I had a not-so-nice worm. Was running for a few years without an antivirus, and ran an infected installer - so totally my fault.
Malwarebytes got rid of most issues - and there were dozens, if not hundreds.
I also had to reset group policy, which blocked security-related stuff, e.g. Windows Update.
Some artifacts remain though, and I was hoping some of the gurus here could help.
Remaining issues:
1. Windows update gets broken every boot (getting "Unspecified errror" regarding C:\Users\...\...settingcontent-ms).
WindowsUpdateDiagnostic fixes it, so I'm up-to-date, but not having automatic updates is a pain.
2. Reboot/shutdown never completes. I have to press the power button to "help" it (could be related to #1)
3. Starting Windows Defender fails with the following error in MSASCui.exe: "The size of the manifest exceeds the maximum allowed"
Not that I'm planning to use it - but it's one of the things that could be pointing at other issues I've missed.
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29.12.2018
Ran by Jean Spector (administrator) on JEAN-DELL (31-12-2018 02:00:01)
Running from C:\Users\Jean Spector\Desktop
Loaded Profiles: Jean Spector (Available Profiles: Jean Spector)
Platform: Windows 8.1 Enterprise (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Windows\System32\UshUpgradeService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Windows\System32\HostControlService.exe
(Broadcom Corporation) C:\Windows\System32\HostStorageService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
() C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Siber Systems\GoodSync\GoodSync-v10.exe
(BitTorrent Inc.) C:\Users\Jean Spector\AppData\Roaming\BitTorrent\BitTorrent.exe
() C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(BitTorrent Inc.) C:\Users\Jean Spector\AppData\Roaming\BitTorrent\updates\7.10.4_44847\bittorrentie.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(BitTorrent Inc.) C:\Users\Jean Spector\AppData\Roaming\BitTorrent\updates\7.10.4_44847\bittorrentie.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Degoo Backup AB) C:\Users\Jean Spector\AppData\Local\Degoo\Degoo.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Degoo Backup AB) C:\Users\Jean Spector\AppData\Local\Degoo\DegooHealthCheck.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5966864 2018-05-02] (Box, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-19] (AVAST Software)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-14] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-11-13] (Intel Corporation)
HKLM-x32\...\Run: [WD Drive Manager] => C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [480768 2012-05-01] (WDC)
HKLM-x32\...\Run: [Corsair M60 Mouse] => C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe [1766912 2013-06-05] (Corsair Components Inc)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\Run: [Google Update] => C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [605992 2018-12-20] (Google Inc.)
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\Run: [GoodSync] => C:\Program Files\Siber Systems\GoodSync\GoodSync-v10.exe [13434592 2018-12-27] ()
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\Run: [BitTorrent] => C:\Users\Jean Spector\AppData\Roaming\BitTorrent\BitTorrent.exe [1742528 2018-11-23] (BitTorrent Inc.)
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805160 2018-11-09] (Skype Technologies S.A.)
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3434224 2018-12-21] ()
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46459080 2018-10-04] ()
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\RunOnce: [Uninstall C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\RunOnce: [Uninstall C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\MountPoints2: {43ccabe4-f2a3-11e6-82a7-ac7ba12c920e} - "D:\LaunchU3.exe" -a
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\MountPoints2: {53f656fe-3389-11e7-82b5-ac7ba12c920e} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\MountPoints2: {c27dfce6-e610-11e7-82d2-ac7ba12c920e} - "D:\LG_PC_Programs.exe"
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3434224 2018-12-21] ()
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [69632 2014-10-29] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Windows Mail\WinMail.exe [2014-10-29] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-20] (Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files (x86)\Windows Mail\WinMail.exe [2014-10-29] (Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ascom diagnostics.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ascom.filterwheelsim.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ascom.och.test.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ascom.ocsimulator.test.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ascom.rotatorsimulator.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ascom.telescopesimulator.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ascomdome.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\domesim.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\drivereasy.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\filterwheelsim.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\focussim.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\pipe.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\popcorntimedesktop.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\poth.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\privacyiconclient.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\profileexplorer.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\scopesim.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\switchsim.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wddmstatus.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wdsmartware.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-11-01]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrazyKeys.lnk [2015-09-03]
ShortcutTarget: CrazyKeys.lnk -> C:\Program Files (x86)\CrazyKeys\CrazyKeys.exe (Oleg Valberg)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2017-06-03]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2017-06-03]
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\Jean Spector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Degoo .lnk [2017-04-19]
ShortcutTarget: Degoo .lnk -> C:\Users\Jean Spector\AppData\Local\Degoo\Degoo.exe (Degoo Backup AB)
Startup: C:\Users\Jean Spector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HipChat.lnk [2017-10-02]
ShortcutTarget: HipChat.lnk -> C:\Program Files (x86)\Atlassian\HipChat4\HipChat.exe (No File)
Startup: C:\Users\Jean Spector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-07-29]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
Startup: C:\Users\Jean Spector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-06-26]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
Startup: C:\Users\Jean Spector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svs.lnk [2018-10-29]
ShortcutTarget: svs.lnk -> C:\Users\Jean Spector\AppData\Local\svs.exe (No File)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{3C04BB80-4CDB-44E0-B95F-89F3972930C0}: [DhcpNameServer] 10.100.100.15 10.10.100.15
Tcpip\..\Interfaces\{71396758-3DF9-4D46-AEB2-BF2D3FF6B126}: [DhcpNameServer] 192.168.2.254
Internet Explorer:
==================
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://il.msn.com/?rd=1&ucc=IL&dcc=IL&opt=0
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-01] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-01] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-2612820603-309181636-2091425902-1001 -> is enabled.
FireFox:
========
FF ProfilePath: C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default [2018-12-28]
FF Homepage: Mozilla\Firefox\Profiles\mzkgt3ec.default -> Google
FF NewTab: Mozilla\Firefox\Profiles\mzkgt3ec.default -> about:newtab
FF Session Restore: Mozilla\Firefox\Profiles\mzkgt3ec.default -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\mzkgt3ec.default -> Disabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\mzkgt3ec.default -> Enabled: treestyletab@piro.sakura.ne.jp
FF Extension: (Cisco WebEx Extension) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\ciscowebexstart1@cisco.com.xpi [2017-12-09]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\firefox@ghostery.com.xpi [2018-12-28]
FF Extension: (Hebrew spell-checking dictionary (from HSpell)) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\he@dictionaries.addons.mozilla.org.xpi [2018-12-28]
FF Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\hotspot-shield@anchorfree.com.xpi [2018-03-15]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\support@lastpass.com.xpi [2018-12-28]
FF Extension: (Tree Style Tab) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2018-12-28]
FF Extension: (Avast Online Security) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\wrc@avast.com.xpi [2018-11-01]
FF Extension: (Session Manager) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (Quick JIRA) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\{25e741fe-a00f-4568-9197-f5a591f1b56d}.xpi [2018-06-21]
FF Extension: (session-resurrection) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\{53bf5681-b6ad-4883-be7c-e831e167cec9}.xpi [2018-12-28]
FF Extension: (Adblock Plus) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-28]
FF Extension: (Telemetry coverage) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\features\{3ced4067-1396-459b-b455-1b096e1a5c3d}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-09-26] [Legacy]
FF SearchPlugin: C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\searchplugins\google-avast.xml [2018-11-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-06] ()
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2612820603-309181636-2091425902-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jean Spector\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2612820603-309181636-2091425902-1001: @talk.google.com/O1DPlugin -> C:\Users\Jean Spector\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2612820603-309181636-2091425902-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2612820603-309181636-2091425902-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2612820603-309181636-2091425902-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Jean Spector\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-20] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jean Spector\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jean Spector\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://isearch.avg.com/?cid={41E2810F-1559-490C-9255-FFCC374D70BD}&mid=f2552a1ea98a47d09d4bd16b5371ef2b-eb50a236e5ad81446db0dfc939c6eae3b57337f2&lang=en&ds=gm011&pr=sa&d=2012-11-23 13:23:33&v=13.2.0.4&sap=hp","hxxp://www.linuxmint.com/start/nadia"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default [2018-12-31]
CHR Extension: (Slides) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-21]
CHR Extension: (YouTube) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10]
CHR Extension: (Google Search) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Session Buddy) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-02-02]
CHR Extension: (Grooveshark Downloader) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglmoaliddiejknfhdgicfdlaplbojem [2014-09-08]
CHR Extension: (Sheets) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-18]
CHR Extension: (The Camelizer) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2018-06-23]
CHR Extension: (AdBlock) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-11]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-12-31]
CHR Extension: (Avast Online Security) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-11-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-12-31]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-12-29]
CHR Extension: (Anti-Adblock Popup Blocker) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjdhoikoppfngdpngepakeogdnlcilm [2016-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-10]
CHR Extension: (Gmail) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]
CHR Extension: (Chrome Media Router) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-31]
CHR HKU\S-1-5-21-2612820603-309181636-2091425902-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-19] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-19] (AVAST Software)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36680 2018-05-02] (Box, Inc.)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [9121248 2018-10-24] (AVAST Software)
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
S2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-12-03] (PC-Doctor, Inc.)
S2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [7833824 2018-12-27] ()
R2 hostcontrolsvc; C:\Windows\System32\HostControlService.exe [824280 2018-11-28] (Broadcom Corporation)
R2 hoststoragesvc; C:\Windows\System32\HostStorageService.exe [169944 2018-11-28] (Broadcom Corporation)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [184064 2016-11-18] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [354280 2016-06-09] (Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [File not signed]
R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [100864 2017-06-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [File not signed]
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-29] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-12] (Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2018-12-18] (Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [285424 2018-12-21] ()
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [535424 2018-12-18] (Razer Inc.)
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2018-04-06] (Popcorn Time) [File not signed]
R2 ushupgradesvc; C:\Windows\System32\UshUpgradeService.exe [274392 2018-11-28] ()
S4 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [119296 2012-05-01] (WDC) [File not signed]
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
S4 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel® Corporation)
S2 GsRunner Jean Spector; "C:\Program Files\Siber Systems\GoodSync\gsync.exe" /runner-service="C:/Users/Jean Spector/AppData/Roaming/GoodSync" [X] <==== ATTENTION
S4 zesjpvnu; C:\Windows\SysWOW64\zesjpvnu\ahuuxiav.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-11-19] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-19] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-11-19] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-11-19] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-11-19] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-11-19] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-11-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-11-19] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-11-19] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-11-19] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-11-19] (AVAST Software)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Dell Inc.)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [41208 2018-10-20] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [529392 2015-08-05] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [214272 2016-11-18] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3595472 2018-10-12] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [261120 2016-06-22] (Microsoft Corporation)
R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [131072 2016-03-04] (Microsoft Corporation)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [46680 2018-09-13] (Razer Inc)
R3 RzDev_005c; C:\Windows\System32\drivers\RzDev_005c.sys [49648 2018-04-22] (Razer Inc)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [93432 2014-07-18] (STMicroelectronics)
S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
S3 vNICdrv; C:\Windows\system32\DRIVERS\vNICdrv.sys [20048 2017-01-22] (Iomega Corporation)
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17632 2014-07-18] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WIMBLEMS; C:\Windows\system32\drivers\WIMBLEMS.sys [25600 2012-03-27] ( )
S3 cpuz140; \??\C:\Users\JEANSP~1\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S1 FortiShield; system32\drivers\FortiShield.sys [X]
S3 mdareDriver_52; \??\C:\Users\JEANSP~1\AppData\Local\Temp\FCPreScan\mdare64_52.sys [X] <==== ATTENTION
S1 MpKsl0dd02f42; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E81A32E6-55F3-4214-AA63-32F8C2A695D0}\MpKsl0dd02f42.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-31 02:00 - 2018-12-31 02:00 - 000036408 _____ C:\Users\Jean Spector\Desktop\FRST.txt
2018-12-31 01:58 - 2018-12-31 01:58 - 000000000 ____D C:\Users\Jean Spector\AppData\LocalLow\BitTorrent
2018-12-31 00:44 - 2018-12-31 02:00 - 000000000 ____D C:\FRST
2018-12-31 00:44 - 2018-12-31 00:44 - 002424320 _____ (Farbar) C:\Users\Jean Spector\Desktop\FRST64.exe
2018-12-30 00:44 - 2018-12-14 09:38 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-30 00:44 - 2018-12-14 08:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-12-30 00:44 - 2018-11-28 11:39 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-12-30 00:44 - 2018-11-28 10:08 - 015441408 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-30 00:44 - 2018-11-28 10:04 - 013322240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-12-30 00:44 - 2018-11-15 05:00 - 025735680 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-30 00:44 - 2018-11-15 04:34 - 020281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-12-30 00:44 - 2018-11-15 03:51 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-12-30 00:44 - 2018-11-15 03:50 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-30 00:44 - 2018-11-13 06:35 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-30 00:44 - 2018-11-13 06:00 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-12-30 00:44 - 2018-11-13 05:52 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-12-30 00:44 - 2018-11-13 05:51 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-30 00:44 - 2018-11-13 05:43 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-12-30 00:44 - 2018-11-13 05:42 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-12-30 00:44 - 2018-11-13 05:38 - 013681152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-12-30 00:44 - 2018-11-13 05:38 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-30 00:44 - 2018-11-13 05:37 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-12-30 00:44 - 2018-11-13 05:27 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-12-30 00:44 - 2018-11-13 05:18 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-12-30 00:44 - 2018-11-13 05:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-12-30 00:44 - 2018-11-13 05:15 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-12-30 00:44 - 2018-11-13 05:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-12-30 00:44 - 2018-11-10 21:42 - 001368584 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-12-30 00:44 - 2018-11-10 21:36 - 007371720 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-12-30 00:44 - 2018-11-10 21:25 - 000121288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2018-12-30 00:44 - 2018-11-10 20:54 - 001308456 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-30 00:44 - 2018-11-10 20:53 - 000356088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-30 00:44 - 2018-11-10 18:34 - 001754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2018-12-30 00:44 - 2018-11-10 18:25 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-12-30 00:44 - 2018-11-10 18:22 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-12-30 00:44 - 2018-11-10 18:15 - 001491968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2018-12-30 00:44 - 2018-11-03 20:28 - 002532344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-30 00:44 - 2018-11-03 19:41 - 001903456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-12-30 00:44 - 2018-11-03 17:25 - 002348032 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-30 00:44 - 2018-11-03 17:11 - 001556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-12-29 22:32 - 2018-12-29 22:32 - 000168534 _____ C:\Users\Jean Spector\Downloads\m200818abc.xlsx
2018-12-29 14:51 - 2018-12-29 14:51 - 000002028 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-12-29 14:51 - 2018-12-29 14:51 - 000002026 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-12-29 14:51 - 2018-12-29 14:51 - 000002016 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-12-29 14:51 - 2018-12-29 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-12-29 14:51 - 2018-12-29 14:51 - 000000000 ____D C:\Program Files\Google
2018-12-29 14:50 - 2018-12-29 14:50 - 001136176 _____ (Google Inc.) C:\Users\Jean Spector\Downloads\installbackupandsync.exe
2018-12-28 19:10 - 2018-12-28 19:10 - 000001513 _____ C:\Users\Public\Desktop\Razer Synapse.lnk
2018-12-27 06:21 - 2018-12-27 06:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
2018-12-22 19:12 - 2018-12-22 19:13 - 003194701 _____ C:\Users\Jean Spector\Downloads\KMSpico-setup-pass-officialkmspico.com.zip
2018-12-22 15:56 - 2018-12-22 15:58 - 000000210 _____ C:\Users\Jean Spector\Documents\regex.ps1
2018-12-12 10:29 - 2018-12-12 10:29 - 000000037 _____ C:\Windows\SysWOW64\SmartFlow.txt
2018-12-12 10:26 - 2018-12-12 10:26 - 000000000 _____ C:\Windows\SysWOW64\SpyWareFolderstoFilter.txt
2018-12-11 21:02 - 2018-12-31 01:58 - 000007853 _____ C:\Windows\system32\CVFirmwareUpgradeLog.txt
2018-12-03 14:40 - 2018-12-03 14:40 - 000002190 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2018-12-03 14:38 - 2018-12-31 00:31 - 000004202 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-12-03 14:38 - 2018-12-03 14:38 - 000000000 ____D C:\ProgramData\SupportAssist
2018-12-03 14:38 - 2018-12-03 14:38 - 000000000 ____D C:\ProgramData\Dell Inc
2018-12-03 14:20 - 2018-12-03 14:40 - 000000000 ____D C:\Program Files\Dell
2018-12-02 23:46 - 2018-12-28 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2018-12-02 23:46 - 2018-12-02 23:46 - 000000000 ____D C:\Users\Jean Spector\AppData\Roaming\Synapse3
2018-12-02 23:44 - 2018-12-02 23:44 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\Razer
2018-12-02 23:44 - 2018-12-02 23:44 - 000000000 ____D C:\Program Files\Razer Chroma SDK
2018-12-02 23:44 - 2018-12-02 23:44 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2018-12-02 23:41 - 2018-12-11 21:03 - 000000000 ____D C:\Program Files (x86)\Razer
2018-12-02 23:41 - 2018-12-02 23:50 - 000000000 ____D C:\ProgramData\Razer
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-31 02:01 - 2017-08-13 00:19 - 000000000 ____D C:\Users\Jean Spector\AppData\Roaming\BitTorrent
2018-12-31 02:00 - 2017-05-16 10:26 - 000000000 ____D C:\Users\Jean Spector\AppData\Roaming\GoodSync
2018-12-31 01:59 - 2017-04-19 12:45 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\Degoo
2018-12-31 01:58 - 2015-03-15 11:25 - 000000000 __RDO C:\Users\Jean Spector\OneDrive
2018-12-31 01:58 - 2014-08-14 17:41 - 000000000 __SHD C:\Users\Jean Spector\IntelGraphicsProfiles
2018-12-31 01:58 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-31 01:54 - 2016-04-05 17:11 - 000000000 ____D C:\Users\Jean Spector\Documents\ShareX
2018-12-31 01:41 - 2013-09-30 06:19 - 000867072 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-31 01:41 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2018-12-31 01:29 - 2018-07-14 19:12 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\AdvinstAnalytics
2018-12-31 01:29 - 2018-07-14 16:19 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\cache
2018-12-31 01:28 - 2018-07-14 19:16 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\CrashRpt
2018-12-31 01:00 - 2014-08-14 16:54 - 000000000 ____D C:\Users\Jean Spector
2018-12-31 00:13 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache
2018-12-31 00:05 - 2017-05-16 10:26 - 000000000 ____D C:\ProgramData\GoodSync
2018-12-31 00:03 - 2018-11-12 13:20 - 000485696 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-30 07:28 - 2013-08-22 15:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-12-30 02:17 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-12-30 00:53 - 2014-08-17 15:07 - 000000000 ____D C:\Windows\system32\MRT
2018-12-30 00:51 - 2014-08-17 15:07 - 137260640 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-30 00:51 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2018-12-30 00:28 - 2014-08-14 17:09 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\ElevatedDiagnostics
2018-12-29 15:22 - 2014-08-14 16:59 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2612820603-309181636-2091425902-1001
2018-12-29 14:51 - 2014-09-08 09:10 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\Google
2018-12-28 21:20 - 2018-11-01 21:15 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-12-28 21:20 - 2018-10-31 20:41 - 000003566 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-jean.spector@outlook.com
2018-12-28 21:20 - 2018-10-30 17:05 - 000003604 _____ C:\Windows\System32\Tasks\{24C1E841-9833-408B-A86A-F2952B084E84}
2018-12-28 21:20 - 2018-03-13 11:17 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-12-28 21:20 - 2015-04-08 10:48 - 000003072 _____ C:\Windows\System32\Tasks\{A3E4DD90-0974-45EE-A6E0-5426FE4E6547}
2018-12-28 21:20 - 2014-12-15 07:54 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-12-28 21:20 - 2014-09-18 09:06 - 000003522 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612820603-309181636-2091425902-1001UA
2018-12-28 21:20 - 2014-09-18 09:06 - 000003250 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612820603-309181636-2091425902-1001Core
2018-12-28 21:20 - 2014-09-08 09:10 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-28 21:20 - 2014-09-08 09:10 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-28 21:20 - 2014-09-04 13:33 - 000003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2018-12-28 21:20 - 2014-09-04 13:33 - 000003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2018-12-28 21:20 - 2014-09-04 13:33 - 000003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2018-12-28 21:20 - 2014-09-04 13:33 - 000003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2018-12-28 21:20 - 2014-09-04 13:33 - 000003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2018-12-28 20:55 - 2016-11-29 20:42 - 000000000 ____D C:\Users\Jean Spector\AppData\LocalLow\Mozilla
2018-12-27 06:21 - 2017-05-16 10:26 - 000001938 _____ C:\Users\Public\Desktop\GoodSync Explorer.lnk
2018-12-27 06:21 - 2017-05-16 10:26 - 000001874 _____ C:\Users\Public\Desktop\GoodSync.lnk
2018-12-27 06:21 - 2017-05-16 10:26 - 000000000 ____D C:\Program Files\Siber Systems
2018-12-27 01:02 - 2014-08-14 17:24 - 000000000 ____D C:\tmp
2018-12-26 00:06 - 2018-11-01 22:34 - 000004194 _____ C:\Windows\System32\Tasks\Avast Cleanup Update
2018-12-24 10:47 - 2018-11-01 21:15 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-12-24 07:22 - 2018-11-01 21:17 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\AVAST Software
2018-12-20 22:27 - 2014-09-08 09:11 - 000002256 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-20 22:27 - 2014-09-08 09:11 - 000002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-11 21:02 - 2018-11-28 01:30 - 000000440 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job
2018-12-06 08:17 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-04 11:21 - 2014-10-05 14:08 - 000000000 ____D C:\ProgramData\PCDr
2018-12-03 16:06 - 2015-01-25 11:52 - 000662528 ___SH C:\Users\Jean Spector\Downloads\Thumbs.db
2018-12-03 14:40 - 2014-10-05 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-12-03 14:38 - 2017-06-08 23:56 - 000000000 ____D C:\Users\Jean Spector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2018-12-03 14:17 - 2018-11-28 01:30 - 000003840 _____ C:\Windows\System32\Tasks\Driver Easy Scheduled Scan
2018-12-03 14:17 - 2018-07-14 15:49 - 000003866 _____ C:\Windows\System32\Tasks\ASCOM - Update Earth Rotation Data
2018-12-01 01:43 - 2018-11-26 19:39 - 000835688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-12-01 01:43 - 2018-11-26 19:39 - 000179808 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-03-18 15:15 - 2015-03-18 15:15 - 000002084 _____ () C:\Users\Jean Spector\.csp_ovftool_settings.js
2015-09-03 10:27 - 2008-02-15 12:55 - 000360448 _____ (Oleg Valberg) C:\Program Files\CrazyKeys_ExeR.exe
2017-03-27 20:45 - 2017-03-27 20:52 - 000000807 _____ () C:\Program Files\DevManView.cfg
2016-03-09 06:29 - 2017-03-27 20:36 - 000018590 _____ () C:\Program Files\DevManView.chm
2016-03-09 06:29 - 2017-03-27 20:36 - 000138336 _____ (NirSoft) C:\Program Files\DevManView.exe
2014-08-17 14:43 - 2014-08-17 14:42 - 000493568 _____ (Simon Tatham) C:\Program Files\kitty.exe
2014-09-10 09:19 - 2014-08-17 14:42 - 000493568 _____ (Simon Tatham) C:\Program Files (x86)\kitty.exe
2016-02-21 20:03 - 2017-09-28 13:43 - 000000600 _____ () C:\Users\Jean Spector\AppData\Roaming\PUTTY.RND
2014-11-02 08:58 - 2016-06-08 14:31 - 000000600 _____ () C:\Users\Jean Spector\AppData\Roaming\winscp.rnd
2018-05-27 22:49 - 2018-10-20 15:24 - 000007613 _____ () C:\Users\Jean Spector\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-12-25 05:51
==================== End of FRST.txt ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29.12.2018
Ran by Jean Spector (31-12-2018 02:01:32)
Running from C:\Users\Jean Spector\Desktop
Windows 8.1 Enterprise (Update) (X64) (2014-08-14 14:54:12)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2612820603-309181636-2091425902-500 - Administrator - Disabled)
Guest (S-1-5-21-2612820603-309181636-2091425902-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2612820603-309181636-2091425902-1009 - Limited - Enabled)
Jean Spector (S-1-5-21-2612820603-309181636-2091425902-1001 - Administrator - Enabled) => C:\Users\Jean Spector
pd (S-1-5-21-2612820603-309181636-2091425902-1006 - Limited - Enabled)
___VMware_Conv_SA___ (S-1-5-21-2612820603-309181636-2091425902-1005 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader 4.4 (HKLM-x32\...\{17CEAB50-0275-4D5E-9C11-CF2963C59FA1}) (Version: 4.4.6.2295 - Open Media LLC)
64 Bit HP CIO Components Installer (HKLM\...\{30689060-43BD-46E9-8A54-E6CDB18AAB88}) (Version: 20.2.1 - HP Inc.) Hidden
7-Zip 18.05 (HKLM-x32\...\{23170F69-40C1-2701-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )
ActivePerl 5.16.3 Build 1604 (HKLM-x32\...\{B423C2A0-EAC6-4490-BC31-97F47813DEAA}) (Version: 5.16.1604 - ActiveState)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_7_2) (Version: 7.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASCOM Celestron Telescope Telescope Driver version 6.0.6338.35136 (HKLM-x32\...\{8cad8458-17ab-49ea-9c3a-b20007f3ad10}_is1) (Version: 6.0.6338.35136 - Chris Rowland <chris.rowland@cherryfield.me.uk>)
ASCOM Platform 6.4 (HKLM\...\{8961E141-B307-4882-ABAD-77A3E76A40C1}) (Version: 6.4.0.2618 - ASCOM Initiative) Hidden
ASCOM Platform 6.4 (HKLM-x32\...\{8961E141-B307-4882-ABAD-77A3E76A40C1}) (Version: 6.4.0.2618 - ASCOM Initiative) Hidden
ASCOM Platform 6.4 (HKLM-x32\...\ASCOM Platform 6.4) (Version: 6.4.0.2618 - ASCOM Initiative)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.2.5964 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Backup and Sync from Google (HKLM\...\{608EBDC6-D18A-4CF6-AD54-EE6B71D29065}) (Version: 3.43.1584.4446 - Google, Inc.)
BitTorrent (HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\BitTorrent) (Version: 7.10.4.44847 - BitTorrent Inc.)
Box Sync (HKLM\...\{BFA57077-F78C-4B92-815E-7BCDA6B9686E}) (Version: 4.0.7911.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{78bd23dc-5207-4a19-a205-75117c0f8c6c}) (Version: 4.0.6746.0 - Box Inc.) Hidden
Cartes du Ciel V4.0 (HKLM-x32\...\{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1) (Version: - )
Corsair M60 Gaming Mouse Driver V1.0 (HKLM-x32\...\{337CDF25-8F3C-4DEF-8A94-5A9BFC961368}_is1) (Version: 1.00.00.37 - )
Degoo (HKLM-x32\...\{53E5AA1F-A338-4D4B-8906-4556F0A0F3F1}) (Version: 1.0.2250 - Degoo Backup AB)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{00E61C2A-E507-4662-8534-A0FA48F415AE}) (Version: 2.3.415.120 - Broadcom Corporation)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Driver Easy 5.6.7 (HKLM\...\DriverEasy_is1) (Version: 5.6.7 - Easeware)
EncFlac 1.1.2 (HKLM-x32\...\EncFlac) (Version: 1.1.2 - Michael Facquet)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 10.9.21.1 - Siber Systems Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Imagenomic Portraiture 2.2.1 Lightroom Plug-in (build 2210) (HKLM\...\ImagenomicPortraitureLightroomPlugin) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.2 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4432 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
IrfanView 4.51 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.51 - Irfan Skiljan)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JetBrains PyCharm Community Edition 2018.2.4 (HKLM-x32\...\PyCharm Community Edition 2018.2.4) (Version: 182.4505.26 - JetBrains s.r.o.)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.3 - LG Electronics)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 62.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.2 (x64 en-US)) (Version: 62.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
NexStar Observer List (HKLM-x32\...\ST6UNST #1) (Version: - )
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20155 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20155 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20155 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10730.20155 - Microsoft Corporation) Hidden
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 (HKLM-x32\...\{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1) (Version: - Orban, Inc.)
Photomatix Pro version 5.0.5a (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0.5a - HDRsoft Ltd)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.1.0.0 - Popcorn Time) <==== ATTENTION
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.12845 - Kakao Corp.)
Python 2.7.13 (HKLM-x32\...\{4A656C6C-D24A-473F-9747-3A8D00907A03}) (Version: 2.7.13150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Razer Chroma SDK (HKLM-x32\...\Razer Chroma SDK) (Version: 2.22.3 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.3.1216.122121 - Razer Inc.)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 12.3.1 - ShareX Team)
Skype version 8.34 (HKLM-x32\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
Starry Night Celestron SE 7 (HKLM-x32\...\{F15C5FEE-7D1B-4680-A77F-BF501AB3C4DE}) (Version: 7.6.3.1378 - Simulation Curriculum Corp.)
Stellarium 0.18.1 (HKLM\...\Stellarium_is1) (Version: 0.18.1 - Stellarium team)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.2.0 - Topaz Labs, LLC)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.1.0 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.2.0 - Topaz Labs, LLC)
Topaz DeNoise 6 (HKLM-x32\...\Topaz DeNoise 6) (Version: 6.0.1 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.3.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.1.0 - Topaz Labs, LLC)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.3.0 - Topaz Labs, LLC)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21 - Ghisler Software GmbH)
TreeSize Free V4.0.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.0.3 - JAM Software)
VNC Viewer 6.17.1113 (HKLM\...\{26DEBF7F-3876-43C3-8365-5A2B4C604DFA}) (Version: 6.17.1113.31799 - RealVNC Ltd)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WD Drive Manager (x64) (HKLM\...\{94794BBD-1FB4-428B-8F2D-E368BEF2C237}) (Version: 2.116 - Western Digital)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Zoom (HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {188F5248-9468-D082-1EC2-FEE985889A47} => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jean Spector\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {5525BB08-9468-D082-5E2B-54A485889A47} => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-10-14] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers1: [BoxContextMenuClient] -> {87768833-3c5c-30fb-af03-ba34bc95d084} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [BoxContextMenuClient] -> {87768833-3c5c-30fb-af03-ba34bc95d084} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-09] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2016-06-09] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05B687DB-82EA-474B-ADB6-04B8A838CFA3} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2018-10-22] (Easeware)
Task: {0741DDC6-1A4D-4923-A8FE-03D3FA0F0121} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {177F21E8-B951-4BE8-8643-00D3A2B159FF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {19A48DA5-6111-4811-9FD5-7EE28FC3962A} - System32\Tasks\Avast Cleanup Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-10-24] (AVAST Software)
Task: {279C3D38-C23E-464A-8A14-B238F8BA43C9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {43FE6DE4-7B9D-4A4D-8F67-0D9DCBDDBE4E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {51CCA352-8D3A-4CC5-90AE-A55E1A41413A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-19] (AVAST Software)
Task: {65E77D20-6849-41B1-923B-EA89FB0FA5AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {6CFB09E3-1769-45CC-827F-460F249E132C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-10-25] (Dell Inc.)
Task: {8417ABA7-FD1B-4BE3-97E7-378C2A4A259E} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-jean.spector@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-12-13] (Adobe Systems, Incorporated)
Task: {8C45CC85-4599-415F-9AEA-8C313E49F0A5} - System32\Tasks\{A3E4DD90-0974-45EE-A6E0-5426FE4E6547} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
Task: {8F68D78C-AFB4-4423-B48B-CD46AC7B92E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612820603-309181636-2091425902-1001UA => C:\Users\Jean Spector\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9BDE5130-0054-4B97-AFEB-FBE4E399F6AB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {9C0E2E13-5D25-45C9-BE38-0E6F51DE4647} - System32\Tasks\ASCOM - Update Earth Rotation Data => C:\Program Files (x86)\ASCOM\Platform 6\Tools\EarthRotationUpdate.exe [2018-06-25] (ASCOM)
Task: {B5B422B8-7DB5-4C22-B03F-C71DB252B667} - System32\Tasks\{24C1E841-9833-408B-A86A-F2952B084E84} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Blackzoolab\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Blackzoolab\uninstall.dat" -a uninstallme AF520A29-E504-49F8-848B-089BDF798A89 DeviceId=fcba38b6-70af-a8b8-64cf-9e53487010f6 BarcodeId=51198004 ChannelId=004 DistributerName=APSFWakeNet
Task: {C9073E88-2C10-4C4E-A835-16FAE0E35685} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {CF54503B-AE1A-4BAA-A0A6-49F8645B1923} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-11] (AVAST Software)
Task: {DE3CB6C7-3065-42AD-90D6-8C8DB364136F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E7843E1E-8B76-4D51-979A-AE8E7F905C49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {E791EB41-DC1F-4AF0-B551-A0C7DF66D641} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {EB41594F-841C-4F31-8CF7-A1B870668382} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612820603-309181636-2091425902-1001Core => C:\Users\Jean Spector\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-11-28 01:36 - 2018-11-28 01:36 - 000274392 _____ () C:\Windows\System32\UshUpgradeService.exe
2018-12-21 14:17 - 2018-12-21 14:17 - 000285424 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-10-14 20:45 - 2018-10-14 20:45 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-12-21 14:17 - 2018-12-21 14:17 - 000303344 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe
2018-05-02 12:02 - 2018-05-02 12:02 - 000126792 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 001488200 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000056648 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 002106696 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000136520 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
2018-05-02 12:01 - 2018-05-02 12:01 - 000143688 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
2018-05-02 12:01 - 2018-05-02 12:01 - 000554824 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
2018-05-02 12:01 - 2018-05-02 12:01 - 000017736 _____ () C:\Program Files\Box\Box Sync\select.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000698184 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
2018-05-02 12:01 - 2018-05-02 12:01 - 000063304 _____ () C:\Program Files\Box\Box Sync\psutil._psutil_windows.pyd
2018-05-02 11:58 - 2018-05-02 11:58 - 000009544 _____ () C:\Program Files\Box\Box Sync\clr.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000033096 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000528200 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000029000 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000155976 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000142152 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000069960 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000051016 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000059720 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000032072 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000040776 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000027464 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000229704 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
2018-12-27 06:21 - 2018-12-27 06:21 - 013434592 _____ () C:\Program Files\Siber Systems\GoodSync\GoodSync-v10.exe
2018-12-21 15:16 - 2018-12-21 15:16 - 003434224 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
2018-10-04 19:44 - 2018-10-04 19:44 - 046459080 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-12-31 01:58 - 2018-12-31 01:58 - 000113664 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_ctypes.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000080896 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\bz2.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 001792512 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_hashlib.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000128512 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32api.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000137728 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\pywintypes27.dll
2018-12-31 01:58 - 2018-12-31 01:58 - 000548864 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\pythoncom27.dll
2018-12-31 01:58 - 2018-12-31 01:58 - 000689664 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\unicodedata.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000438784 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32com.shell.shell.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 001489408 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\wx._core_.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 001007104 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\wx._gdi_.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 001039872 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\wx._windows_.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 001325056 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\wx._controls_.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000916992 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\wx._misc_.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 001084416 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\pysqlite2._sqlite.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000149504 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32file.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000136192 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32security.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000007680 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\hashobjs_ext.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000020992 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\thumbnails_ext.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000118784 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\usb_ext.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000047616 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_socket.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 002224640 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_ssl.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000014848 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\common.time34.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000023040 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32event.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000034304 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\windows.conditional.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000020480 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\windows.winwrap.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000110080 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\windows.volumes.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000223232 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32gui.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000173568 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_elementtree.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000169472 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\pyexpat.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000048128 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32inet.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000103424 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\wx._html2.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000046080 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_psutil_windows.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000633272 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\windows._cacheinvalidation.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000011776 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32crypt.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000301568 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\PIL._imaging.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000032256 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_multiprocessing.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 005752320 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\cello.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000026112 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_yappi.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000044032 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32process.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000027648 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32pipe.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000010752 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\select.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000029696 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32pdh.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000038400 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\windows.connectivity.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000073216 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\windows.device_monitor.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000020480 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32profile.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000026624 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32ts.pyd
2018-05-02 11:53 - 2018-05-02 11:53 - 000166216 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
2018-12-04 02:19 - 2018-12-04 02:19 - 001033216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\de02b99e060799ef35a7e7ecb903dd93\Windows.ApplicationModel.ni.dll
2018-12-04 02:19 - 2018-12-04 02:19 - 000054784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Management\1bf3bd597c05be7e0495a8c0bafc7bb3\Windows.Management.ni.dll
2018-12-04 02:19 - 2018-12-04 02:19 - 000192512 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\a0d6d836efd19e668be60af1c7d6e3aa\Windows.Foundation.ni.dll
2018-12-28 19:10 - 2018-12-21 14:14 - 000151280 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.ChromaSDKWrapper.dll
2018-12-28 19:10 - 2018-12-21 14:14 - 000180464 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativeDeviceDetectionWrapper.dll
2018-12-28 19:10 - 2018-12-19 11:22 - 000206576 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativePhilipsHueWrapper.dll
2018-12-28 19:10 - 2018-12-21 14:14 - 000202480 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.PowerPlan.dll
2018-12-28 19:10 - 2018-12-21 14:43 - 000081648 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AccelWinM.dll
2018-12-28 19:10 - 2018-12-21 14:12 - 000354544 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AudioPlayer.dll
2018-12-28 19:10 - 2018-12-21 14:12 - 000135408 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_KeyboardKeysWrapper.dll
2018-12-28 19:10 - 2018-12-21 14:43 - 000086256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedCommon.dll
2018-12-28 19:10 - 2018-12-21 14:43 - 000346864 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedMacros.dll
2018-12-28 19:10 - 2018-12-21 14:43 - 000260336 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_MappingTypesM.dll
2018-12-28 19:10 - 2018-12-21 14:14 - 002278128 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_PowerSwitchWrapper.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000634096 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_DeviceStatus.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000333552 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_DriverMode.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000383216 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_Lighting.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000150768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_Mapping.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000726768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_MappingBaseM.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000359152 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_PollingRate.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000382192 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_Sensitivity.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000461552 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_SurfaceCalBaseM.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000086768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_SurfaceCalPixart.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000634096 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Philips Hue\Bin\RSy3_DeviceStatus.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000333552 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Philips Hue\Bin\RSy3_DriverMode.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000055536 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_KeyboardKeys.dll
2018-12-21 14:12 - 2018-12-21 14:12 - 000361712 _____ () C:\Program Files (x86)\Razer\Synapse3\UserProcess\RSy3_AudioAppStreamsWrapper.dll
2018-11-01 21:17 - 2018-11-01 21:17 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-19 14:46 - 2018-11-19 14:46 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-12-06 05:46 - 2018-12-06 05:46 - 000098544 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Common.Dependencies\RSy3_AudioMicPeakMeter.dll
2018-12-21 15:14 - 2018-12-21 15:14 - 000135408 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Common.Dependencies\RSy3_KeyboardKeysWrapper.dll
2018-12-18 07:19 - 2018-12-18 07:21 - 001005408 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.dll
2018-12-18 07:19 - 2018-12-18 07:21 - 053444984 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libcef.dll
2018-11-01 22:34 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
2018-12-18 07:19 - 2018-12-18 07:21 - 000691056 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.Core.dll
2018-12-18 07:19 - 2018-12-18 07:21 - 001984392 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libglesv2.dll
2018-12-18 07:19 - 2018-12-18 07:21 - 000082824 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\sharepoint.com -> hxxps://primarydata-files.sharepoint.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2018-11-15 17:56 - 033554955 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\ProgramData\Oracle\Java\javapath;C:\Perl\site\bin;C:\Perl\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;
HKCU\Environment\\Path: C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\ProgramData\Oracle\Java\javapath;C:\Perl\site\bin;C:\Perl\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jean Spector\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\irfanview_wallpaper.bmp
DNS Servers: 192.168.2.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\StartupFolder: => "CrazyKeys.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WDSmartWare.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WDDMStatus.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "PaperCut MF Client"
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "WD Drive Manager"
HKLM\...\StartupApproved\Run32: => "Corsair M60 Mouse"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Windows Session Manager"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\StartupFolder: => "EvernoteTray.lnk"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\StartupFolder: => "HipChat.lnk"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\StartupFolder: => "svs.lnk"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\StartupFolder: => "tccetgjb.lnk"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "Google Updater 5.0"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "NZPR93Q1KYLNOPS"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "PDYCC174SQRR1KB"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "JICLTAC124B5EKT"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "WQDC3M1Q7Q2V74N"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "hafyaffv"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "Skype for Desktop"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe (Microsoft Corporation)
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{5381B4F1-3BF3-43B9-87D2-9BEB52D3E3AA}C:\users\jean spector\documents\mobaxterm\slash\bin\xwin_mobax.exe] => (Allow) C:\users\jean spector\documents\mobaxterm\slash\bin\xwin_mobax.exe ()
FirewallRules: [UDP Query User{D9630F62-87C9-4437-8343-8AE45D33E89E}C:\users\jean spector\documents\mobaxterm\slash\bin\xwin_mobax.exe] => (Allow) C:\users\jean spector\documents\mobaxterm\slash\bin\xwin_mobax.exe ()
FirewallRules: [{251A3C97-9B17-4C79-9828-CF565146565C}] => (Block) C:\users\jean spector\documents\mobaxterm\slash\bin\xwin_mobax.exe ()
FirewallRules: [{51A89D60-DE58-4A44-AB4B-886B7BAF4356}] => (Block) C:\users\jean spector\documents\mobaxterm\slash\bin\xwin_mobax.exe ()
FirewallRules: [{F014B975-0380-4ADA-A71E-4CEB5B917C93}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{88E8C8EC-2A2B-426E-859E-C6E54DFAE5CB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [TCP Query User{FEDB9BBE-415A-4509-8FA5-6BF85AA178F3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google Inc.)
FirewallRules: [UDP Query User{D9628309-1E5C-4400-87BC-D95ECF84817E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google Inc.)
FirewallRules: [{D14F4AD0-642C-4ED3-BBF2-6BAAE4E05640}] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google Inc.)
FirewallRules: [{4B7C2B7C-E656-4858-B5A4-7FBCB1707452}] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google Inc.)
FirewallRules: [{38DA8526-CE1D-4574-931B-32CB48F6F2A4}] => (Allow) C:\Users\Jean\Zoom.exe No File
FirewallRules: [{700098F7-C03C-42CF-8BE4-04C2778713CB}] => (Allow) C:\Users\Jean\airhost.exe No File
FirewallRules: [{6AA53117-E868-4B06-BB2C-494BF5746367}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
FirewallRules: [TCP Query User{8379B78A-9AFA-40C2-BE43-15E3C0406E4E}C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe] => (Allow) C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe No File
FirewallRules: [UDP Query User{99267989-A759-41B0-A9F9-56D9E6A9A7BB}C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe] => (Allow) C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe No File
FirewallRules: [{7A58EF67-A96A-41E5-ADF6-85E25AB7BC85}] => (Block) C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe No File
FirewallRules: [{5FE60EC6-FC6D-4ADC-90DE-F067EB25D9CF}] => (Block) C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe No File
FirewallRules: [{56E50EFA-5441-4AA9-A428-96310A72E8B6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{7E782D7C-4101-4314-B03B-336220F47C4B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{53397224-C1E8-47F7-92B9-AAB864C23CC0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{8687802B-A940-418F-A012-F993D7F6EDFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [TCP Query User{7CBA13F0-74E7-499A-BEA6-5DF491166AF1}C:\users\jean spector\appdata\local\degoo\degoo.exe] => (Allow) C:\users\jean spector\appdata\local\degoo\degoo.exe (Degoo Backup AB)
FirewallRules: [UDP Query User{A36098F9-7F4B-477B-BCA6-0B374F4E3937}C:\users\jean spector\appdata\local\degoo\degoo.exe] => (Allow) C:\users\jean spector\appdata\local\degoo\degoo.exe (Degoo Backup AB)
FirewallRules: [TCP Query User{862B38D9-51DC-46A5-A693-E3C118F3F985}C:\users\jean spector\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jean spector\appdata\roaming\utorrent\utorrent.exe No File
FirewallRules: [UDP Query User{59D7CB2A-9E6E-4D5B-9FB3-7459F83240A2}C:\users\jean spector\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jean spector\appdata\roaming\utorrent\utorrent.exe No File
FirewallRules: [TCP Query User{6FD49089-1B0D-4B1A-8DBD-58BCFA0CB424}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{4769378A-45AA-4A78-84FF-DB243D6F1C29}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [{72881DDA-ABA0-4D54-90C1-C9591255E7F8}] => (Block) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [{D124081F-DB9E-48E1-B031-0DAD2802D90D}] => (Block) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [{B1E2867B-5296-4353-9A97-DC3BD1A86E0C}] => (Allow) C:\Users\Jean\Zoom.exe No File
FirewallRules: [{72090D61-C13A-4DFE-80F5-BFDB080568D1}] => (Allow) C:\Users\Jean\airhost.exe No File
FirewallRules: [TCP Query User{EBBF32F9-314F-4F8B-9108-A9B4919F91D6}C:\users\jean spector\appdata\local\temp\in19e8b0f0\3f3403e1_stp.exe] => (Allow) C:\users\jean spector\appdata\local\temp\in19e8b0f0\3f3403e1_stp.exe No File
FirewallRules: [UDP Query User{F16B6E4F-418E-4659-AF4B-DD859CFAA72C}C:\users\jean spector\appdata\local\temp\in19e8b0f0\3f3403e1_stp.exe] => (Allow) C:\users\jean spector\appdata\local\temp\in19e8b0f0\3f3403e1_stp.exe No File
FirewallRules: [{BC07BF72-184A-4F86-9722-DC6D72286430}] => (Allow) C:\Users\Jean Spector\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
FirewallRules: [{8A36A2A6-B4B6-4F83-A075-C552B2C64C00}] => (Allow) C:\Users\Jean Spector\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
FirewallRules: [TCP Query User{2161900A-6385-4F12-891A-392721ED30A9}C:\program files\jetbrains\pycharm community edition 2017.2.1\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.2.1\bin\pycharm64.exe No File
FirewallRules: [UDP Query User{C215358E-5E4C-4AED-B11C-FDE9E6DF95FD}C:\program files\jetbrains\pycharm community edition 2017.2.1\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.2.1\bin\pycharm64.exe No File
FirewallRules: [{041A2351-0B6C-49C4-9F6D-CC771E2EF0AF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{3655AF34-CA2A-499E-8ED7-051FCBD7D8EE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{82F75726-4827-41D4-A629-A6E21466DED9}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time)
FirewallRules: [{194E78F9-2E21-497F-8EAD-EB578E3FD4D3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time)
FirewallRules: [{E3DD11E5-9006-4382-8662-EB936CA23326}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe ()
FirewallRules: [{1CE9679D-9613-46FA-BE66-1A52BF5BA8FB}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe ()
FirewallRules: [{180BBB50-192F-478E-8DFF-890CA947EB1A}] => (Allow) C:\Program Files (x86)\Popcorn Time\nodejs\node.exe (Node.js)
FirewallRules: [{81F2A44C-5123-4B3D-BE3C-3D6A6B24F3BB}] => (Allow) C:\Program Files (x86)\Popcorn Time\nodejs\node.exe (Node.js)
FirewallRules: [TCP Query User{F438AC85-8E68-40C4-8099-EF92EAA5A918}C:\program files (x86)\popcorn time\nodejs\node.exe] => (Allow) C:\program files (x86)\popcorn time\nodejs\node.exe (Node.js)
FirewallRules: [UDP Query User{08FCBB8C-4AD8-4BCE-ABAB-E98D0661A12E}C:\program files (x86)\popcorn time\nodejs\node.exe] => (Allow) C:\program files (x86)\popcorn time\nodejs\node.exe (Node.js)
FirewallRules: [{37131516-9FBE-4812-BA5A-3A8DF0DE0EB4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{102CF18A-21DF-4927-99FD-C29E7E7FEB65}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{1D5F1259-2FD7-4485-A537-5299F8C8D28C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{369060DC-81D0-4D96-8DCA-1208BCEE2162}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{1BC3F343-BDB3-4725-878E-5DBDAEB36C36}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{A0AAC127-645B-456D-AF81-2FF880988986}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe No File
FirewallRules: [{56ECC40A-9C60-4200-A040-CDC095195E16}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{496292A8-2BFE-474B-9731-2803A213321E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{72CB882C-C13C-4B69-9E51-0EE981854596}] => (Allow) C:\Program Files\Siber Systems\GoodSync\gs-server.exe ()
==================== Restore Points =========================
16-12-2018 01:03:17 Scheduled Checkpoint
24-12-2018 07:26:42 Scheduled Checkpoint
30-12-2018 00:48:23 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/31/2018 01:58:07 AM) (Source: USHUpgradeService) (EventID: 2) (User: )
Description: CV firmware upgrade failed
Error: (12/31/2018 01:36:58 AM) (Source: USHUpgradeService) (EventID: 2) (User: )
Description: CV firmware upgrade failed
Error: (12/31/2018 12:57:56 AM) (Source: USHUpgradeService) (EventID: 2) (User: )
Description: CV firmware upgrade failed
Error: (12/31/2018 12:28:14 AM) (Source: USHUpgradeService) (EventID: 2) (User: )
Description: CV firmware upgrade failed
Error: (12/31/2018 12:24:13 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'.
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine)
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall()
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription)
at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription)
Error: (12/31/2018 12:03:16 AM) (Source: USHUpgradeService) (EventID: 2) (User: )
Description: CV firmware upgrade failed
Error: (12/30/2018 07:27:20 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'.
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine)
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall()
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription)
at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription)
Error: (12/30/2018 02:51:39 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
System errors:
=============
Error: (12/31/2018 01:58:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (12/31/2018 01:58:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
This driver has been blocked from loading
Error: (12/31/2018 01:37:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (12/31/2018 01:36:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
This driver has been blocked from loading
Error: (12/31/2018 01:36:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:35:51 AM on 12/31/2018 was unexpected.
Error: (12/31/2018 12:58:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (12/31/2018 12:57:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
This driver has been blocked from loading
Error: (12/31/2018 12:28:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Windows Defender:
===================================
Date: 2018-10-19 15:59:16.237
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DelfInject&threatid=2147597831&enterprise=0
Name: VirTool:Win32/DelfInject
ID: 2147597831
Severity: Severe
Category: Tool
Path: file:_C:\Users\Jean Spector\AppData\Local\Temp\9882.tmp\bb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: P:\Torrents\Total Commander 9.21 Final + Crack [CracksNow]\Fix\tc-patch.exe
Signature Version: AV: 1.279.102.0, AS: 1.279.102.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4
Date: 2018-10-19 15:59:03.367
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DelfInject&threatid=2147597831&enterprise=0
Name: VirTool:Win32/DelfInject
ID: 2147597831
Severity: Severe
Category: Tool
Path: file:_C:\Users\Jean Spector\AppData\Local\Temp\9882.tmp\bb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\SysWOW64\cmd.exe
Signature Version: AV: 1.279.102.0, AS: 1.279.102.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4
Date: 2018-10-19 15:59:00.343
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DelfInject&threatid=2147597831&enterprise=0
Name: VirTool:Win32/DelfInject
ID: 2147597831
Severity: Severe
Category: Tool
Path: file:_C:\Users\Jean Spector\AppData\Local\Temp\9882.tmp\bb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: P:\Torrents\Total Commander 9.21 Final + Crack [CracksNow]\Fix\tc-patch.exe
Signature Version: AV: 1.279.102.0, AS: 1.279.102.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4
Date: 2018-10-19 15:55:39.406
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DelfInject&threatid=2147597831&enterprise=0
Name: VirTool:Win32/DelfInject
ID: 2147597831
Severity: Severe
Category: Tool
Path: file:_C:\Users\Jean Spector\AppData\Local\Temp\4783.tmp\bb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: P:\Torrents\Total Commander 9.21 Final + Crack [CracksNow]\Fix\tc-patch.exe
Signature Version: AV: 1.279.102.0, AS: 1.279.102.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4
Date: 2018-10-19 15:55:23.014
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DelfInject&threatid=2147597831&enterprise=0
Name: VirTool:Win32/DelfInject
ID: 2147597831
Severity: Severe
Category: Tool
Path: file:_C:\Users\Jean Spector\AppData\Local\Temp\4783.tmp\bb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: P:\Torrents\Total Commander 9.21 Final + Crack [CracksNow]\Fix\tc-patch.exe
Signature Version: AV: 1.279.102.0, AS: 1.279.102.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4
Date: 2018-01-11 03:53:30.683
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver was unloaded unexpectedly.
Date: 2018-01-11 03:53:30.683
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver was unloaded unexpectedly.
Date: 2018-01-11 03:53:30.683
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver was unloaded unexpectedly.
Date: 2018-01-11 03:53:30.636
Description:
Windows Defender engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception code: 0xc00000fd
Resource:
Date: 2017-12-21 07:16:48.814
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver was unloaded unexpectedly.
CodeIntegrity:
===================================
Date: 2018-11-28 01:37:13.203
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-11-28 01:37:11.579
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-11-28 01:37:10.199
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-11-28 01:37:08.792
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-11-28 01:37:07.295
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-11-28 01:37:05.798
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-11-28 01:37:04.351
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-11-28 01:37:02.764
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz
Percentage of memory in use: 30%
Total physical RAM: 16289.35 MB
Available physical RAM: 11345.12 MB
Total Virtual: 18849.35 MB
Available Virtual: 13557.89 MB
==================== Drives ================================
Drive c: (System-256GB) (Fixed) (Total:237.79 GB) (Free:104.08 GB) NTFS
Drive p: (My Book) (Fixed) (Total:2794.39 GB) (Free:752.32 GB) NTFS
Drive r: (Seagate Backup Plus Drive) (Fixed) (Total:3725.9 GB) (Free:1753.55 GB) NTFS
\\?\Volume{f75e4952-23b0-11e4-8250-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 3CD42E02)
Partition 1: (Not Active) - (Size=350 MB) - (Type=DE)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=237.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 3726 GB) (Disk ID: 9FCF031B)
Partition: GPT.
========================================================
Disk: 2 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Malwarebytes got rid of most issues - and there were dozens, if not hundreds.
I also had to reset group policy, which blocked security-related stuff, e.g. Windows Update.
Some artifacts remain though, and I was hoping some of the gurus here could help.
Remaining issues:
1. Windows update gets broken every boot (getting "Unspecified errror" regarding C:\Users\...\...settingcontent-ms).
WindowsUpdateDiagnostic fixes it, so I'm up-to-date, but not having automatic updates is a pain.
2. Reboot/shutdown never completes. I have to press the power button to "help" it (could be related to #1)
3. Starting Windows Defender fails with the following error in MSASCui.exe: "The size of the manifest exceeds the maximum allowed"
Not that I'm planning to use it - but it's one of the things that could be pointing at other issues I've missed.
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29.12.2018
Ran by Jean Spector (administrator) on JEAN-DELL (31-12-2018 02:00:01)
Running from C:\Users\Jean Spector\Desktop
Loaded Profiles: Jean Spector (Available Profiles: Jean Spector)
Platform: Windows 8.1 Enterprise (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Windows\System32\UshUpgradeService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Windows\System32\HostControlService.exe
(Broadcom Corporation) C:\Windows\System32\HostStorageService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
() C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Siber Systems\GoodSync\GoodSync-v10.exe
(BitTorrent Inc.) C:\Users\Jean Spector\AppData\Roaming\BitTorrent\BitTorrent.exe
() C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(BitTorrent Inc.) C:\Users\Jean Spector\AppData\Roaming\BitTorrent\updates\7.10.4_44847\bittorrentie.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(BitTorrent Inc.) C:\Users\Jean Spector\AppData\Roaming\BitTorrent\updates\7.10.4_44847\bittorrentie.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Degoo Backup AB) C:\Users\Jean Spector\AppData\Local\Degoo\Degoo.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Degoo Backup AB) C:\Users\Jean Spector\AppData\Local\Degoo\DegooHealthCheck.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5966864 2018-05-02] (Box, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-19] (AVAST Software)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-14] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-11-13] (Intel Corporation)
HKLM-x32\...\Run: [WD Drive Manager] => C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [480768 2012-05-01] (WDC)
HKLM-x32\...\Run: [Corsair M60 Mouse] => C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe [1766912 2013-06-05] (Corsair Components Inc)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\Run: [Google Update] => C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [605992 2018-12-20] (Google Inc.)
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\Run: [GoodSync] => C:\Program Files\Siber Systems\GoodSync\GoodSync-v10.exe [13434592 2018-12-27] ()
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\Run: [BitTorrent] => C:\Users\Jean Spector\AppData\Roaming\BitTorrent\BitTorrent.exe [1742528 2018-11-23] (BitTorrent Inc.)
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805160 2018-11-09] (Skype Technologies S.A.)
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3434224 2018-12-21] ()
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46459080 2018-10-04] ()
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\RunOnce: [Uninstall C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\RunOnce: [Uninstall C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\MountPoints2: {43ccabe4-f2a3-11e6-82a7-ac7ba12c920e} - "D:\LaunchU3.exe" -a
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\MountPoints2: {53f656fe-3389-11e7-82b5-ac7ba12c920e} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\MountPoints2: {c27dfce6-e610-11e7-82d2-ac7ba12c920e} - "D:\LG_PC_Programs.exe"
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3434224 2018-12-21] ()
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [69632 2014-10-29] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Windows Mail\WinMail.exe [2014-10-29] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-20] (Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files (x86)\Windows Mail\WinMail.exe [2014-10-29] (Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ascom diagnostics.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ascom.filterwheelsim.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ascom.och.test.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ascom.ocsimulator.test.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ascom.rotatorsimulator.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ascom.telescopesimulator.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ascomdome.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\domesim.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\drivereasy.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\filterwheelsim.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\focussim.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\pipe.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\popcorntimedesktop.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\poth.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\privacyiconclient.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\profileexplorer.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\scopesim.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\switchsim.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wddmstatus.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wdsmartware.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-11-01]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrazyKeys.lnk [2015-09-03]
ShortcutTarget: CrazyKeys.lnk -> C:\Program Files (x86)\CrazyKeys\CrazyKeys.exe (Oleg Valberg)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2017-06-03]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2017-06-03]
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\Jean Spector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Degoo .lnk [2017-04-19]
ShortcutTarget: Degoo .lnk -> C:\Users\Jean Spector\AppData\Local\Degoo\Degoo.exe (Degoo Backup AB)
Startup: C:\Users\Jean Spector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HipChat.lnk [2017-10-02]
ShortcutTarget: HipChat.lnk -> C:\Program Files (x86)\Atlassian\HipChat4\HipChat.exe (No File)
Startup: C:\Users\Jean Spector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-07-29]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
Startup: C:\Users\Jean Spector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-06-26]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
Startup: C:\Users\Jean Spector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svs.lnk [2018-10-29]
ShortcutTarget: svs.lnk -> C:\Users\Jean Spector\AppData\Local\svs.exe (No File)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{3C04BB80-4CDB-44E0-B95F-89F3972930C0}: [DhcpNameServer] 10.100.100.15 10.10.100.15
Tcpip\..\Interfaces\{71396758-3DF9-4D46-AEB2-BF2D3FF6B126}: [DhcpNameServer] 192.168.2.254
Internet Explorer:
==================
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://il.msn.com/?rd=1&ucc=IL&dcc=IL&opt=0
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-01] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-01] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-2612820603-309181636-2091425902-1001 -> is enabled.
FireFox:
========
FF ProfilePath: C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default [2018-12-28]
FF Homepage: Mozilla\Firefox\Profiles\mzkgt3ec.default -> Google
FF NewTab: Mozilla\Firefox\Profiles\mzkgt3ec.default -> about:newtab
FF Session Restore: Mozilla\Firefox\Profiles\mzkgt3ec.default -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\mzkgt3ec.default -> Disabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\mzkgt3ec.default -> Enabled: treestyletab@piro.sakura.ne.jp
FF Extension: (Cisco WebEx Extension) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\ciscowebexstart1@cisco.com.xpi [2017-12-09]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\firefox@ghostery.com.xpi [2018-12-28]
FF Extension: (Hebrew spell-checking dictionary (from HSpell)) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\he@dictionaries.addons.mozilla.org.xpi [2018-12-28]
FF Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\hotspot-shield@anchorfree.com.xpi [2018-03-15]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\support@lastpass.com.xpi [2018-12-28]
FF Extension: (Tree Style Tab) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2018-12-28]
FF Extension: (Avast Online Security) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\wrc@avast.com.xpi [2018-11-01]
FF Extension: (Session Manager) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (Quick JIRA) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\{25e741fe-a00f-4568-9197-f5a591f1b56d}.xpi [2018-06-21]
FF Extension: (session-resurrection) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\{53bf5681-b6ad-4883-be7c-e831e167cec9}.xpi [2018-12-28]
FF Extension: (Adblock Plus) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-28]
FF Extension: (Telemetry coverage) - C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\features\{3ced4067-1396-459b-b455-1b096e1a5c3d}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-09-26] [Legacy]
FF SearchPlugin: C:\Users\Jean Spector\AppData\Roaming\Mozilla\Firefox\Profiles\mzkgt3ec.default\searchplugins\google-avast.xml [2018-11-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-06] ()
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2612820603-309181636-2091425902-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jean Spector\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2612820603-309181636-2091425902-1001: @talk.google.com/O1DPlugin -> C:\Users\Jean Spector\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2612820603-309181636-2091425902-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2612820603-309181636-2091425902-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2612820603-309181636-2091425902-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Jean Spector\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-20] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jean Spector\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jean Spector\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://isearch.avg.com/?cid={41E2810F-1559-490C-9255-FFCC374D70BD}&mid=f2552a1ea98a47d09d4bd16b5371ef2b-eb50a236e5ad81446db0dfc939c6eae3b57337f2&lang=en&ds=gm011&pr=sa&d=2012-11-23 13:23:33&v=13.2.0.4&sap=hp","hxxp://www.linuxmint.com/start/nadia"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default [2018-12-31]
CHR Extension: (Slides) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-21]
CHR Extension: (YouTube) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10]
CHR Extension: (Google Search) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Session Buddy) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-02-02]
CHR Extension: (Grooveshark Downloader) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglmoaliddiejknfhdgicfdlaplbojem [2014-09-08]
CHR Extension: (Sheets) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-18]
CHR Extension: (The Camelizer) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2018-06-23]
CHR Extension: (AdBlock) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-11]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-12-31]
CHR Extension: (Avast Online Security) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-11-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-12-31]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-12-29]
CHR Extension: (Anti-Adblock Popup Blocker) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjdhoikoppfngdpngepakeogdnlcilm [2016-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-10]
CHR Extension: (Gmail) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]
CHR Extension: (Chrome Media Router) - C:\Users\Jean Spector\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-31]
CHR HKU\S-1-5-21-2612820603-309181636-2091425902-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-19] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-19] (AVAST Software)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36680 2018-05-02] (Box, Inc.)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [9121248 2018-10-24] (AVAST Software)
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
S2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-12-03] (PC-Doctor, Inc.)
S2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [7833824 2018-12-27] ()
R2 hostcontrolsvc; C:\Windows\System32\HostControlService.exe [824280 2018-11-28] (Broadcom Corporation)
R2 hoststoragesvc; C:\Windows\System32\HostStorageService.exe [169944 2018-11-28] (Broadcom Corporation)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [184064 2016-11-18] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [354280 2016-06-09] (Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [File not signed]
R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [100864 2017-06-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [File not signed]
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [449664 2018-08-29] (Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [942720 2018-09-12] (Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2018-12-18] (Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [285424 2018-12-21] ()
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [535424 2018-12-18] (Razer Inc.)
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2018-04-06] (Popcorn Time) [File not signed]
R2 ushupgradesvc; C:\Windows\System32\UshUpgradeService.exe [274392 2018-11-28] ()
S4 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [119296 2012-05-01] (WDC) [File not signed]
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
S4 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel® Corporation)
S2 GsRunner Jean Spector; "C:\Program Files\Siber Systems\GoodSync\gsync.exe" /runner-service="C:/Users/Jean Spector/AppData/Roaming/GoodSync" [X] <==== ATTENTION
S4 zesjpvnu; C:\Windows\SysWOW64\zesjpvnu\ahuuxiav.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-11-19] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-19] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-11-19] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-11-19] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-11-19] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-11-19] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-11-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-11-19] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-11-19] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-11-19] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-11-19] (AVAST Software)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Dell Inc.)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [41208 2018-10-20] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [529392 2015-08-05] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [214272 2016-11-18] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3595472 2018-10-12] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [261120 2016-06-22] (Microsoft Corporation)
R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [131072 2016-03-04] (Microsoft Corporation)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [46680 2018-09-13] (Razer Inc)
R3 RzDev_005c; C:\Windows\System32\drivers\RzDev_005c.sys [49648 2018-04-22] (Razer Inc)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [93432 2014-07-18] (STMicroelectronics)
S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
S3 vNICdrv; C:\Windows\system32\DRIVERS\vNICdrv.sys [20048 2017-01-22] (Iomega Corporation)
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17632 2014-07-18] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WIMBLEMS; C:\Windows\system32\drivers\WIMBLEMS.sys [25600 2012-03-27] ( )
S3 cpuz140; \??\C:\Users\JEANSP~1\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S1 FortiShield; system32\drivers\FortiShield.sys [X]
S3 mdareDriver_52; \??\C:\Users\JEANSP~1\AppData\Local\Temp\FCPreScan\mdare64_52.sys [X] <==== ATTENTION
S1 MpKsl0dd02f42; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E81A32E6-55F3-4214-AA63-32F8C2A695D0}\MpKsl0dd02f42.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-31 02:00 - 2018-12-31 02:00 - 000036408 _____ C:\Users\Jean Spector\Desktop\FRST.txt
2018-12-31 01:58 - 2018-12-31 01:58 - 000000000 ____D C:\Users\Jean Spector\AppData\LocalLow\BitTorrent
2018-12-31 00:44 - 2018-12-31 02:00 - 000000000 ____D C:\FRST
2018-12-31 00:44 - 2018-12-31 00:44 - 002424320 _____ (Farbar) C:\Users\Jean Spector\Desktop\FRST64.exe
2018-12-30 00:44 - 2018-12-14 09:38 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-30 00:44 - 2018-12-14 08:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-12-30 00:44 - 2018-11-28 11:39 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-12-30 00:44 - 2018-11-28 10:08 - 015441408 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-30 00:44 - 2018-11-28 10:04 - 013322240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-12-30 00:44 - 2018-11-15 05:00 - 025735680 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-30 00:44 - 2018-11-15 04:34 - 020281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-12-30 00:44 - 2018-11-15 03:51 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-12-30 00:44 - 2018-11-15 03:50 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-30 00:44 - 2018-11-13 06:35 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-30 00:44 - 2018-11-13 06:00 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-12-30 00:44 - 2018-11-13 05:52 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-12-30 00:44 - 2018-11-13 05:51 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-30 00:44 - 2018-11-13 05:43 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-12-30 00:44 - 2018-11-13 05:42 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-12-30 00:44 - 2018-11-13 05:38 - 013681152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-12-30 00:44 - 2018-11-13 05:38 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-30 00:44 - 2018-11-13 05:37 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-12-30 00:44 - 2018-11-13 05:27 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-12-30 00:44 - 2018-11-13 05:18 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-12-30 00:44 - 2018-11-13 05:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-12-30 00:44 - 2018-11-13 05:15 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-12-30 00:44 - 2018-11-13 05:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-12-30 00:44 - 2018-11-10 21:42 - 001368584 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-12-30 00:44 - 2018-11-10 21:36 - 007371720 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-12-30 00:44 - 2018-11-10 21:25 - 000121288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2018-12-30 00:44 - 2018-11-10 20:54 - 001308456 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-30 00:44 - 2018-11-10 20:53 - 000356088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-30 00:44 - 2018-11-10 18:34 - 001754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2018-12-30 00:44 - 2018-11-10 18:25 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-12-30 00:44 - 2018-11-10 18:22 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-12-30 00:44 - 2018-11-10 18:15 - 001491968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2018-12-30 00:44 - 2018-11-03 20:28 - 002532344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-30 00:44 - 2018-11-03 19:41 - 001903456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-12-30 00:44 - 2018-11-03 17:25 - 002348032 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-30 00:44 - 2018-11-03 17:11 - 001556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-12-29 22:32 - 2018-12-29 22:32 - 000168534 _____ C:\Users\Jean Spector\Downloads\m200818abc.xlsx
2018-12-29 14:51 - 2018-12-29 14:51 - 000002028 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-12-29 14:51 - 2018-12-29 14:51 - 000002026 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-12-29 14:51 - 2018-12-29 14:51 - 000002016 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-12-29 14:51 - 2018-12-29 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-12-29 14:51 - 2018-12-29 14:51 - 000000000 ____D C:\Program Files\Google
2018-12-29 14:50 - 2018-12-29 14:50 - 001136176 _____ (Google Inc.) C:\Users\Jean Spector\Downloads\installbackupandsync.exe
2018-12-28 19:10 - 2018-12-28 19:10 - 000001513 _____ C:\Users\Public\Desktop\Razer Synapse.lnk
2018-12-27 06:21 - 2018-12-27 06:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
2018-12-22 19:12 - 2018-12-22 19:13 - 003194701 _____ C:\Users\Jean Spector\Downloads\KMSpico-setup-pass-officialkmspico.com.zip
2018-12-22 15:56 - 2018-12-22 15:58 - 000000210 _____ C:\Users\Jean Spector\Documents\regex.ps1
2018-12-12 10:29 - 2018-12-12 10:29 - 000000037 _____ C:\Windows\SysWOW64\SmartFlow.txt
2018-12-12 10:26 - 2018-12-12 10:26 - 000000000 _____ C:\Windows\SysWOW64\SpyWareFolderstoFilter.txt
2018-12-11 21:02 - 2018-12-31 01:58 - 000007853 _____ C:\Windows\system32\CVFirmwareUpgradeLog.txt
2018-12-03 14:40 - 2018-12-03 14:40 - 000002190 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2018-12-03 14:38 - 2018-12-31 00:31 - 000004202 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-12-03 14:38 - 2018-12-03 14:38 - 000000000 ____D C:\ProgramData\SupportAssist
2018-12-03 14:38 - 2018-12-03 14:38 - 000000000 ____D C:\ProgramData\Dell Inc
2018-12-03 14:20 - 2018-12-03 14:40 - 000000000 ____D C:\Program Files\Dell
2018-12-02 23:46 - 2018-12-28 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2018-12-02 23:46 - 2018-12-02 23:46 - 000000000 ____D C:\Users\Jean Spector\AppData\Roaming\Synapse3
2018-12-02 23:44 - 2018-12-02 23:44 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\Razer
2018-12-02 23:44 - 2018-12-02 23:44 - 000000000 ____D C:\Program Files\Razer Chroma SDK
2018-12-02 23:44 - 2018-12-02 23:44 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2018-12-02 23:41 - 2018-12-11 21:03 - 000000000 ____D C:\Program Files (x86)\Razer
2018-12-02 23:41 - 2018-12-02 23:50 - 000000000 ____D C:\ProgramData\Razer
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-31 02:01 - 2017-08-13 00:19 - 000000000 ____D C:\Users\Jean Spector\AppData\Roaming\BitTorrent
2018-12-31 02:00 - 2017-05-16 10:26 - 000000000 ____D C:\Users\Jean Spector\AppData\Roaming\GoodSync
2018-12-31 01:59 - 2017-04-19 12:45 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\Degoo
2018-12-31 01:58 - 2015-03-15 11:25 - 000000000 __RDO C:\Users\Jean Spector\OneDrive
2018-12-31 01:58 - 2014-08-14 17:41 - 000000000 __SHD C:\Users\Jean Spector\IntelGraphicsProfiles
2018-12-31 01:58 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-31 01:54 - 2016-04-05 17:11 - 000000000 ____D C:\Users\Jean Spector\Documents\ShareX
2018-12-31 01:41 - 2013-09-30 06:19 - 000867072 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-31 01:41 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2018-12-31 01:29 - 2018-07-14 19:12 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\AdvinstAnalytics
2018-12-31 01:29 - 2018-07-14 16:19 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\cache
2018-12-31 01:28 - 2018-07-14 19:16 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\CrashRpt
2018-12-31 01:00 - 2014-08-14 16:54 - 000000000 ____D C:\Users\Jean Spector
2018-12-31 00:13 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache
2018-12-31 00:05 - 2017-05-16 10:26 - 000000000 ____D C:\ProgramData\GoodSync
2018-12-31 00:03 - 2018-11-12 13:20 - 000485696 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-30 07:28 - 2013-08-22 15:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-12-30 02:17 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-12-30 00:53 - 2014-08-17 15:07 - 000000000 ____D C:\Windows\system32\MRT
2018-12-30 00:51 - 2014-08-17 15:07 - 137260640 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-30 00:51 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2018-12-30 00:28 - 2014-08-14 17:09 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\ElevatedDiagnostics
2018-12-29 15:22 - 2014-08-14 16:59 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2612820603-309181636-2091425902-1001
2018-12-29 14:51 - 2014-09-08 09:10 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\Google
2018-12-28 21:20 - 2018-11-01 21:15 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-12-28 21:20 - 2018-10-31 20:41 - 000003566 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-jean.spector@outlook.com
2018-12-28 21:20 - 2018-10-30 17:05 - 000003604 _____ C:\Windows\System32\Tasks\{24C1E841-9833-408B-A86A-F2952B084E84}
2018-12-28 21:20 - 2018-03-13 11:17 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-12-28 21:20 - 2015-04-08 10:48 - 000003072 _____ C:\Windows\System32\Tasks\{A3E4DD90-0974-45EE-A6E0-5426FE4E6547}
2018-12-28 21:20 - 2014-12-15 07:54 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-12-28 21:20 - 2014-09-18 09:06 - 000003522 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612820603-309181636-2091425902-1001UA
2018-12-28 21:20 - 2014-09-18 09:06 - 000003250 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612820603-309181636-2091425902-1001Core
2018-12-28 21:20 - 2014-09-08 09:10 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-28 21:20 - 2014-09-08 09:10 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-28 21:20 - 2014-09-04 13:33 - 000003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2018-12-28 21:20 - 2014-09-04 13:33 - 000003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2018-12-28 21:20 - 2014-09-04 13:33 - 000003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2018-12-28 21:20 - 2014-09-04 13:33 - 000003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2018-12-28 21:20 - 2014-09-04 13:33 - 000003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2018-12-28 20:55 - 2016-11-29 20:42 - 000000000 ____D C:\Users\Jean Spector\AppData\LocalLow\Mozilla
2018-12-27 06:21 - 2017-05-16 10:26 - 000001938 _____ C:\Users\Public\Desktop\GoodSync Explorer.lnk
2018-12-27 06:21 - 2017-05-16 10:26 - 000001874 _____ C:\Users\Public\Desktop\GoodSync.lnk
2018-12-27 06:21 - 2017-05-16 10:26 - 000000000 ____D C:\Program Files\Siber Systems
2018-12-27 01:02 - 2014-08-14 17:24 - 000000000 ____D C:\tmp
2018-12-26 00:06 - 2018-11-01 22:34 - 000004194 _____ C:\Windows\System32\Tasks\Avast Cleanup Update
2018-12-24 10:47 - 2018-11-01 21:15 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-12-24 07:22 - 2018-11-01 21:17 - 000000000 ____D C:\Users\Jean Spector\AppData\Local\AVAST Software
2018-12-20 22:27 - 2014-09-08 09:11 - 000002256 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-20 22:27 - 2014-09-08 09:11 - 000002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-11 21:02 - 2018-11-28 01:30 - 000000440 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job
2018-12-06 08:17 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-04 11:21 - 2014-10-05 14:08 - 000000000 ____D C:\ProgramData\PCDr
2018-12-03 16:06 - 2015-01-25 11:52 - 000662528 ___SH C:\Users\Jean Spector\Downloads\Thumbs.db
2018-12-03 14:40 - 2014-10-05 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-12-03 14:38 - 2017-06-08 23:56 - 000000000 ____D C:\Users\Jean Spector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2018-12-03 14:17 - 2018-11-28 01:30 - 000003840 _____ C:\Windows\System32\Tasks\Driver Easy Scheduled Scan
2018-12-03 14:17 - 2018-07-14 15:49 - 000003866 _____ C:\Windows\System32\Tasks\ASCOM - Update Earth Rotation Data
2018-12-01 01:43 - 2018-11-26 19:39 - 000835688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-12-01 01:43 - 2018-11-26 19:39 - 000179808 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-03-18 15:15 - 2015-03-18 15:15 - 000002084 _____ () C:\Users\Jean Spector\.csp_ovftool_settings.js
2015-09-03 10:27 - 2008-02-15 12:55 - 000360448 _____ (Oleg Valberg) C:\Program Files\CrazyKeys_ExeR.exe
2017-03-27 20:45 - 2017-03-27 20:52 - 000000807 _____ () C:\Program Files\DevManView.cfg
2016-03-09 06:29 - 2017-03-27 20:36 - 000018590 _____ () C:\Program Files\DevManView.chm
2016-03-09 06:29 - 2017-03-27 20:36 - 000138336 _____ (NirSoft) C:\Program Files\DevManView.exe
2014-08-17 14:43 - 2014-08-17 14:42 - 000493568 _____ (Simon Tatham) C:\Program Files\kitty.exe
2014-09-10 09:19 - 2014-08-17 14:42 - 000493568 _____ (Simon Tatham) C:\Program Files (x86)\kitty.exe
2016-02-21 20:03 - 2017-09-28 13:43 - 000000600 _____ () C:\Users\Jean Spector\AppData\Roaming\PUTTY.RND
2014-11-02 08:58 - 2016-06-08 14:31 - 000000600 _____ () C:\Users\Jean Spector\AppData\Roaming\winscp.rnd
2018-05-27 22:49 - 2018-10-20 15:24 - 000007613 _____ () C:\Users\Jean Spector\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-12-25 05:51
==================== End of FRST.txt ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29.12.2018
Ran by Jean Spector (31-12-2018 02:01:32)
Running from C:\Users\Jean Spector\Desktop
Windows 8.1 Enterprise (Update) (X64) (2014-08-14 14:54:12)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2612820603-309181636-2091425902-500 - Administrator - Disabled)
Guest (S-1-5-21-2612820603-309181636-2091425902-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2612820603-309181636-2091425902-1009 - Limited - Enabled)
Jean Spector (S-1-5-21-2612820603-309181636-2091425902-1001 - Administrator - Enabled) => C:\Users\Jean Spector
pd (S-1-5-21-2612820603-309181636-2091425902-1006 - Limited - Enabled)
___VMware_Conv_SA___ (S-1-5-21-2612820603-309181636-2091425902-1005 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader 4.4 (HKLM-x32\...\{17CEAB50-0275-4D5E-9C11-CF2963C59FA1}) (Version: 4.4.6.2295 - Open Media LLC)
64 Bit HP CIO Components Installer (HKLM\...\{30689060-43BD-46E9-8A54-E6CDB18AAB88}) (Version: 20.2.1 - HP Inc.) Hidden
7-Zip 18.05 (HKLM-x32\...\{23170F69-40C1-2701-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )
ActivePerl 5.16.3 Build 1604 (HKLM-x32\...\{B423C2A0-EAC6-4490-BC31-97F47813DEAA}) (Version: 5.16.1604 - ActiveState)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_7_2) (Version: 7.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASCOM Celestron Telescope Telescope Driver version 6.0.6338.35136 (HKLM-x32\...\{8cad8458-17ab-49ea-9c3a-b20007f3ad10}_is1) (Version: 6.0.6338.35136 - Chris Rowland <chris.rowland@cherryfield.me.uk>)
ASCOM Platform 6.4 (HKLM\...\{8961E141-B307-4882-ABAD-77A3E76A40C1}) (Version: 6.4.0.2618 - ASCOM Initiative) Hidden
ASCOM Platform 6.4 (HKLM-x32\...\{8961E141-B307-4882-ABAD-77A3E76A40C1}) (Version: 6.4.0.2618 - ASCOM Initiative) Hidden
ASCOM Platform 6.4 (HKLM-x32\...\ASCOM Platform 6.4) (Version: 6.4.0.2618 - ASCOM Initiative)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.2.5964 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Backup and Sync from Google (HKLM\...\{608EBDC6-D18A-4CF6-AD54-EE6B71D29065}) (Version: 3.43.1584.4446 - Google, Inc.)
BitTorrent (HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\BitTorrent) (Version: 7.10.4.44847 - BitTorrent Inc.)
Box Sync (HKLM\...\{BFA57077-F78C-4B92-815E-7BCDA6B9686E}) (Version: 4.0.7911.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{78bd23dc-5207-4a19-a205-75117c0f8c6c}) (Version: 4.0.6746.0 - Box Inc.) Hidden
Cartes du Ciel V4.0 (HKLM-x32\...\{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1) (Version: - )
Corsair M60 Gaming Mouse Driver V1.0 (HKLM-x32\...\{337CDF25-8F3C-4DEF-8A94-5A9BFC961368}_is1) (Version: 1.00.00.37 - )
Degoo (HKLM-x32\...\{53E5AA1F-A338-4D4B-8906-4556F0A0F3F1}) (Version: 1.0.2250 - Degoo Backup AB)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{00E61C2A-E507-4662-8534-A0FA48F415AE}) (Version: 2.3.415.120 - Broadcom Corporation)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Driver Easy 5.6.7 (HKLM\...\DriverEasy_is1) (Version: 5.6.7 - Easeware)
EncFlac 1.1.2 (HKLM-x32\...\EncFlac) (Version: 1.1.2 - Michael Facquet)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 10.9.21.1 - Siber Systems Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Imagenomic Portraiture 2.2.1 Lightroom Plug-in (build 2210) (HKLM\...\ImagenomicPortraitureLightroomPlugin) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.2 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4432 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
IrfanView 4.51 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.51 - Irfan Skiljan)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JetBrains PyCharm Community Edition 2018.2.4 (HKLM-x32\...\PyCharm Community Edition 2018.2.4) (Version: 182.4505.26 - JetBrains s.r.o.)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.3 - LG Electronics)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 62.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.2 (x64 en-US)) (Version: 62.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
NexStar Observer List (HKLM-x32\...\ST6UNST #1) (Version: - )
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20155 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20155 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20155 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10730.20155 - Microsoft Corporation) Hidden
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 (HKLM-x32\...\{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1) (Version: - Orban, Inc.)
Photomatix Pro version 5.0.5a (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0.5a - HDRsoft Ltd)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.1.0.0 - Popcorn Time) <==== ATTENTION
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.12845 - Kakao Corp.)
Python 2.7.13 (HKLM-x32\...\{4A656C6C-D24A-473F-9747-3A8D00907A03}) (Version: 2.7.13150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Razer Chroma SDK (HKLM-x32\...\Razer Chroma SDK) (Version: 2.22.3 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.3.1216.122121 - Razer Inc.)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 12.3.1 - ShareX Team)
Skype version 8.34 (HKLM-x32\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
Starry Night Celestron SE 7 (HKLM-x32\...\{F15C5FEE-7D1B-4680-A77F-BF501AB3C4DE}) (Version: 7.6.3.1378 - Simulation Curriculum Corp.)
Stellarium 0.18.1 (HKLM\...\Stellarium_is1) (Version: 0.18.1 - Stellarium team)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.2.0 - Topaz Labs, LLC)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.1.0 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.2.0 - Topaz Labs, LLC)
Topaz DeNoise 6 (HKLM-x32\...\Topaz DeNoise 6) (Version: 6.0.1 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.3.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.1.0 - Topaz Labs, LLC)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.3.0 - Topaz Labs, LLC)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21 - Ghisler Software GmbH)
TreeSize Free V4.0.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.0.3 - JAM Software)
VNC Viewer 6.17.1113 (HKLM\...\{26DEBF7F-3876-43C3-8365-5A2B4C604DFA}) (Version: 6.17.1113.31799 - RealVNC Ltd)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WD Drive Manager (x64) (HKLM\...\{94794BBD-1FB4-428B-8F2D-E368BEF2C237}) (Version: 2.116 - Western Digital)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Zoom (HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {188F5248-9468-D082-1EC2-FEE985889A47} => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jean Spector\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {5525BB08-9468-D082-5E2B-54A485889A47} => No File
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2612820603-309181636-2091425902-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Jean Spector\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => C:\Users\Jean Spector\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-10-14] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers1: [BoxContextMenuClient] -> {87768833-3c5c-30fb-af03-ba34bc95d084} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [BoxContextMenuClient] -> {87768833-3c5c-30fb-af03-ba34bc95d084} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-09] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2016-06-09] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05B687DB-82EA-474B-ADB6-04B8A838CFA3} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2018-10-22] (Easeware)
Task: {0741DDC6-1A4D-4923-A8FE-03D3FA0F0121} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {177F21E8-B951-4BE8-8643-00D3A2B159FF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {19A48DA5-6111-4811-9FD5-7EE28FC3962A} - System32\Tasks\Avast Cleanup Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-10-24] (AVAST Software)
Task: {279C3D38-C23E-464A-8A14-B238F8BA43C9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {43FE6DE4-7B9D-4A4D-8F67-0D9DCBDDBE4E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {51CCA352-8D3A-4CC5-90AE-A55E1A41413A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-19] (AVAST Software)
Task: {65E77D20-6849-41B1-923B-EA89FB0FA5AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {6CFB09E3-1769-45CC-827F-460F249E132C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-10-25] (Dell Inc.)
Task: {8417ABA7-FD1B-4BE3-97E7-378C2A4A259E} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-jean.spector@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-12-13] (Adobe Systems, Incorporated)
Task: {8C45CC85-4599-415F-9AEA-8C313E49F0A5} - System32\Tasks\{A3E4DD90-0974-45EE-A6E0-5426FE4E6547} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
Task: {8F68D78C-AFB4-4423-B48B-CD46AC7B92E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612820603-309181636-2091425902-1001UA => C:\Users\Jean Spector\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9BDE5130-0054-4B97-AFEB-FBE4E399F6AB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {9C0E2E13-5D25-45C9-BE38-0E6F51DE4647} - System32\Tasks\ASCOM - Update Earth Rotation Data => C:\Program Files (x86)\ASCOM\Platform 6\Tools\EarthRotationUpdate.exe [2018-06-25] (ASCOM)
Task: {B5B422B8-7DB5-4C22-B03F-C71DB252B667} - System32\Tasks\{24C1E841-9833-408B-A86A-F2952B084E84} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Blackzoolab\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Blackzoolab\uninstall.dat" -a uninstallme AF520A29-E504-49F8-848B-089BDF798A89 DeviceId=fcba38b6-70af-a8b8-64cf-9e53487010f6 BarcodeId=51198004 ChannelId=004 DistributerName=APSFWakeNet
Task: {C9073E88-2C10-4C4E-A835-16FAE0E35685} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {CF54503B-AE1A-4BAA-A0A6-49F8645B1923} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-11] (AVAST Software)
Task: {DE3CB6C7-3065-42AD-90D6-8C8DB364136F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E7843E1E-8B76-4D51-979A-AE8E7F905C49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {E791EB41-DC1F-4AF0-B551-A0C7DF66D641} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {EB41594F-841C-4F31-8CF7-A1B870668382} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612820603-309181636-2091425902-1001Core => C:\Users\Jean Spector\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-11-28 01:36 - 2018-11-28 01:36 - 000274392 _____ () C:\Windows\System32\UshUpgradeService.exe
2018-12-21 14:17 - 2018-12-21 14:17 - 000285424 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-10-14 20:45 - 2018-10-14 20:45 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-12-21 14:17 - 2018-12-21 14:17 - 000303344 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe
2018-05-02 12:02 - 2018-05-02 12:02 - 000126792 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 001488200 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000056648 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 002106696 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000136520 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
2018-05-02 12:01 - 2018-05-02 12:01 - 000143688 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
2018-05-02 12:01 - 2018-05-02 12:01 - 000554824 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
2018-05-02 12:01 - 2018-05-02 12:01 - 000017736 _____ () C:\Program Files\Box\Box Sync\select.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000698184 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
2018-05-02 12:01 - 2018-05-02 12:01 - 000063304 _____ () C:\Program Files\Box\Box Sync\psutil._psutil_windows.pyd
2018-05-02 11:58 - 2018-05-02 11:58 - 000009544 _____ () C:\Program Files\Box\Box Sync\clr.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000033096 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000528200 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000029000 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000155976 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000142152 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000069960 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000051016 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000059720 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000032072 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000040776 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000027464 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
2018-05-02 12:02 - 2018-05-02 12:02 - 000229704 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
2018-12-27 06:21 - 2018-12-27 06:21 - 013434592 _____ () C:\Program Files\Siber Systems\GoodSync\GoodSync-v10.exe
2018-12-21 15:16 - 2018-12-21 15:16 - 003434224 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
2018-10-04 19:44 - 2018-10-04 19:44 - 046459080 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-12-31 01:58 - 2018-12-31 01:58 - 000113664 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_ctypes.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000080896 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\bz2.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 001792512 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_hashlib.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000128512 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32api.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000137728 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\pywintypes27.dll
2018-12-31 01:58 - 2018-12-31 01:58 - 000548864 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\pythoncom27.dll
2018-12-31 01:58 - 2018-12-31 01:58 - 000689664 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\unicodedata.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000438784 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32com.shell.shell.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 001489408 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\wx._core_.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 001007104 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\wx._gdi_.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 001039872 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\wx._windows_.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 001325056 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\wx._controls_.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000916992 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\wx._misc_.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 001084416 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\pysqlite2._sqlite.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000149504 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32file.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000136192 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32security.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000007680 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\hashobjs_ext.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000020992 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\thumbnails_ext.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000118784 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\usb_ext.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000047616 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_socket.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 002224640 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_ssl.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000014848 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\common.time34.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000023040 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32event.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000034304 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\windows.conditional.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000020480 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\windows.winwrap.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000110080 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\windows.volumes.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000223232 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32gui.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000173568 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_elementtree.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000169472 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\pyexpat.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000048128 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32inet.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000103424 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\wx._html2.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000046080 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_psutil_windows.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000633272 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\windows._cacheinvalidation.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000011776 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32crypt.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000301568 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\PIL._imaging.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000032256 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_multiprocessing.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 005752320 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\cello.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000026112 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\_yappi.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000044032 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32process.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000027648 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32pipe.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000010752 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\select.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000029696 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32pdh.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000038400 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\windows.connectivity.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000073216 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\windows.device_monitor.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000020480 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32profile.pyd
2018-12-31 01:58 - 2018-12-31 01:58 - 000026624 _____ () C:\Users\Jean Spector\AppData\Local\Temp\_MEI70722\win32ts.pyd
2018-05-02 11:53 - 2018-05-02 11:53 - 000166216 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
2018-12-04 02:19 - 2018-12-04 02:19 - 001033216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\de02b99e060799ef35a7e7ecb903dd93\Windows.ApplicationModel.ni.dll
2018-12-04 02:19 - 2018-12-04 02:19 - 000054784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Management\1bf3bd597c05be7e0495a8c0bafc7bb3\Windows.Management.ni.dll
2018-12-04 02:19 - 2018-12-04 02:19 - 000192512 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\a0d6d836efd19e668be60af1c7d6e3aa\Windows.Foundation.ni.dll
2018-12-28 19:10 - 2018-12-21 14:14 - 000151280 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.ChromaSDKWrapper.dll
2018-12-28 19:10 - 2018-12-21 14:14 - 000180464 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativeDeviceDetectionWrapper.dll
2018-12-28 19:10 - 2018-12-19 11:22 - 000206576 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativePhilipsHueWrapper.dll
2018-12-28 19:10 - 2018-12-21 14:14 - 000202480 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.PowerPlan.dll
2018-12-28 19:10 - 2018-12-21 14:43 - 000081648 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AccelWinM.dll
2018-12-28 19:10 - 2018-12-21 14:12 - 000354544 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AudioPlayer.dll
2018-12-28 19:10 - 2018-12-21 14:12 - 000135408 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_KeyboardKeysWrapper.dll
2018-12-28 19:10 - 2018-12-21 14:43 - 000086256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedCommon.dll
2018-12-28 19:10 - 2018-12-21 14:43 - 000346864 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedMacros.dll
2018-12-28 19:10 - 2018-12-21 14:43 - 000260336 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_MappingTypesM.dll
2018-12-28 19:10 - 2018-12-21 14:14 - 002278128 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_PowerSwitchWrapper.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000634096 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_DeviceStatus.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000333552 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_DriverMode.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000383216 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_Lighting.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000150768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_Mapping.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000726768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_MappingBaseM.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000359152 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_PollingRate.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000382192 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_Sensitivity.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000461552 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_SurfaceCalBaseM.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000086768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_SurfaceCalPixart.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000634096 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Philips Hue\Bin\RSy3_DeviceStatus.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000333552 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Philips Hue\Bin\RSy3_DriverMode.dll
2018-12-28 19:10 - 2018-12-19 12:34 - 000055536 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\DeathAdder Elite\Bin\RSy3_KeyboardKeys.dll
2018-12-21 14:12 - 2018-12-21 14:12 - 000361712 _____ () C:\Program Files (x86)\Razer\Synapse3\UserProcess\RSy3_AudioAppStreamsWrapper.dll
2018-11-01 21:17 - 2018-11-01 21:17 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-19 14:46 - 2018-11-19 14:46 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-12-06 05:46 - 2018-12-06 05:46 - 000098544 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Common.Dependencies\RSy3_AudioMicPeakMeter.dll
2018-12-21 15:14 - 2018-12-21 15:14 - 000135408 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Common.Dependencies\RSy3_KeyboardKeysWrapper.dll
2018-12-18 07:19 - 2018-12-18 07:21 - 001005408 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.dll
2018-12-18 07:19 - 2018-12-18 07:21 - 053444984 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libcef.dll
2018-11-01 22:34 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
2018-12-18 07:19 - 2018-12-18 07:21 - 000691056 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.Core.dll
2018-12-18 07:19 - 2018-12-18 07:21 - 001984392 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libglesv2.dll
2018-12-18 07:19 - 2018-12-18 07:21 - 000082824 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\sharepoint.com -> hxxps://primarydata-files.sharepoint.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2018-11-15 17:56 - 033554955 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\ProgramData\Oracle\Java\javapath;C:\Perl\site\bin;C:\Perl\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;
HKCU\Environment\\Path: C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\ProgramData\Oracle\Java\javapath;C:\Perl\site\bin;C:\Perl\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jean Spector\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\irfanview_wallpaper.bmp
DNS Servers: 192.168.2.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\StartupFolder: => "CrazyKeys.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WDSmartWare.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WDDMStatus.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "PaperCut MF Client"
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "WD Drive Manager"
HKLM\...\StartupApproved\Run32: => "Corsair M60 Mouse"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Windows Session Manager"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\StartupFolder: => "EvernoteTray.lnk"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\StartupFolder: => "HipChat.lnk"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\StartupFolder: => "svs.lnk"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\StartupFolder: => "tccetgjb.lnk"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "Google Updater 5.0"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "NZPR93Q1KYLNOPS"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "PDYCC174SQRR1KB"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "JICLTAC124B5EKT"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "WQDC3M1Q7Q2V74N"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "hafyaffv"
HKU\S-1-5-21-2612820603-309181636-2091425902-1001\...\StartupApproved\Run: => "Skype for Desktop"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe (Microsoft Corporation)
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{5381B4F1-3BF3-43B9-87D2-9BEB52D3E3AA}C:\users\jean spector\documents\mobaxterm\slash\bin\xwin_mobax.exe] => (Allow) C:\users\jean spector\documents\mobaxterm\slash\bin\xwin_mobax.exe ()
FirewallRules: [UDP Query User{D9630F62-87C9-4437-8343-8AE45D33E89E}C:\users\jean spector\documents\mobaxterm\slash\bin\xwin_mobax.exe] => (Allow) C:\users\jean spector\documents\mobaxterm\slash\bin\xwin_mobax.exe ()
FirewallRules: [{251A3C97-9B17-4C79-9828-CF565146565C}] => (Block) C:\users\jean spector\documents\mobaxterm\slash\bin\xwin_mobax.exe ()
FirewallRules: [{51A89D60-DE58-4A44-AB4B-886B7BAF4356}] => (Block) C:\users\jean spector\documents\mobaxterm\slash\bin\xwin_mobax.exe ()
FirewallRules: [{F014B975-0380-4ADA-A71E-4CEB5B917C93}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{88E8C8EC-2A2B-426E-859E-C6E54DFAE5CB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [TCP Query User{FEDB9BBE-415A-4509-8FA5-6BF85AA178F3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google Inc.)
FirewallRules: [UDP Query User{D9628309-1E5C-4400-87BC-D95ECF84817E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google Inc.)
FirewallRules: [{D14F4AD0-642C-4ED3-BBF2-6BAAE4E05640}] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google Inc.)
FirewallRules: [{4B7C2B7C-E656-4858-B5A4-7FBCB1707452}] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google Inc.)
FirewallRules: [{38DA8526-CE1D-4574-931B-32CB48F6F2A4}] => (Allow) C:\Users\Jean\Zoom.exe No File
FirewallRules: [{700098F7-C03C-42CF-8BE4-04C2778713CB}] => (Allow) C:\Users\Jean\airhost.exe No File
FirewallRules: [{6AA53117-E868-4B06-BB2C-494BF5746367}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
FirewallRules: [TCP Query User{8379B78A-9AFA-40C2-BE43-15E3C0406E4E}C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe] => (Allow) C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe No File
FirewallRules: [UDP Query User{99267989-A759-41B0-A9F9-56D9E6A9A7BB}C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe] => (Allow) C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe No File
FirewallRules: [{7A58EF67-A96A-41E5-ADF6-85E25AB7BC85}] => (Block) C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe No File
FirewallRules: [{5FE60EC6-FC6D-4ADC-90DE-F067EB25D9CF}] => (Block) C:\program files (x86)\lenovoemc storage manager\lenovoemcstoragemanager.exe No File
FirewallRules: [{56E50EFA-5441-4AA9-A428-96310A72E8B6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{7E782D7C-4101-4314-B03B-336220F47C4B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{53397224-C1E8-47F7-92B9-AAB864C23CC0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{8687802B-A940-418F-A012-F993D7F6EDFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [TCP Query User{7CBA13F0-74E7-499A-BEA6-5DF491166AF1}C:\users\jean spector\appdata\local\degoo\degoo.exe] => (Allow) C:\users\jean spector\appdata\local\degoo\degoo.exe (Degoo Backup AB)
FirewallRules: [UDP Query User{A36098F9-7F4B-477B-BCA6-0B374F4E3937}C:\users\jean spector\appdata\local\degoo\degoo.exe] => (Allow) C:\users\jean spector\appdata\local\degoo\degoo.exe (Degoo Backup AB)
FirewallRules: [TCP Query User{862B38D9-51DC-46A5-A693-E3C118F3F985}C:\users\jean spector\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jean spector\appdata\roaming\utorrent\utorrent.exe No File
FirewallRules: [UDP Query User{59D7CB2A-9E6E-4D5B-9FB3-7459F83240A2}C:\users\jean spector\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jean spector\appdata\roaming\utorrent\utorrent.exe No File
FirewallRules: [TCP Query User{6FD49089-1B0D-4B1A-8DBD-58BCFA0CB424}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{4769378A-45AA-4A78-84FF-DB243D6F1C29}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [{72881DDA-ABA0-4D54-90C1-C9591255E7F8}] => (Block) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [{D124081F-DB9E-48E1-B031-0DAD2802D90D}] => (Block) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [{B1E2867B-5296-4353-9A97-DC3BD1A86E0C}] => (Allow) C:\Users\Jean\Zoom.exe No File
FirewallRules: [{72090D61-C13A-4DFE-80F5-BFDB080568D1}] => (Allow) C:\Users\Jean\airhost.exe No File
FirewallRules: [TCP Query User{EBBF32F9-314F-4F8B-9108-A9B4919F91D6}C:\users\jean spector\appdata\local\temp\in19e8b0f0\3f3403e1_stp.exe] => (Allow) C:\users\jean spector\appdata\local\temp\in19e8b0f0\3f3403e1_stp.exe No File
FirewallRules: [UDP Query User{F16B6E4F-418E-4659-AF4B-DD859CFAA72C}C:\users\jean spector\appdata\local\temp\in19e8b0f0\3f3403e1_stp.exe] => (Allow) C:\users\jean spector\appdata\local\temp\in19e8b0f0\3f3403e1_stp.exe No File
FirewallRules: [{BC07BF72-184A-4F86-9722-DC6D72286430}] => (Allow) C:\Users\Jean Spector\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
FirewallRules: [{8A36A2A6-B4B6-4F83-A075-C552B2C64C00}] => (Allow) C:\Users\Jean Spector\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
FirewallRules: [TCP Query User{2161900A-6385-4F12-891A-392721ED30A9}C:\program files\jetbrains\pycharm community edition 2017.2.1\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.2.1\bin\pycharm64.exe No File
FirewallRules: [UDP Query User{C215358E-5E4C-4AED-B11C-FDE9E6DF95FD}C:\program files\jetbrains\pycharm community edition 2017.2.1\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.2.1\bin\pycharm64.exe No File
FirewallRules: [{041A2351-0B6C-49C4-9F6D-CC771E2EF0AF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{3655AF34-CA2A-499E-8ED7-051FCBD7D8EE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{82F75726-4827-41D4-A629-A6E21466DED9}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time)
FirewallRules: [{194E78F9-2E21-497F-8EAD-EB578E3FD4D3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time)
FirewallRules: [{E3DD11E5-9006-4382-8662-EB936CA23326}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe ()
FirewallRules: [{1CE9679D-9613-46FA-BE66-1A52BF5BA8FB}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe ()
FirewallRules: [{180BBB50-192F-478E-8DFF-890CA947EB1A}] => (Allow) C:\Program Files (x86)\Popcorn Time\nodejs\node.exe (Node.js)
FirewallRules: [{81F2A44C-5123-4B3D-BE3C-3D6A6B24F3BB}] => (Allow) C:\Program Files (x86)\Popcorn Time\nodejs\node.exe (Node.js)
FirewallRules: [TCP Query User{F438AC85-8E68-40C4-8099-EF92EAA5A918}C:\program files (x86)\popcorn time\nodejs\node.exe] => (Allow) C:\program files (x86)\popcorn time\nodejs\node.exe (Node.js)
FirewallRules: [UDP Query User{08FCBB8C-4AD8-4BCE-ABAB-E98D0661A12E}C:\program files (x86)\popcorn time\nodejs\node.exe] => (Allow) C:\program files (x86)\popcorn time\nodejs\node.exe (Node.js)
FirewallRules: [{37131516-9FBE-4812-BA5A-3A8DF0DE0EB4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{102CF18A-21DF-4927-99FD-C29E7E7FEB65}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{1D5F1259-2FD7-4485-A537-5299F8C8D28C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{369060DC-81D0-4D96-8DCA-1208BCEE2162}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{1BC3F343-BDB3-4725-878E-5DBDAEB36C36}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{A0AAC127-645B-456D-AF81-2FF880988986}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe No File
FirewallRules: [{56ECC40A-9C60-4200-A040-CDC095195E16}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{496292A8-2BFE-474B-9731-2803A213321E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{72CB882C-C13C-4B69-9E51-0EE981854596}] => (Allow) C:\Program Files\Siber Systems\GoodSync\gs-server.exe ()
==================== Restore Points =========================
16-12-2018 01:03:17 Scheduled Checkpoint
24-12-2018 07:26:42 Scheduled Checkpoint
30-12-2018 00:48:23 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/31/2018 01:58:07 AM) (Source: USHUpgradeService) (EventID: 2) (User: )
Description: CV firmware upgrade failed
Error: (12/31/2018 01:36:58 AM) (Source: USHUpgradeService) (EventID: 2) (User: )
Description: CV firmware upgrade failed
Error: (12/31/2018 12:57:56 AM) (Source: USHUpgradeService) (EventID: 2) (User: )
Description: CV firmware upgrade failed
Error: (12/31/2018 12:28:14 AM) (Source: USHUpgradeService) (EventID: 2) (User: )
Description: CV firmware upgrade failed
Error: (12/31/2018 12:24:13 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'.
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine)
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall()
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription)
at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription)
Error: (12/31/2018 12:03:16 AM) (Source: USHUpgradeService) (EventID: 2) (User: )
Description: CV firmware upgrade failed
Error: (12/30/2018 07:27:20 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'.
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine)
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall()
at Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription)
at Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription)
Error: (12/30/2018 02:51:39 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
System errors:
=============
Error: (12/31/2018 01:58:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (12/31/2018 01:58:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
This driver has been blocked from loading
Error: (12/31/2018 01:37:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (12/31/2018 01:36:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
This driver has been blocked from loading
Error: (12/31/2018 01:36:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:35:51 AM on 12/31/2018 was unexpected.
Error: (12/31/2018 12:58:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (12/31/2018 12:57:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
This driver has been blocked from loading
Error: (12/31/2018 12:28:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the DNS Client service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Windows Defender:
===================================
Date: 2018-10-19 15:59:16.237
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DelfInject&threatid=2147597831&enterprise=0
Name: VirTool:Win32/DelfInject
ID: 2147597831
Severity: Severe
Category: Tool
Path: file:_C:\Users\Jean Spector\AppData\Local\Temp\9882.tmp\bb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: P:\Torrents\Total Commander 9.21 Final + Crack [CracksNow]\Fix\tc-patch.exe
Signature Version: AV: 1.279.102.0, AS: 1.279.102.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4
Date: 2018-10-19 15:59:03.367
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DelfInject&threatid=2147597831&enterprise=0
Name: VirTool:Win32/DelfInject
ID: 2147597831
Severity: Severe
Category: Tool
Path: file:_C:\Users\Jean Spector\AppData\Local\Temp\9882.tmp\bb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\SysWOW64\cmd.exe
Signature Version: AV: 1.279.102.0, AS: 1.279.102.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4
Date: 2018-10-19 15:59:00.343
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DelfInject&threatid=2147597831&enterprise=0
Name: VirTool:Win32/DelfInject
ID: 2147597831
Severity: Severe
Category: Tool
Path: file:_C:\Users\Jean Spector\AppData\Local\Temp\9882.tmp\bb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: P:\Torrents\Total Commander 9.21 Final + Crack [CracksNow]\Fix\tc-patch.exe
Signature Version: AV: 1.279.102.0, AS: 1.279.102.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4
Date: 2018-10-19 15:55:39.406
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DelfInject&threatid=2147597831&enterprise=0
Name: VirTool:Win32/DelfInject
ID: 2147597831
Severity: Severe
Category: Tool
Path: file:_C:\Users\Jean Spector\AppData\Local\Temp\4783.tmp\bb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: P:\Torrents\Total Commander 9.21 Final + Crack [CracksNow]\Fix\tc-patch.exe
Signature Version: AV: 1.279.102.0, AS: 1.279.102.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4
Date: 2018-10-19 15:55:23.014
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DelfInject&threatid=2147597831&enterprise=0
Name: VirTool:Win32/DelfInject
ID: 2147597831
Severity: Severe
Category: Tool
Path: file:_C:\Users\Jean Spector\AppData\Local\Temp\4783.tmp\bb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: P:\Torrents\Total Commander 9.21 Final + Crack [CracksNow]\Fix\tc-patch.exe
Signature Version: AV: 1.279.102.0, AS: 1.279.102.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.15400.4, NIS: 2.1.14600.4
Date: 2018-01-11 03:53:30.683
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver was unloaded unexpectedly.
Date: 2018-01-11 03:53:30.683
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver was unloaded unexpectedly.
Date: 2018-01-11 03:53:30.683
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver was unloaded unexpectedly.
Date: 2018-01-11 03:53:30.636
Description:
Windows Defender engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception code: 0xc00000fd
Resource:
Date: 2017-12-21 07:16:48.814
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver was unloaded unexpectedly.
CodeIntegrity:
===================================
Date: 2018-11-28 01:37:13.203
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-11-28 01:37:11.579
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-11-28 01:37:10.199
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-11-28 01:37:08.792
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-11-28 01:37:07.295
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-11-28 01:37:05.798
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-11-28 01:37:04.351
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-11-28 01:37:02.764
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz
Percentage of memory in use: 30%
Total physical RAM: 16289.35 MB
Available physical RAM: 11345.12 MB
Total Virtual: 18849.35 MB
Available Virtual: 13557.89 MB
==================== Drives ================================
Drive c: (System-256GB) (Fixed) (Total:237.79 GB) (Free:104.08 GB) NTFS
Drive p: (My Book) (Fixed) (Total:2794.39 GB) (Free:752.32 GB) NTFS
Drive r: (Seagate Backup Plus Drive) (Fixed) (Total:3725.9 GB) (Free:1753.55 GB) NTFS
\\?\Volume{f75e4952-23b0-11e4-8250-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 3CD42E02)
Partition 1: (Not Active) - (Size=350 MB) - (Type=DE)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=237.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 3726 GB) (Disk ID: 9FCF031B)
Partition: GPT.
========================================================
Disk: 2 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
