Page 4 of 4 First 1234
  1. #61
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,993

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    I see you have Office 2007 Enterprise installed. Since you are a home use,r this normally isn't a valid configuration. The enterprise version was only available to Microsoft Volume Customers. Can you explain?


    • Ad Bot

      advertising
      Beep.

        
       

  2. #62

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    This PC (Windows 7 Ultimate) was configured with built in software. I don't remember if I had to install any myself via CDs, etc. especially with Office but I think it came with the PC.

  3. #63
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,993

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    Let's verify. Please do the following.

    1. Download and save MGADiag from here.
    2. Navigate to the directory where you saved the file.
    3. Right-click on MGADiag.exe, select Run as administrator, and accept any User Account Control prompts.
    4. Click Continue.
    5. Click Copy.
    Paste the copied information in your next reply.

  4. #64
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,993

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    Also, select the Office tab and click Copy and paste those results as well. Thanks.

  5. #65

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    Diagnostic Report (1.9.0019.0):
    -----------------------------------------
    WGA Data-->
    Validation Status: Genuine
    Validation Code: 0


    Cached Validation Code: 0x0
    Windows Product Key: *****-*****-V9488-FGM44-2C9T3
    Windows Product Key Hash: rmk1OjF0iZq7gQoRmEcpnJHr0oc=
    Windows Product ID: 00426-OEM-8992662-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {1191B6D0-FDC0-4852-8F3A-DD55B63DE75D}(3)
    Is Admin: Yes
    TestCab: 0x0
    WGA Version: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_ldr_escrow.180330-1600
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A


    WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002


    WGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002


    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002


    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005


    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed


    File Scan Data-->


    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{3F4245FF-6370-4F18-B35B-DE4C3F510C69}</UGUID><Version>1.9.0019.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-2C9T3</PKey><PID>00426-OEM-8992662-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-404867302-3797044342-2971219209</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>s5-1260</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>7.16</Version><SMBIOSVersion major="2" minor="6"/><Date>20120323000000.000000+000</Date></BIOS><HWID>B8C03907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>900A69EF54B6D86</Val><Hash>CAwivVv8J/4/ooiU5ft7cR3fnOw=</Hash><Pid>89388-707-8518193-65477</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>


    Spsys.log Content: 0x80070002


    Licensing Data-->
    Software licensing service version: 6.1.7601.17514


    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00178-926-600010-02-1033-7600.0000-0012014
    Installation ID: 015113855174186024886382303663813160540076528966254484
    Processor Certificate URL: SpcService Web Service
    Machine Certificate URL: RacService Web Service
    Use License URL: UseLicenseService Web Service
    Product Key Certificate URL: PkcService Web Service
    Partial Product Key: 2C9T3
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 4/16/2018 12:01:48 PM


    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: PASS
    Event Time Stamp: 4:3:2018 20:10
    WAT Activex: Registered
    WAT Admin Service: Registered


    HWID Data-->
    HWID Hash Current: MgAAAAEAAQABAAEAAAADAAAAAwABAAEA6GE0/4BIfmBGv1QMYj1iWK+n6oJIfZLWLnM=


    OEM Activation 1.0 Data-->
    N/A


    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC HPQOEM SLIC-CPC
    FACP HPQOEM SLIC-CPC
    DBGP HPQOEM SLIC-CPC
    HPET HPQOEM SLIC-CPC
    MCFG HPQOEM SLIC-CPC
    SSDT HPQOEM SLIC-CPC
    SLIC HPQOEM SLIC-CPC

  6. #66
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,993

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    Can you remove your Avast antivirus while we work on this?

  7. #67

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    I would rather disable it instead. If that's OK?

  8. #68
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,993

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    To continue troubleshooting it's important to completely uninstall it. Disabling it sometimes isn't good enough.

  9. #69

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    OK. Just post your next instructions and I'll uninstall Avast.

  10. #70
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,993

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    Please do the following again after Avast is uninstalled.

    Step#1 - FRST Scan
    1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
    2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
    3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
    4. Press Scan button.
    5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
    6. Please copy and paste log back here.
    7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

  11. #71

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2018
    Ran by (administrator) on -PC (21-04-2018 12:42:38)
    Running from C:\Users\\Desktop
    Loaded Profiles: (Available Profiles: )
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
    (Mediatek Inc.) C:\Program Files (x86)\Tenda\Common\RaRegistry.exe
    (Mediatek Inc.) C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    (Realtek) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Tenda Inc.) C:\Program Files (x86)\Tenda\Common\RaUI.exe
    (Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


    ==================== Registry (Whitelisted) ===========================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-08-12] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-24] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel)
    HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\Run: [SnailDriver] => C:\Program Files (x86)\SnailSuite\SnailDriver 2 Lite\SnailLaunch.exe************************************************************************************************************************************ (the data entry has 59 more characters).
    HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\MountPoints2: D - D:\setup.exe
    HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\MountPoints2: {7a10655e-39ff-11e4-8394-2c4138a9b7f0} - E:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-02-24]
    ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Tenda Wireless Utility.lnk [2018-04-21]
    ShortcutTarget: Tenda Wireless Utility.lnk -> C:\Program Files (x86)\Tenda\Common\RaUI.exe (Tenda Inc.)


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
    Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
    Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
    Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{02FD14B9-3C65-4E96-8DE4-9F354F8093EF}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{FB95A44C-09DA-444F-9634-F38025F66432}: [DhcpNameServer] 192.168.1.1


    Internet Explorer:
    ==================
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKU\S-1-5-21-404867302-3797044342-2971219209-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1504722108279
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)


    FireFox:
    ========
    FF ProfilePath: C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\opxb820a.default-1452453708882 [2018-04-21]
    FF Homepage: Mozilla\Firefox\Profiles\opxb820a.default-1452453708882 -> google.com
    FF Session Restore: Mozilla\Firefox\Profiles\opxb820a.default-1452453708882 -> is enabled.
    FF Extension: (Domain Auction Metrics by DomCop) - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\opxb820a.default-1452453708882\Extensions\jid1-7h45UcD7uAqGwQ@jetpack.xpi [2016-12-02]
    FF Extension: (MozBar) - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\opxb820a.default-1452453708882\Extensions\toolbar@seomoz.org.xpi [2016-03-12] [Legacy]
    FF Extension: (NoDoFollow) - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\opxb820a.default-1452453708882\Extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}.xpi [2016-04-27] [Legacy]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]


    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://espanol.yahoo.com/
    CHR StartupUrls: Default -> "hxxp://espanol.yahoo.com/"
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\\AppData\Local\Google\Chrome\User Data\Default [2018-04-21]
    CHR Extension: (Google Translate) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-04-10]
    CHR Extension: (Google Drive) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
    CHR Extension: (Session Manager) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-09-09]
    CHR Extension: (YouTube) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
    CHR Extension: (AdBlock) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-04-20]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
    CHR Extension: (Peek-a-tab, Tabs Manager for Google Chrome™) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnpdamdaknpnohmlbnmgphiodghbohop [2018-03-16]
    CHR Extension: (Gmail) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
    CHR Extension: (Chrome Media Router) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25]


    ==================== Services (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel)
    S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [68168 2013-03-16] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    S4 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-03-16] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
    R2 MediatekRegistryWriter; C:\Program Files (x86)\Tenda\Common\RaRegistry.exe [401040 2014-07-31] (Mediatek Inc.)
    R2 MediatekRegistryWriter64; C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe [454288 2014-07-31] (Mediatek Inc.)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
    R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
    R2 Realtek87B; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
    S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-08-12] (Realtek Semiconductor)
    S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
    S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    S3 Visual Studio Analyzer RPC bridge; C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
    S4 VyprVPN; C:\Program Files (x86)\VyprVPN\VyprVPNService.exe [90544 2014-03-27] (Golden Frog, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S4 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]


    ===================== Drivers (Whitelisted) ======================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [23240 2016-04-29] (Advanced Micro Devices, Inc.)
    R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
    R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [90560 2017-12-30] (Alcorlink Corp.)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
    R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [58952 2013-03-16] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-03-16] () [File not signed]
    R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-03-16] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-03-16] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R2 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [771224 2014-08-26] (Ext2Fsd Project)
    R3 HCW723x; C:\Windows\System32\DRIVERS\HCW723x.sys [1847680 2012-08-17] (Hauppauge Computer Works, Inc.)
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-04-06] (REALiX(tm))
    R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-21] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-21] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-21] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-21] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-21] (Malwarebytes)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-03-28] (Intel Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2215056 2014-08-14] (MediaTek Inc.)
    R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2502288 2015-12-30] (MediaTek Inc.)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    S3 rspWhySoSlow; C:\Windows\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Resplendence Software Projects Sp.)
    S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
    R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-09] (Synaptics Incorporated)
    S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2015-10-02] (The OpenVPN Project) [File not signed]
    S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [8944 1999-05-05] (Microsoft Corporation) [File not signed]
    S3 cpuz136; \??\C:\Users\\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
    S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2018-04-21 12:42 - 2018-04-21 12:42 - 000000000 ____D C:\Users\\Desktop\FRST-OlderVersion
    2018-04-21 12:40 - 2018-04-21 12:44 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2018-04-21 12:40 - 2018-04-21 12:40 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2018-04-21 12:40 - 2018-04-21 12:40 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2018-04-21 12:40 - 2018-04-21 12:40 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2018-04-21 12:40 - 2018-04-21 12:40 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2018-04-21 10:11 - 2018-04-21 10:11 - 000003654 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
    2018-04-21 09:44 - 2018-04-21 09:44 - 000000000 ____D C:\ProgramData\Chemtable Software
    2018-04-18 22:31 - 2018-04-18 22:31 - 000091916 _____ C:\Users\\Downloads\Statement_201803 (5).pdf
    2018-04-18 22:31 - 2018-04-18 22:31 - 000091916 _____ C:\Users\\Downloads\Statement_201803 (4).pdf
    2018-04-18 22:31 - 2018-04-18 22:31 - 000091916 _____ C:\Users\\Downloads\Statement_201803 (3).pdf
    2018-04-16 11:57 - 2018-04-16 11:57 - 001607032 _____ (Microsoft Corporation) C:\Users\\Desktop\MGADiag.exe
    2018-04-14 16:31 - 2018-04-14 16:31 - 000091916 _____ C:\Users\\Downloads\Statement_201803.pdf
    2018-04-14 16:31 - 2018-04-14 16:31 - 000091916 _____ C:\Users\\Downloads\Statement_201803 (2).pdf
    2018-04-14 16:31 - 2018-04-14 16:31 - 000091916 _____ C:\Users\\Downloads\Statement_201803 (1).pdf
    2018-04-14 15:54 - 2018-04-14 15:54 - 000997634 _____ C:\Users\\Downloads\flyer.pdf
    2018-04-14 12:21 - 2018-04-14 12:28 - 000072859 _____ C:\Users\\Desktop\Addition.txt
    2018-04-14 12:16 - 2018-04-21 12:45 - 000016117 _____ C:\Users\\Desktop\FRST.txt
    2018-04-14 12:12 - 2018-04-21 12:42 - 002404352 _____ (Farbar) C:\Users\\Desktop\FRST64.exe
    2018-04-12 14:56 - 2018-04-12 14:56 - 000000078 _____ C:\Windows\system32\-PC.Windows 7 Ultimate, 64-bit Service Pack 1 (build 7601).txt
    2018-04-12 14:56 - 2018-04-12 14:56 - 000000000 ____D C:\Windows\RegBak
    2018-04-12 14:55 - 2018-04-12 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Backup and Restore
    2018-04-12 14:55 - 2018-04-12 14:55 - 000000000 ____D C:\Program Files\Acelogix
    2018-04-10 17:46 - 2018-04-10 17:46 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2018-04-10 17:46 - 2018-04-10 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-04-10 17:46 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
    2018-04-10 15:25 - 2018-03-30 22:09 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2018-04-10 15:25 - 2018-03-30 22:09 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2018-04-10 15:25 - 2018-03-30 22:09 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2018-04-10 15:25 - 2018-03-30 22:09 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2018-04-10 15:25 - 2018-03-30 22:09 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2018-04-10 15:25 - 2018-03-30 21:45 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2018-04-10 15:25 - 2018-03-30 21:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2018-04-10 15:25 - 2018-03-30 21:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2018-04-10 15:25 - 2018-03-30 21:38 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2018-04-10 15:25 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2018-04-10 15:25 - 2018-03-30 21:12 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2018-04-10 15:25 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2018-04-10 15:25 - 2018-03-30 21:06 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2018-04-10 15:25 - 2018-03-30 21:06 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2018-04-10 15:25 - 2018-03-30 21:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2018-04-10 15:25 - 2018-03-30 21:06 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2018-04-10 15:25 - 2018-03-30 21:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2018-04-10 15:25 - 2018-03-30 21:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2018-04-10 15:25 - 2018-03-30 21:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
    2018-04-10 15:25 - 2018-03-30 20:59 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2018-04-10 15:25 - 2018-03-30 20:58 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2018-04-10 15:25 - 2018-03-30 20:58 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2018-04-10 15:25 - 2018-03-30 20:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2018-04-10 15:25 - 2018-03-30 20:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2018-04-10 15:25 - 2018-03-30 20:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2018-04-10 15:25 - 2018-03-30 20:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2018-04-10 15:25 - 2018-03-30 20:47 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2018-04-10 15:25 - 2018-03-28 03:30 - 003225600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2018-04-10 15:25 - 2018-03-23 14:50 - 000396952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2018-04-10 15:25 - 2018-03-23 13:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2018-04-10 15:25 - 2018-03-22 19:00 - 025742336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2018-04-10 15:25 - 2018-03-22 17:32 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2018-04-10 15:25 - 2018-03-22 17:32 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2018-04-10 15:25 - 2018-03-22 17:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2018-04-10 15:25 - 2018-03-22 17:19 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2018-04-10 15:25 - 2018-03-22 17:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2018-04-10 15:25 - 2018-03-22 17:17 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2018-04-10 15:25 - 2018-03-22 17:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2018-04-10 15:25 - 2018-03-22 17:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2018-04-10 15:25 - 2018-03-22 17:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2018-04-10 15:25 - 2018-03-22 17:15 - 005780480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2018-04-10 15:25 - 2018-03-22 17:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2018-04-10 15:25 - 2018-03-22 17:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2018-04-10 15:25 - 2018-03-22 17:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2018-04-10 15:25 - 2018-03-22 17:06 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2018-04-10 15:25 - 2018-03-22 17:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2018-04-10 15:25 - 2018-03-22 17:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2018-04-10 15:25 - 2018-03-22 17:05 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2018-04-10 15:25 - 2018-03-22 17:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2018-04-10 15:25 - 2018-03-22 16:58 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2018-04-10 15:25 - 2018-03-22 16:55 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2018-04-10 15:25 - 2018-03-22 16:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2018-04-10 15:25 - 2018-03-22 16:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2018-04-10 15:25 - 2018-03-22 16:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2018-04-10 15:25 - 2018-03-22 16:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2018-04-10 15:25 - 2018-03-22 16:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2018-04-10 15:25 - 2018-03-22 16:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2018-04-10 15:25 - 2018-03-22 16:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2018-04-10 15:25 - 2018-03-22 16:48 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2018-04-10 15:25 - 2018-03-22 16:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2018-04-10 15:25 - 2018-03-22 16:45 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2018-04-10 15:25 - 2018-03-22 16:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2018-04-10 15:25 - 2018-03-22 16:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2018-04-10 15:25 - 2018-03-22 16:44 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2018-04-10 15:25 - 2018-03-22 16:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2018-04-10 15:25 - 2018-03-22 16:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2018-04-10 15:25 - 2018-03-22 16:42 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2018-04-10 15:25 - 2018-03-22 16:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2018-04-10 15:25 - 2018-03-22 16:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2018-04-10 15:25 - 2018-03-22 16:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2018-04-10 15:25 - 2018-03-22 16:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2018-04-10 15:25 - 2018-03-22 16:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2018-04-10 15:25 - 2018-03-22 16:29 - 015282688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2018-04-10 15:25 - 2018-03-22 16:29 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2018-04-10 15:25 - 2018-03-22 16:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2018-04-10 15:25 - 2018-03-22 16:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2018-04-10 15:25 - 2018-03-22 16:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2018-04-10 15:25 - 2018-03-22 16:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2018-04-10 15:25 - 2018-03-22 16:27 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2018-04-10 15:25 - 2018-03-22 16:27 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2018-04-10 15:25 - 2018-03-22 16:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2018-04-10 15:25 - 2018-03-22 16:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2018-04-10 15:25 - 2018-03-22 16:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2018-04-10 15:25 - 2018-03-22 16:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2018-04-10 15:25 - 2018-03-22 16:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2018-04-10 15:25 - 2018-03-22 16:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2018-04-10 15:25 - 2018-03-22 16:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2018-04-10 15:25 - 2018-03-22 16:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2018-04-10 15:25 - 2018-03-22 16:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2018-04-10 15:25 - 2018-03-22 16:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2018-04-10 15:25 - 2018-03-22 16:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2018-04-10 15:25 - 2018-03-22 16:04 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2018-04-10 15:25 - 2018-03-22 15:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2018-04-10 15:25 - 2018-03-22 15:53 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2018-04-10 15:25 - 2018-03-22 15:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2018-04-10 15:25 - 2018-03-22 15:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2018-04-10 15:25 - 2018-03-10 13:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
    2018-04-10 15:25 - 2018-03-09 14:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2018-04-10 15:25 - 2018-03-09 14:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2018-04-10 15:25 - 2018-03-09 14:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
    2018-04-10 15:25 - 2018-03-09 14:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2018-04-10 15:25 - 2018-03-09 14:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2018-04-10 15:25 - 2018-03-09 14:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2018-04-10 15:25 - 2018-03-09 14:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
    2018-04-10 15:25 - 2018-03-09 14:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2018-04-10 15:25 - 2018-03-09 14:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2018-04-10 15:25 - 2018-03-09 14:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2018-04-10 15:25 - 2018-03-06 14:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
    2018-04-10 15:25 - 2018-03-06 14:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
    2018-04-10 15:25 - 2018-03-06 14:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
    2018-04-10 15:25 - 2018-03-06 14:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
    2018-04-10 15:25 - 2018-03-06 14:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
    2018-04-10 15:25 - 2018-03-06 14:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
    2018-04-10 15:25 - 2018-02-21 23:28 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
    2018-04-10 15:25 - 2018-02-21 23:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
    2018-04-10 15:25 - 2018-02-10 14:35 - 000367296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
    2018-04-10 15:25 - 2018-02-10 14:35 - 000334528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
    2018-04-10 15:25 - 2018-02-10 14:35 - 000185024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
    2018-04-10 15:25 - 2018-02-10 14:35 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
    2018-04-10 15:25 - 2018-02-10 14:35 - 000068288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
    2018-04-10 15:25 - 2018-02-10 14:35 - 000064192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
    2018-04-10 15:25 - 2018-02-10 14:35 - 000063168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
    2018-04-10 15:25 - 2018-02-10 14:35 - 000060608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
    2018-04-10 15:25 - 2018-02-10 14:35 - 000036032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
    2018-04-10 15:25 - 2018-02-10 14:35 - 000031936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
    2018-04-10 15:25 - 2018-02-10 14:35 - 000023744 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
    2018-04-10 15:25 - 2018-02-10 14:35 - 000020160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
    2018-04-10 15:25 - 2018-02-10 14:35 - 000015040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
    2018-04-10 15:25 - 2018-02-10 14:35 - 000012096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
    2018-04-10 15:25 - 2018-02-10 14:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
    2018-04-10 15:25 - 2018-02-10 14:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
    2018-04-10 15:25 - 2018-02-10 14:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\racpldlg.dll
    2018-04-10 15:25 - 2018-02-10 14:11 - 003665920 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2018-04-10 15:25 - 2018-02-10 14:11 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
    2018-04-10 15:25 - 2018-02-10 14:11 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
    2018-04-10 15:25 - 2018-02-10 14:11 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
    2018-04-10 15:25 - 2018-02-10 13:36 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
    2018-04-10 15:25 - 2018-02-10 13:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
    2018-04-10 15:25 - 2018-02-10 13:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
    2018-04-10 15:25 - 2018-02-10 13:26 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
    2018-04-10 15:25 - 2018-02-10 13:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
    2018-04-10 15:25 - 2018-02-10 13:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
    2018-04-10 15:25 - 2018-02-10 13:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
    2018-04-10 15:25 - 2018-02-10 13:25 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
    2018-04-10 15:25 - 2018-02-02 14:40 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2018-04-10 15:25 - 2018-02-02 14:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2018-04-10 15:25 - 2018-02-02 14:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2018-04-10 15:25 - 2018-02-02 14:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2018-04-10 15:25 - 2018-02-02 14:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2018-04-10 15:25 - 2018-02-02 14:16 - 003246080 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2018-04-10 15:25 - 2018-02-02 14:16 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2018-04-10 15:25 - 2018-02-02 14:16 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2018-04-10 15:25 - 2018-02-02 14:14 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2018-04-10 15:25 - 2018-02-02 14:14 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2018-04-10 15:25 - 2018-02-02 13:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2018-04-10 15:25 - 2018-02-02 13:36 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2018-04-10 15:25 - 2018-01-25 10:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2018-04-10 15:25 - 2018-01-25 10:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2018-04-10 15:25 - 2018-01-12 12:40 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2018-04-10 15:25 - 2018-01-12 12:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 20:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2018-04-10 15:24 - 2018-03-30 20:47 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2018-04-10 15:24 - 2018-03-30 20:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 20:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 20:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 20:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2018-04-10 15:24 - 2018-03-30 20:47 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2018-04-10 15:24 - 2018-03-09 14:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2018-04-10 15:24 - 2018-03-09 13:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2018-04-10 15:24 - 2018-01-15 15:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2018-04-10 15:24 - 2018-01-15 15:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2018-04-10 15:01 - 2018-03-14 13:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2018-04-10 15:01 - 2018-03-14 13:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2018-04-10 15:01 - 2018-03-14 09:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2018-04-10 15:01 - 2018-03-14 09:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2018-04-10 15:01 - 2018-03-14 09:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2018-04-10 15:01 - 2018-03-14 09:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2018-04-10 15:01 - 2018-03-14 09:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2018-04-10 15:01 - 2018-03-14 09:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2018-04-10 15:01 - 2018-03-14 09:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2018-04-10 15:01 - 2018-03-14 09:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2018-04-08 14:07 - 2018-04-08 14:07 - 000056674 _____ C:\Users\\Downloads\eqnedt32-zh-hk_637f56d93a3d7968044d754c4c7ddb2bc37ce01b.cab
    2018-04-06 12:05 - 2018-04-06 12:05 - 000000000 ____D C:\Users\Default\AppData\Roaming\IObit
    2018-04-06 12:05 - 2018-04-06 12:05 - 000000000 ____D C:\Users\Default User\AppData\Roaming\IObit
    2018-03-30 19:38 - 2018-02-18 17:34 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2018-04-21 12:42 - 2018-03-21 12:14 - 000000000 ____D C:\FRST
    2018-04-21 12:40 - 2014-01-02 00:18 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2018-04-21 12:39 - 2015-10-20 20:52 - 000000093 _____ C:\HaxLogs.txt
    2018-04-21 12:39 - 2014-01-02 00:10 - 000000000 ____D C:\ProgramData\AVAST Software
    2018-04-21 12:39 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-04-21 10:13 - 2009-07-14 00:45 - 000020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2018-04-21 10:13 - 2009-07-14 00:45 - 000020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2018-04-21 10:11 - 2018-02-11 12:10 - 000002159 _____ C:\Users\\Desktop\Tweaking.com - Windows Repair.lnk
    2018-04-21 10:11 - 2016-05-21 17:08 - 003425059 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
    2018-04-21 10:00 - 2018-02-22 10:56 - 000000000 ____D C:\Users\\AppData\Local\Adobe
    2018-04-21 09:44 - 2018-02-19 10:33 - 000001146 _____ C:\Users\Public\Desktop\Registry Life.lnk
    2018-04-21 09:44 - 2015-08-14 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Life
    2018-04-21 09:44 - 2015-08-14 18:12 - 000000000 ____D C:\Program Files (x86)\Registry Life
    2018-04-21 09:43 - 2016-01-25 19:38 - 000000000 ____D C:\Users\\AppData\Local\niemiro
    2018-04-21 09:40 - 2018-03-17 13:49 - 000003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{20D74601-D866-4B96-B4D0-83F83FBD47F5}
    2018-04-21 09:38 - 2016-06-09 19:29 - 000000000 ____D C:\Users\\Downloads\
    2018-04-18 18:44 - 2014-12-05 15:32 - 000000000 ____D C:\Program Files (x86)\IObit
    2018-04-18 18:43 - 2017-08-29 14:34 - 000000000 ____D C:\ProgramData\ProductData
    2018-04-18 18:43 - 2014-12-05 15:32 - 000000000 ____D C:\Us\AppData\Roaming\IObit
    2018-04-18 18:36 - 2016-01-15 15:12 - 000811318 _____ C:\Windows\system32\perfh00A.dat
    2018-04-18 18:36 - 2016-01-15 15:12 - 000183486 _____ C:\Windows\system32\perfc00A.dat
    2018-04-18 18:36 - 2009-07-14 01:13 - 001863536 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-04-18 18:36 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
    2018-04-18 12:01 - 2017-09-06 10:17 - 000002886 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC ()
    2018-04-16 12:52 - 2017-01-02 00:21 - 000001714 _____ C:\Users\\Desktop\SFCFix.txt
    2018-04-16 12:52 - 2016-01-25 19:42 - 000000000 ____D C:\SFCFix
    2018-04-16 12:03 - 2017-08-18 19:30 - 000000000 ____D C:\MGADiagToolOutput
    2018-04-15 10:42 - 2018-01-24 13:40 - 000003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1469117722
    2018-04-15 10:42 - 2016-07-21 12:14 - 000000000 ____D C:\Program Files (x86)\Opera
    2018-04-14 14:36 - 2018-03-17 09:21 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
    2018-04-10 20:00 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
    2018-04-10 18:54 - 2016-05-17 21:58 - 003750296 _____ C:\Windows\system32\FNTCACHE.DAT
    2018-04-10 18:53 - 2014-01-02 00:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-04-10 18:48 - 2014-12-10 11:55 - 000000000 ____D C:\Windows\system32\appraiser
    2018-04-10 18:48 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\PolicyDefinitions
    2018-04-10 18:43 - 2016-11-18 15:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2018-04-10 18:43 - 2014-01-02 00:28 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2018-04-10 18:42 - 2014-09-05 23:06 - 000001092 _____ C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
    2018-04-10 18:41 - 2015-07-20 19:35 - 000000000 ____D C:\Users\\Documents\My Filehippo Downloads
    2018-04-10 17:28 - 2018-03-13 17:27 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2018-04-10 17:28 - 2018-03-09 12:56 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2018-04-10 17:28 - 2018-03-09 12:56 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2018-04-10 17:28 - 2018-03-09 12:56 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2018-04-10 17:28 - 2014-01-02 11:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2018-04-10 17:28 - 2014-01-02 11:37 - 000000000 ____D C:\Windows\system32\Macromed
    2018-04-10 15:43 - 2014-01-02 00:39 - 000000000 ____D C:\Windows\system32\MRT
    2018-04-10 15:35 - 2017-10-20 11:30 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
    2018-04-10 15:35 - 2014-01-02 00:39 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2018-04-06 12:10 - 2014-12-08 22:57 - 000027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
    2018-04-03 20:29 - 2016-05-12 13:06 - 000000000 _____ C:\Windows\SysWOW64\last.dump
    2018-03-25 11:44 - 2015-10-28 11:16 - 000000000 ____D C:\Users\\AppData\Local\ElevatedDiagnostics
    2018-03-23 15:25 - 2014-01-02 00:20 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk


    ==================== Files in the root of some directories =======


    2017-09-07 12:27 - 2017-09-07 12:58 - 007649280 _____ () C:\Program Files (x86)\GUT4730.tmp
    2014-04-20 11:09 - 2016-04-08 20:25 - 000000132 _____ () C:\Users\\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2015-01-13 14:26 - 2015-01-13 14:26 - 000099384 _____ () C:\Users\\AppData\Roaming\inst.exe
    2015-01-13 14:26 - 2015-01-13 14:26 - 000007859 _____ () C:\Users\\AppData\Roaming\pcouffin.cat
    2015-01-13 14:26 - 2015-01-13 14:26 - 000001167 _____ () C:\Users\\AppData\Roaming\pcouffin.inf
    2015-01-13 14:26 - 2015-01-13 14:26 - 000000055 _____ () C:\Users\\AppData\Roaming\pcouffin.log
    2015-01-13 14:26 - 2015-01-13 14:26 - 000082816 _____ (VSO Software) C:\Users\\AppData\Roaming\pcouffin.sys
    2015-03-05 21:40 - 2015-03-05 21:43 - 000000164 _____ () C:\Users\\AppData\Roaming\PLGComp.ini
    2015-01-08 14:20 - 2015-01-08 19:12 - 000000600 _____ () C:\Users\\AppData\Roaming\winscp.rnd
    2014-01-06 22:06 - 2016-05-09 16:45 - 000001456 _____ () C:\Users\\AppData\Local\Adobe Save for Web 12.0 Prefs
    2014-04-05 18:18 - 2014-04-05 18:18 - 000220543 _____ () C:\Users\\AppData\Local\debuggee.mdmp
    2015-07-20 16:48 - 2015-07-20 16:48 - 000000058 _____ () C:\Users\\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
    2014-09-30 16:29 - 2016-02-13 23:02 - 000000600 _____ () C:\Users\\AppData\Local\PUTTY.RND
    2017-12-27 11:35 - 2017-12-27 11:35 - 000000017 _____ () C:\Users\\AppData\Local\resmon.resmoncfg
    2016-08-12 10:41 - 2016-08-12 10:47 - 000000000 _____ () C:\Users\\AppData\Local\{46640771-B048-4412-BD25-92639EF3890A}
    2016-07-23 10:45 - 2016-07-23 10:45 - 000000000 _____ () C:\Users\\AppData\Local\{8219B69E-E1E9-4066-8B28-390A4A955369}
    2015-01-01 10:27 - 2015-01-01 10:27 - 000000000 _____ () C:\Users\\AppData\Local\{88776969-F896-4B93-A57E-F32DE3EF4D36}
    2016-08-12 10:41 - 2016-08-12 10:47 - 000000000 _____ () C:\Users\\AppData\Local\{B9D9E880-9DEF-4903-A9B5-544C31EA3A2D}


    Some files in TEMP:
    ====================
    2018-04-18 18:40 - 2018-04-18 18:40 - 003437504 _____ (Geek Unіnstaller) C:\Users\\AppData\Local\Temp\geek64.exe


    Some zero byte size files/folders:
    ==========================
    C:\Windows\SysWOW64\vfpodbc.dll


    ==================== Bamital & volsnap ======================


    (There is no automatic fix for files that do not pass verification.)


    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2018-04-18 13:26


    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2018
    Ran by (21-04-2018 12:46:56)
    Running from C:\Users\\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) (2014-01-02 03:40:03)
    Boot Mode: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrator (S-1-5-21-404867302-3797044342-2971219209-500 - Administrator - Disabled)
    ETB User (S-1-5-21-404867302-3797044342-2971219209-1003 - Administrator - Enabled)
    Guest (S-1-5-21-404867302-3797044342-2971219209-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-404867302-3797044342-2971219209-1002 - Limited - Enabled)
    (S-1-5-21-404867302-3797044342-2971219209-1000 - Administrator - Enabled) => C:\Users\
    VUSR_-PC (S-1-5-21-404867302-3797044342-2971219209-1004 - Limited - Enabled)


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    . . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
    . . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
    7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
    802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink)
    A1 Sitemap Generator (HKLM-x32\...\8FA512B2AB9F48E48319F817302934AC_is1) (Version: 2.2.0 - Microsys)
    Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
    Adobe Premiere Pro CS5.5 (HKLM-x32\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
    AdWords Editor (HKLM-x32\...\{64427C94-5A22-4743-8772-B2D9B9FD5283}) (Version: 11.0.3 - Google)
    AMD Catalyst Install Manager (HKLM\...\{D2A53F8D-3924-E600-6023-883B255E3812}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
    Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
    AVI to DVD Converter (HKLM-x32\...\AVI to DVD Converter) (Version: 3.0.26.0314 - Xilisoft)
    Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
    BitTorrent (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\BitTorrent) (Version: 7.9.5.41163 - BitTorrent Inc.)
    BleachBit (HKLM-x32\...\BleachBit) (Version: 2.0 - BleachBit)
    BS1 General Ledger 2014.2 (HKLM-x32\...\BS1 General Ledger 2014.2_is1) (Version: - Davis Software)
    Bulk Image Downloader v4.87.0.0 (HKLM-x32\...\Bulk Image Downloader_is1) (Version: - Antibody Software)
    Bulk Rename Utility 2.7.1.3 (HKLM-x32\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
    CD Recovery Toolbox Free 2.1 (HKLM-x32\...\CD Recovery Toolbox Free_is1) (Version: - Recovery Toolbox, Inc.)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
    CuteFTP 8 Professional (HKLM-x32\...\{91F34319-08DE-457a-99C0-0BCDFAC145B9}) (Version: 8.3.4 - GlobalSCAPE)
    DMG Extractor (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\DMG Extractor) (Version: 1.3.15.0 - Reincubate Ltd)
    DotNetBar for Windows Forms (HKLM-x32\...\{316FC9F6-6343-42AC-BC26-6337C9CD1A8E}) (Version: 10.0.0.3 - DevComponents)
    dpeg Cicada (HKLM-x32\...\dpeg_Cicada) (Version: - )
    EaseUS Data Recovery Wizard 7.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.0_is1) (Version: - EaseUS)
    EaseUS Todo Backup Advanced Server 5.8 (HKLM-x32\...\EaseUS Todo Backup Advanced Server 5.8_is1) (Version: 5.8 - CHENGDU YIWO Tech Development Co., Ltd)
    Easy HTML5 Video (HKLM-x32\...\Easy HTML5 Video_is1) (Version: - )
    EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
    Email Extractor (HKLM-x32\...\{30482B99-CAD6-4370-8A3B-8939BCDC90EC}) (Version: 5.5 - WebPro Solutions) Hidden
    Email Extractor (HKLM-x32\...\Email Extractor) (Version: 5.5 - WebPro Solutions)
    Ext2Fsd 0.53 (HKLM\...\Ext2Fsd_is1) (Version: 0.53 - Matt Wu)
    FancyElements (HKLM-x32\...\FancyElements_is1) (Version: - )
    Fast Duplicate File Finder 4.1.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 4.1.0.1 - MindGems, Inc.)
    FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
    FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
    FileZilla Client 3.27.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.1 - Tim Kosse)
    Focus Magic 4.02 (HKLM-x32\...\Focus Magic_is1) (Version: 4.02 - Acclaim Software Ltd)
    FUTURA CE-250 Software (HKLM-x32\...\{4C31E401-C8D5-4133-8B29-DE5D6B8B9DB0}) (Version: 3.0.0.4 - Default Company Name) Hidden
    FUTURA CE-250 Software (HKLM-x32\...\{A8C74A7C-F2F4-4F6C-90AA-6C351570419F}) (Version: 3.0.0.4 - )
    GDR 5538 for SQL Server 2008 (KB3045305) (64-bit) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
    Golden Records Vinyl to CD Converter (HKLM-x32\...\Golden) (Version: - NCH Software)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    Gramblr (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\Gramblr) (Version: 1.0.0 - Gramblr)
    HFSExplorer 0.22.1 (HKLM-x32\...\HFSExplorer) (Version: 0.22.1 - Catacombae Software)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
    HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
    HydraVision (HKLM-x32\...\{91F7C67B-C1A2-F1DB-C286-7F56A07C6B49}) (Version: 4.2.212.0 - Advanced Micro Devices, Inc.) Hidden
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Intel(R) Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
    Intel(R) Computing Improvement Program (HKLM\...\{699E6891-25C3-443A-9B8E-80C74F0172C8}) (Version: 2.1.03413 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
    Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
    Intel® Hardware Accelerated Execution Manager (HKLM\...\{FA9F8623-B4C9-452D-A989-CC3AC01A4E27}) (Version: 1.1.5 - Intel Corporation)
    iWisoft Flash SWF to Video Converter 3.4 (HKLM-x32\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.4.0 - SWF to Video Converter - convert SWF to AVI, FLV, WMV, MOV)
    JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
    K-Lite Mega Codec Pack 14.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.5 - KLCP)
    Macrium Reflect Server Plus Edition (HKLM\...\{4D1949C4-BFA8-4CB7-816E-2C78382DE18A}) (Version: 6.1.1023 - Paramount Software (UK) Ltd.) Hidden
    Macrium Reflect Server Plus Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
    Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
    MediaInfo 18.03 (HKLM\...\MediaInfo) (Version: 18.03 - MediaArea.net)
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.7.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02558 - Microsoft Corporation)
    Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
    Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{F43ADE73-2880-4A95-B995-4FE386ECF667}) (Version: 10.3.5538.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 6.0 Enterprise Edition (HKLM-x32\...\Visual Studio 6.0 Enterprise Edition) (Version: - )
    Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version: - )
    MinerGate (HKLM-x32\...\MinerGate) (Version: 5.19 - Minergate Inc)
    MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 3.69 - NCH Software)
    MKVToolNix 17.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 17.0.0 - Moritz Bunkus)
    Mozilla Firefox 59.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 59.0.2 (x86 en-US)) (Version: 59.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
    Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5 - Notepad++ Team)
    Numerology Calculator (HKLM-x32\...\Numerology Calculator_is1) (Version: 3.41 - )
    Numerology Calculator Select (HKLM-x32\...\Numerology Calculator Select_is1) (Version: 1.41 - )
    Opanda IExif 2.3 (HKLM-x32\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
    Opanda PowerExif 1.2 Professional Trial (HKLM-x32\...\Opanda PowerExif Professional Trial_is1) (Version: 1.2 - Opanda Studio)
    OpenVPN 2.3.2-I003 (HKLM-x32\...\OpenVPN) (Version: 2.3.2-I003 - )
    Opera Stable 52.0.2871.64 (HKLM-x32\...\Opera 52.0.2871.64) (Version: 52.0.2871.64 - Opera Software)
    OpticFilm 120 (HKLM-x32\...\{AD13719F-9FE1-46C2-AB8B-716B5F256BF8}) (Version: 5.0.2 - )
    OpticFilm 8200i (HKLM-x32\...\{086AA359-A8F0-46BB-B66D-21AE29420B81}) (Version: 5.0.0 - )
    PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
    Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
    PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}) (Version: 1.00.0145 - ALFA NETWORK INC.)
    Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
    Registry Backup and Restore (HKLM\...\Registry Backup and Restore_is1) (Version: - Acelogix)
    Registry Life version 4.01 (HKLM-x32\...\Registry Life_is1) (Version: 4.01 - ChemTable Software)
    RentMaster (HKLM-x32\...\RentMaster) (Version: 11.2.0 - )
    Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
    Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net)
    Screencast-O-Matic (HKU\S-1-5-21-404867302-3797044342-2971219209-1000\...\Screencast-O-Matic) (Version: - Screencast-O-Matic)
    Screenshot Captor 4.12.0 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - )
    SendBlaster 2 (HKLM-x32\...\{CF950023-9C75-4843-8B68-FD8A5D641B4B}) (Version: 002.000.13800 - eDisplay srl)
    Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
    SilverFast 8.5.0r7 (64bit) (HKLM-x32\...\SilverFast 8 x64) (Version: 8.5.0r7 - LaserSoft Imaging AG)
    Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
    Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 6.0.0.0 - Stellar Information Systems Ltd)
    Sublime Text Build 3047 (HKLM-x32\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
    Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.65 - NCH Software)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    Tenda Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.22 - Tenda)
    TURBOFloorPlan3D Home & Landscape PRO (HKLM-x32\...\InstallShield_{7D8BAF74-7F27-4DAD-AB9D-9C9B417009AE}) (Version: 14.1 - IMSIDesign)
    Tweaking.com - Hardware Identify (HKLM-x32\...\Tweaking.com - Hardware Identify) (Version: 2.1.1 - Tweaking.com)
    Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
    Tweaking.com - Technicians Toolbox (HKLM-x32\...\Tweaking.com - Technicians Toolbox) (Version: 1.2.0 - Tweaking.com)
    Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.17 - Tweaking.com)
    TweetAdder4 (HKLM-x32\...\{911174C5-85BF-4972-B5E0-4882B32E9396}_is1) (Version: 4.1.140929 - TweetAdder.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    USB Disk Storage Format Tool 5.0 (HKLM\...\USB Disk Storage Format Tool_is1) (Version: - Authorsoft Corporation)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
    VisualLightBox (HKLM-x32\...\VisualLightBox_is1) (Version: - )
    VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.13 - VSO Software)
    VyprVPN (HKLM-x32\...\{DD0BD1BF-A3F7-49A1-841C-EB21206441E6}) (Version: 2.3.2.2273 - Golden Frog, Inc.) Hidden
    VyprVPN (HKLM-x32\...\VyprVPN) (Version: 2.3.2.2273 - Golden Frog, Inc.)
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.96 - NCH Software)
    WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
    WhySoSlow 1.00 (HKLM\...\WhySoSlowHome_is1) (Version: - Resplendence Software Projects Sp.)
    Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
    WindowsUpdateFixer version 2.1.2 (HKLM-x32\...\{D3D13DC2-4E58-4359-9F36-55334748A38B}_is1) (Version: 2.1.2 - Zerobyte Developments)
    WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
    WinSCP 5.9.6 (HKLM-x32\...\winscp3_is1) (Version: 5.9.6 - Martin Prikryl)
    WOW Slider (HKLM-x32\...\WOW Slider_is1) (Version: - )
    XAMPP (HKLM-x32\...\xampp) (Version: 5.6.19-0 - Bitnami)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    CustomCLSID: HKU\S-1-5-21-404867302-3797044342-2971219209-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
    ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-15] ()
    ContextMenuHandlers1-x32: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files (x86)\Bulk Rename Utility\BRUhere.dll [2014-06-24] (Bulk Rename Utility)
    ContextMenuHandlers1-x32-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.)
    ContextMenuHandlers1-x32-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers1-x32-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
    ContextMenuHandlers1-x32-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-10-23] (Power Software Ltd)
    ContextMenuHandlers1-x32-x32: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
    ContextMenuHandlers1-x32-x32: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2013-03-16] (CHENGDU YIWO Tech Development Co.,Ltd)
    ContextMenuHandlers1-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
    ContextMenuHandlers1-x32-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
    ContextMenuHandlers2-x32: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files (x86)\Bulk Rename Utility\BRUhere.dll [2014-06-24] (Bulk Rename Utility)
    ContextMenuHandlers2-x32-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.)
    ContextMenuHandlers2-x32-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers2-x32-x32: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
    ContextMenuHandlers2-x32-x32: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2013-03-16] (CHENGDU YIWO Tech Development Co.,Ltd)
    ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
    ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
    ContextMenuHandlers4-x32: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files (x86)\Bulk Rename Utility\BRUhere.dll [2014-06-24] (Bulk Rename Utility)
    ContextMenuHandlers4-x32-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.)
    ContextMenuHandlers4-x32-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers4-x32-x32: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
    ContextMenuHandlers4-x32-x32: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
    ContextMenuHandlers4-x32-x32: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-10-23] (Power Software Ltd)
    ContextMenuHandlers4-x32-x32: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
    ContextMenuHandlers4-x32-x32: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2013-03-16] (CHENGDU YIWO Tech Development Co.,Ltd)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-10-24] (Advanced Micro Devices, Inc.)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
    ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
    ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-10-23] (Power Software Ltd)
    ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
    ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)


    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {0169E1B7-B536-48FA-A750-B58928F20B33} - System32\Tasks\{8901AA4F-2288-4ACF-9472-878EB7698C53} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.1.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1618
    Task: {06CCCCA2-8460-41DF-9741-CC05EC9D7822} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
    Task: {1902E132-FBC3-4649-803A-B3BC8827AB82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {1D7703DC-894A-4F73-B6D5-390744B10505} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
    Task: {1F4FBC09-91EC-4421-AFB0-5B4A80013A32} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    Task: {2DC79F64-4407-4283-AA4D-1292C88AF4F2} - System32\Tasks\HP AR Program Upload - e1a0300e7546429686aa7d5c9e0ea8177a0a873dbe314bbb8bc557fe6c28f58d => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {305F5AF0-9A75-41A3-BDA3-E15CBD8CC81E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
    Task: {37BB7224-11F1-48E9-8D3E-D305FBC407E0} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
    Task: {44C3EFD2-0B52-4D15-ADE3-3A5DC85B35B8} - System32\Tasks\{E55B9ED2-94A1-4B39-9585-D903BC8650A1} => C:\Windows\system32\pcalua.exe -a C:\Users\\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
    Task: {4B39A3E9-CE9C-41F3-80F4-4FF4C87C0F9B} - System32\Tasks\AdobeAAMUpdater-1.0--PC- => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
    Task: {52F7D3E4-D330-409B-9AF9-D737A2969E9B} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {7D091B18-36B8-48C9-83FB-70B265EA201E} - System32\Tasks\HP AR Program Upload - 2b96ef6ba8c74a0594e4f206f6677225c10cf07cd91845e98f608a5ba2578cd7 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {90A8B4A8-0405-4078-81AB-12A84C10B0A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
    Task: {90BF968C-CFE1-45B6-B52A-22EA4D8595F4} - System32\Tasks\HP AR Program Upload - 67d6c50ffc9a43a5827c0a40a53c5a1705d9483298c9431aa1172cbd71400a1e => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {A2F6D597-75CA-4EA1-A4CB-C66A4EA0736B} - System32\Tasks\{B84DD121-1A93-4031-9700-C7ECBD228184} => C:\Windows\system32\pcalua.exe -a G:\ubuntu\uninstall-wubi.exe -d G:\ubuntu
    Task: {A46E549E-368A-4900-BCD3-EA57EC53565A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab23f71b0d2a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {A7DEAD99-7A6B-46F5-A6CB-B54DD38F1E56} - System32\Tasks\{9EBA67BE-2107-430C-B5D5-5B6EA9059BBE} => C:\Windows\system32\pcalua.exe -a C:\Users\\Downloads\AcroRdrDC1801120035_en_US.exe -d C:\Users\\Downloads
    Task: {AFB3203A-7E38-4DDC-9D0A-7894B447E73C} - System32\Tasks\HP AR Program Upload - 1f0758f101f44b4f8cc64a7828fdf6aaf8eaff33dc114a2b8c6e284075e9a23f => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {B26E3F61-F187-433D-8F72-D696B03F0606} - System32\Tasks\cFos\Registration Tasks\Open Browser => c:\program files\internet explorer\iexplore.exe "hxxp://www.cfos.de/en/cfosspeed/expiration.htm?sw-10.10.2238&days=-72&ret=11&raw=13&exp=103"
    Task: {B2A7FC49-A089-4B2F-84BC-CA569F5256A7} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
    Task: {BF216B62-EA7F-4AB1-9870-6F07EDAD0C7B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
    Task: {BFF5A656-88D6-4A30-BC5A-5AEBD5ECD56E} - System32\Tasks\Opera scheduled Autoupdate 1469117722 => C:\Program Files (x86)\Opera\launcher.exe [2018-04-10] (Opera Software)
    Task: {C08A95AD-7CF4-4F3A-8886-8B46C662F775} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-02-19] ()
    Task: {D83FA1DB-6DFB-47F1-963C-6D01C3F1ABEF} - System32\Tasks\{F30508C4-188E-4C34-80DD-53D9F934F86B} => C:\Windows\system32\pcalua.exe -a C:\Users\\Downloads\AdobeAIRInstaller(1).exe -d C:\Users\\Downloads
    Task: {DB9FCA76-61A5-4563-A92D-D7701A6AF0A9} - System32\Tasks\{482BA325-2BFA-4F56-84F0-B029EDAC71D4} => C:\Windows\system32\pcalua.exe -a C:\Users\\AppData\Local\Temp\jre-9.0.4_windows-x86_bin-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau <==== ATTENTION
    Task: {E329F040-2D5B-4C9D-96E1-BE7584FC30E6} - System32\Tasks\Driver Booster SkipUAC () => C:\Program Files (x86)\IObit\Driver Booster\5.3.0\DriverBooster.exe
    Task: {F1334C95-C71D-4998-8D0E-1F45738519BD} - System32\Tasks\HP AR Program Upload - dfcb88f1f61d4f16bf90de32685894773c8ba217ebc74ddd85dc35ba23ed5138 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {FCDF305F-D6DE-456C-9C48-534705014B36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


    ==================== Shortcuts & WMI ========================


    (The entries could be listed to be restored or removed.)




    Shortcut: C:\Users\\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm


    ==================== Loaded Modules (Whitelisted) ==============


    2017-08-14 12:08 - 2017-08-14 12:08 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
    2018-04-10 17:46 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2018-04-10 17:46 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2017-12-23 13:20 - 2009-12-09 22:20 - 000126976 _____ () C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\EnumDevLib.dll
    2017-12-23 13:17 - 2014-09-16 05:33 - 001203856 _____ () C:\Program Files (x86)\Tenda\Common\RaWLAPI.dll
    2017-07-13 17:23 - 2017-07-13 17:23 - 000042744 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32api.pyd
    2017-07-13 17:22 - 2017-07-13 17:22 - 000060664 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywintypes27.dll
    2017-07-13 17:22 - 2017-07-13 17:22 - 000126712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pythoncom27.dll
    2017-07-13 17:23 - 2017-07-13 17:23 - 000024312 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pyd
    2017-07-13 17:23 - 2017-07-13 17:23 - 000047352 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pyd
    2017-07-13 17:23 - 2017-07-13 17:23 - 000026872 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32service.pyd
    2017-07-13 17:22 - 2017-07-13 17:22 - 000023800 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\servicemanager.pyd
    2017-07-13 17:23 - 2017-07-13 17:23 - 000031992 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pyd
    2017-07-13 17:23 - 2017-07-13 17:23 - 000506616 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ssl.pyd
    2017-07-13 17:23 - 2017-07-13 17:23 - 000360184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_hashlib.pyd
    2017-07-13 17:22 - 2017-07-13 17:22 - 000019192 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\select.pyd
    2017-07-13 17:23 - 2017-07-13 17:23 - 000021240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32pipe.pyd
    2017-07-13 17:23 - 2017-07-13 17:23 - 000045816 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32file.pyd
    2017-07-13 17:23 - 2017-07-13 17:23 - 000018680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32event.pyd
    2017-07-13 17:23 - 2017-07-13 17:23 - 000025336 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32process.pyd
    2017-07-13 17:23 - 2017-07-13 17:23 - 000021240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32ts.pyd
    2017-07-13 17:23 - 2017-07-13 17:23 - 000019704 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32profile.pyd
    2017-07-13 17:23 - 2017-07-13 17:23 - 000043768 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32security.pyd
    2017-07-13 17:23 - 2017-07-13 17:23 - 000025848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32inet.pyd
    2017-07-13 17:22 - 2017-07-13 17:22 - 000191736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\unicodedata.pyd
    2017-07-13 17:22 - 2017-07-13 17:22 - 000023288 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\EnvironmentID.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)


    AlternateDataStreams: C:\ProgramData\TEMP5FBE8F9 [180]
    AlternateDataStreams: C:\Users\\Local SettingsK6ap3JWZyZX1kkco [2422]
    AlternateDataStreams: C:\Users\\Local Settings:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
    AlternateDataStreams: C:\Users\\AppData\LocalK6ap3JWZyZX1kkco [2422]
    AlternateDataStreams: C:\Users\\AppData\Local:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]
    AlternateDataStreams: C:\Users\\AppData\Local\Application DataK6ap3JWZyZX1kkco [2422]
    AlternateDataStreams: C:\Users\\AppData\Local\Application Data:rOQb2MZzLNo5sp0Fopx0oVE6I2q [2368]


    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"


    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)




    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)




    ==================== Hosts content: ===============================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2009-07-13 22:34 - 2017-09-07 12:16 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts


    127.0.0.1 localhost


    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-404867302-3797044342-2971219209-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    MSCONFIG\Services: !SASCORE => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: BstHdAndroidSvc => 3
    MSCONFIG\Services: BstHdLogRotatorSvc => 2
    MSCONFIG\Services: BstHdUpdaterSvc => 2
    MSCONFIG\Services: EaseUS Agent => 2
    MSCONFIG\Services: Guard Agent => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: IMFservice => 2
    MSCONFIG\Services: LiveUpdateSvc => 2
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: MBAMScheduler => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: McComponentHostService => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: ReflectService.exe => 2
    MSCONFIG\Services: SwitchBoard => 3
    MSCONFIG\Services: UNS => 2
    MSCONFIG\Services: VyprVPN => 2
    MSCONFIG\startupfolder: C:^Users^^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - .lnk => C:\Windows\pss\Monitor Ink Alerts - .lnk.Startup
    MSCONFIG\startupfolder: C:^Users^^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk.Startup
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [{115E8F0F-43C6-4DA4-B830-0ABA79F8B560}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
    FirewallRules: [{21290C41-2E04-4955-AC6A-2751C96F1847}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
    FirewallRules: [{6DF16E84-A4A6-4AC0-A329-1B3A128CF85A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
    FirewallRules: [{8138A302-D7D7-4E0B-A0B6-FF3FEF2920FC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
    FirewallRules: [{FA15F932-BE8B-4FB4-9FB5-DC3D2D5DC6D0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{3DD25F65-25C5-46C1-A820-ECA5CA44BD89}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{8A808620-9E73-4B8B-A9BE-F448FB0D138F}] => (Allow) C:\Users\\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{65DE4148-0241-426E-9859-42C17AF6F187}] => (Allow) C:\Users\\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{53A5891F-BADA-4C76-8764-F252FDB16757}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    FirewallRules: [{D1317D35-F944-4DA6-996B-3EE3475152B5}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{8CB18299-169F-4FB0-8A70-C72DA35C0DA4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{4DEA1A3D-B180-4710-89C2-C4EAACAA2724}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{8ADB274D-4683-4F32-8E04-8FB64C458D40}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [TCP Query User{C16FBD02-A15A-42E1-AD7D-46997BB5A44A}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe] => (Block) C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe
    FirewallRules: [UDP Query User{7704C02C-071A-4768-A663-3C89233091D1}C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe] => (Block) C:\program files (x86)\globalscape\cuteftp 8 professional\ftpte.exe
    FirewallRules: [TCP Query User{EB8831FF-2188-42B1-B92C-832DD4E16393}C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe] => (Allow) C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe
    FirewallRules: [UDP Query User{4988F528-BA77-467F-B0B4-5B3CD2686D08}C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe] => (Allow) C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe
    FirewallRules: [{D6DE4DE4-D5D0-4BC2-8D2A-A31B03DF3F1B}] => (Allow) C:\Users\\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{261E5794-84F9-418F-85B6-AE2D9AB6BA8B}] => (Allow) C:\Users\\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{22484AB2-C9BC-440F-ABFF-E06CA5D2423B}C:\program files\java\jre8\bin\javaw.exe] => (Allow) C:\program files\java\jre8\bin\javaw.exe
    FirewallRules: [UDP Query User{58909E71-D70E-4CDB-BB75-5A648814F49D}C:\program files\java\jre8\bin\javaw.exe] => (Allow) C:\program files\java\jre8\bin\javaw.exe
    FirewallRules: [TCP Query User{5AFE3D52-A6C3-4DD2-998E-D8B24E74F05D}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe
    FirewallRules: [UDP Query User{6A1E9C7C-B932-44E3-917D-187CBB48318A}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe
    FirewallRules: [{40C6DC7E-A726-4140-AC9A-C5E26AB67F6D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7241522C-562C-4D49-ACB1-58BF97D0E36F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{37EBA0BA-F95E-4FAF-9B74-489172801E9E}C:\program files (x86)\adobe\adobe edge animate cc 2014\edgeanimate.exe] => (Allow) C:\program files (x86)\adobe\adobe edge animate cc 2014\edgeanimate.exe
    FirewallRules: [UDP Query User{1F4D1C7A-5224-40CF-821D-93767B3C3005}C:\program files (x86)\adobe\adobe edge animate cc 2014\edgeanimate.exe] => (Allow) C:\program files (x86)\adobe\adobe edge animate cc 2014\edgeanimate.exe
    FirewallRules: [TCP Query User{756FCE78-EDC6-4B00-B8FF-BA2EEBB92B72}C:\apache24\bin\httpd.exe] => (Allow) C:\apache24\bin\httpd.exe
    FirewallRules: [UDP Query User{FC03FF4C-54E2-4E65-92F9-6990136FCA33}C:\apache24\bin\httpd.exe] => (Allow) C:\apache24\bin\httpd.exe
    FirewallRules: [TCP Query User{DAB9999E-3B33-400E-A5B2-B778E1E29ECA}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
    FirewallRules: [UDP Query User{028B53CE-694F-4C66-9ECD-4080DD27A418}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
    FirewallRules: [TCP Query User{3E76F676-180F-4A64-8B02-21129A1B02CA}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
    FirewallRules: [UDP Query User{2034FF09-A526-46BB-81AC-8EF22CFC093C}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
    FirewallRules: [TCP Query User{2375A6DC-73EE-423D-8BE9-A8578C3D67F5}C:\xampp\mercurymail\mercury.exe] => (Allow) C:\xampp\mercurymail\mercury.exe
    FirewallRules: [UDP Query User{F086BC88-F2FE-4406-B1A7-318231D1DCD1}C:\xampp\mercurymail\mercury.exe] => (Allow) C:\xampp\mercurymail\mercury.exe
    FirewallRules: [TCP Query User{49F473C7-DB36-4193-A1F7-2B54915AAF51}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
    FirewallRules: [UDP Query User{218FA041-EB27-4898-8A46-C9ACF6C92924}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
    FirewallRules: [TCP Query User{F9685CF4-EBF6-47DC-BDD9-024780250EB7}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe
    FirewallRules: [UDP Query User{090D1B24-AA82-430A-A87F-56F4EFE38459}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe
    FirewallRules: [TCP Query User{68A76D3A-921A-457A-BA8B-E41DF9AF8B5B}C:\program files\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\java.exe
    FirewallRules: [UDP Query User{29EDE938-B1F0-41C3-BBD5-FA28D03D9509}C:\program files\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\java.exe
    FirewallRules: [TCP Query User{63CA0BC6-D664-47B5-8FDC-5CCFEDFCBA04}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe
    FirewallRules: [UDP Query User{83E6F3AD-A927-48CC-AB52-43B17FBAFC8C}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe
    FirewallRules: [{07BC1627-DB5B-45D6-A9F4-044A510455D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{00DE18F3-2265-4F92-B049-70D9C3B7A152}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{06B896B9-426C-4F59-91DF-56E741396D2F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{ED524B22-687B-43EF-A1EF-20A290E77691}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{E2795EBA-02B1-4940-A97D-87CE76807448}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{343238D2-9BE3-40AD-B280-BCF3AC251377}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{A8A7E604-570C-46F9-A8FC-E817C14FF95A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    FirewallRules: [{8C4DE87B-B669-42C4-A506-4ECBF6E9D4FF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    FirewallRules: [{83BB563F-C988-4427-834B-31F8BD03EF55}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
    FirewallRules: [{EFC0357B-5600-4D9F-BA52-177B290A43E5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
    FirewallRules: [{3654B41E-AC1A-4A8D-B99F-685AE324891B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
    FirewallRules: [{AB6459F1-6006-4019-9E87-45CA86C5B4AD}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
    FirewallRules: [TCP Query User{A4B5C9E4-ABD8-45CA-81CC-9EBF5F7EF302}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
    FirewallRules: [UDP Query User{4B746D1D-5C6E-4377-A3A9-D75A1949F676}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
    FirewallRules: [TCP Query User{62ED0B6A-37DA-4AAF-8B4F-54193E0CF2C4}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [UDP Query User{1FE56377-7127-432E-B933-DC225C461D3B}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
    FirewallRules: [TCP Query User{B36AFA7A-E750-4526-956B-A82104FC30C7}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
    FirewallRules: [UDP Query User{2EC4C9BA-040C-4762-A80E-46000356191F}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
    FirewallRules: [{C7F298C1-70CF-479C-89C9-B144546771B7}] => (Allow) C:\Users\\AppData\Local\Temp\7zS1D9E\HPDiagnosticCoreUI.exe
    FirewallRules: [{442B2BB5-15A2-4099-BF40-795AC86EEBD2}] => (Allow) C:\Users\\AppData\Local\Temp\7zS1D9E\HPDiagnosticCoreUI.exe
    FirewallRules: [{454ED93C-8BBA-44CA-BBC0-AF45A8DD69BC}] => (Allow) C:\Users\\Downloads\Tech tool store tools\TechToolStore64.exe
    FirewallRules: [{7D86FE7D-A561-4763-B8F9-B2A33B0B64D0}] => (Allow) C:\Users\\Downloads\Tech tool store tools\TechToolStore64.exe
    FirewallRules: [{52FC53AF-F179-4382-A4E0-E60D397D0E18}] => (Allow) C:\Users\\Downloads\Tech tool store tools\TechToolStore64.exe
    FirewallRules: [{90F0A296-1E91-4711-9567-B42DCCA8562A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{02D439D2-6A2E-4A22-959B-2FE402DBE1F0}C:\users\\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe] => (Allow) C:\users\\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe
    FirewallRules: [UDP Query User{3ED4978A-DEDD-4E7E-BC38-9312CBC5D8ED}C:\users\\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe] => (Allow) C:\users\\downloads\digitalnotewallet_win32_1.0.12-beta\digitalnotewallet-win32\digitalnotewallet.exe
    FirewallRules: [TCP Query User{E4299DE6-951E-495B-81C9-1B2720D79B27}C:\users\\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe] => (Allow) C:\users\\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe
    FirewallRules: [UDP Query User{30DE5082-F81C-4AE0-A51F-B16BA47A308D}C:\users\\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe] => (Allow) C:\users\\downloads\monero-win-x86-v0.11.0.0\monero-v0.11.0.0\monerod.exe
    FirewallRules: [{BA7BB4B1-6369-40DB-8961-38F8E06ABF22}] => (Allow) C:\Program Files (x86)\Tenda\Common\RaUI.exe
    FirewallRules: [{E916B498-1FB9-4FDB-92C1-53C47CB5533A}] => (Allow) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
    FirewallRules: [{7891498E-FA20-4E01-A828-1524D50679F7}] => (Allow) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
    FirewallRules: [{6E58E825-69EF-4665-A88E-5B2A2C85539F}] => (Allow) LPort=1542
    FirewallRules: [{74C6FA26-D5BA-46B4-9B79-3F91ABFF2F98}] => (Allow) LPort=1542
    FirewallRules: [{4D1570CE-6D39-4866-A11E-E896840A4EEE}] => (Allow) LPort=53
    FirewallRules: [TCP Query User{617C19F9-DF28-4BBD-8FE5-BC09FFCD0150}C:\program files\java\jdk-9.0.4\bin\jmc.exe] => (Allow) C:\program files\java\jdk-9.0.4\bin\jmc.exe
    FirewallRules: [UDP Query User{4F6E41B8-226A-4D0D-9114-58540092F848}C:\program files\java\jdk-9.0.4\bin\jmc.exe] => (Allow) C:\program files\java\jdk-9.0.4\bin\jmc.exe
    FirewallRules: [{0A2E399E-E983-44C7-BE71-44F3FCCC06A8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{D7573C8C-2027-4C72-86D6-A31EC0898A27}] => (Allow) C:\Program Files (x86)\Opera\52.0.2871.40\opera.exe
    FirewallRules: [{BA815C2A-C70C-4BB1-AFA3-A5C7136DA8E7}] => (Allow) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe


    ==================== Restore Points =========================


    06-04-2018 12:45:07 Windows Update
    10-04-2018 14:28:35 Windows Update
    10-04-2018 15:26:35 Windows Update
    12-04-2018 14:50:35 Windows Update
    16-04-2018 10:46:53 Windows Update
    20-04-2018 12:41:47 Windows Update


    ==================== Faulty Device Manager Devices =============




    ==================== Event log errors: =========================


    Application errors:
    ==================
    Error: (04/10/2018 05:44:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamservice.exe, version: 3.1.0.634, time stamp: 0x5a7e0996
    Faulting module name: ntdll.dll, version: 6.1.7601.24059, time stamp: 0x5aa1fa91
    Exception code: 0xc0000005
    Fault offset: 0x0000000000032964
    Faulting process id: 0xcc4
    Faulting application start time: 0x01d3d0f575a0fb9c
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: 6745ef93-3d08-11e8-8f27-2c4138a9b7f0


    Error: (04/06/2018 12:04:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The process cannot access the file because it is being used by another process.


    Error: (04/06/2018 12:04:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.


    DETAIL - The process cannot access the file because it is being used by another process.
    for C:\Users\\AppData\Local\Microsoft\Windows\\UsrClass.dat


    Error: (03/20/2018 06:34:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary MpKsl42e40da2.


    System Error:
    The system cannot find the file specified.
    .


    Error: (03/20/2018 06:26:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary MpKsl42e40da2.


    System Error:
    The system cannot find the file specified.
    .


    Error: (03/20/2018 06:06:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary MpKsl42e40da2.


    System Error:
    The system cannot find the file specified.
    .


    Error: (03/17/2018 09:21:55 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: -PC)
    Description: Application or service 'Intel(R) Driver & Support Assistant' could not be restarted.


    Error: (03/17/2018 09:21:34 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: -PC)
    Description: Application or service 'Intel(R) Driver & Support Assistant' could not be shut down.




    System errors:
    =============
    Error: (04/21/2018 12:40:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
    and APPID
    {344ED43D-D086-4961-86A6-1106F4ACAD9B}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


    Error: (04/21/2018 12:40:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.


    Error: (04/21/2018 12:40:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 70.


    Error: (04/21/2018 12:40:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    amdkmafd


    Error: (04/21/2018 10:25:45 AM) (Source: BROWSER) (EventID: 8032) (User: )
    Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{FB95A44C-09DA-444F-9634-F38025F66432}.
    The backup browser is stopping.


    Error: (04/21/2018 09:47:25 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.


    Error: (04/21/2018 09:35:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
    and APPID
    {344ED43D-D086-4961-86A6-1106F4ACAD9B}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


    Error: (04/21/2018 09:35:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    amdkmafd




    Windows Defender:
    ===================================
    Date: 2016-05-10 13:39:29.816
    Description:
    Windows Defender has detected spyware or other potentially unwanted software.
    For more information please see the following:
    SoftwareBundler:Win32/Stallmonitz threat description - Windows Defender Security Intelligence
    Name:SoftwareBundler:Win32/Stallmonitz
    ID:225956
    Severity:High
    Category:Software Bundler
    Path Found:containerfile:C:\Users\\Desktop\BlueStacks-SplitInstaller_native.exe;file:C:\Users\\Desktop\BlueStacks-SplitInstaller_native.exe->(nsis-instdata)
    Detection Type:Concrete
    Detection Source:System
    Status:Unknown
    Process Name:c:\program files\windows defender\MpCmdRun.exe


    Date: 2015-05-14 02:55:17.260
    Description:
    Windows Defender has detected spyware or other potentially unwanted software.
    For more information please see the following:
    SoftwareBundler:Win32/WinOptimizer threat description - Windows Defender Security Intelligence
    Name:SoftwareBundler:Win32/WinOptimizer
    ID:206677
    Severity:High
    Category:Software Bundler
    Path Found:containerfile:C:\ProgramData\Optimizer\program\newver_10_1.7.0.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_25_1.7.1.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_37_1.7.3.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_38_1.6.9.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_54_1.7.2.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_83_1.7.3.0.exe;containerfile:C:\ProgramData\Optimizer\program\newver_95_1.7.2.0.exe;file:C:\Program Files (x86)\Software Update Services\software-update-services.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A1\config\load_config.ini;file:C:\Program Files (x86)\YouTube Downloader Services\A1\load_config.ini;file:C:\Program Files (x86)\YouTube Downloader Services\A1\vmnet.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A1\winphp.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A1\youtubeserv.exe;file:C:\Program Files (x86)\YouTube Downloader Services\A2\config\load_config.ini;file:
    Detection Type:Concrete
    Detection Source:System
    Status:Unknown
    Process Name:c:\program files\windows defender\MpCmdRun.exe


    Date: 2015-02-13 12:56:09.110
    Description:
    Windows Defender has detected spyware or other potentially unwanted software.
    For more information please see the following:
    SoftwareBundler:Win32/WinOptimizer threat description - Windows Defender Security Intelligence
    Name:SoftwareBundler:Win32/WinOptimizer
    ID:206677
    Severity:High
    Category:Software Bundler
    Path Found:file:C:\Program Files (x86)\YouTube Downloader Services\A2\youtubeserv.exe;processid:2072,ProcessStart:130683102609928583;service:YouTubeDownload_A2
    Detection Type:Concrete
    Detection Source:System
    Status:Unknown
    Process Name:C:\Windows\System32\svchost.exe


    Date: 2015-02-13 12:45:18.333
    Description:
    Windows Defender has detected spyware or other potentially unwanted software.
    For more information please see the following:
    SoftwareBundler:Win32/WinOptimizer threat description - Windows Defender Security Intelligence
    Name:SoftwareBundler:Win32/WinOptimizer
    ID:206677
    Severity:High
    Category:Software Bundler
    Path Found:file:C:\Program Files (x86)\YouTube Downloader Services\A2\youtubeserv.exe;processid:2072,ProcessStart:130683102609928583
    Detection Type:Concrete
    Detection Source:System
    Status:Unknown
    Process Name:C:\Windows\System32\svchost.exe


    Date: 2014-11-29 22:00:49.112
    Description:
    Windows Defender has detected spyware or other potentially unwanted software.
    For more information please see the following:
    SoftwareBundler:Win32/WinOptimizer threat description - Windows Defender Security Intelligence
    Name:SoftwareBundler:Win32/WinOptimizer
    ID:206677
    Severity:High
    Category:Software Bundler
    Path Found:file:C:\Program Files (x86)\YouTube Downloader Services\P2\vmnet.exe;processid:6068
    Detection Type:Concrete
    Detection Source:Real-Time Protection
    Status:Unknown
    Process Name:


    Date: 2016-08-06 12:31:33.975
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version:
    Update Source:User
    Signature Type:
    Update Type:
    Current Engine Version:
    Previous Engine Version:1.1.12902.0
    Error code:0x8050a003
    Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.


    Date: 2016-08-01 13:30:57.462
    Description:
    Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
    Signatures Attempted:Current
    Error Code:0x80096010
    Error description:The digital signature of the object did not verify.
    Signature version:1.225.2702.0
    Engine version:1.1.12902.0


    Date: 2016-07-19 10:23:40.259
    Description:
    Windows Defender has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version:
    Update Source:User
    Signature Type:
    Update Type:
    Current Engine Version:
    Previous Engine Version:1.1.12902.0
    Error code:0x8050a003
    Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.


    Date: 2016-06-26 10:42:27.755
    Description:
    %1 engine has been terminated due to an unexpected error.
    Failure Type:%5
    Exception code:%6
    Resource:%3


    Date: 2016-05-15 16:17:59.424
    Description:
    Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
    Signatures Attempted:Current
    Error Code:0x800700c1
    Error description:Windows Defender is not a valid Win32 application.
    Signature version:1.219.1406.0
    Engine version:1.1.12706.0


    CodeIntegrity:
    ===================================


    Date: 2016-08-27 13:29:06.372
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-08-27 11:58:09.638
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-08-27 11:54:47.297
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-08-27 11:54:47.204
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-08-27 11:54:29.778
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-08-27 11:54:29.607
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-08-27 11:42:13.553
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-08-27 11:37:20.645
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================


    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
    Percentage of memory in use: 75%
    Total physical RAM: 4076.83 MB
    Available physical RAM: 988.87 MB
    Total Virtual: 8151.83 MB
    Available Virtual: 4820.94 MB


    ==================== Drives ================================


    Drive c: () (Fixed) (Total:638.45 GB) (Free:35.64 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive e: (Backup) (Fixed) (Total:146.48 GB) (Free:93.49 GB) NTFS
    Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive g: (Linux) (Fixed) (Total:73.24 GB) (Free:73.02 GB) NTFS




    ==================== MBR & Partition Table ==================


    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 000108B6)
    Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Active) - (Size=638.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=73.2 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=219.7 GB) - (Type=0F Extended)


    ==================== End of Addition.txt ============================

  12. #72
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,993

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    Please do the following.

    FRST Fix
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    1. Download attached file and save it to the Desktop.
    Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
    2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
    3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
    Attached Files Attached Files

  13. #73

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2018
    Ran by (21-04-2018 17:59:45) Run:2
    Running from C:\Users\\Desktop
    Loaded Profiles: (Available Profiles: )
    Boot Mode: Normal
    ==============================================


    fixlist content:
    *****************
    CreateRestorePoint:
    ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKU\S-1-5-21-404867302-3797044342-2971219209-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    S3 cpuz136; \??\C:\Users\\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
    S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]



    *****************


    Restore point was successfully created.
    "ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)" => not found
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
    HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => not found
    "HKU\S-1-5-21-404867302-3797044342-2971219209-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
    HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => not found
    "HKLM\System\CurrentControlSet\Services\cpuz136" => removed successfully
    cpuz136 => service removed successfully
    "HKLM\System\CurrentControlSet\Services\IUFileFilter" => removed successfully
    IUFileFilter => service removed successfully
    "HKLM\System\CurrentControlSet\Services\Synth3dVsc" => removed successfully
    Synth3dVsc => service removed successfully
    "HKLM\System\CurrentControlSet\Services\tsusbhub" => removed successfully
    tsusbhub => service removed successfully
    "HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
    VGPU => service removed successfully


    ==== End of Fixlog 18:02:32 ====

  14. #74
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,993

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    OK, check for Windows Updates and let me know which ones show up (if any) that need installed.

  15. #75

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    Windows Update shows no important updates but I still get the same updates from belarc as before.

  16. #76
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,993

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    OK, please do the following.

    Step#1 - ChkDsk Scan
    1. Click your Start Orb in the lower left of your computer and type cmd in the search box.
    2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.
    3. Answer Yes when asked to allow.
    4. You should now have a black window open that you can type in to.
    5. Please type chkdsk and then press enter.
    6. Chkdsk will start to run. Please allow it to finish. You will know it is running when you see text as follows.
    7. Download ListChkdskResult.exe by SleepyDude and save it on your desktop. If it's already downloaded to your desktop, just skip this step.
    8. Right-click this file and select Run as administrator (Allow if prompted)and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
    Please copy the contents of this file and paste into your next post.

  17. #77

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    Can't find script engine "VBScript.Encode" for script
    "C\Users\\AppData\Local\Temp\RarSFX0\ListChkdskResult.vbe".

  18. #78
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,993

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    No problem. Please do the following.

    Step#1 - Gather Event Logs
    Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

    1. Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
    2. Download the file below, SFCScript.txt, and save this to your Desktop.
    3. Save any open documents and close all open windows.
    4. On your Desktop, you should see two files: SFCFix.exe and SFCScript.txt.
    5. Drag the file SFCScript.txt onto the file SFCFix.exe and release it.
    6. SFCFix will now process the script.
    7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
    8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please
    9. In addition a file will be created on your desktop named EvtLogs.zip. As this file will likely be too large to attach to your reply, please upload this file to a file sharing/hosting site such as SendSpace, Dropbox or Onedrive and provide the link in your next reply.
    Attached Files Attached Files

  19. #79

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    SFCFix version 3.0.0.0 by niemiro.
    Start time: 2018-04-22 13:19:42.952
    Microsoft Windows 7 Service Pack 1 - amd64
    Using .txt script file at C:\Users\\Desktop\SFCScript.txt [0]








    Zip::
    Successfully copied file C:\Windows\Sysnative\winevt\Logs\Application.evtx to zip file at C:\Users\\desktop\EvtLogs.zip.
    Successfully copied file C:\Windows\Sysnative\winevt\Logs\System.evtx to zip file at C:\Users\\desktop\EvtLogs.zip.
    Zip:: directive completed successfully.








    Successfully processed all directives.
    SFCFix version 3.0.0.0 by niemiro has completed.
    Currently storing 30 datablocks.
    Finish time: 2018-04-22 13:19:52.827
    Script hash: 3ptSf3vNPLM/TFnzG9y5oFNBAyUPBWzpo0Wv8lEQIVk=
    ----------------------EOF---------------------
    Attached Files Attached Files

  20. #80
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    16,993

    Re: SFC Corruption and windows update error (possible) Win 7 SP1 PC

    When you check for Windows Updates, does it say "For Windows and other products from Microsoft Update" next to You receive updates: ?

    SFC Corruption and windows update error (possible) Win 7 SP1 PC-capture-jpg

Page 4 of 4 First 1234

Similar Threads

  1. Replies: 2
    Last Post: 09-27-2017, 12:58 PM
  2. [SOLVED] Windows Update error 8007370A and winsxs corruption
    By D3FR4G in forum Windows Update
    Replies: 4
    Last Post: 01-29-2017, 09:01 PM
  3. Windows Update Error 8024402F and CNBJ2530.DPB corruption
    By spaleolog in forum Windows Update
    Replies: 1
    Last Post: 10-24-2016, 03:14 PM
  4. W10 update error and possible file corruption
    By andrew79 in forum Windows Update
    Replies: 1
    Last Post: 05-18-2016, 08:57 PM
  5. Replies: 72
    Last Post: 10-14-2015, 03:59 PM

Log in

Log in