\...\dpeg_Cicada) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Easy HTML5 Video (HKLM-x32\...\Easy HTML5 Video_is1) (Version: - )
Ext2Fsd 0.53 (HKLM\...\Ext2Fsd_is1) (Version: 0.53 - Matt Wu)
FancyElements (HKLM-x32\...\FancyElements_is1) (Version: - )
Fast Duplicate File Finder 5.4.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 5.4.0.1 - MindGems, Inc.)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
FileZilla Client 3.27.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.1 - Tim Kosse)
Focus Magic 4.02 (HKLM-x32\...\Focus Magic_is1) (Version: 4.02 - Acclaim Software Ltd)
Folder Size 3.8.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.8.0.0 - MindGems, Inc.)
FUTURA CE-250 Software (HKLM-x32\...\{4C31E401-C8D5-4133-8B29-DE5D6B8B9DB0}) (Version: 3.0.0.4 - Default Company Name) Hidden
FUTURA CE-250 Software (HKLM-x32\...\{A8C74A7C-F2F4-4F6C-90AA-6C351570419F}) (Version: 3.0.0.4 - )
GDR 5538 for SQL Server 2008 (KB3045305) (64-bit) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
Golden Records Vinyl to CD Converter (HKLM-x32\...\Golden) (Version: - NCH Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GrabIt 1.7.5 Beta (build 1016) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
HandBrake 1.2.2 (HKLM-x32\...\HandBrake) (Version: 1.2.2 - )
HFSExplorer 0.22.1 (HKLM-x32\...\HFSExplorer) (Version: 0.22.1 - Catacombae Software)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{77d93eea-f5c2-4db5-9c2d-25bc5a2e0ec9}) (Version: 28.0.1316.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HydraVision (HKLM-x32\...\{91F7C67B-C1A2-F1DB-C286-7F56A07C6B49}) (Version: 4.2.212.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{85B6BF0F-EF1B-4F0F-892D-E68BD798950C}) (Version: 2.4.04669 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{FA9F8623-B4C9-452D-A989-CC3AC01A4E27}) (Version: 1.1.5 - Intel Corporation)
iWisoft Flash SWF to Video Converter 3.4 (HKLM-x32\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.4.0 - www.flash-swf-converter.com)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 15.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.2.0 - KLCP)
Kodi (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\Kodi) (Version: - XBMC Foundation)
Macrium Reflect Free Edition (HKLM\...\{1A399324-9784-4384-927F-0FEA922BC516}) (Version: 7.1.3317 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MediaInfo 19.09 (HKLM\...\MediaInfo) (Version: 19.09 - MediaArea.net)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.12026.20320 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{F43ADE73-2880-4A95-B995-4FE386ECF667}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\Teams) (Version: 1.2.00.17057 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Enterprise Edition (HKLM-x32\...\Visual Studio 6.0 Enterprise Edition) (Version: - )
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version: - )
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 3.69 - NCH Software)
MKVToolNix 37.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 37.0.0 - Moritz Bunkus)
Mozilla Firefox 69.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0.3 (x64 en-US)) (Version: 69.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5 - Notepad++ Team)
Npcap 0.9983 (HKLM-x32\...\NpcapInst) (Version: 0.9983 - Nmap Project)
Numerology Calculator (HKLM-x32\...\Numerology Calculator_is1) (Version: 3.41 - )
Numerology Calculator Select (HKLM-x32\...\Numerology Calculator Select_is1) (Version: 1.41 - )
Numerology Healing Tones (HKLM-x32\...\Numerology Healing Tones_is1) (Version: 1.50 - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12026.20320 - Microsoft Corporation) Hidden
Opanda IExif 2.3 (HKLM-x32\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
Opanda PowerExif 1.2 Professional Trial (HKLM-x32\...\Opanda PowerExif Professional Trial_is1) (Version: 1.2 - Opanda Studio)
Opera Stable 64.0.3417.54 (HKLM-x32\...\Opera 64.0.3417.54) (Version: 64.0.3417.54 - Opera Software)
OpticFilm 120 (HKLM-x32\...\{AD13719F-9FE1-46C2-AB8B-716B5F256BF8}) (Version: 5.0.2 - )
OpticFilm 8200i (HKLM-x32\...\{086AA359-A8F0-46BB-B66D-21AE29420B81}) (Version: 5.0.0 - )
PerformanceTest v9.0 (HKLM\...\PerformanceTest 9_is1) (Version: 9.0.1031.0 - Passmark Software)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}) (Version: 1.00.0145 - ALFA NETWORK INC.)
Recover Keys (HKLM\...\Recover Keys_is1) (Version: 11.0.4.229 - Recover Keys)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Registry Backup and Restore (HKLM\...\Registry Backup and Restore_is1) (Version: - Acelogix)
RentMaster (HKLM-x32\...\RentMaster) (Version: 11.2.0 - )
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.1.2010 - Samsung Electronics)
Screenshot Captor 4.12.0 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - )
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SilverFast 8.5.0r7 (64bit) (HKLM-x32\...\SilverFast 8 x64) (Version: 8.5.0r7 - LaserSoft Imaging AG)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 6.0.0.0 - Stellar Information Systems Ltd)
Stellarium 0.19.1.1 (HKLM\...\Stellarium_is1) (Version: 0.19.1.1 - Stellarium team)
Sublime Text Build 3047 (HKLM-x32\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.65 - NCH Software)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.17057 - Microsoft Corporation)
Tweaking.com - Hardware Identify (HKLM-x32\...\Tweaking.com - Hardware Identify) (Version: 2.1.1 - Tweaking.com)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Tweaking.com - Technicians Toolbox (HKLM-x32\...\Tweaking.com - Technicians Toolbox) (Version: 1.2.0 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.6.0 - Tweaking.com)
TweetAdder4 (HKLM-x32\...\{911174C5-85BF-4972-B5E0-4882B32E9396}_is1) (Version: 4.1.140929 - TweetAdder.com)
URL Snooper v2.42.01 (HKLM-x32\...\URLSnooper 2_is1) (Version: - DonationCoder.com)
USB Disk Storage Format Tool 5.0 (HKLM\...\USB Disk Storage Format Tool_is1) (Version: - Authorsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VisualLightBox (HKLM-x32\...\VisualLightBox_is1) (Version: - )
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.13 - VSO Software)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.96 - NCH Software)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WhySoSlow 1.00 (HKLM\...\WhySoSlowHome_is1) (Version: - Resplendence Software Projects Sp.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinSCP 5.9.6 (HKLM-x32\...\winscp3_is1) (Version: 5.9.6 - Martin Prikryl)
Wireshark 3.0.5 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.5 - The Wireshark developer community, hxxps://www.wireshark.org)
WOW Slider (HKLM-x32\...\WOW Slider_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-404867302-3797044342-2971219209-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\honey\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19127.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-404867302-3797044342-2971219209-1000_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\honey\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19127.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-15] (Notepad++ -> )
ContextMenuHandlers1-x32: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files (x86)\Bulk Rename Utility\BRUhere.dll [2014-06-24] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers1-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.) [File not signed]
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files (x86)\Bulk Rename Utility\BRUhere.dll [2014-06-24] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers2-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.) [File not signed]
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4-x32: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files (x86)\Bulk Rename Utility\BRUhere.dll [2014-06-24] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers4-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.) [File not signed]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-10-24] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [475936 2007-05-10] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416544 2007-05-10] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [180224 2008-12-04] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-04-11 20:20 - 2011-04-11 20:20 - 000098304 _____ () [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-11 20:20 - 2011-04-11 20:20 - 000028672 _____ () [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000044032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000034816 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000021504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2011-10-24 05:16 - 2011-10-24 05:16 - 000033280 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2011-10-24 05:16 - 2011-10-24 05:16 - 000014848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll
2011-10-24 05:16 - 2011-10-24 05:16 - 000018944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000253952 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeskMan.HydraVision.Shared.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000094208 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Grid.HydraVision.Dashboard.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000010240 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Grid.HydraVision.Shared.dll
2011-10-24 05:15 - 2011-10-24 05:15 - 000111104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MDProp.HydraVision.Dashboard.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000010240 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MDProp.HydraVision.Shared.dll
2011-10-24 05:15 - 2011-10-24 05:15 - 000250880 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000009728 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiDesk.HydraVision.Shared.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000096768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Settings.HydraVision.Dashboard.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000014848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Settings.HydraVision.Shared.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000019968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000010752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000172032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 001003520 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2011-10-24 05:16 - 2011-10-24 05:16 - 000007680 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll
2011-10-24 05:16 - 2011-10-24 05:16 - 000011264 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll
2011-10-24 05:16 - 2011-10-24 05:16 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll
2011-10-24 05:16 - 2011-10-24 05:16 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.HydraVision.Aspects.Runtime.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000007680 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000060928 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 001286144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000286720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000029184 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2011-06-08 05:26 - 2011-06-08 05:26 - 000020992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CoreAudioApi.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000047104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2011-10-24 05:13 - 2011-10-24 05:13 - 000095744 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2011-06-30 08:48 - 2011-06-30 08:48 - 000085504 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000065536 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2011-10-24 05:08 - 2011-10-24 05:08 - 000837632 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2011-10-24 05:11 - 2011-10-24 05:11 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000036352 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000376832 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000057344 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2009-06-17 09:27 - 2009-06-17 09:27 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000294912 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000439296 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2011-10-24 05:14 - 2011-10-24 05:14 - 000168960 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000008704 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000294912 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2011-10-24 05:12 - 2011-10-24 05:12 - 000180224 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2014-01-01 22:41 - 2011-09-09 05:28 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2010-03-04 04:27 - 2010-03-04 04:27 - 000016384 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2009-04-22 16:13 - 2009-04-22 16:13 - 000045056 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2015-11-23 11:18 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-01-01 22:41 - 2011-09-09 05:28 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2019-10-12 19:34 - 2008-05-22 23:25 - 000043520 _____ (MagicISO, Inc.) [File not signed] C:\Program Files (x86)\MagicISO\misosh64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [180]
AlternateDataStreams: C:\Users\honey\Local Settings:oK6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\honey\Local Settings:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
AlternateDataStreams: C:\Users\honey\AppData\Local:oK6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\honey\AppData\Local:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
AlternateDataStreams: C:\Users\honey\AppData\Local\Application Data:oK6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\honey\AppData\Local\Application Data:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\sharepoint.com -> hxxps://teatrolatea-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-09-07 12:16 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

2019-10-03 19:49 - 2019-10-03 20:24 - 000000508 _____ C:\Windows\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn;c:\Program Files\Microsoft SQL Server\100\Tools\Binn;c:\Program Files\Microsoft SQL Server\100\DTS\Binn;C:\Program Files\Windows Imaging\
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\honey\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: EaseUS Agent => 2
MSCONFIG\Services: ESRV_SVC_QUEENCREEK => 2
MSCONFIG\Services: Guard Agent => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hpqcaslwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: Intel(R) SUR QC SAM => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MacriumService => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MediatekRegistryWriter => 2
MSCONFIG\Services: MediatekRegistryWriter64 => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Realtek87B => 2
MSCONFIG\Services: ReflectService.exe => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: SystemUsageReportSvc_QUEENCREEK => 2
MSCONFIG\Services: USER_ESRV_SVC_QUEENCREEK => 3
MSCONFIG\Services: VyprVPN => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Tenda Wireless Utility.lnk => C:\Windows\pss\Tenda Wireless Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^honey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - .lnk => C:\Windows\pss\Monitor Ink Alerts - .lnk.Startup
MSCONFIG\startupfolder: C:^Users^honey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk.Startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C16FBD02-A15A-42E1-AD7D-46997BB5A44A}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe] => (Block) C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe (GlobalSCAPE, Inc.) [File not signed]
FirewallRules: [UDP Query User{7704C02C-071A-4768-A663-3C89233091D1}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe] => (Block) C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe (GlobalSCAPE, Inc.) [File not signed]
FirewallRules: [TCP Query User{EB8831FF-2188-42B1-B92C-832DD4E16393}C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe] => (Allow) C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{4988F528-BA77-467F-B0B4-5B3CD2686D08}C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe] => (Allow) C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{756FCE78-EDC6-4B00-B8FF-BA2EEBB92B72}C:\apache24\bin\httpd.exe] => (Allow) C:\apache24\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{FC03FF4C-54E2-4E65-92F9-6990136FCA33}C:\apache24\bin\httpd.exe] => (Allow) C:\apache24\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [{454ED93C-8BBA-44CA-BBC0-AF45A8DD69BC}] => (Allow) C:\Users\honey\Downloads\Tech tool store tools\TechToolStore64.exe (Alfredo Anibal Santos Silva -> Carifred)
FirewallRules: [{7D86FE7D-A561-4763-B8F9-B2A33B0B64D0}] => (Allow) C:\Users\honey\Downloads\Tech tool store tools\TechToolStore64.exe (Alfredo Anibal Santos Silva -> Carifred)
FirewallRules: [{52FC53AF-F179-4382-A4E0-E60D397D0E18}] => (Allow) C:\Users\honey\Downloads\Tech tool store tools\TechToolStore64.exe (Alfredo Anibal Santos Silva -> Carifred)
FirewallRules: [TCP Query User{02D439D2-6A2E-4A22-959B-2FE402DBE1F0}C:\users\honey\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe] => (Allow) C:\users\honey\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe () [File not signed]
FirewallRules: [UDP Query User{3ED4978A-DEDD-4E7E-BC38-9312CBC5D8ED}C:\users\honey\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe] => (Allow) C:\users\honey\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe () [File not signed]
FirewallRules: [TCP Query User{E4299DE6-951E-495B-81C9-1B2720D79B27}C:\users\honey\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe] => (Allow) C:\users\honey\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe () [File not signed]
FirewallRules: [UDP Query User{30DE5082-F81C-4AE0-A51F-B16BA47A308D}C:\users\honey\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe] => (Allow) C:\users\honey\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe () [File not signed]
FirewallRules: [{BA7BB4B1-6369-40DB-8961-38F8E06ABF22}] => (Allow) C:\Program Files (x86)\Tenda\Common\RaUI.exe (SHENZHEN JIXIANG TENDA TECHNOLOGY CO.,LTD -> Tenda Inc.) [File not signed]
FirewallRules: [{E916B498-1FB9-4FDB-92C1-53C47CB5533A}] => (Allow) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{7891498E-FA20-4E01-A828-1524D50679F7}] => (Allow) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{6E58E825-69EF-4665-A88E-5B2A2C85539F}] => (Allow) LPort=1542
FirewallRules: [{74C6FA26-D5BA-46B4-9B79-3F91ABFF2F98}] => (Allow) LPort=1542
FirewallRules: [{4D1570CE-6D39-4866-A11E-E896840A4EEE}] => (Allow) LPort=53
FirewallRules: [{6CD25C81-77F0-4A0D-8478-C08FD6D51DAE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9ECF3F6A-C86A-4BE3-BFCB-8D5A4AA7DEA5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{1D853698-C05B-43FF-AD3B-BD0C3404BD62}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{A17A2D1E-1EBA-41FA-98BE-D1D36FFF593D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{554E8BB8-F0E2-4A63-8684-E8D87ECA2245}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{2FE3BEC6-97B1-43C7-A013-6270FB5A3D18}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{29BDF56D-CCE2-4E1E-8F96-E0C7586903CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{91A3B001-8CB3-42E6-A001-C320A0734736}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AF3B461E-1DFD-48A2-B215-857565C9AB73}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{9EDEF159-9A99-4509-AF45-A2EF7E301B2F}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{B6739E01-8819-4BE6-88F9-BBA9041955EE}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{5F893A65-5F36-41F6-A90F-85B050CAB4D6}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [TCP Query User{FB89028C-7AEA-44B9-BA00-5717722B8735}C:\users\honey\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\honey\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{BF7CC505-99CA-495A-AFA9-C2697ED25950}C:\users\honey\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\honey\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{89F5F9A0-836D-4D72-A1E3-C8794D85D565}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{01101417-0A25-4AB9-8F1A-1AD3FA8504C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{43E673C5-C03C-4166-A4B4-25207973D5C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A7C63E47-F07B-4A1C-9E76-8E96351CFF8A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E478025E-E9E5-465E-BB9A-DF996ED76F7D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{51AF18CA-4238-4F9E-9DB2-A02383F480B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2040F752-6FE9-403C-BB4D-D49A15E8BCF0}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe No File
FirewallRules: [{F903C6FA-8C29-48ED-866E-501442738A19}] => (Allow) C:\Program Files (x86)\Opera\63.0.3368.107\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{5EFC5BD8-99F0-4643-8B5A-E658E1DF112D}] => (Allow) C:\Program Files (x86)\Opera\64.0.3417.54\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

11-10-2019 22:48:35 Microsoft Antimalware Checkpoint
12-10-2019 12:56:40 Windows Update
12-10-2019 18:47:15 Revo Uninstaller's restore point - Belarc Advisor 8.5c
13-10-2019 14:31:25 Removed SendBlaster 2
13-10-2019 14:45:37 AdwCleaner_BeforeCleaning_13/10/2019_14:45:37
13-10-2019 16:23:28 AdwCleaner_BeforeCleaning_13/10/2019_16:23:27

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GbE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2019 04:24:18 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (10/13/2019 04:17:01 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (10/13/2019 04:14:31 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (10/13/2019 09:57:12 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.Expression.Platform.WPF.dll because of the following error: is not a valid Win32 application. (Exception from HRESULT: 0x800700C1).

Error: (10/13/2019 09:08:24 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (10/12/2019 09:51:38 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (10/11/2019 10:54:57 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (10/10/2019 08:25:20 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (742:424:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.


System errors:
=============
Error: (10/13/2019 04:32:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (10/13/2019 04:32:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\honey\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/13/2019 04:32:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (10/13/2019 04:32:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\honey\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/13/2019 04:32:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (10/13/2019 04:32:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\honey\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/13/2019 04:32:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (10/13/2019 04:32:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\honey\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Windows Defender:
===================================
Date: 2016-05-10 13:39:29.816
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Stallmonitz&threatid=225956
Name:SoftwareBundler:Win32/Stallmonitz
ID:225956
Severity:High
Category:Software Bundler
Path Found:containerfile:C:\Users\honey\Desktop\BlueStacks-SplitInstaller_native.exe;file:C:\Users\honey\Desktop\BlueStacks-SplitInstaller_native.exe->(nsis-instdata)
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:c:\program files\windows defender\MpCmdRun.exe

Date: 2015-05-14 02:55:17.260
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/WinOptimizer&threatid=206677
Name:SoftwareBundler:Win32/WinOptimizer
ID:206677
Severity:High
Category:Software Bundler
Path Found:containerfile:C:\ProgramData\Optimizer\program\newver_10_1.7.0.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_25_1.7.1.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_37_1.7.3.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_38_1.6.9.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_54_1.7.2.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_83_1.7.3.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_95_1.7.2.0.exe;file:C:\Program Files (x86)\Software Update Services\software-update-services.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A1\config\load_config.ini;file:C:\Program Files (x86)\YouTube Downloader Services\A1\load_config.ini;file:C:\Program Files (x86)\YouTube Downloader Services\A1\vmnet.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A1\winphp.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A1\youtubeserv.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A2\config\load_config.ini;file:
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:c:\program files\windows defender\MpCmdRun.exe

Date: 2015-02-13 12:56:09.110
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/WinOptimizer&threatid=206677
Name:SoftwareBundler:Win32/WinOptimizer
ID:206677
Severity:High
Category:Software Bundler
Path Found:file:C:\Program Files (x86)\YouTube Downloader Services\A2\youtubeserv.exe;process:pid:2072,ProcessStart:130683102609928583;service:YouTubeDownload_A2
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2015-02-13 12:45:18.333
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/WinOptimizer&threatid=206677
Name:SoftwareBundler:Win32/WinOptimizer
ID:206677
Severity:High
Category:Software Bundler
Path Found:file:C:\Program Files (x86)\YouTube Downloader Services\A2\youtubeserv.exe;process:pid:2072,ProcessStart:130683102609928583
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2014-11-29 22:00:49.112
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/WinOptimizer&threatid=206677
Name:SoftwareBundler:Win32/WinOptimizer
ID:206677
Severity:High
Category:Software Bundler
Path Found:file:C:\Program Files (x86)\YouTube Downloader Services\P2\vmnet.exe;process:pid:6068
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2016-08-06 12:31:33.975
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:1.1.12902.0
Error code:0x8050a003
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

Date: 2016-08-01 13:30:57.462
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80096010
Error description:The digital signature of the object did not verify.
Signature version:1.225.2702.0
Engine version:1.1.12902.0

Date: 2016-07-19 10:23:40.259
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:1.1.12902.0
Error code:0x8050a003
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

Date: 2016-06-26 10:42:27.755
Description:
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3

Date: 2016-05-15 16:17:59.424
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x800700c1
Error description:Windows Defender is not a valid Win32 application.
Signature version:1.219.1406.0
Engine version:1.1.12706.0

CodeIntegrity:
===================================

Date: 2016-08-27 13:29:06.372
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 11:58:09.638
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 11:54:47.297
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 11:54:47.204
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 11:54:29.778
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 11:54:29.607
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 11:42:13.553
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 11:37:20.645
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: AMI 7.16 03/23/2012
Motherboard: Foxconn 2ABF
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 89%
Total physical RAM: 8172.83 MB
Available physical RAM: 898.43 MB
Total Virtual: 16343.81 MB
Available Virtual: 6645.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:600.29 GB) (Free:251 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (System Reserved) (Fixed) (Total:130.86 GB) (Free:129.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Backup) (Fixed) (Total:200.36 GB) (Free:79.49 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 981B9614)
Partition 1: (Active) - (Size=600.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=130.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=05)

==================== End of Addition.txt ============================
 
Adware Cleaner most certainly found a number of unsafe programs, some that have been around for a long time.

Please see Post #2 above and the instructions for the ESET scan and provide that log.

Thank you!
 
I may not have had enough coffee yet today. Please open C:\Users\honey\Desktop\ESETlog.txt and copy and paste its contents.
 
10/13/2019 19:44:12 PM
Files scanned: 1050316
Infected files: 77
Cleaned threats: 77
Total scan time 03:08:06
Scan status: Finished


C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.V potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT\vntldr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.V potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
C:\EzPE3_v9\Projects\Tools\x64\hstart.exe a variant of Win32/HiddenStart.B potentially unsafe application cleaned by deleting
C:\EzPE3_v9\Projects\Tools\x86\hstart.exe a variant of Win32/HiddenStart.B potentially unsafe application cleaned by deleting
C:\EzPE3_v9\Projects\Tools\hstart.exe a variant of Win32/HiddenStart.B potentially unsafe application cleaned by deleting
C:\Program Files\Recover Keys\RecoverKeys.exe a variant of Win32/RecoverKeys.B potentially unsafe application deleted
C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\patch.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application cleaned by deleting
C:\Program Files (x86)\NCH Software\Golden\golden.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting
C:\Program Files (x86)\NCH Software\Golden\grsetup_engl_v1.93.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
C:\Program Files (x86)\NCH Software\Golden\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting
C:\Program Files (x86)\NCH Software\MixPad\mixpad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
C:\Program Files (x86)\NCH Software\MixPad\mixpadsetup_v3.69.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
C:\Program Files (x86)\NCH Software\Switch\switch.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
C:\Program Files (x86)\NCH Software\Switch\switchsetup_v4.65.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting
C:\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.96.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted
C:\Users\honey\Documents\My Data Sources\Franks USB\PowerISO FULL 5.8 + Serials [ThumperDC]\PowerISO FULL 5.8 + Serials [ThumperDC.com]\PowerISO FULL 5.8 + Serials [ThumperDC]\PowerISO5.exe Win32/OpenCandy potentially unsafe application cleaned by deleting
C:\Users\honey\Documents\Scanned Documents\Otilia\Downloads\BandooV4.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting
C:\Users\honey\Documents\Scanned Documents\Otilia\Downloads\BitTorrent-6.1.2.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting
C:\Users\honey\Documents\Websites\dannysrecord.com\admin\modules\3rdparty\Quantity_Discounts_by_Group\qdpg_lock.php PHP/Obfuscated.F potentially unwanted application cleaned by deleting
C:\Users\honey\Documents\Websites\dannysrecord.com\includes\estelles_mod_store\quantity_discounts.cart2.inc.php PHP/Obfuscated.F potentially unwanted application cleaned by deleting
C:\Users\honey\Documents\Websites\dannysrecord.com\Site Files\admin\modules\3rdparty\Quantity_Discounts_by_Group\qdpg_lock.php PHP/Obfuscated.F potentially unwanted application cleaned by deleting
C:\Users\honey\Documents\Websites\dannysrecord.com\Site Files\images\5_asp;.jpg ASP/Small.A trojan cleaned by deleting
C:\Users\honey\Documents\Websites\dannysrecord.com\Site Files\includes\estelles_mod_store\quantity_discounts.cart2.inc.php PHP/Obfuscated.F potentially unwanted application cleaned by deleting
C:\Users\honey\Documents\Websites\dannysrecord.com\Site Files\sitemap.php PHP/Obfuscated.F potentially unwanted application cleaned by deleting
C:\Users\honey\Documents\Websites\dannysrecord.com\sitemap.php PHP/Obfuscated.F potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\CuteFTP 8 Professional + PrivateKeygen\Patch\patch.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\EASEUS Todo Backup Advanced Server 5.8 Retail + Keygen\EASEUS Todo Backup Advanced\~Get Your Software Here\EaseUS_Todo_Backup_Advanced_Server_5.8.exe a variant of Win32/TFTPD32.A potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\EzPE3_v9\Projects\Tools\x64\hstart.exe a variant of Win32/HiddenStart.B potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\EzPE3_v9\Projects\Tools\x86\hstart.exe a variant of Win32/HiddenStart.B potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\EzPE3_v9\Projects\Tools\hstart.exe a variant of Win32/HiddenStart.B potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\guiminer\poclbm.exe Python/CoinMiner.A potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\NCH Golden Records Vinyl to CD Converter v1.93 with Key [TorDigger]\grsetup_engl.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin\ccminer_cryptonight\ccminer.exe a variant of Win32/CoinMiner.BV potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin\ccminer_klaust\ccminer.exe a variant of Win64/CoinMiner.AP potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin\ccminer_neoscrypt\ccminer.exe a variant of Win32/CoinMiner.BY potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin\ccminer_sp\ccminer.exe a variant of Win32/CoinMiner.BY potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin\excavator\excavator.exe a variant of Win64/CoinMiner.CD potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin\nheqminer_v0.4b\nheqminer.exe a variant of Win64/CoinMiner.BW potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin\xmr-stak-cpu\xmr-stak-cpu.exe a variant of Win64/CoinMiner.CF potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin_3rdparty\claymore_cryptonight\Remote manager\EthMan.exe a variant of Win32/CoinMiner.FS potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin_3rdparty\claymore_cryptonight\NsGpuCNMiner.exe a variant of Win64/CoinMiner.BX potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin_3rdparty\claymore_dual\cuda6.5\EthDcrMiner64.exe a variant of Win64/CoinMiner.BX potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin_3rdparty\claymore_dual\cuda7.5\EthDcrMiner64.exe a variant of Win64/CoinMiner.BX potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin_3rdparty\claymore_dual\Remote manager\EthMan.exe a variant of Win32/CoinMiner.FS potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin_3rdparty\claymore_zcash\Remote manager\EthMan.exe a variant of Win32/CoinMiner.FS potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\bin_3rdparty\optiminer_zcash_win\Optiminer.exe a variant of Win64/CoinMiner.FX potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\NHML-1.8.1.2_LangFix\NiceHashMinerLegacy.exe a variant of MSIL/CoinMiner.N potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\pirjv.Speccy.Professional..Technician.1.29.714..Portable\spsetup129.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\PowerISO FULL 5.8 + Serials [ThumperDC]\PowerISO FULL 5.8 + Serials [ThumperDC.com]\PowerISO FULL 5.8 + Serials [ThumperDC]\PowerISO5.exe Win32/OpenCandy potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\produkey-x64\ProduKey.exe a variant of Win64/PSWTool.ProductKey.A potentially unsafe application cleaned by deleting
C:\Users\honey\Downloads\GardeningEnthusiastâ„¢ - 1000s of FREE gardening ideas..html JS/Mindspark.G potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\guiminer-20121203.exe Python/CoinMiner.A potentially unsafe application deleted
C:\Users\honey\Downloads\JDownloaderSetup.exe a variant of Win32/WebCompanion.B potentially unwanted application cleaned by deleting
C:\Users\honey\Downloads\Recuva 1.52.1086-V3NOMs.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Windows\Installer\30ba89.msi a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted
C:\Windows\SysWOW64\driver_booster_setup (1).exe a variant of Win32/IObit.I potentially unwanted application,a variant of Win32/IObit.N potentially unwanted application,a variant of Win32/IObit.L potentially unwanted application,a variant of Win32/IObit.D potentially unwanted application cleaned by deleting
 
That was the AdwCleaner log, not the ESET log but we'll skip that and move on.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ".
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File] 
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] 
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] 
U3 aswbdisk; no ImagePath
U4 npf_wifi; no ImagePath 
C:\Users\honey\AppData\Roaming\IObit 
C:\Users\honey\AppData\LocalLow\IObit 
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\ChromeHTML: ->  <==== ATTENTION 
ShellExecuteHooks-x32: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} =>  -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} =>  -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} =>  -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} =>  -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} =>  -> No File 
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File 
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File 
C:\ProgramData\TEMP:D5FBE8F9 [180]
C:\Users\honey\Local Settings:eek:K6ap3JWZyZX1kkco [2422]
C:\Users\honey\Local Settings:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
C:\Users\honey\AppData\Local:eek:K6ap3JWZyZX1kkco [2422]
C:\Users\honey\AppData\Local:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
C:\Users\honey\AppData\Local\Application Data:eek:K6ap3JWZyZX1kkco [2422]
C:\Users\honey\AppData\Local\Application Data:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368] 
FirewallRules: [{2040F752-6FE9-403C-BB4D-D49A15E8BCF0}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe No File
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019 02
Ran by honey (14-10-2019 14:17:24) Run:1
Running from C:\Users\honey\Downloads
Loaded Profiles: honey (Available Profiles: honey)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
U3 aswbdisk; no ImagePath
U4 npf_wifi; no ImagePath
C:\Users\honey\AppData\Roaming\IObit
C:\Users\honey\AppData\LocalLow\IObit
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\ChromeHTML: -> <==== ATTENTION
ShellExecuteHooks-x32: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => -> No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
C:\ProgramData\TEMP:D5FBE8F9 [180]
C:\Users\honey\Local Settings:eek:K6ap3JWZyZX1kkco [2422]
C:\Users\honey\Local Settings:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
C:\Users\honey\AppData\Local:eek:K6ap3JWZyZX1kkco [2422]
C:\Users\honey\AppData\Local:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
C:\Users\honey\AppData\Local\Application Data:eek:K6ap3JWZyZX1kkco [2422]
C:\Users\honey\AppData\Local\Application Data:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
FirewallRules: [{2040F752-6FE9-403C-BB4D-D49A15E8BCF0}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe No File
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009 => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1 => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.2 => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.3 => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5 => removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\npf_wifi => removed successfully
npf_wifi => service removed successfully
C:\Users\honey\AppData\Roaming\IObit => moved successfully
C:\Users\honey\AppData\LocalLow\IObit => moved successfully
HKU\S-1-5-21-404867302-3797044342-2971219209-1000_Classes\ChromeHTML => removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" => removed successfully
HKLM\SOFTWARE\WOW6432Node\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub) => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub) => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder) => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark) => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE => removed successfully
HKLM\Software\Classes\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found
"C:\ProgramData\TEMP:D5FBE8F9 [180]" => not found
"C:\Users\honey\Local Settings:eek:K6ap3JWZyZX1kkco [2422]" => not found
"C:\Users\honey\Local Settings:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]" => not found
"C:\Users\honey\AppData\Local:eek:K6ap3JWZyZX1kkco [2422]" => not found
"C:\Users\honey\AppData\Local:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]" => not found
"C:\Users\honey\AppData\Local\Application Data:eek:K6ap3JWZyZX1kkco [2422]" => not found
"C:\Users\honey\AppData\Local\Application Data:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2040F752-6FE9-403C-BB4D-D49A15E8BCF0}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11164261 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 546364 B
Edge => 0 B
Chrome => 244259019 B
Firefox => 22023326 B
Opera => 503608183 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1904682 B
honey => 46573190 B

RecycleBin => 0 B
EmptyTemp: => 799.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:18:41 ====
 
Well I haven't checked with MSE yet. In the past and even recently I have tried using Avast to scan for and eliminate viruses etc. I even tried using it in boot mode an all it did was quarantine corrupted zip files etc. but it never mentioned the hack tool or the backdoor tool. This script was able to fix chrome in the sense that I wasn't able to finally update it but in the process I lost all my tabs. I hope this eliminates some of the strange occurrences in the past. For instance I would get multiple windows of chrome for no reason. Another example is that I would type the word "when" and it would come out as "wheeeeeen". I don't know if it's related. So for now let me check with MSE.
 
After you check with MSE, it wouldn't hurt to also provide C:\Users\honey\Desktop\ESETlog.txt as a double-check to see if it found anything.
 
MSE found HackTool:Win32/Keygen High, error encountered when removing it. Maybe a false positive?

ESETlog

10/14/2019 23:10:21 PM
Files scanned: 1052794
Infected files: 0
Cleaned threats: 0
Total scan time: 03:19:57
Scan status: Finished
 
Thank you for the ESET log results. et's take a different direction on the results that keep posting with emoticons. :-)

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ".
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [180]
AlternateDataStreams: C:\Users\honey\Local Settings:eek:K6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\honey\Local Settings:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
AlternateDataStreams: C:\Users\honey\AppData\Local:eek:K6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\honey\AppData\Local:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
AlternateDataStreams: C:\Users\honey\AppData\Local\Application Data:eek:K6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\honey\AppData\Local\Application Data:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019 02
Ran by honey (15-10-2019 10:25:27) Run:2
Running from C:\Users\honey\Downloads
Loaded Profiles: honey (Available Profiles: honey)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [180]
AlternateDataStreams: C:\Users\honey\Local Settings:eek:K6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\honey\Local Settings:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
AlternateDataStreams: C:\Users\honey\AppData\Local:eek:K6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\honey\AppData\Local:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
AlternateDataStreams: C:\Users\honey\AppData\Local\Application Data:eek:K6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\honey\AppData\Local\Application Data:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\TEMP => ":D5FBE8F9" ADS removed successfully
C:\Users\honey\Local Settings => ":eek:K6ap3JWZyZX1kkco" ADS could not remove.
C:\Users\honey\Local Settings => ":rOQb2MZzLNo5sp0Fopx0oVE6I2q" ADS removed successfully
C:\Users\honey\AppData\Local => ":eek:K6ap3JWZyZX1kkco" ADS could not remove.
C:\Users\honey\AppData\Local => ":rOQb2MZzLNo5sp0Fopx0oVE6I2q" ADS could not remove.
C:\Users\honey\AppData\Local\Application Data => ":eek:K6ap3JWZyZX1kkco" ADS could not remove.
C:\Users\honey\AppData\Local\Application Data => ":rOQb2MZzLNo5sp0Fopx0oVE6I2q" ADS could not remove.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6749615 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2503894 B
Edge => 0 B
Chrome => 381137907 B
Firefox => 21177749 B
Opera => 89744860 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2542 B
honey => 1432539 B

RecycleBin => 0 B
EmptyTemp: => 487.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:26:12 ====
 
Just an observation: Chrome tabs keep disappearing and basically starting fresh. I tried using session manager extension on chrome to save tabs but that too was deleted. The only thing that is saved is history in chrome. Opera browser (with VPN) is different, somehow it keeps it's tabs and everything else.
 
I believe the removal of "C:\ProgramData\TEMP:D5FBE8F9" may be what MSE was seeing.

As to Chrome, I'm sorry, I don't use Chrome. You may want to consider reinstalling it.

Please keep in mind that January 14, 2020 is the "end of life" date for Windows 7 which means discontinuation of all updates, including security updates.
 
No. The ADS (Alternate Data Stream) was removed by FRST.
 
Should I run MSE again? Or would that be pointless now. Also I will upgrade before the deadline.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top