Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by (administrator) on -PC (14-04-2018 12:16:20)
Running from C:\Users\\Desktop
Loaded Profiles: (Available Profiles: )
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Mediatek Inc.) C:\Program Files (x86)\Tenda\Common\RaRegistry.exe
(Mediatek Inc.) C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Realtek) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(Tenda Inc.) C:\Program Files (x86)\Tenda\Common\RaUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-08-12] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-10] (AVAST Software)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel)
HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [4788840 2018-04-04] ()
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\Run: [SnailDriver] => C:\Program Files (x86)\SnailSuite\SnailDriver 2 Lite\SnailLaunch.exe************************************************************************************************************************************ (the data entry has 59 more characters).
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\MountPoints2: {7a10655e-39ff-11e4-8394-2c4138a9b7f0} - E:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-02-24]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Tenda Wireless Utility.lnk [2018-04-14]
ShortcutTarget: Tenda Wireless Utility.lnk -> C:\Program Files (x86)\Tenda\Common\RaUI.exe (Tenda Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{02FD14B9-3C65-4E96-8DE4-9F354F8093EF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FB95A44C-09DA-444F-9634-F38025F66432}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-20] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-20] (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-404867302-3797044342-2971219209-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1504722108279
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\opxb820a.default-1452453708882 [2018-04-14]
FF Homepage: Mozilla\Firefox\Profiles\opxb820a.default-1452453708882 -> google.com
FF Session Restore: Mozilla\Firefox\Profiles\opxb820a.default-1452453708882 -> is enabled.
FF Extension: (Domain Auction Metrics by DomCop) - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\opxb820a.default-1452453708882\Extensions\jid1-7h45UcD7uAqGwQ@jetpack.xpi [2016-12-02]
FF Extension: (Avast SafePrice) - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\opxb820a.default-1452453708882\Extensions\sp@avast.com.xpi [2018-03-09]
FF Extension: (MozBar) - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\opxb820a.default-1452453708882\Extensions\toolbar@seomoz.org.xpi [2016-03-12] [Legacy]
FF Extension: (Avast Online Security) - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\opxb820a.default-1452453708882\Extensions\wrc@avast.com.xpi [2017-11-10]
FF Extension: (NoDoFollow) - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\opxb820a.default-1452453708882\Extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}.xpi [2016-04-27] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://espanol.yahoo.com/
CHR StartupUrls: Default -> "hxxp://espanol.yahoo.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\\AppData\Local\Google\Chrome\User Data\Default [2018-04-14]
CHR Extension: (Google Translate) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-04-10]
CHR Extension: (Google Drive) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Session Manager) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-09-09]
CHR Extension: (YouTube) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (AdBlock) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Peek-a-tab, Tabs Manager for Google Chrome™) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnpdamdaknpnohmlbnmgphiodghbohop [2018-03-16]
CHR Extension: (Gmail) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-10] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-10] (AVAST Software)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel)
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [68168 2013-03-16] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S4 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-03-16] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 MediatekRegistryWriter; C:\Program Files (x86)\Tenda\Common\RaRegistry.exe [401040 2014-07-31] (Mediatek Inc.)
R2 MediatekRegistryWriter64; C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe [454288 2014-07-31] (Mediatek Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Realtek87B; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-08-12] (Realtek Semiconductor)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Visual Studio Analyzer RPC bridge; C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
S4 VyprVPN; C:\Program Files (x86)\VyprVPN\VyprVPNService.exe [90544 2014-03-27] (Golden Frog, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [23240 2016-04-29] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [90560 2017-12-30] (Alcorlink Corp.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-04-10] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-12] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-12] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-12] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-12] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [227784 2018-04-10] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [147224 2018-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111352 2018-04-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-10] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-10] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-10] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-10] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [58952 2013-03-16] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-03-16] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-03-16] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-03-16] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [771224 2014-08-26] (
Ext2Fsd Project)
R3 HCW723x; C:\Windows\System32\DRIVERS\HCW723x.sys [1847680 2012-08-17] (Hauppauge Computer Works, Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-04-06] (REALiX(tm))
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-10] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-14] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-14] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-14] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-03-28] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2215056 2014-08-14] (MediaTek Inc.)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2502288 2015-12-30] (MediaTek Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 rspWhySoSlow; C:\Windows\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Resplendence Software Projects Sp.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-09] (Synaptics Incorporated)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2015-10-02] (The OpenVPN Project) [File not signed]
S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [8944 1999-05-05] (Microsoft Corporation) [File not signed]
S3 cpuz136; \??\C:\Users\\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-14 12:16 - 2018-04-14 12:19 - 000020169 _____ C:\Users\\Desktop\FRST.txt
2018-04-14 12:12 - 2018-04-14 12:12 - 002403328 _____ (Farbar) C:\Users\\Desktop\FRST64.exe
2018-04-12 14:56 - 2018-04-12 14:56 - 000000078 _____ C:\Windows\system32\-PC.Windows 7 Ultimate, 64-bit Service Pack 1 (build 7601).txt
2018-04-12 14:56 - 2018-04-12 14:56 - 000000000 ____D C:\Windows\RegBak
2018-04-12 14:55 - 2018-04-12 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Backup and Restore
2018-04-12 14:55 - 2018-04-12 14:55 - 000000000 ____D C:\Program Files\Acelogix
2018-04-10 17:46 - 2018-04-14 10:46 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-10 17:46 - 2018-04-14 10:46 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-10 17:46 - 2018-04-14 10:39 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-10 17:46 - 2018-04-14 10:38 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-10 17:46 - 2018-04-10 17:46 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-10 17:46 - 2018-04-10 17:46 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-10 17:46 - 2018-04-10 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-10 17:46 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-10 15:25 - 2018-03-30 22:09 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-10 15:25 - 2018-03-30 22:09 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-04-10 15:25 - 2018-03-30 22:09 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-10 15:25 - 2018-03-30 22:09 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-10 15:25 - 2018-03-30 22:09 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-10 15:25 - 2018-03-30 21:45 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-04-10 15:25 - 2018-03-30 21:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-04-10 15:25 - 2018-03-30 21:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-04-10 15:25 - 2018-03-30 21:38 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-04-10 15:25 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-10 15:25 - 2018-03-30 21:12 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-04-10 15:25 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-10 15:25 - 2018-03-30 21:06 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-10 15:25 - 2018-03-30 21:06 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-10 15:25 - 2018-03-30 21:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-10 15:25 - 2018-03-30 21:06 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-10 15:25 - 2018-03-30 21:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-10 15:25 - 2018-03-30 21:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-10 15:25 - 2018-03-30 21:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-10 15:25 - 2018-03-30 20:59 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-10 15:25 - 2018-03-30 20:58 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-10 15:25 - 2018-03-30 20:58 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-10 15:25 - 2018-03-30 20:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-10 15:25 - 2018-03-30 20:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-10 15:25 - 2018-03-30 20:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-04-10 15:25 - 2018-03-30 20:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-04-10 15:25 - 2018-03-30 20:47 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-04-10 15:25 - 2018-03-28 03:30 - 003225600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-10 15:25 - 2018-03-23 14:50 - 000396952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-10 15:25 - 2018-03-23 13:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-04-10 15:25 - 2018-03-22 19:00 - 025742336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-10 15:25 - 2018-03-22 17:32 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-10 15:25 - 2018-03-22 17:32 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-10 15:25 - 2018-03-22 17:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-04-10 15:25 - 2018-03-22 17:19 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-10 15:25 - 2018-03-22 17:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-10 15:25 - 2018-03-22 17:17 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-10 15:25 - 2018-03-22 17:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-10 15:25 - 2018-03-22 17:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-10 15:25 - 2018-03-22 17:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-10 15:25 - 2018-03-22 17:15 - 005780480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-10 15:25 - 2018-03-22 17:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-10 15:25 - 2018-03-22 17:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-10 15:25 - 2018-03-22 17:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-10 15:25 - 2018-03-22 17:06 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-10 15:25 - 2018-03-22 17:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-10 15:25 - 2018-03-22 17:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-10 15:25 - 2018-03-22 17:05 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-10 15:25 - 2018-03-22 17:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-04-10 15:25 - 2018-03-22 16:58 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-10 15:25 - 2018-03-22 16:55 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-10 15:25 - 2018-03-22 16:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-04-10 15:25 - 2018-03-22 16:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-04-10 15:25 - 2018-03-22 16:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-04-10 15:25 - 2018-03-22 16:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-04-10 15:25 - 2018-03-22 16:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-04-10 15:25 - 2018-03-22 16:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-10 15:25 - 2018-03-22 16:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-04-10 15:25 - 2018-03-22 16:48 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-10 15:25 - 2018-03-22 16:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-10 15:25 - 2018-03-22 16:45 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-10 15:25 - 2018-03-22 16:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-04-10 15:25 - 2018-03-22 16:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-04-10 15:25 - 2018-03-22 16:44 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-10 15:25 - 2018-03-22 16:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-04-10 15:25 - 2018-03-22 16:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-04-10 15:25 - 2018-03-22 16:42 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-10 15:25 - 2018-03-22 16:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-04-10 15:25 - 2018-03-22 16:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-04-10 15:25 - 2018-03-22 16:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-10 15:25 - 2018-03-22 16:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-04-10 15:25 - 2018-03-22 16:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-10 15:25 - 2018-03-22 16:29 - 015282688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-10 15:25 - 2018-03-22 16:29 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-10 15:25 - 2018-03-22 16:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-10 15:25 - 2018-03-22 16:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-10 15:25 - 2018-03-22 16:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-04-10 15:25 - 2018-03-22 16:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-04-10 15:25 - 2018-03-22 16:27 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-10 15:25 - 2018-03-22 16:27 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-10 15:25 - 2018-03-22 16:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-04-10 15:25 - 2018-03-22 16:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-04-10 15:25 - 2018-03-22 16:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-04-10 15:25 - 2018-03-22 16:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-04-10 15:25 - 2018-03-22 16:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-04-10 15:25 - 2018-03-22 16:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-04-10 15:25 - 2018-03-22 16:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-04-10 15:25 - 2018-03-22 16:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-10 15:25 - 2018-03-22 16:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-04-10 15:25 - 2018-03-22 16:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-04-10 15:25 - 2018-03-22 16:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-04-10 15:25 - 2018-03-22 16:04 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-10 15:25 - 2018-03-22 15:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-04-10 15:25 - 2018-03-22 15:53 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-10 15:25 - 2018-03-22 15:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-04-10 15:25 - 2018-03-22 15:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-04-10 15:25 - 2018-03-10 13:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-04-10 15:25 - 2018-03-09 14:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-04-10 15:25 - 2018-03-09 14:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-10 15:25 - 2018-03-09 14:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-04-10 15:25 - 2018-03-09 14:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-04-10 15:25 - 2018-03-09 14:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-04-10 15:25 - 2018-03-09 14:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-04-10 15:25 - 2018-03-09 14:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-10 15:25 - 2018-03-09 14:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-10 15:25 - 2018-03-09 14:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-10 15:25 - 2018-03-09 14:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-10 15:25 - 2018-03-06 14:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-04-10 15:25 - 2018-03-06 14:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-04-10 15:25 - 2018-03-06 14:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-04-10 15:25 - 2018-03-06 14:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-10 15:25 - 2018-03-06 14:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-10 15:25 - 2018-03-06 14:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-10 15:25 - 2018-02-21 23:28 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-04-10 15:25 - 2018-02-21 23:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-04-10 15:25 - 2018-02-10 14:35 - 000367296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-04-10 15:25 - 2018-02-10 14:35 - 000334528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-04-10 15:25 - 2018-02-10 14:35 - 000185024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-04-10 15:25 - 2018-02-10 14:35 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-04-10 15:25 - 2018-02-10 14:35 - 000068288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-04-10 15:25 - 2018-02-10 14:35 - 000064192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-04-10 15:25 - 2018-02-10 14:35 - 000063168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-04-10 15:25 - 2018-02-10 14:35 - 000060608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-04-10 15:25 - 2018-02-10 14:35 - 000036032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-04-10 15:25 - 2018-02-10 14:35 - 000031936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-04-10 15:25 - 2018-02-10 14:35 - 000023744 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-04-10 15:25 - 2018-02-10 14:35 - 000020160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-04-10 15:25 - 2018-02-10 14:35 - 000015040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-04-10 15:25 - 2018-02-10 14:35 - 000012096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-04-10 15:25 - 2018-02-10 14:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2018-04-10 15:25 - 2018-02-10 14:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-04-10 15:25 - 2018-02-10 14:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\racpldlg.dll
2018-04-10 15:25 - 2018-02-10 14:11 - 003665920 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-04-10 15:25 - 2018-02-10 14:11 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-04-10 15:25 - 2018-02-10 14:11 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-04-10 15:25 - 2018-02-10 14:11 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-04-10 15:25 - 2018-02-10 13:36 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
2018-04-10 15:25 - 2018-02-10 13:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
2018-04-10 15:25 - 2018-02-10 13:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2018-04-10 15:25 - 2018-02-10 13:26 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-04-10 15:25 - 2018-02-10 13:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-04-10 15:25 - 2018-02-10 13:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-04-10 15:25 - 2018-02-10 13:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-04-10 15:25 - 2018-02-10 13:25 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-04-10 15:25 - 2018-02-02 14:40 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-04-10 15:25 - 2018-02-02 14:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-04-10 15:25 - 2018-02-02 14:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2018-04-10 15:25 - 2018-02-02 14:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2018-04-10 15:25 - 2018-02-02 14:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-04-10 15:25 - 2018-02-02 14:16 - 003246080 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-04-10 15:25 - 2018-02-02 14:16 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-04-10 15:25 - 2018-02-02 14:16 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-04-10 15:25 - 2018-02-02 14:14 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-04-10 15:25 - 2018-02-02 14:14 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-04-10 15:25 - 2018-02-02 13:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2018-04-10 15:25 - 2018-02-02 13:36 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-04-10 15:25 - 2018-01-25 10:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-04-10 15:25 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-04-10 15:25 - 2018-01-12 12:40 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-04-10 15:25 - 2018-01-12 12:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 20:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-04-10 15:24 - 2018-03-30 20:47 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-04-10 15:24 - 2018-03-30 20:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 20:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 20:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 20:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-04-10 15:24 - 2018-03-30 20:47 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-04-10 15:24 - 2018-03-09 14:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-10 15:24 - 2018-03-09 13:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-04-10 15:24 - 2018-01-15 15:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-04-10 15:24 - 2018-01-15 15:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-04-10 15:01 - 2018-03-14 13:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-10 15:01 - 2018-03-14 13:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-10 15:01 - 2018-03-14 09:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-10 15:01 - 2018-03-14 09:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-10 15:01 - 2018-03-14 09:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-10 15:01 - 2018-03-14 09:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-10 15:01 - 2018-03-14 09:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-10 15:01 - 2018-03-14 09:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-10 15:01 - 2018-03-14 09:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-10 15:01 - 2018-03-14 09:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-10 14:03 - 2018-04-10 14:02 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-08 14:07 - 2018-04-08 14:07 - 000056674 _____ C:\Users\\Downloads\eqnedt32-zh-hk_637f56d93a3d7968044d754c4c7ddb2bc37ce01b.cab
2018-04-06 12:05 - 2018-04-06 12:05 - 000000000 ____D C:\Users\Default\AppData\Roaming\IObit
2018-04-06 12:05 - 2018-04-06 12:05 - 000000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2018-03-30 19:38 - 2018-02-18 17:34 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-03-21 12:50 - 2018-03-21 12:50 - 000000070 _____ C:\Users\\Downloads\fixlist.txt
2018-03-21 12:17 - 2018-03-21 12:22 - 000094840 _____ C:\Users\\Desktop\Fixlog.txt
2018-03-21 12:14 - 2018-04-14 12:16 - 000000000 ____D C:\FRST
2018-03-20 21:24 - 2018-03-20 21:24 - 000004512 _____ C:\Windows\system32\1.txt
2018-03-20 19:39 - 2018-03-20 20:34 - 000196092 _____ C:\Windows\ntbtlog.txt
2018-03-19 18:27 - 2018-03-19 18:27 - 000418299 _____ C:\Users\\Downloads\2018-03-19-AUDIO-00000406.opus
2018-03-17 13:49 - 2018-04-13 21:59 - 000003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{20D74601-D866-4B96-B4D0-83F83FBD47F5}
2018-03-17 13:49 - 2018-03-17 13:49 - 000024576 _____ C:\Users\\Documents\EasyBCD Backup (2018-03-17).bcd
2018-03-17 13:48 - 2018-03-17 13:48 - 000001213 _____ C:\Users\Public\Desktop\EasyBCD 2.3.lnk
2018-03-17 13:48 - 2018-03-17 13:48 - 000000000 ____D C:\Users\\AppData\Local\NeoSmart_Technologies
2018-03-17 13:48 - 2018-03-17 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
2018-03-17 13:48 - 2018-03-17 13:48 - 000000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2018-03-17 09:21 - 2018-04-07 14:34 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-03-17 09:21 - 2018-03-17 09:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-03-16 13:09 - 2018-02-26 21:12 - 002884096 _____ (niemiro) C:\Users\\Desktop\SFCFix.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-14 12:17 - 2009-07-14 00:45 - 000020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-14 12:17 - 2009-07-14 00:45 - 000020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-14 10:59 - 2017-09-06 10:17 - 000002886 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC ()
2018-04-14 10:50 - 2018-02-22 10:56 - 000000000 ____D C:\Users\\AppData\Local\Adobe
2018-04-14 10:36 - 2015-10-20 20:52 - 000000093 _____ C:\HaxLogs.txt
2018-04-14 10:36 - 2014-01-02 00:18 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2018-04-14 10:35 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-12 15:05 - 2016-01-15 15:12 - 000811318 _____ C:\Windows\system32\perfh00A.dat
2018-04-12 15:05 - 2016-01-15 15:12 - 000183486 _____ C:\Windows\system32\perfc00A.dat
2018-04-12 15:05 - 2009-07-14 01:13 - 001863536 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-12 15:05 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-04-12 11:42 - 2014-01-02 00:11 - 000147224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-10 20:00 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2018-04-10 19:10 - 2018-02-11 12:10 - 000002159 _____ C:\Users\\Desktop\Tweaking.com - Windows Repair.lnk
2018-04-10 19:10 - 2016-05-21 17:08 - 003242444 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2018-04-10 18:54 - 2016-05-17 21:58 - 003750296 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-10 18:53 - 2014-01-02 00:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-10 18:48 - 2014-12-10 11:55 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-10 18:48 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-04-10 18:43 - 2016-11-18 15:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-10 18:43 - 2014-01-02 00:28 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-04-10 18:42 - 2014-09-05 23:06 - 000001092 _____ C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2018-04-10 18:41 - 2015-07-20 19:35 - 000000000 ____D C:\Users\\Documents\My Filehippo Downloads
2018-04-10 17:28 - 2018-03-13 17:27 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-10 17:28 - 2018-03-09 12:56 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-10 17:28 - 2018-03-09 12:56 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-10 17:28 - 2018-03-09 12:56 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-10 17:28 - 2014-01-02 11:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-10 17:28 - 2014-01-02 11:37 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-10 15:43 - 2014-01-02 00:39 - 000000000 ____D C:\Windows\system32\MRT
2018-04-10 15:35 - 2017-10-20 11:30 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-10 15:35 - 2014-01-02 00:39 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-10 14:05 - 2017-03-13 12:06 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-10 14:03 - 2014-01-02 00:11 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-10 14:02 - 2017-11-10 12:48 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-10 14:02 - 2014-07-12 11:35 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-10 14:02 - 2014-01-02 00:11 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-10 14:02 - 2014-01-02 00:11 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-10 14:02 - 2014-01-02 00:11 - 000111352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-10 14:02 - 2014-01-02 00:11 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-10 14:01 - 2017-11-09 13:21 - 000227784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-10 14:01 - 2014-01-02 00:11 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-06 12:10 - 2014-12-08 22:57 - 000027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2018-04-03 20:29 - 2016-05-12 13:06 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-04-02 10:23 - 2017-08-29 14:34 - 000000000 ____D C:\ProgramData\ProductData
2018-04-02 10:21 - 2018-02-24 14:44 - 000003254 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2018-04-02 10:20 - 2018-02-24 14:43 - 000002276 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2018-04-02 10:19 - 2018-02-24 14:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
2018-03-30 19:58 - 2016-07-21 12:14 - 000000000 ____D C:\Program Files (x86)\Opera
2018-03-30 19:57 - 2018-01-24 13:40 - 000003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1469117722
2018-03-25 11:44 - 2015-10-28 11:16 - 000000000 ____D C:\Users\\AppData\Local\ElevatedDiagnostics
2018-03-23 15:25 - 2014-01-02 00:20 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-21 09:41 - 2017-01-02 00:21 - 000001956 _____ C:\Users\\Desktop\SFCFix.txt
2018-03-21 09:40 - 2016-01-25 19:42 - 000000000 ____D C:\SFCFix
2018-03-21 09:40 - 2016-01-25 19:38 - 000000000 ____D C:\Users\\AppData\Local\niemiro
2018-03-20 20:38 - 2009-07-14 01:08 - 000032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-20 18:27 - 2014-03-19 19:57 - 000000000 ____D C:\Program Files\Java
2018-03-20 18:24 - 2016-07-26 11:57 - 000000000 ____D C:\Users\\AppData\Local\JDownloader 2.0
2018-03-19 17:22 - 2014-01-03 02:13 - 000413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2018-03-17 23:28 - 2018-02-19 10:33 - 000001146 _____ C:\Users\Public\Desktop\Registry Life.lnk
2018-03-17 23:28 - 2015-08-14 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Life
2018-03-17 23:28 - 2015-08-14 18:12 - 000000000 ____D C:\Program Files (x86)\Registry Life
2018-03-17 14:15 - 2018-02-27 17:57 - 000084983 _____ C:\Users\\Desktop\sfclogs.txt
2018-03-17 09:22 - 2014-12-05 16:39 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-17 09:19 - 2016-11-18 15:03 - 000000000 ____D C:\Users\\AppData\LocalLow\Mozilla
==================== Files in the root of some directories =======
2017-09-07 12:27 - 2017-09-07 12:58 - 007649280 _____ () C:\Program Files (x86)\GUT4730.tmp
2014-04-20 11:09 - 2016-04-08 20:25 - 000000132 _____ () C:\Users\\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-13 14:26 - 2015-01-13 14:26 - 000099384 _____ () C:\Users\\AppData\Roaming\inst.exe
2015-01-13 14:26 - 2015-01-13 14:26 - 000007859 _____ () C:\Users\\AppData\Roaming\pcouffin.cat
2015-01-13 14:26 - 2015-01-13 14:26 - 000001167 _____ () C:\Users\\AppData\Roaming\pcouffin.inf
2015-01-13 14:26 - 2015-01-13 14:26 - 000000055 _____ () C:\Users\\AppData\Roaming\pcouffin.log
2015-01-13 14:26 - 2015-01-13 14:26 - 000082816 _____ (VSO Software) C:\Users\\AppData\Roaming\pcouffin.sys
2015-03-05 21:40 - 2015-03-05 21:43 - 000000164 _____ () C:\Users\\AppData\Roaming\PLGComp.ini
2015-01-08 14:20 - 2015-01-08 19:12 - 000000600 _____ () C:\Users\\AppData\Roaming\winscp.rnd
2014-01-06 22:06 - 2016-05-09 16:45 - 000001456 _____ () C:\Users\\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-04-05 18:18 - 2014-04-05 18:18 - 000220543 _____ () C:\Users\\AppData\Local\debuggee.mdmp
2015-07-20 16:48 - 2015-07-20 16:48 - 000000058 _____ () C:\Users\\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-09-30 16:29 - 2016-02-13 23:02 - 000000600 _____ () C:\Users\\AppData\Local\PUTTY.RND
2017-12-27 11:35 - 2017-12-27 11:35 - 000000017 _____ () C:\Users\\AppData\Local\resmon.resmoncfg
2016-08-12 10:41 - 2016-08-12 10:47 - 000000000 _____ () C:\Users\\AppData\Local\{46640771-B048-4412-BD25-92639EF3890A}
2016-07-23 10:45 - 2016-07-23 10:45 - 000000000 _____ () C:\Users\\AppData\Local\{8219B69E-E1E9-4066-8B28-390A4A955369}
2015-01-01 10:27 - 2015-01-01 10:27 - 000000000 _____ () C:\Users\\AppData\Local\{88776969-F896-4B93-A57E-F32DE3EF4D36}
2016-08-12 10:41 - 2016-08-12 10:47 - 000000000 _____ () C:\Users\\AppData\Local\{B9D9E880-9DEF-4903-A9B5-544C31EA3A2D}
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\vfpodbc.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-04-08 12:15
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by (14-04-2018 12:21:14)
Running from C:\Users\\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-01-02 03:40:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-404867302-3797044342-2971219209-500 - Administrator - Disabled)
ETB User (S-1-5-21-404867302-3797044342-2971219209-1003 - Administrator - Enabled)
Guest (S-1-5-21-404867302-3797044342-2971219209-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-404867302-3797044342-2971219209-1002 - Limited - Enabled)
(S-1-5-21-404867302-3797044342-2971219209-1000 - Administrator - Enabled) => C:\Users\
VUSR_-PC (S-1-5-21-404867302-3797044342-2971219209-1004 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink)
A1 Sitemap Generator (HKLM-x32\...\8FA512B2AB9F48E48319F817302934AC_is1) (Version: 2.2.0 - Microsys)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Premiere Pro CS5.5 (HKLM-x32\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
AdWords Editor (HKLM-x32\...\{64427C94-5A22-4743-8772-B2D9B9FD5283}) (Version: 11.0.3 - Google)
AMD Catalyst Install Manager (HKLM\...\{D2A53F8D-3924-E600-6023-883B255E3812}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
AVI to DVD Converter (HKLM-x32\...\AVI to DVD Converter) (Version: 3.0.26.0314 - Xilisoft)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
BitTorrent (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\BitTorrent) (Version: 7.9.5.41163 - BitTorrent Inc.)
BleachBit (HKLM-x32\...\BleachBit) (Version: 2.0 - BleachBit)
BS1 General Ledger 2014.2 (HKLM-x32\...\BS1 General Ledger 2014.2_is1) (Version: - Davis Software)
Bulk Image Downloader v4.87.0.0 (HKLM-x32\...\Bulk Image Downloader_is1) (Version: - Antibody Software)
Bulk Rename Utility 2.7.1.3 (HKLM-x32\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
CD Recovery Toolbox Free 2.1 (HKLM-x32\...\CD Recovery Toolbox Free_is1) (Version: - Recovery Toolbox, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
CuteFTP 8 Professional (HKLM-x32\...\{91F34319-08DE-457a-99C0-0BCDFAC145B9}) (Version: 8.3.4 - GlobalSCAPE)
DMG Extractor (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\DMG Extractor) (Version: 1.3.15.0 - Reincubate Ltd)
DotNetBar for Windows Forms (HKLM-x32\...\{316FC9F6-6343-42AC-BC26-6337C9CD1A8E}) (Version: 10.0.0.3 - DevComponents)
dpeg Cicada (HKLM-x32\...\dpeg_Cicada) (Version: - )
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.3.0 - IObit)
EaseUS Data Recovery Wizard 7.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.0_is1) (Version: - EaseUS)
EaseUS Todo Backup Advanced Server 5.8 (HKLM-x32\...\EaseUS Todo Backup Advanced Server 5.8_is1) (Version: 5.8 - CHENGDU YIWO Tech Development Co., Ltd)
Easy HTML5 Video (HKLM-x32\...\Easy HTML5 Video_is1) (Version: - )
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
Email Extractor (HKLM-x32\...\{30482B99-CAD6-4370-8A3B-8939BCDC90EC}) (Version: 5.5 - WebPro Solutions) Hidden
Email Extractor (HKLM-x32\...\Email Extractor) (Version: 5.5 - WebPro Solutions)
Ext2Fsd 0.53 (HKLM\...\Ext2Fsd_is1) (Version: 0.53 - Matt Wu)
FancyElements (HKLM-x32\...\FancyElements_is1) (Version: - )
Fast Duplicate File Finder 4.1.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 4.1.0.1 - MindGems, Inc.)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
FileZilla Client 3.27.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.1 - Tim Kosse)
Focus Magic 4.02 (HKLM-x32\...\Focus Magic_is1) (Version: 4.02 - Acclaim Software Ltd)
FUTURA CE-250 Software (HKLM-x32\...\{4C31E401-C8D5-4133-8B29-DE5D6B8B9DB0}) (Version: 3.0.0.4 - Default Company Name) Hidden
FUTURA CE-250 Software (HKLM-x32\...\{A8C74A7C-F2F4-4F6C-90AA-6C351570419F}) (Version: 3.0.0.4 - )
GDR 5538 for SQL Server 2008 (KB3045305) (64-bit) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
Golden Records Vinyl to CD Converter (HKLM-x32\...\Golden) (Version: - NCH Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gramblr (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\Gramblr) (Version: 1.0.0 - Gramblr)
HFSExplorer 0.22.1 (HKLM-x32\...\HFSExplorer) (Version: 0.22.1 - Catacombae Software)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HydraVision (HKLM-x32\...\{91F7C67B-C1A2-F1DB-C286-7F56A07C6B49}) (Version: 4.2.212.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{699E6891-25C3-443A-9B8E-80C74F0172C8}) (Version: 2.1.03413 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{FA9F8623-B4C9-452D-A989-CC3AC01A4E27}) (Version: 1.1.5 - Intel Corporation)
iWisoft Flash SWF to Video Converter 3.4 (HKLM-x32\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.4.0 -
SWF to Video Converter - convert SWF to AVI, FLV, WMV, MOV)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 14.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.5 - KLCP)
Macrium Reflect Server Plus Edition (HKLM\...\{4D1949C4-BFA8-4CB7-816E-2C78382DE18A}) (Version: 6.1.1023 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Server Plus Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
MediaInfo 18.03 (HKLM\...\MediaInfo) (Version: 18.03 - MediaArea.net)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{F43ADE73-2880-4A95-B995-4FE386ECF667}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Enterprise Edition (HKLM-x32\...\Visual Studio 6.0 Enterprise Edition) (Version: - )
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version: - )
MinerGate (HKLM-x32\...\MinerGate) (Version: 5.19 - Minergate Inc)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 3.69 - NCH Software)
MKVToolNix 17.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 17.0.0 - Moritz Bunkus)
Mozilla Firefox 59.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 59.0.2 (x86 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5 - Notepad++ Team)
Numerology Calculator (HKLM-x32\...\Numerology Calculator_is1) (Version: 3.41 - )
Numerology Calculator Select (HKLM-x32\...\Numerology Calculator Select_is1) (Version: 1.41 - )
Opanda IExif 2.3 (HKLM-x32\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
Opanda PowerExif 1.2 Professional Trial (HKLM-x32\...\Opanda PowerExif Professional Trial_is1) (Version: 1.2 - Opanda Studio)
OpenVPN 2.3.2-I003 (HKLM-x32\...\OpenVPN) (Version: 2.3.2-I003 - )
Opera Stable 52.0.2871.40 (HKLM-x32\...\Opera 52.0.2871.40) (Version: 52.0.2871.40 - Opera Software)
OpticFilm 120 (HKLM-x32\...\{AD13719F-9FE1-46C2-AB8B-716B5F256BF8}) (Version: 5.0.2 - )
OpticFilm 8200i (HKLM-x32\...\{086AA359-A8F0-46BB-B66D-21AE29420B81}) (Version: 5.0.0 - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}) (Version: 1.00.0145 - ALFA NETWORK INC.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Registry Backup and Restore (HKLM\...\Registry Backup and Restore_is1) (Version: - Acelogix)
Registry Life version 3.49 (HKLM-x32\...\Registry Life_is1) (Version: 3.49 - ChemTable Software)
RentMaster (HKLM-x32\...\RentMaster) (Version: 11.2.0 - )
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Screencast-O-Matic (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\Screencast-O-Matic) (Version: - Screencast-O-Matic)
Screenshot Captor 4.12.0 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - )
SendBlaster 2 (HKLM-x32\...\{CF950023-9C75-4843-8B68-FD8A5D641B4B}) (Version: 002.000.13800 - eDisplay srl)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SilverFast 8.5.0r7 (64bit) (HKLM-x32\...\SilverFast 8 x64) (Version: 8.5.0r7 - LaserSoft Imaging AG)
SnailDriver version 1.0.0.4 (HKLM-x32\...\{3189DA22-4E71-4794-9F3D-39A3DE0062DE}_is1) (Version: 1.0.0.4 - SnailSuite)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 6.0.0.0 - Stellar Information Systems Ltd)
Sublime Text Build 3047 (HKLM-x32\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.65 - NCH Software)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Tenda Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.22 - Tenda)
TURBOFloorPlan3D Home & Landscape PRO (HKLM-x32\...\InstallShield_{7D8BAF74-7F27-4DAD-AB9D-9C9B417009AE}) (Version: 14.1 - IMSIDesign)
Tweaking.com - Hardware Identify (HKLM-x32\...\Tweaking.com - Hardware Identify) (Version: 2.1.1 - Tweaking.com)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Tweaking.com - Technicians Toolbox (HKLM-x32\...\Tweaking.com - Technicians Toolbox) (Version: 1.2.0 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.16 - Tweaking.com)
TweetAdder4 (HKLM-x32\...\{911174C5-85BF-4972-B5E0-4882B32E9396}_is1) (Version: 4.1.140929 - TweetAdder.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USB Disk Storage Format Tool 5.0 (HKLM\...\USB Disk Storage Format Tool_is1) (Version: - Authorsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VisualLightBox (HKLM-x32\...\VisualLightBox_is1) (Version: - )
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.13 - VSO Software)
VyprVPN (HKLM-x32\...\{DD0BD1BF-A3F7-49A1-841C-EB21206441E6}) (Version: 2.3.2.2273 - Golden Frog, Inc.) Hidden
VyprVPN (HKLM-x32\...\VyprVPN) (Version: 2.3.2.2273 - Golden Frog, Inc.)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.96 - NCH Software)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WhySoSlow 1.00 (HKLM\...\WhySoSlowHome_is1) (Version: - Resplendence Software Projects Sp.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WindowsUpdateFixer version 2.1.2 (HKLM-x32\...\{D3D13DC2-4E58-4359-9F36-55334748A38B}_is1) (Version: 2.1.2 - Zerobyte Developments)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinSCP 5.9.6 (HKLM-x32\...\winscp3_is1) (Version: 5.9.6 - Martin Prikryl)
WOW Slider (HKLM-x32\...\WOW Slider_is1) (Version: - )
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.19-0 - Bitnami)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-404867302-3797044342-2971219209-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-10] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-15] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-10] (AVAST Software)
ContextMenuHandlers1-x32: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files (x86)\Bulk Rename Utility\BRUhere.dll [2014-06-24] (Bulk Rename Utility)
ContextMenuHandlers1-x32-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.)
ContextMenuHandlers1-x32-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1-x32-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers1-x32-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-10-23] (Power Software Ltd)
ContextMenuHandlers1-x32-x32: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers1-x32-x32: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2013-03-16] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers2-x32: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files (x86)\Bulk Rename Utility\BRUhere.dll [2014-06-24] (Bulk Rename Utility)
ContextMenuHandlers2-x32-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.)
ContextMenuHandlers2-x32-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2-x32-x32: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2-x32-x32: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2013-03-16] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-10] (AVAST Software)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4-x32: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files (x86)\Bulk Rename Utility\BRUhere.dll [2014-06-24] (Bulk Rename Utility)
ContextMenuHandlers4-x32-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.)
ContextMenuHandlers4-x32-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4-x32-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers4-x32-x32: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers4-x32-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-10-23] (Power Software Ltd)
ContextMenuHandlers4-x32-x32: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4-x32-x32: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2013-03-16] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-10-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-10] (AVAST Software)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-10-23] (Power Software Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0169E1B7-B536-48FA-A750-B58928F20B33} - System32\Tasks\{8901AA4F-2288-4ACF-9472-878EB7698C53} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.1.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {0A911744-2B21-45A0-AC97-F7242D2177C2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-05] (AVAST Software)
Task: {1902E132-FBC3-4649-803A-B3BC8827AB82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {1D7703DC-894A-4F73-B6D5-390744B10505} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {1F4FBC09-91EC-4421-AFB0-5B4A80013A32} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {2DC79F64-4407-4283-AA4D-1292C88AF4F2} - System32\Tasks\HP AR Program Upload - e1a0300e7546429686aa7d5c9e0ea8177a0a873dbe314bbb8bc557fe6c28f58d => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {305F5AF0-9A75-41A3-BDA3-E15CBD8CC81E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {39D9EF9C-1E0F-40EB-A245-21B5FCEA3C5B} - System32\Tasks\SafeZone scheduled Autoupdate 1447090507 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {3C2A057A-E250-4465-8253-88438CFA10F2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {44C3EFD2-0B52-4D15-ADE3-3A5DC85B35B8} - System32\Tasks\{E55B9ED2-94A1-4B39-9585-D903BC8650A1} => C:\Windows\system32\pcalua.exe -a C:\Users\\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {4B39A3E9-CE9C-41F3-80F4-4FF4C87C0F9B} - System32\Tasks\AdobeAAMUpdater-1.0--PC- => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {52F7D3E4-D330-409B-9AF9-D737A2969E9B} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6823C9CA-E4B9-4D10-8CB2-D2D62C940717} - System32\Tasks\Driver Booster SkipUAC () => C:\Program Files (x86)\IObit\Driver Booster\5.3.0\DriverBooster.exe [2018-03-22] (IObit)
Task: {702AB401-9445-4302-A744-D941A168ACC9} - System32\Tasks\SnailDriverSkipUSC => C:\Program Files (x86)\SnailSuite\SnailDriver\SnailLaunch.exe [2017-03-14] (SnailDrivers)
Task: {775245B9-E4E8-4CC1-A7A6-B5E4DEA4786F} - System32\Tasks\Opera scheduled Autoupdate 1469117722 => C:\Program Files (x86)\Opera\launcher.exe [2018-03-28] (Opera Software)
Task: {7D091B18-36B8-48C9-83FB-70B265EA201E} - System32\Tasks\HP AR Program Upload - 2b96ef6ba8c74a0594e4f206f6677225c10cf07cd91845e98f608a5ba2578cd7 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {8A78B367-9A9A-4254-A863-EF79BEBA25A0} - System32\Tasks\SnailDriverSkipUAC => C:\Program Files (x86)\SnailSuite\SnailDriver\SnailDriver.exe [2016-09-17] (TODO: <公司名>)
Task: {90A8B4A8-0405-4078-81AB-12A84C10B0A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {90BF968C-CFE1-45B6-B52A-22EA4D8595F4} - System32\Tasks\HP AR Program Upload - 67d6c50ffc9a43a5827c0a40a53c5a1705d9483298c9431aa1172cbd71400a1e => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {A2F6D597-75CA-4EA1-A4CB-C66A4EA0736B} - System32\Tasks\{B84DD121-1A93-4031-9700-C7ECBD228184} => C:\Windows\system32\pcalua.exe -a G:\ubuntu\uninstall-wubi.exe -d G:\ubuntu
Task: {A46E549E-368A-4900-BCD3-EA57EC53565A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab23f71b0d2a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A7DEAD99-7A6B-46F5-A6CB-B54DD38F1E56} - System32\Tasks\{9EBA67BE-2107-430C-B5D5-5B6EA9059BBE} => C:\Windows\system32\pcalua.exe -a C:\Users\\Downloads\AcroRdrDC1801120035_en_US.exe -d C:\Users\\Downloads
Task: {AFB3203A-7E38-4DDC-9D0A-7894B447E73C} - System32\Tasks\HP AR Program Upload - 1f0758f101f44b4f8cc64a7828fdf6aaf8eaff33dc114a2b8c6e284075e9a23f => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {B1928329-24BE-4B3B-9D42-5363686452E9} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.3.0\Scheduler.exe [2018-01-26] (IObit)
Task: {B26E3F61-F187-433D-8F72-D696B03F0606} - System32\Tasks\cFos\Registration Tasks\Open Browser => c:\program files\internet explorer\iexplore.exe "hxxp://www.cfos.de/en/cfosspeed/expiration.htm?sw-10.10.2238&days=-72&ret=11&raw=13&exp=103"
Task: {B2A7FC49-A089-4B2F-84BC-CA569F5256A7} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {B929173F-1C51-4420-9911-B8914C7F8825} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {BF216B62-EA7F-4AB1-9870-6F07EDAD0C7B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {C08A95AD-7CF4-4F3A-8886-8B46C662F775} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-02-19] ()
Task: {D83FA1DB-6DFB-47F1-963C-6D01C3F1ABEF} - System32\Tasks\{F30508C4-188E-4C34-80DD-53D9F934F86B} => C:\Windows\system32\pcalua.exe -a C:\Users\\Downloads\AdobeAIRInstaller(1).exe -d C:\Users\\Downloads
Task: {DB9FCA76-61A5-4563-A92D-D7701A6AF0A9} - System32\Tasks\{482BA325-2BFA-4F56-84F0-B029EDAC71D4} => C:\Windows\system32\pcalua.exe -a C:\Users\\AppData\Local\Temp\jre-9.0.4_windows-x86_bin-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau <==== ATTENTION
Task: {E0DD9FAB-8301-423A-A55F-280B023A3271} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-10] (AVAST Software)
Task: {F1334C95-C71D-4998-8D0E-1F45738519BD} - System32\Tasks\HP AR Program Upload - dfcb88f1f61d4f16bf90de32685894773c8ba217ebc74ddd85dc35ba23ed5138 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {FCDF305F-D6DE-456C-9C48-534705014B36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
==================== Loaded Modules (Whitelisted) ==============
2017-08-14 12:08 - 2017-08-14 12:08 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-08-15 17:20 - 2017-08-15 17:20 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-04-10 17:46 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-10 17:46 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-10 14:01 - 2018-04-10 14:01 - 000728792 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-04-10 14:02 - 2018-04-10 14:02 - 000920280 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-04-10 14:02 - 2018-04-10 14:02 - 000348888 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2011-04-11 20:20 - 2011-04-11 20:20 - 000098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-11 20:20 - 2011-04-11 20:20 - 000028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2018-03-23 15:25 - 2018-03-20 02:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-23 15:25 - 2018-03-20 02:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-04-10 14:01 - 2018-04-10 14:01 - 000349912 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-10 14:01 - 2018-04-10 14:01 - 000295640 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-10 14:01 - 2018-04-10 14:01 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-10 14:01 - 2018-04-10 14:01 - 000763608 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-04-10 14:02 - 2018-04-10 14:02 - 000911064 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-04-10 14:01 - 2018-04-10 14:01 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-04-10 14:01 - 2018-04-10 14:01 - 000969944 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-04-10 14:01 - 2018-04-10 14:01 - 000501464 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-04-14 10:41 - 2018-04-14 10:41 - 005817488 _____ () C:\Program Files\AVAST Software\Avast\defs\18041402\algo.dll
2017-12-23 13:20 - 2009-12-09 22:20 - 000126976 _____ () C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\EnumDevLib.dll
2017-12-23 13:17 - 2014-09-16 05:33 - 001203856 _____ () C:\Program Files (x86)\Tenda\Common\RaWLAPI.dll
2018-03-12 17:03 - 2018-03-12 17:04 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-10 14:01 - 2018-04-10 14:01 - 000281816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP
5FBE8F9 [180]
AlternateDataStreams: C:\Users\\Local Settings
K6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\\Local Settings:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
AlternateDataStreams: C:\Users\\AppData\Local
K6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\\AppData\Local:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
AlternateDataStreams: C:\Users\\AppData\Local\Application Data
K6ap3JWZyZX1kkco [2422]
AlternateDataStreams: C:\Users\\AppData\Local\Application Data:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2017-09-07 12:16 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-404867302-3797044342-2971219209-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: EaseUS Agent => 2
MSCONFIG\Services: Guard Agent => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: ReflectService.exe => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: VyprVPN => 2
MSCONFIG\startupfolder: C:^Users^^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - .lnk => C:\Windows\pss\Monitor Ink Alerts - .lnk.Startup
MSCONFIG\startupfolder: C:^Users^^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk.Startup
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{115E8F0F-43C6-4DA4-B830-0ABA79F8B560}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{21290C41-2E04-4955-AC6A-2751C96F1847}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{6DF16E84-A4A6-4AC0-A329-1B3A128CF85A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{8138A302-D7D7-4E0B-A0B6-FF3FEF2920FC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{FA15F932-BE8B-4FB4-9FB5-DC3D2D5DC6D0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{3DD25F65-25C5-46C1-A820-ECA5CA44BD89}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8A808620-9E73-4B8B-A9BE-F448FB0D138F}] => (Allow) C:\Users\\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{65DE4148-0241-426E-9859-42C17AF6F187}] => (Allow) C:\Users\\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{53A5891F-BADA-4C76-8764-F252FDB16757}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{D1317D35-F944-4DA6-996B-3EE3475152B5}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{8CB18299-169F-4FB0-8A70-C72DA35C0DA4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{4DEA1A3D-B180-4710-89C2-C4EAACAA2724}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{8ADB274D-4683-4F32-8E04-8FB64C458D40}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [TCP Query User{C16FBD02-A15A-42E1-AD7D-46997BB5A44A}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe] => (Block) C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe
FirewallRules: [UDP Query User{7704C02C-071A-4768-A663-3C89233091D1}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe] => (Block) C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe
FirewallRules: [TCP Query User{EB8831FF-2188-42B1-B92C-832DD4E16393}C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe] => (Allow) C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe
FirewallRules: [UDP Query User{4988F528-BA77-467F-B0B4-5B3CD2686D08}C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe] => (Allow) C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe
FirewallRules: [{D6DE4DE4-D5D0-4BC2-8D2A-A31B03DF3F1B}] => (Allow) C:\Users\\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{261E5794-84F9-418F-85B6-AE2D9AB6BA8B}] => (Allow) C:\Users\\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{22484AB2-C9BC-440F-ABFF-E06CA5D2423B}C:\program files\java\jre8\bin\javaw.exe] => (Allow) C:\program files\java\jre8\bin\javaw.exe
FirewallRules: [UDP Query User{58909E71-D70E-4CDB-BB75-5A648814F49D}C:\program files\java\jre8\bin\javaw.exe] => (Allow) C:\program files\java\jre8\bin\javaw.exe
FirewallRules: [TCP Query User{5AFE3D52-A6C3-4DD2-998E-D8B24E74F05D}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [UDP Query User{6A1E9C7C-B932-44E3-917D-187CBB48318A}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [{40C6DC7E-A726-4140-AC9A-C5E26AB67F6D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7241522C-562C-4D49-ACB1-58BF97D0E36F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{37EBA0BA-F95E-4FAF-9B74-489172801E9E}C:\program files (x86)\adobe\adobe edge animate cc 2014\edgeanimate.exe] => (Allow) C:\program files (x86)\adobe\adobe edge animate cc 2014\edgeanimate.exe
FirewallRules: [UDP Query User{1F4D1C7A-5224-40CF-821D-93767B3C3005}C:\program files (x86)\adobe\adobe edge animate cc 2014\edgeanimate.exe] => (Allow) C:\program files (x86)\adobe\adobe edge animate cc 2014\edgeanimate.exe
FirewallRules: [TCP Query User{756FCE78-EDC6-4B00-B8FF-BA2EEBB92B72}C:\apache24\bin\httpd.exe] => (Allow) C:\apache24\bin\httpd.exe
FirewallRules: [UDP Query User{FC03FF4C-54E2-4E65-92F9-6990136FCA33}C:\apache24\bin\httpd.exe] => (Allow) C:\apache24\bin\httpd.exe
FirewallRules: [TCP Query User{DAB9999E-3B33-400E-A5B2-B778E1E29ECA}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{028B53CE-694F-4C66-9ECD-4080DD27A418}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{3E76F676-180F-4A64-8B02-21129A1B02CA}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{2034FF09-A526-46BB-81AC-8EF22CFC093C}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{2375A6DC-73EE-423D-8BE9-A8578C3D67F5}C:\xampp\mercurymail\mercury.exe] => (Allow) C:\xampp\mercurymail\mercury.exe
FirewallRules: [UDP Query User{F086BC88-F2FE-4406-B1A7-318231D1DCD1}C:\xampp\mercurymail\mercury.exe] => (Allow) C:\xampp\mercurymail\mercury.exe
FirewallRules: [TCP Query User{49F473C7-DB36-4193-A1F7-2B54915AAF51}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{218FA041-EB27-4898-8A46-C9ACF6C92924}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [TCP Query User{F9685CF4-EBF6-47DC-BDD9-024780250EB7}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [UDP Query User{090D1B24-AA82-430A-A87F-56F4EFE38459}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [TCP Query User{68A76D3A-921A-457A-BA8B-E41DF9AF8B5B}C:\program files\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\java.exe
FirewallRules: [UDP Query User{29EDE938-B1F0-41C3-BBD5-FA28D03D9509}C:\program files\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\java.exe
FirewallRules: [TCP Query User{63CA0BC6-D664-47B5-8FDC-5CCFEDFCBA04}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe
FirewallRules: [UDP Query User{83E6F3AD-A927-48CC-AB52-43B17FBAFC8C}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe
FirewallRules: [{07BC1627-DB5B-45D6-A9F4-044A510455D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{00DE18F3-2265-4F92-B049-70D9C3B7A152}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06B896B9-426C-4F59-91DF-56E741396D2F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{ED524B22-687B-43EF-A1EF-20A290E77691}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E2795EBA-02B1-4940-A97D-87CE76807448}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{343238D2-9BE3-40AD-B280-BCF3AC251377}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A8A7E604-570C-46F9-A8FC-E817C14FF95A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{8C4DE87B-B669-42C4-A506-4ECBF6E9D4FF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{83BB563F-C988-4427-834B-31F8BD03EF55}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{EFC0357B-5600-4D9F-BA52-177B290A43E5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{3654B41E-AC1A-4A8D-B99F-685AE324891B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{AB6459F1-6006-4019-9E87-45CA86C5B4AD}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [TCP Query User{A4B5C9E4-ABD8-45CA-81CC-9EBF5F7EF302}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{4B746D1D-5C6E-4377-A3A9-D75A1949F676}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [TCP Query User{62ED0B6A-37DA-4AAF-8B4F-54193E0CF2C4}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{1FE56377-7127-432E-B933-DC225C461D3B}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{B36AFA7A-E750-4526-956B-A82104FC30C7}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{2EC4C9BA-040C-4762-A80E-46000356191F}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [{C7F298C1-70CF-479C-89C9-B144546771B7}] => (Allow) C:\Users\\AppData\Local\Temp\7zS1D9E\HPDiagnosticCoreUI.exe
FirewallRules: [{442B2BB5-15A2-4099-BF40-795AC86EEBD2}] => (Allow) C:\Users\\AppData\Local\Temp\7zS1D9E\HPDiagnosticCoreUI.exe
FirewallRules: [{E1DF2183-E2B1-4B7F-9C47-8350EF4FC82B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{454ED93C-8BBA-44CA-BBC0-AF45A8DD69BC}] => (Allow) C:\Users\\Downloads\Tech tool store tools\TechToolStore64.exe
FirewallRules: [{7D86FE7D-A561-4763-B8F9-B2A33B0B64D0}] => (Allow) C:\Users\\Downloads\Tech tool store tools\TechToolStore64.exe
FirewallRules: [{52FC53AF-F179-4382-A4E0-E60D397D0E18}] => (Allow) C:\Users\\Downloads\Tech tool store tools\TechToolStore64.exe
FirewallRules: [{90F0A296-1E91-4711-9567-B42DCCA8562A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D11A4F1B-C507-43B2-A7C2-764B0366C1AE}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [TCP Query User{02D439D2-6A2E-4A22-959B-2FE402DBE1F0}C:\users\\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe] => (Allow) C:\users\\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe
FirewallRules: [UDP Query User{3ED4978A-DEDD-4E7E-BC38-9312CBC5D8ED}C:\users\\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe] => (Allow) C:\users\\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe
FirewallRules: [TCP Query User{E4299DE6-951E-495B-81C9-1B2720D79B27}C:\users\\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe] => (Allow) C:\users\\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe
FirewallRules: [UDP Query User{30DE5082-F81C-4AE0-A51F-B16BA47A308D}C:\users\\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe] => (Allow) C:\users\\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe
FirewallRules: [{BA7BB4B1-6369-40DB-8961-38F8E06ABF22}] => (Allow) C:\Program Files (x86)\Tenda\Common\RaUI.exe
FirewallRules: [{E916B498-1FB9-4FDB-92C1-53C47CB5533A}] => (Allow) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
FirewallRules: [{7891498E-FA20-4E01-A828-1524D50679F7}] => (Allow) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
FirewallRules: [{6E58E825-69EF-4665-A88E-5B2A2C85539F}] => (Allow) LPort=1542
FirewallRules: [{74C6FA26-D5BA-46B4-9B79-3F91ABFF2F98}] => (Allow) LPort=1542
FirewallRules: [{4D1570CE-6D39-4866-A11E-E896840A4EEE}] => (Allow) LPort=53
FirewallRules: [TCP Query User{617C19F9-DF28-4BBD-8FE5-BC09FFCD0150}C:\program files\java\jdk-9.0.4\bin\jmc.exe] => (Allow) C:\program files\java\jdk-9.0.4\bin\jmc.exe
FirewallRules: [UDP Query User{4F6E41B8-226A-4D0D-9114-58540092F848}C:\program files\java\jdk-9.0.4\bin\jmc.exe] => (Allow) C:\program files\java\jdk-9.0.4\bin\jmc.exe
FirewallRules: [{974025B6-3675-43FC-9A98-56C58C90A15D}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.55\opera.exe
FirewallRules: [{0A2E399E-E983-44C7-BE71-44F3FCCC06A8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D7573C8C-2027-4C72-86D6-A31EC0898A27}] => (Allow) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
==================== Restore Points =========================
30-03-2018 19:38:19 Windows Update
03-04-2018 11:05:23 Windows Update
06-04-2018 12:45:07 Windows Update
10-04-2018 14:28:35 Windows Update
10-04-2018 15:26:35 Windows Update
12-04-2018 14:50:35 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/10/2018 05:44:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.634, time stamp: 0x5a7e0996
Faulting module name: ntdll.dll, version: 6.1.7601.24059, time stamp: 0x5aa1fa91
Exception code: 0xc0000005
Fault offset: 0x0000000000032964
Faulting process id: 0xcc4
Faulting application start time: 0x01d3d0f575a0fb9c
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 6745ef93-3d08-11e8-8f27-2c4138a9b7f0
Error: (04/06/2018 12:04:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The process cannot access the file because it is being used by another process.
Error: (04/06/2018 12:04:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.
DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\\AppData\Local\Microsoft\Windows\\UsrClass.dat
Error: (03/20/2018 06:34:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl42e40da2.
System Error:
The system cannot find the file specified.
.
Error: (03/20/2018 06:26:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl42e40da2.
System Error:
The system cannot find the file specified.
.
Error: (03/20/2018 06:06:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl42e40da2.
System Error:
The system cannot find the file specified.
.
Error: (03/17/2018 09:21:55 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: -PC)
Description: Application or service 'Intel(R) Driver & Support Assistant' could not be restarted.
Error: (03/17/2018 09:21:34 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: -PC)
Description: Application or service 'Intel(R) Driver & Support Assistant' could not be shut down.
System errors:
=============
Error: (04/14/2018 10:42:36 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (04/14/2018 10:37:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (04/14/2018 10:37:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd
Error: (04/14/2018 10:28:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (04/14/2018 10:27:11 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd
Error: (04/13/2018 10:57:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (04/13/2018 10:56:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd
Error: (04/12/2018 03:02:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Windows Defender:
===================================
Date: 2016-05-10 13:39:29.816
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
SoftwareBundler:Win32/Stallmonitz threat description - Windows Defender Security Intelligence
Name:SoftwareBundler:Win32/Stallmonitz
ID:225956
Severity:High
Category:Software Bundler
Path Found:containerfile:C:\Users\\Desktop\BlueStacks-SplitInstaller_native.exe;file:C:\Users\\Desktop\BlueStacks-SplitInstaller_native.exe->(nsis-instdata)
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:c:\program files\windows defender\MpCmdRun.exe
Date: 2015-05-14 02:55:17.260
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
SoftwareBundler:Win32/WinOptimizer threat description - Windows Defender Security Intelligence
Name:SoftwareBundler:Win32/WinOptimizer
ID:206677
Severity:High
Category:Software Bundler
Path Found:containerfile:C:\ProgramData\Optimizer\program\newver_10_1.7.0.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_25_1.7.1.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_37_1.7.3.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_38_1.6.9.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_54_1.7.2.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_83_1.7.3.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_95_1.7.2.0.exe;file:C:\Program Files (x86)\Software Update Services\software-update-services.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A1\config\load_config.ini;file:C:\Program Files (x86)\YouTube Downloader Services\A1\load_config.ini;file:C:\Program Files (x86)\YouTube Downloader Services\A1\vmnet.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A1\winphp.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A1\youtubeserv.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A2\config\load_config.ini;file:
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:c:\program files\windows defender\MpCmdRun.exe
Date: 2015-02-13 12:56:09.110
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
SoftwareBundler:Win32/WinOptimizer threat description - Windows Defender Security Intelligence
Name:SoftwareBundler:Win32/WinOptimizer
ID:206677
Severity:High
Category:Software Bundler
Path Found:file:C:\Program Files (x86)\YouTube Downloader Services\A2\youtubeserv.exe;process
id:2072,ProcessStart:130683102609928583;service:YouTubeDownload_A2
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe
Date: 2015-02-13 12:45:18.333
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
SoftwareBundler:Win32/WinOptimizer threat description - Windows Defender Security Intelligence
Name:SoftwareBundler:Win32/WinOptimizer
ID:206677
Severity:High
Category:Software Bundler
Path Found:file:C:\Program Files (x86)\YouTube Downloader Services\A2\youtubeserv.exe;process
id:2072,ProcessStart:130683102609928583
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe
Date: 2014-11-29 22:00:49.112
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
SoftwareBundler:Win32/WinOptimizer threat description - Windows Defender Security Intelligence
Name:SoftwareBundler:Win32/WinOptimizer
ID:206677
Severity:High
Category:Software Bundler
Path Found:file:C:\Program Files (x86)\YouTube Downloader Services\P2\vmnet.exe;process
id:6068
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
Date: 2016-08-06 12:31:33.975
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:1.1.12902.0
Error code:0x8050a003
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2016-08-01 13:30:57.462
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80096010
Error description:The digital signature of the object did not verify.
Signature version:1.225.2702.0
Engine version:1.1.12902.0
Date: 2016-07-19 10:23:40.259
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:1.1.12902.0
Error code:0x8050a003
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2016-06-26 10:42:27.755
Description:
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3
Date: 2016-05-15 16:17:59.424
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x800700c1
Error description:Windows Defender is not a valid Win32 application.
Signature version:1.219.1406.0
Engine version:1.1.12706.0
CodeIntegrity:
===================================
Date: 2016-08-27 13:29:06.372
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-27 11:58:09.638
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-27 11:54:47.297
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-27 11:54:47.204
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-27 11:54:29.778
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-27 11:54:29.607
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-27 11:42:13.553
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-27 11:37:20.645
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 83%
Total physical RAM: 4076.83 MB
Available physical RAM: 664.02 MB
Total Virtual: 8151.83 MB
Available Virtual: 3535.71 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:638.45 GB) (Free:37.73 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Backup) (Fixed) (Total:146.48 GB) (Free:93.49 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Linux) (Fixed) (Total:73.24 GB) (Free:73.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 000108B6)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=638.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=73.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=219.7 GB) - (Type=0F Extended)
==================== End of Addition.txt ============================