1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] Possible Infection

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by theoldandgrey, Jun 19, 2019.

  1. theoldandgrey

    theoldandgrey Established Techie7 Member

    I opened my email client, rarely used, to find an email from my credit card company asking for verification of a purchase. The email looked very genuine and gave the correct contact details and the correct last 4 letters of my account. I was suspicious as I have not made a purchase. My webmail does not show this email neither does Thunderbird nor gmail. Also strangely this email is not showing on my tablet. The credit card company say there has been no suspicious activity. Is it likely that my pc is infected in some way?
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    There is no way to tell unless we run some checks.

    Please, complete all steps listed HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. theoldandgrey

    theoldandgrey Established Techie7 Member

    Herewith my two scans as requested Broni spread over several posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2019

    Ran by VIV (administrator) on DESKTOP-1FFI7T5 (Hewlett-Packard p6-2018uk) (20-06-2019 14:16:15)

    Running from C:\Users\VIV\AppData\Local\Temp\scoped_dir11904_19319

    Loaded Profiles: VIV & VL (Available Profiles: VIV & VL & DefaultAppPool)

    Platform: Windows 10 Home Version 1903 18362.175 (X64) Language: English (United Kingdom)

    Default browser: Opera

    Boot Mode: Normal

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    () [File not signed] C:\Program Files (x86)\SEC\Natural Color\NaturalColorLoad.exe

    () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe

    () [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

    () [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19052.657.0_x64__8wekyb3d8bbwe\YourPhone.exe

    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

    (Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe

    (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe

    (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe

    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

    (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\74.4.115\QtWebEngineProcess.exe

    (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\74.4.115\QtWebEngineProcess.exe

    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe

    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe

    (Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP ENVY 5640 series\Bin\ScanToPCActivationApp.exe

    (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

    (Intel(R) pGFX -> Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe

    (Logitech Inc -> Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

    (Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe

    (Logitech, Inc. -> ) C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe

    (Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

    (Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe

    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe

    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe\HxOutlook.exe

    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe\HxTsr.exe

    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe

    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe

    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe

    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe

    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe

    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

    (Microsoft Windows Hardware Compatibility Publisher -> Mirics Semiconductor Ltd) C:\Windows\System32\Hauppauge\hcwD3dvb\DVBT\DVBservice.exe

    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe

    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera_crashreporter.exe

    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

    (Symantec Corporation -> PC Tools) C:\Program Files\Norton Utilities\Engine\16.0.3.44\sMonitor\StartManSvc.exe

    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.2.46\NortonSecurity.exe

    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.2.46\NortonSecurity.exe

    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.2.46\nsWscSvc.exe


    ==================== Registry (Whitelisted) ===========================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5576512 2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)

    HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

    HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech, Inc. -> Logitech Inc.)

    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)

    HKLM-x32\...\Run: [ReminderApp] => C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe [185664 2007-08-25] (Nova Development -> )

    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. -> Apple Inc.)

    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-03-13] (Apple Inc. -> Apple Inc.)

    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\Run: [HP ENVY 5640 series (NET)] => C:\Program Files\HP\HP ENVY 5640 series\Bin\ScanToPCActivationApp.exe [3769992 2017-05-23] (Hewlett Packard -> HP Inc.)

    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc -> Logitech Inc.)

    HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-18] (Google LLC -> Google LLC)

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2019-03-27]

    ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk [2019-01-25]

    ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\Broderbund\PrintMaster\PMremind.exe (TLC Multimedia Inc.) [File not signed]

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NaturalColorLoad.lnk [2018-08-09]

    ShortcutTarget: NaturalColorLoad.lnk -> C:\Program Files (x86)\SEC\Natural Color\NaturalColorLoad.exe () [File not signed]


    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {0F19F4B2-EF7F-4282-BD60-22E93E207D09} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe

    Task: {143E2305-F18F-4AD0-A98C-1ACF63A5155C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)

    Task: {20B2B1FD-6853-40DB-81BA-592DCDA342EF} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2225296 2019-05-25] (Symantec Corporation -> Symantec Corporation)

    Task: {2568BFF3-BD17-4ECE-9BC1-AD7DFC4A58B5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}

    Task: {2DDFD80F-24C1-43E6-BBC8-66AE1148E5DC} - System32\Tasks\SpeedDiskSchedule => C:\Program Files\Norton Utilities\Engine\16.0.3.44\Tools\SpeedDisk\ScheduledDefrag.exe [801016 2018-07-18] (Symantec Corporation -> )

    Task: {31A7E136-B553-4B42-B295-2AC1EE53B317} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-01-30] (Google Inc -> Google Inc.)

    Task: {37622B28-9AF0-41B7-A722-91602BA4AE5E} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.2.46\SymErr.exe [101392 2019-05-25] (Symantec Corporation -> Symantec Corporation)

    Task: {37B20C76-CD22-4EED-B9CF-FA94F1F39ADC} - \OneDrive Standalone Update Task-S-1-5-21-1150477090-3809027948-3889013003-1001 -> No File <==== ATTENTION

    Task: {3D1C40DC-10E4-48A4-95AE-73247B67DD7F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

    Task: {44712AA7-0AA1-4275-A31F-6BF62E9DF503} - System32\Tasks\NUSchedule => C:\Program Files\Norton Utilities\Engine\16.0.3.44\NU.exe [4012496 2019-03-08] (Symantec Corporation -> Symantec)

    Task: {48D54CEB-FB75-4515-82E8-907C71447ECA} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION

    Task: {4FE53368-9DAD-4F80-BAD9-BC7F001A48EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

    Task: {592395C5-9E09-4214-AA0B-28CE50B00CCD} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.17.2.46\SymErr.exe [101392 2019-05-25] (Symantec Corporation -> Symantec Corporation)

    Task: {6DD5F55C-FF5F-4B87-A6B5-44A5767FD09A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-02] (Dropbox, Inc -> Dropbox, Inc.)

    Task: {75FD96A6-907C-4925-98A2-C8FE77F055E0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

    Task: {7A58BFC2-879C-4560-AEB4-FA68C0666AF5} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.17.2.46\SymErr.exe [101392 2019-05-25] (Symantec Corporation -> Symantec Corporation)

    Task: {7C372985-6D58-4559-8C4E-26BC9345B803} - \OneDrive Standalone Update Task-S-1-5-21-1150477090-3809027948-3889013003-1003 -> No File <==== ATTENTION

    Task: {82C49D0D-401E-4DE9-A8B2-7B7A33DDAD7C} - System32\Tasks\HPCustParticipation HP ENVY 5640 series => C:\Program Files\HP\HP ENVY 5640 series\Bin\HPCustPartic.exe [6438536 2017-05-23] (Hewlett Packard -> HP Inc.)

    Task: {86732E5A-F919-493B-880D-61FAB22A9A1B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-02] (Dropbox, Inc -> Dropbox, Inc.)

    Task: {8CA2E250-254C-4D88-9C4C-1C59C73F3043} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe)

    Task: {8F24CF9F-E307-42BA-9F57-5B8C1F640A6D} - \Optimize Push Notification Data File-S-1-5-21-1150477090-3809027948-3889013003-1003 -> No File <==== ATTENTION

    Task: {939069D5-832C-4B4F-8046-BD7151C550DC} - System32\Tasks\NUAutoUpdate => C:\Program Files\Norton Utilities\Engine\16.0.3.44\SULauncher.exe [988504 2018-07-18] (Symantec Corporation -> PC Tools)

    Task: {9A89CF0D-5240-4A49-A9DE-7815F41DC155} - System32\Tasks\Opera scheduled Autoupdate 1543596262 => C:\Users\VIV\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software)

    Task: {9D7598C7-1A7C-46FD-88A9-874A78B101AB} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.2.46\WSCStub.exe [2225296 2019-05-25] (Symantec Corporation -> Symantec Corporation)

    Task: {A5D04C59-F646-49B6-A1A5-E17B1D6C7A18} - System32\Tasks\Uninstaller_SkipUac_VIV => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5286672 2019-04-26] (IObit Information Technology -> IObit)

    Task: {A9B4F320-8754-4769-A4BF-476A66CC1F71} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)

    Task: {C9ABD8F3-388B-4EAA-A1B6-9DCC7DF42596} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

    Task: {EABAE81C-D7F3-450E-B232-2C4A0CF81E55} - System32\Tasks\Avira\Scan schedule => C:\Program Files\AVAST Software\Avast\AvastUI.exe

    Task: {EDD68386-1E2F-4A72-BDC2-849C6FE3C09D} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.194\DADUpdater.exe

    Task: {F01429E1-6241-465D-9773-0FEBFFEBE0AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-01-30] (Google Inc -> Google Inc.)

    Task: {F7577D23-3742-433B-AE24-F969D4C81C1F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

    Task: {FCDC04A0-BC04-4415-B305-36BECEC9E804} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_pepper.exe [1452600 2019-06-11] (Adobe Inc. -> Adobe)


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    Task: C:\WINDOWS\Tasks\NUAutoUpdate.job => C:\Program Files\Norton Utilities\Engine\16.0.3.44\SULauncher.exe

    Task: C:\WINDOWS\Tasks\NUSchedule.job => C:\Program Files\Norton Utilities\Engine\16.0.3.44\NU.exe

    Task: C:\WINDOWS\Tasks\SpeedDiskSchedule.job => C:\Program Files\Norton Utilities\Engine\16.0.3.44\Tools\SpeedDisk\ScheduledDefrag.exe


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    ProxyEnable: [S-1-5-21-1150477090-3809027948-3889013003-1002] => Proxy is enabled.

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    Tcpip\..\Interfaces\{73e83076-693c-4d47-89f6-b6f4414bcadc}: [DhcpNameServer] 192.168.1.254


    Internet Explorer:

    ==================

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

    SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

    SearchScopes: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=retail&geo=GB&ver=22.17.2.46&locale=GB_en&guid=31C74C16-C910-4352-8F41-93FEE609C4BB&doi=2016-09-01&o=APN11913&cmpgn=rapha&gct=kwd&qsrc=2869

    SearchScopes: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

    SearchScopes: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=retail&geo=GB&ver=22.17.2.46&locale=GB_en&guid=31C74C16-C910-4352-8F41-93FEE609C4BB&doi=2016-09-01&o=APN11913&cmpgn=rapha&gct=kwd&qsrc=2869

    SearchScopes: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)

    BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.2.46\coIEPlg.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)

    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)

    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

    BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.2.46\coIEPlg.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)

    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)

    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.2.46\coIEPlg.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)

    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.2.46\coIEPlg.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)

    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File


    Edge:

    ======

    Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.8.0.0_neutral__v68kp9n051hdp [2019-05-20]


    FireFox:

    ========

    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)

    FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)

    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)

    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)

    FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)

    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)

    FF Plugin HKU\S-1-5-21-1150477090-3809027948-3889013003-1002: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\VIV\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife -> RocketLife, LLP)


    Chrome:

    =======

    CHR Profile: C:\Users\VIV\AppData\Local\Google\Chrome\User Data\Default [2019-06-18]

    CHR Extension: (Norton Security Toolbar) - C:\Users\VIV\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-04-13]

    CHR Extension: (AdBlock) - C:\Users\VIV\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-06-06]

    CHR Extension: (Norton Identity Safe) - C:\Users\VIV\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2018-02-04]

    CHR Extension: (Chrome Web Store Payments) - C:\Users\VIV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-08]

    CHR Extension: (Chrome Media Router) - C:\Users\VIV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-06]

    CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx

    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - hxxps://clients2.google.com/service/update2/crx

    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx

    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - hxxps://clients2.google.com/service/update2/crx

    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx


    Opera:

    =======

    OPR StartupUrls: "chrome://startpage/"

    OPR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2019-06-03]

    OPR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2019-06-16]

    OPR Extension: (Dashlane - Password Manager) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2019-06-18]

    OPR Extension: (AdBlock) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-05-28]

    OPR Extension: (LastPass: Free Password Manager) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2019-06-07]

    OPR Extension: (Notifier for Outlook™) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\ikepgknbnknabklgebiifjpggmkikgfk [2018-04-27]

    OPR Extension: (Whatsapp™ For PC) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjimieccdnabogjoebnblfaahgipddcm [2018-11-30]

    OPR Extension: (Install Chrome Extensions) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2018-08-22]

    OPR Extension: (Boomerang for Gmail) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\mbgokcbnfmmadbglaopglmoagkhgappp [2018-11-30]

    OPR Extension: (Right Inbox for Gmail) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\mflnemhkomgploogccdmcloekbloobgb [2019-05-24]

    OPR Extension: (Amazon Assistant for Opera) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2019-05-24]

    OPR Extension: (F.B.(FluffBusting)Purity) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\ppldhdmhmdcedddamaddkbbakkfhgeeo [2019-06-13]


    ==================== Services (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)

    R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2979032 2019-01-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-02] (Dropbox, Inc -> Dropbox, Inc.)

    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-02] (Dropbox, Inc -> Dropbox, Inc.)

    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)

    S3 DiskDoctorService; C:\Program Files\Norton Utilities\Engine\16.0.3.44\Tools\Disk Doctor\DiskDoctorSrv.exe [1168720 2018-07-18] (Symantec Corporation -> Symantec Corporation)

    S2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-06-03] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    R2 hcwD3bda_dvbt; C:\WINDOWS\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe [2641920 2010-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Mirics Semiconductor Ltd)

    S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [153360 2018-09-25] (IObit Information Technology -> IObit)

    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

    R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-19] (Logitech Inc -> Logitech)

    S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

    R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.2.46\NortonSecurity.exe [225608 2019-05-25] (Symantec Corporation -> Symantec Corporation)

    R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.2.46\nsWscSvc.exe [933200 2019-05-25] (Symantec Corporation -> Symantec Corporation)

    R2 NU16StartManagerSvc; C:\Program Files\Norton Utilities\Engine\16.0.3.44\sMonitor\StartManSvc.exe [799992 2018-07-18] (Symantec Corporation -> PC Tools)

    S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)

    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

    S3 SpeedDiskService; C:\Program Files\Norton Utilities\Engine\16.0.3.44\Tools\SpeedDisk\SpeedDiskSrv.exe [1182640 2018-07-18] (Symantec Corporation -> Symantec Corporation)

    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)

    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)


    ===================== Drivers (Whitelisted) ======================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.16.4.15\Definitions\BASHDefs\20190618.002\BHDrvx64.sys [1935880 2019-06-18] (Symantec Corporation -> Symantec Corporation)

    R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\ccSetx64.sys [192704 2019-05-25] (Symantec Corporation -> Symantec Corporation)

    R1 ccSet_NU; C:\WINDOWS\system32\drivers\NUx64\1000030.02C\ccSetx64.sys [187544 2018-07-18] (Symantec Corporation -> Symantec Corporation)

    R3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2019-06-16] (CPUID -> CPUID)

    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515592 2019-06-05] (Symantec Corporation -> Symantec Corporation)

    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153096 2019-06-12] (Symantec Corporation -> Symantec Corporation)

    R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

    R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    R3 hcwD3bda; C:\WINDOWS\system32\DRIVERS\hcwD3bda64.sys [116352 2010-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Mirics)

    R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.16.4.15\Definitions\IPSDefs\20190619.061\IDSvia64.sys [1441800 2019-04-19] (Symantec Corporation -> Symantec Corporation)

    S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [66824 2017-06-15] (IObit Information Technology -> IObit)

    R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2018-10-16] (IObit Information Technology -> IObit)

    R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2018-10-16] (IObit Information Technology -> IObit)

    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-14] (Malwarebytes Corporation -> Malwarebytes)

    R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2019-03-19] (Microsoft Windows -> MediaTek Inc.)

    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek Semiconductor Corp -> Realtek )

    R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\SRTSP64.SYS [864776 2019-05-25] (Symantec Corporation -> Symantec Corporation)

    R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\SRTSPX64.SYS [49672 2019-05-25] (Symantec Corporation -> Symantec Corporation)

    S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2019-02-09] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)

    R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\SYMEFASI64.SYS [1998552 2019-05-25] (Symantec Corporation -> Symantec Corporation)

    S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\SymELAM.sys [25744 2019-05-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)

    R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99848 2019-05-09] (Symantec Corporation -> Symantec Corporation)

    S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.16.4.15\SymPlatform\SymEvnt.sys [712200 2019-06-07] (Symantec Corporation -> Symantec Corporation)

    R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\Ironx64.SYS [315912 2019-05-25] (Symantec Corporation -> Symantec Corporation)

    R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\symnets.sys [573448 2019-05-25] (Symantec Corporation -> Symantec Corporation)

    R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-08-29] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

    S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\wpCtrlDrv.sys [1012120 2019-05-25] (Symantec Corporation -> Symantec Corporation)

    R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2019-01-06] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  4. theoldandgrey

    theoldandgrey Established Techie7 Member

    post 2

    ==================== One month (created) ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2019-06-20 14:14 - 2019-06-20 14:15 - 002418688 _____ (Farbar) C:\Users\VIV\Desktop\FRST64 (1).exe

    2019-06-20 14:12 - 2019-06-20 14:12 - 002418688 _____ (Farbar) C:\Users\VIV\Desktop\FRST64.exe

    2019-06-20 11:15 - 2019-06-20 11:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation

    2019-06-18 14:57 - 2019-06-18 14:57 - 000004190 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1543596262

    2019-06-18 14:57 - 2019-06-18 14:57 - 000001442 _____ C:\Users\VIV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk

    2019-06-17 14:31 - 2019-06-17 14:31 - 000807558 _____ C:\Users\VIV\Downloads\Q3031_VW193_Series_English.zip

    2019-06-16 18:45 - 2019-06-16 18:45 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1150477090-3809027948-3889013003-1002

    2019-06-16 18:45 - 2019-06-16 18:45 - 000002406 _____ C:\Users\VIV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

    2019-06-16 17:03 - 2019-06-16 17:03 - 000000000 ____D C:\ProgramData\{F86B0233-9A85-4589-8AAF-524CC4F8211B}

    2019-06-15 13:09 - 2019-06-15 13:09 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

    2019-06-15 13:09 - 2019-06-15 13:09 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    2019-06-14 19:01 - 2019-06-14 19:01 - 000000000 ____D C:\WINDOWS\PCHEALTH

    2019-06-14 18:56 - 2019-06-14 18:56 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

    2019-06-14 18:53 - 2019-06-14 18:53 - 000000020 ___SH C:\Users\VIV\ntuser.ini

    2019-06-14 18:52 - 2019-06-14 18:52 - 000000000 _SHDL C:\Documents and Settings

    2019-06-14 18:51 - 2019-06-20 11:35 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security

    2019-06-14 18:51 - 2019-06-14 18:52 - 000003764 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier

    2019-06-14 18:51 - 2019-06-14 18:52 - 000003446 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA

    2019-06-14 18:51 - 2019-06-14 18:52 - 000003446 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

    2019-06-14 18:51 - 2019-06-14 18:52 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

    2019-06-14 18:51 - 2019-06-14 18:52 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

    2019-06-14 18:51 - 2019-06-14 18:52 - 000002642 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP ENVY 5640 series

    2019-06-14 18:51 - 2019-06-14 18:52 - 000002612 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration

    2019-06-14 18:51 - 2019-06-14 18:52 - 000002572 _____ C:\WINDOWS\System32\Tasks\NUSchedule

    2019-06-14 18:51 - 2019-06-14 18:52 - 000002406 _____ C:\WINDOWS\System32\Tasks\SpeedDiskSchedule

    2019-06-14 18:51 - 2019-06-14 18:52 - 000002394 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_VIV

    2019-06-14 18:51 - 2019-06-14 18:51 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

    2019-06-14 18:51 - 2019-06-14 18:51 - 000003222 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore

    2019-06-14 18:51 - 2019-06-14 18:51 - 000002014 _____ C:\WINDOWS\System32\Tasks\NUAutoUpdate

    2019-06-14 18:51 - 2019-06-14 18:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

    2019-06-14 18:51 - 2019-06-14 18:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking

    2019-06-14 18:51 - 2019-06-14 18:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform

    2019-06-14 18:51 - 2019-06-14 18:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software

    2019-06-14 18:51 - 2019-06-14 18:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee

    2019-06-14 18:51 - 2019-06-14 18:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avira

    2019-06-14 18:51 - 2019-06-14 18:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software

    2019-06-14 18:51 - 2019-06-14 18:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple

    2019-06-14 18:50 - 2019-06-14 18:51 - 000015243 _____ C:\WINDOWS\diagwrn.xml

    2019-06-14 18:50 - 2019-06-14 18:51 - 000015243 _____ C:\WINDOWS\diagerr.xml

    2019-06-14 18:44 - 2019-06-14 18:44 - 000976308 _____ C:\WINDOWS\system32\PerfStringBackup.INI

    2019-06-14 18:37 - 2019-06-14 18:37 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

    2019-06-14 18:29 - 2019-06-14 18:29 - 000000000 ____D C:\ProgramData\USOShared

    2019-06-14 18:28 - 2019-06-14 17:02 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

    2019-06-14 18:25 - 2019-06-20 14:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

    2019-06-14 18:25 - 2019-06-14 18:36 - 000510072 _____ C:\WINDOWS\system32\FNTCACHE.DAT

    2019-06-14 18:24 - 2019-06-14 18:52 - 000000000 ____D C:\Windows.old

    2019-06-14 18:22 - 2019-06-14 18:22 - 000066064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WinSetupBoot.sys

    2019-06-14 17:17 - 2019-06-14 18:34 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate

    2019-06-14 17:14 - 2019-06-14 18:53 - 000000000 ____D C:\Users\VIV

    2019-06-14 17:14 - 2019-06-14 18:42 - 000000000 ____D C:\Users\DefaultAppPool

    2019-06-14 17:14 - 2019-06-14 18:24 - 000000000 ____D C:\Users\VL

    2019-06-14 17:14 - 2019-03-19 05:46 - 000001105 _____ C:\Users\VL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

    2019-06-14 17:14 - 2019-03-19 05:46 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

    2019-06-14 17:13 - 2019-06-14 17:17 - 000000000 ____D C:\WINDOWS\ServiceProfiles

    2019-06-14 17:04 - 2019-06-14 17:04 - 025445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 018006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 007802224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 007006720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 006141440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 005919744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 005499904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 005083352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 005014016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 004306944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 004128904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 003837440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 003635200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 003525080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 003486208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe

    2019-06-14 17:04 - 2019-06-14 17:04 - 002494440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 002398208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 002314440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 001510960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 001493944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 001248256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL

    2019-06-14 17:04 - 2019-06-14 17:04 - 001244728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 001105776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 001098712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 001079296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 001039872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL

    2019-06-14 17:04 - 2019-06-14 17:04 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000744248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL

    2019-06-14 17:04 - 2019-06-14 17:04 - 000737552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL

    2019-06-14 17:04 - 2019-06-14 17:04 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000682744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL

    2019-06-14 17:04 - 2019-06-14 17:04 - 000666280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL

    2019-06-14 17:04 - 2019-06-14 17:04 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000551824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000537608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000463272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000420360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll

    2019-06-14 17:04 - 2019-06-14 17:04 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll

    2019-06-14 17:03 - 2019-06-14 17:04 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

    2019-06-14 17:03 - 2019-06-14 17:03 - 025902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 022610944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 009917992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 008010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 007757312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 007636848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 007103488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 006536976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 006381568 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 006068328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 005939712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 005745504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 005071360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 004577280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 004537344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 003915752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 003771392 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 003734456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 003373256 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 002990392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

    2019-06-14 17:03 - 2019-06-14 17:03 - 002799616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

    2019-06-14 17:03 - 2019-06-14 17:03 - 002769976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 002763312 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

    2019-06-14 17:03 - 2019-06-14 17:03 - 002698552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

    2019-06-14 17:03 - 2019-06-14 17:03 - 002694144 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 002587328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 002256592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 002081464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001999440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001954952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001893888 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001853440 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001847808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001721344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001688576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001647584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001562640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001515008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaclient.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001473488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001458176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001414144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001392144 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001283384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

    2019-06-14 17:03 - 2019-06-14 17:03 - 001282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001258496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001213456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001192088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 001072168 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001007160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001007104 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000913408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000911360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000888936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000888056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000879576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000861696 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000822072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000811192 _____ C:\WINDOWS\SysWOW64\locale.nls

    2019-06-14 17:03 - 2019-06-14 17:03 - 000811192 _____ C:\WINDOWS\system32\locale.nls

    2019-06-14 17:03 - 2019-06-14 17:03 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000782120 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 000773944 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 000773168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000751256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

    2019-06-14 17:03 - 2019-06-14 17:03 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000679368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000674792 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 000673320 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000669496 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000667272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000613904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000574976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_9.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000568120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 000529072 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000515896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000477712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

    2019-06-14 17:03 - 2019-06-14 17:03 - 000466624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000462352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000457016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys

    2019-06-14 17:03 - 2019-06-14 17:03 - 000451896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000422008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

    2019-06-14 17:03 - 2019-06-14 17:03 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000404392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000401416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys

    2019-06-14 17:03 - 2019-06-14 17:03 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000386832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000379192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000358944 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys

    2019-06-14 17:03 - 2019-06-14 17:03 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys

    2019-06-14 17:03 - 2019-06-14 17:03 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL

    2019-06-14 17:03 - 2019-06-14 17:03 - 000300392 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000284536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000279624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000267728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000261016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityUxHost.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE

    2019-06-14 17:03 - 2019-06-14 17:03 - 000220472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000205112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winquic.sys

    2019-06-14 17:03 - 2019-06-14 17:03 - 000199184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 000194176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winquic.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe

    2019-06-14 17:03 - 2019-06-14 17:03 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE

    2019-06-14 17:03 - 2019-06-14 17:03 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

    2019-06-14 17:03 - 2019-06-14 17:03 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys

    2019-06-14 17:03 - 2019-06-14 17:03 - 000161848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000146744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys

    2019-06-14 17:03 - 2019-06-14 17:03 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys

    2019-06-14 17:03 - 2019-06-14 17:03 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000139472 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000136720 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000134760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000120352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000116184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GraphicsCapture.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mapistub.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mapi32.dll

    2019-06-14 17:03 - 2019-06-14 17:03 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS
     
  5. theoldandgrey

    theoldandgrey Established Techie7 Member

    Post 3 and last

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2019
    Ran by VIV (20-06-2019 14:19:37)
    Running from C:\Users\VIV\AppData\Local\Temp\scoped_dir11904_19319
    Windows 10 Home Version 1903 18362.175 (X64) (2019-06-14 17:52:54)
    Boot Mode: Normal
    ==========================================================
    ==================== Accounts: =============================
    Administrator (S-1-5-21-1150477090-3809027948-3889013003-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1150477090-3809027948-3889013003-503 - Limited - Disabled)
    Guest (S-1-5-21-1150477090-3809027948-3889013003-501 - Limited - Disabled)
    test (S-1-5-21-1150477090-3809027948-3889013003-1004 - Limited - Enabled)
    tovil (S-1-5-21-1150477090-3809027948-3889013003-1005 - Limited - Disabled)
    VIV (S-1-5-21-1150477090-3809027948-3889013003-1002 - Administrator - Enabled) => C:\Users\VIV
    VL (S-1-5-21-1150477090-3809027948-3889013003-1003 - Administrator - Enabled) => C:\Users\VL
    WDAGUtilityAccount (S-1-5-21-1150477090-3809027948-3889013003-504 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
    Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe)
    Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
    Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
    BlueMail 0.10.31 (HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\8840973a-71a2-52c1-93d6-4bc4cb0bbb6c) (Version: 0.10.31 - BlueMail Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.31.1038.0 - Logitech) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 74.4.115 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
    EaseUS Todo Backup Free 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
    Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.11.507 - Epubor Inc.)
    erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Focus Magic 4.03 (HKLM-x32\...\Focus Magic_is1) (Version: 4.03 - Acclaim Software Ltd)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
    Google Earth Pro (HKLM-x32\...\{9D524A1E-F2FC-444D-B12A-7592CEB56EB5}) (Version: 7.3.2.5776 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
    Greeting Card Factory Deluxe 7.0 (HKLM-x32\...\{55D6B4DA-50E9-47AF-99C1-9A8E3A234763}) (Version: 7.0.0.11 - Nova Development)
    HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
    HP ENVY 5640 series Basic Device Software (HKLM\...\{098DF09B-2BB6-4F24-A778-A57DB1466BD1}) (Version: 40.11.1135.17143 - HP Inc.)
    HP ENVY 5640 series Help (HKLM-x32\...\{B04B1DB6-0AA9-4790-95CE-5A45C8F647FD}) (Version: 34.0.0 - Hewlett Packard)
    HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
    HP Scan Extended (HKLM-x32\...\{11338856-1974-4B3C-ACBC-9F98A8FF79FD}) (Version: 35.0.0.0 - Hewlett-Packard Co.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
    iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
    IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.5.0.6 - IObit)
    IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit)
    Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.3000 - Jasc Software Inc)
    Kobo (HKLM-x32\...\Kobo) (Version: 4.14.10877 - Rakuten Kobo Inc.)
    Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
    Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
    LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.5.0 - Mozilla)
    Mozilla Thunderbird 60.7.1 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 60.7.1 (x86 en-GB)) (Version: 60.7.1 - Mozilla)
    Natural Color (HKLM-x32\...\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}) (Version: - )
    Norton Security (HKLM-x32\...\NGC) (Version: 22.17.2.46 - Symantec Corporation)
    Norton Utilities (HKLM-x32\...\NU) (Version: 16.0.3.44 - Symantec Corporation)
    OneClickdigital Media Manager (HKLM-x32\...\{D27E3096-E1C7-4BF1-923B-13E522646EBF}) (Version: 80.0.0.0 - Recorded Books)
    Opera Mail 1.0 (HKLM-x32\...\Opera 1.0.1044) (Version: 1.0.1044 - Opera Software ASA)
    Opera Mail 1.0 (HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\Opera 1.0.1044) (Version: 1.0.1044 - Opera Software ASA)
    Opera Stable 60.0.3255.170 (HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\Opera 60.0.3255.170) (Version: 60.0.3255.170 - Opera Software)
    OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
    PrintMaster (HKLM-x32\...\{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}) (Version: - )
    Product Improvement Study for HP ENVY 5640 series (HKLM\...\{C6936AA8-42A6-4D09-8B6C-1C473AD1AA36}) (Version: 40.11.1135.17143 - HP Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
    Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 2.0.05.13150 - Sony Corporation)
    Sony USB Driver (HKLM-x32\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
    UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
    USB 2.0 Card Reader (HKLM-x32\...\{CFA9C1EE-8D76-477E-9E26-D24C26F11F47}) (Version: 1.3.0.0 - Generic)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
    Packages:
    =========
    Around The World in 80 Days: Hidden Object games -> C:\Program Files\WindowsApps\38552CrispApp.AroundTheWorldin80DaysHiddenObjectga_1.3.1.0_x64__pnrt47fe6g5q6 [2019-03-28] (CrispApp) [MS Ad]
    Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.6.3.0_x86__kgqvnymyfvs32 [2019-06-12] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1530.2.0_x86__kgqvnymyfvs32 [2019-06-13] (king.com)
    Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.29.2900.0_x86__ytsefhwckbdv6 [2019-05-30] (G5 Entertainment AB)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_95.1.531.0_x64__v10z8vjag6ke6 [2019-03-22] (HP Inc.)
    Kobo eBooks -> C:\Program Files\WindowsApps\KoboInc.KoboBooks_5.2.37.0_x86__vk8qsnw174y90 [2019-05-11] (Kobo Inc)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
    March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.1.0.6_x86__h6adky7gbf63m [2019-06-19] (Gameloft.)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.4100.0_x64__8wekyb3d8bbwe [2019-04-21] (Microsoft Studios) [MS Ad]
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-04] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]
    MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    Mystery of the Opera: The Phantom's Secret -> C:\Program Files\WindowsApps\828B5831.MysteryoftheOperathePhantomsSecret_0.7.601.0_x86__ytsefhwckbdv6 [2019-03-22] (G5 Entertainment AB)
    Mystery Society 2: Hidden Objects -> C:\Program Files\WindowsApps\RolltowerStudios.MysterySociety2HiddenObjects_1.1.68.0_x86__gjx78g1qv1y2c [2019-05-09] (Rolltower Studios)
    Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.8.0.0_neutral__v68kp9n051hdp [2019-05-20] (Symantec Corporation)
    Open Any File -> C:\Program Files\WindowsApps\38184CDCTech.495572C750D15_1.2.102.0_x64__vwv5vk6p12k08 [2019-03-22] (For Better Digital Life - 1st Famous Tool Provider)
    OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-05-16] (OverDrive Inc.)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0 [2019-06-18] (Spotify AB)
    The Secret Society® - Hidden Mystery -> C:\Program Files\WindowsApps\828B5831.TheSecretSociety-HiddenMystery_1.41.4100.0_x86__ytsefhwckbdv6 [2019-06-18] (G5 Entertainment AB)
    Unpacker -> C:\Program Files\WindowsApps\AFF540DC.Unpacker_1.1.14.24_x64__v7353qx4kg3sa [2019-03-22] (Jujuba Software) [MS Ad]
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0x6529B43F7ABCD301FA49E3C0E7DBD301070000002600000000000000 => No File
    CustomCLSID: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\VIV\Dropbox [2018-05-06 13:51]
    ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.2.46\NavShExt.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
    ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
    ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.2.46\NavShExt.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
    ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.2.46\NavShExt.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
    ==================== Shortcuts & WMI ========================
    (The entries could be listed to be restored or removed.)
    ==================== Loaded Modules (Whitelisted) ==============
    2010-10-29 21:02 - 2010-10-29 21:02 - 000751616 _____ () [File not signed] C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
    2018-08-09 16:39 - 2000-06-12 15:14 - 000360518 _____ () [File not signed] C:\Program Files (x86)\SEC\Natural Color\LowCMS.dll
    2018-08-09 16:39 - 2002-04-12 14:39 - 000155715 _____ () [File not signed] C:\Program Files (x86)\SEC\Natural Color\NaturalColorLoad.exe
    2018-02-20 18:04 - 2015-12-10 07:16 - 000275496 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000223272 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000253992 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
    2018-02-20 18:04 - 2015-12-10 07:16 - 000249896 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000118328 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll
    2018-08-09 16:39 - 2000-07-15 00:00 - 000929844 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\SEC\Natural Color\MFC42D.DLL
    2018-08-09 16:39 - 2000-07-15 00:00 - 000798773 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\SEC\Natural Color\MFCO42D.DLL
    2018-08-09 16:39 - 2000-07-15 00:00 - 000434252 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\SEC\Natural Color\MSVCRTD.dll
    2010-10-29 21:01 - 2010-10-29 21:01 - 001012224 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Logitech\Vid HD\LIBEAY32.dll
    2010-10-29 21:01 - 2010-10-29 21:01 - 000207872 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Logitech\Vid HD\ssleay32.DLL
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [177]
    AlternateDataStreams: C:\Users\VIV\Desktop\Food List.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
    AlternateDataStreams: C:\Users\VIV\Desktop\Food List.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123simsen.com -> www.123simsen.com
    There are 7943 more sites.
    IE trusted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\webcompanion.com -> hxxp://webcompanion.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\1-se.com -> 1-se.com
    There are 11480 more sites.
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2015-10-30 08:24 - 2019-05-29 09:23 - 000454790 ____R C:\WINDOWS\system32\drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com
    There are 15610 more lines.
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\VIV\desktop\pictures\dsc00038.jpg
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\VL\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\abs in rice field.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    If an entry is included in the fixlist, it will be removed.
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: cphs => 3
    MSCONFIG\Services: dbupdate => 2
    MSCONFIG\Services: dbupdatem => 3
    MSCONFIG\Services: DbxSvc => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: hcwD3bda_dvbt => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: RtkAudioService => 2
    MSCONFIG\Services: TeamViewer => 2
    HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run32: => "ReminderApp"
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{78957C30-BF56-4998-9673-C8F2E32378C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{688B2FD4-E94F-49A8-BB8D-C8AE84830B03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{849BDE31-F4FA-40A8-985B-B182ECBDD183}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1CA06BA6-CAB1-47C1-8362-ECDBB86CBFCB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{8EC9383D-529D-4BCD-BB28-03A1FA4AB44E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{B1EB9096-3EDF-442E-B18C-A67B5751F263}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{43EF1F3B-973E-4225-A88A-1D071A7E34DF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5E53754E-20FD-47B1-9C7B-D256AD72E346}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1EAAA303-7AFA-4A4D-8D36-3C1358192D2E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
    FirewallRules: [{F9049D39-B0F9-4629-9489-8EE238EDE166}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    FirewallRules: [{B962A7C1-3DD2-4901-A9E8-E1F86CC8D79C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    FirewallRules: [{94B0271C-5874-4EF6-9E25-FF1223502DEB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{0429E721-05B9-44A0-935D-6F2DE4D4D171}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{E8FCBDB4-3B7E-44A1-8450-D6FCABCE3D76}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{F79BCDF6-36F3-45A9-89D8-45E8ABD68C36}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{A46783D9-D3C8-41D4-88AE-5F8B50E3A34C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{99381536-22B3-4825-855C-AA2F2CB86C89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{CC4E2C1A-CD30-47D3-A954-9F869246781B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{6E7C7B0A-AB17-4F19-91AF-48D4485DA4EC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1A0176E7-5E7A-48AA-97FB-4E49887B2EA8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    ==================== Restore Points =========================
    15-06-2019 13:08:16 Windows Update
    15-06-2019 13:09:47 Windows Update
    ==================== Faulty Device Manager Devices =============
    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (06/16/2019 04:54:16 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
    Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 13600 and the required size was 38744.
    Error: (06/16/2019 04:41:16 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .
    Operation:
    Executing Asynchronous Operation
    Context:
    Current State: DoSnapshotSet
    Error: (06/15/2019 02:58:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Microsoft.Photos.exe version 2019.19041.16510.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 34cc
    Start Time: 01d5238255a8ab49
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Report Id: c2577a3d-a353-41b8-a6f0-f2d416ab0dff
    Faulting package full name: Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (06/14/2019 07:01:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Microsoft.Photos.exe version 2019.19041.16510.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 29b4
    Start Time: 01d522daf78c219c
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Report Id: 2b9b58d8-36e7-406b-bdaa-5f3d4011ca4b
    Faulting package full name: Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (06/14/2019 06:44:10 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupModificationEvent" whose target class "WSP_ReplicationGroupModificationEvent" in //./ROOT/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
    Error: (06/14/2019 06:44:10 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupDepartureEvent" whose target class "WSP_ReplicationGroupDepartureEvent" in //./ROOT/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
    Error: (06/14/2019 06:44:10 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupArrivalEvent" whose target class "WSP_ReplicationGroupArrivalEvent" in //./ROOT/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
    Error: (06/14/2019 06:44:10 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider attempted to register query "select * from WSP_ReplicationGroupModificationEvent" whose target class "WSP_ReplicationGroupModificationEvent" in //./ROOT/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
    System errors:
    =============
    Error: (06/18/2019 07:25:30 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1FFI7T5)
    Description: The server {63A193FC-1252-47F7-AF50-10248D524D1F} did not register with DCOM within the required timeout.
    Error: (06/18/2019 07:25:29 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1FFI7T5)
    Description: The server {1470775F-9CCD-442D-B5BE-F0295139B681} did not register with DCOM within the required timeout.
    Error: (06/17/2019 07:04:13 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1FFI7T5)
    Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
    Error: (06/15/2019 08:18:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1FFI7T5)
    Description: The server {63A193FC-1252-47F7-AF50-10248D524D1F} did not register with DCOM within the required timeout.
    Error: (06/15/2019 08:18:30 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1FFI7T5)
    Description: The server {1470775F-9CCD-442D-B5BE-F0295139B681} did not register with DCOM within the required timeout.
    Error: (06/15/2019 08:23:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The EaseUS Agent Service service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/14/2019 07:11:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1FFI7T5)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
    Error: (06/14/2019 07:11:57 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1FFI7T5)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
    CodeIntegrity:
    ===================================
    Date: 2019-06-19 11:26:55.889
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-19 11:26:55.793
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-19 11:26:55.721
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-19 11:26:55.680
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-19 11:26:47.148
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-19 11:26:46.993
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-19 11:26:46.983
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-19 11:26:46.968
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    ==================== Memory info ===========================
    BIOS: AMI 7.13 09/28/2011
    Motherboard: Foxconn 2ABF
    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
    Percentage of memory in use: 77%
    Total physical RAM: 6048.81 MB
    Available physical RAM: 1347.85 MB
    Total Virtual: 15888.62 MB
    Available Virtual: 8862.3 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:918.8 GB) (Free:641.1 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:11.75 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive g: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:692.25 GB) NTFS
    \\?\Volume{0d8962b0-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
    \\?\Volume{0d8962b0-0000-0000-0000-c0d2e5000000}\ () (Fixed) (Total:0.47 GB) (Free:0.06 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0D8962B0)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=918.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=478 MB) - (Type=27)
    Partition 4: (Not Active) - (Size=11.8 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: 468C624F)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
    ==================== End of Addition.txt ============================
    ost 3 and last
     
  6. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    [​IMG] Do NOT create new topic for each reply. Reply right here in this topic.

    [​IMG] In the future please use Notepad instead of Wordpad to open logs.
    Wordpad creates an extra space and all logs are twice as long and harder for me to read.
    Thank you :)

    =========================================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
     
  7. theoldandgrey

    theoldandgrey Established Techie7 Member

    Sorry about that, I was trying to count characters and just posted in Word, I've learned my lesson. I was a bit confuse with Adware cleaner as there was no CX report just COO.

    RogueKiller Anti-Malware V13.2.2.0 (x64) [Jun 10 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.18362) 64 bits
    Started in : Normal mode
    User : VIV [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20190620_054055, Driver : Loaded
    Mode : Standard Scan, Scan -- Date : 2019/06/21 08:43:07 (Duration : 00:45:45)
    Switches : -refid 3
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [PUP.Slimware (Potentially Malicious)] SWDUMon (0) -- (AVG Technologies CZ, s.r.o.) \SystemRoot\system32\DRIVERS\SWDUMon.sys -> Found
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    >>>>>> O23 - Services
    [PUP.Slimware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon -- (AVG Technologies CZ, s.r.o.) C:\Windows\System32\drivers\SWDUMon.sys -> Found
    >>>>>> R5 - Proxy
    [PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1150477090-3809027948-3889013003-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyEnable -- 1 -> Found
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    Hosts file is too big
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [PUP.Slimware (Potentially Malicious)] (file) SWDUMon.sys -- (AVG Technologies CZ, s.r.o.) C:\Windows\System32\drivers\SWDUMon.sys -> Found
    [PUP.Gen1 (Potentially Malicious)] (folder) SlimWare Utilities Inc -- C:\Users\VIV\AppData\Local\SlimWare Utilities Inc -> Found
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    Malwarebytes

    www.malwarebytes.com
    -Log Details-
    Scan Date: 21/06/2019
    Scan Time: 10:15
    Log File: 1a0b07ea-9405-11e9-aafb-3cd92b74d5bb.json
    -Software Information-
    Version: 3.7.1.2839
    Components Version: 1.0.586
    Update Package Version: 1.0.11174
    Licence: Free
    -System Information-
    OS: Windows 10 (Build 18362.175)
    CPU: x64
    File System: NTFS
    User: DESKTOP-1FFI7T5\VIV
    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 391922
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 16 min, 20 sec
    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect
    -Scan Details-
    Process: 0
    (No malicious items detected)
    Module: 0
    (No malicious items detected)
    Registry Key: 0
    (No malicious items detected)
    Registry Value: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Data Stream: 0
    (No malicious items detected)
    Folder: 0
    (No malicious items detected)
    File: 0
    (No malicious items detected)
    Physical Sector: 0
    (No malicious items detected)
    WMI: 0
    (No malicious items detected)
    (end)

    -------------------------------
    # -------------------------------
    # Malwarebytes AdwCleaner 7.3.0.0
    # -------------------------------
    # Build: 04-04-2019
    # Database: 2019-06-18.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 06-21-2019
    # Duration: 00:00:22
    # OS: Windows 10 Home
    # Cleaned: 33
    # Failed: 0
    ***** [ Services ] *****
    No malicious services cleaned.
    ***** [ Folders ] *****
    Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
    Deleted C:\Program Files (x86)\IObit\Advanced SystemCare
    Deleted C:\ProgramData\SecuritySuite
    Deleted C:\Users\Public\Documents\Downloaded Installers
    Deleted C:\Users\VIV\AppData\LocalLow\IObit\Advanced SystemCare
    Deleted C:\Users\VIV\AppData\Local\slimware utilities inc
    Deleted C:\Users\VIV\AppData\Roaming\IObit\Advanced SystemCare
    Deleted C:\Users\VIV\Documents\TotalAV
    Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
    ***** [ Files ] *****
    Deleted C:\Users\VL\Downloads\SpyHunter-Installer.exe
    Deleted C:\Windows\System32\drivers\swdumon.sys
    ***** [ DLL ] *****
    No malicious DLLs cleaned.
    ***** [ WMI ] *****
    No malicious WMI cleaned.
    ***** [ Shortcuts ] *****
    No malicious shortcuts cleaned.
    ***** [ Tasks ] *****
    No malicious tasks cleaned.
    ***** [ Registry ] *****
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 12
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKCU\Software\SSProtect
    Deleted HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    Deleted HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    Deleted HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
    Deleted HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
    Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\SWDUMon
    Deleted HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
    Deleted HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
    Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
    Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
    Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
    Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
    Deleted HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    Deleted HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKU\S-1-5-21-1150477090-3809027948-3889013003-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    ***** [ Chromium (and derivatives) ] *****
    No malicious Chromium entries cleaned.
    ***** [ Chromium URLs ] *****
    Deleted MyPlayCity Search
    ***** [ Firefox (and derivatives) ] *****
    No malicious Firefox entries cleaned.
    ***** [ Firefox URLs ] *****
    No malicious Firefox URLs cleaned.
    *************************
    [+] Delete Tracing Keys
    [+] Reset Winsock
    *************************
    AdwCleaner[S00].txt - [4508 octets] - [21/06/2019 14:16:53]
    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
     
  8. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  9. theoldandgrey

    theoldandgrey Established Techie7 Member

    Herewith Farbar
    Ran by VIV (21-06-2019 17:12:33)
    Running from C:\Users\VIV\Desktop
    Windows 10 Home Version 1903 18362.175 (X64) (2019-06-14 17:52:54)
    Boot Mode: Normal
    ==========================================================
    ==================== Accounts: =============================
    Administrator (S-1-5-21-1150477090-3809027948-3889013003-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1150477090-3809027948-3889013003-503 - Limited - Disabled)
    Guest (S-1-5-21-1150477090-3809027948-3889013003-501 - Limited - Disabled)
    test (S-1-5-21-1150477090-3809027948-3889013003-1004 - Limited - Enabled)
    tovil (S-1-5-21-1150477090-3809027948-3889013003-1005 - Limited - Disabled)
    VIV (S-1-5-21-1150477090-3809027948-3889013003-1002 - Administrator - Enabled) => C:\Users\VIV
    VL (S-1-5-21-1150477090-3809027948-3889013003-1003 - Administrator - Enabled) => C:\Users\VL
    WDAGUtilityAccount (S-1-5-21-1150477090-3809027948-3889013003-504 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
    Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe)
    Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
    Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
    BlueMail 0.10.31 (HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\8840973a-71a2-52c1-93d6-4bc4cb0bbb6c) (Version: 0.10.31 - BlueMail Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.31.1038.0 - Logitech) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 74.4.115 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
    EaseUS Todo Backup Free 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
    Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.11.507 - Epubor Inc.)
    erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Focus Magic 4.03 (HKLM-x32\...\Focus Magic_is1) (Version: 4.03 - Acclaim Software Ltd)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
    Google Earth Pro (HKLM-x32\...\{9D524A1E-F2FC-444D-B12A-7592CEB56EB5}) (Version: 7.3.2.5776 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
    Greeting Card Factory Deluxe 7.0 (HKLM-x32\...\{55D6B4DA-50E9-47AF-99C1-9A8E3A234763}) (Version: 7.0.0.11 - Nova Development)
    HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
    HP ENVY 5640 series Basic Device Software (HKLM\...\{098DF09B-2BB6-4F24-A778-A57DB1466BD1}) (Version: 40.11.1135.17143 - HP Inc.)
    HP ENVY 5640 series Help (HKLM-x32\...\{B04B1DB6-0AA9-4790-95CE-5A45C8F647FD}) (Version: 34.0.0 - Hewlett Packard)
    HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
    HP Scan Extended (HKLM-x32\...\{11338856-1974-4B3C-ACBC-9F98A8FF79FD}) (Version: 35.0.0.0 - Hewlett-Packard Co.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
    iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
    IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.5.0.6 - IObit)
    IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit)
    Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.3000 - Jasc Software Inc)
    Kobo (HKLM-x32\...\Kobo) (Version: 4.14.10877 - Rakuten Kobo Inc.)
    Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
    Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
    LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.5.0 - Mozilla)
    Mozilla Thunderbird 60.7.2 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 60.7.2 (x86 en-GB)) (Version: 60.7.2 - Mozilla)
    Natural Color (HKLM-x32\...\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}) (Version: - )
    Norton Security (HKLM-x32\...\NGC) (Version: 22.17.2.47 - Symantec Corporation)
    Norton Utilities (HKLM-x32\...\NU) (Version: 16.0.3.44 - Symantec Corporation)
    OneClickdigital Media Manager (HKLM-x32\...\{D27E3096-E1C7-4BF1-923B-13E522646EBF}) (Version: 80.0.0.0 - Recorded Books)
    Opera Mail 1.0 (HKLM-x32\...\Opera 1.0.1044) (Version: 1.0.1044 - Opera Software ASA)
    Opera Stable 60.0.3255.170 (HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\Opera 60.0.3255.170) (Version: 60.0.3255.170 - Opera Software)
    OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
    PrintMaster (HKLM-x32\...\{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}) (Version: - )
    Product Improvement Study for HP ENVY 5640 series (HKLM\...\{C6936AA8-42A6-4D09-8B6C-1C473AD1AA36}) (Version: 40.11.1135.17143 - HP Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
    RogueKiller version 13.2.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.2.0 - Adlice Software)
    Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 2.0.05.13150 - Sony Corporation)
    Sony USB Driver (HKLM-x32\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
    UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
    USB 2.0 Card Reader (HKLM-x32\...\{CFA9C1EE-8D76-477E-9E26-D24C26F11F47}) (Version: 1.3.0.0 - Generic)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
    Packages:
    =========
    Around The World in 80 Days: Hidden Object games -> C:\Program Files\WindowsApps\38552CrispApp.AroundTheWorldin80DaysHiddenObjectga_1.3.1.0_x64__pnrt47fe6g5q6 [2019-03-28] (CrispApp) [MS Ad]
    Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.6.3.0_x86__kgqvnymyfvs32 [2019-06-12] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1530.2.0_x86__kgqvnymyfvs32 [2019-06-13] (king.com)
    Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.29.2900.0_x86__ytsefhwckbdv6 [2019-05-30] (G5 Entertainment AB)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_95.1.531.0_x64__v10z8vjag6ke6 [2019-03-22] (HP Inc.)
    Kobo eBooks -> C:\Program Files\WindowsApps\KoboInc.KoboBooks_5.2.37.0_x86__vk8qsnw174y90 [2019-05-11] (Kobo Inc)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
    March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.1.0.6_x86__h6adky7gbf63m [2019-06-19] (Gameloft.)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.4100.0_x64__8wekyb3d8bbwe [2019-04-21] (Microsoft Studios) [MS Ad]
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-04] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]
    MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    Mystery of the Opera: The Phantom's Secret -> C:\Program Files\WindowsApps\828B5831.MysteryoftheOperathePhantomsSecret_0.7.601.0_x86__ytsefhwckbdv6 [2019-03-22] (G5 Entertainment AB)
    Mystery Society 2: Hidden Objects -> C:\Program Files\WindowsApps\RolltowerStudios.MysterySociety2HiddenObjects_1.1.68.0_x86__gjx78g1qv1y2c [2019-05-09] (Rolltower Studios)
    Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.8.0.0_neutral__v68kp9n051hdp [2019-05-20] (Symantec Corporation)
    Open Any File -> C:\Program Files\WindowsApps\38184CDCTech.495572C750D15_1.2.102.0_x64__vwv5vk6p12k08 [2019-03-22] (For Better Digital Life - 1st Famous Tool Provider)
    OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-05-16] (OverDrive Inc.)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0 [2019-06-18] (Spotify AB)
    The Secret Society® - Hidden Mystery -> C:\Program Files\WindowsApps\828B5831.TheSecretSociety-HiddenMystery_1.41.4100.0_x86__ytsefhwckbdv6 [2019-06-18] (G5 Entertainment AB)
    Unpacker -> C:\Program Files\WindowsApps\AFF540DC.Unpacker_1.1.14.24_x64__v7353qx4kg3sa [2019-03-22] (Jujuba Software) [MS Ad]
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0x6529B43F7ABCD301FA49E3C0E7DBD301070000002600000000000000 => No File
    CustomCLSID: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\VIV\Dropbox [2018-05-06 13:51]
    ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.2.47\NavShExt.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
    ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.2.47\NavShExt.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
    ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.2.47\NavShExt.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
    ==================== Shortcuts & WMI ========================
    (The entries could be listed to be restored or removed.)
    ==================== Loaded Modules (Whitelisted) ==============
    2019-02-27 12:18 - 2002-07-17 03:05 - 000237568 _____ () [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\asn.er.dll
    2010-10-29 21:02 - 2010-10-29 21:02 - 000751616 _____ () [File not signed] C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
    2018-08-09 16:39 - 2000-06-12 15:14 - 000360518 _____ () [File not signed] C:\Program Files (x86)\SEC\Natural Color\LowCMS.dll
    2018-08-09 16:39 - 2002-04-12 14:39 - 000155715 _____ () [File not signed] C:\Program Files (x86)\SEC\Natural Color\NaturalColorLoad.exe
    2019-03-27 17:05 - 2002-07-17 03:05 - 000462848 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\ACE.dll
    2019-03-27 17:05 - 2002-07-17 03:05 - 000929792 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\AGM.dll
    2019-03-27 17:05 - 2002-07-17 03:05 - 000167936 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\BIB.dll
    2019-03-27 17:05 - 2002-07-17 03:05 - 001458176 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\CoolType.dll
    2019-03-27 17:05 - 2002-07-17 03:05 - 000094208 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\OPP.dll
    2019-03-27 17:05 - 2002-07-17 03:06 - 002920448 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\PDFL50.dll
    2019-03-27 17:05 - 2002-07-17 03:22 - 000978944 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Required\ADMPlugin.apl
    2019-03-27 17:05 - 2002-07-17 03:22 - 000106496 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Required\ASDataStream.apl
    2019-03-27 17:05 - 2002-07-17 03:22 - 000069632 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Required\PNGIcons.apl
    2019-03-27 17:05 - 2002-07-17 03:08 - 000221184 ____N (Adobe Systems, Inc) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\HtmlViewLib.dll
    2019-03-27 17:05 - 2002-07-17 04:35 - 000425984 ____N (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\HelpSystem.dll
    2019-03-27 17:05 - 2002-07-17 03:08 - 000159744 ____N (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\UID.mr.dll
    2019-03-27 17:05 - 2002-07-17 03:07 - 000466944 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\AXEParser.dll
    2019-03-27 17:05 - 2002-07-17 04:20 - 000696320 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Photoshop.dll
    2019-03-27 17:05 - 2019-03-27 17:05 - 015986688 _____ (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe
    2019-03-27 17:05 - 2002-07-17 05:18 - 000053248 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\PLUGIN.dll
    2019-03-27 17:06 - 2002-07-17 05:25 - 000045056 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Plug-Ins\Extensions\FastCore.8BX
    2019-03-27 17:06 - 2002-07-17 05:26 - 000159744 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Plug-Ins\Extensions\MMXCore.8BX
    2019-03-27 17:06 - 2002-07-17 05:28 - 000155648 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Plug-Ins\Extensions\MultiProcessor Support.8BX
    2019-03-27 17:06 - 2002-07-17 05:33 - 000135168 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Plug-Ins\Parser\PDF Image Import.8BI
    2019-03-27 17:05 - 2002-07-17 05:16 - 001564672 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\PSArt.dll
    2019-03-27 17:05 - 2002-07-17 04:20 - 001781760 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\PSViews.dll
    2018-02-02 15:01 - 2002-07-17 03:03 - 001155072 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Common Files\Adobe\Web\AdobeWeb.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000026816 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000128192 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000021184 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000020008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000443944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000040128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000072232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000169512 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000173760 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000018112 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000188608 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000024768 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000080936 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000089640 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000017448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000020520 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000138792 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000027176 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000353832 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000030760 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000281128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000193064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000220864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000148008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000032296 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000769064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000061992 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000076840 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000114880 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000050216 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000024616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000039976 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImageName.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000158248 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 001296424 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000085184 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000068136 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000059944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000056360 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000207912 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000146984 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000064040 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000224808 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000501800 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000043048 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000088616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000056512 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000034856 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000204480 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeHlp.dll
    2018-02-20 18:04 - 2016-06-03 05:15 - 000278720 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    2018-02-20 18:04 - 2016-04-13 09:49 - 000432320 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\uexper.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000139816 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000136232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000060968 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000275496 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000223272 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000253992 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
    2018-02-20 18:04 - 2015-12-10 07:16 - 000249896 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000118328 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll
    2018-02-20 18:04 - 2016-06-03 05:15 - 000039616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    2018-02-20 18:04 - 2016-06-03 05:12 - 000569536 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmdManager.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000020008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ControlPxe.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000689704 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EMail.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000045760 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuPipe.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000220864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackup.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000100904 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackupSize.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000593600 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlImgFile.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000044072 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlSearchImg.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000159272 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Ftp.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000017448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FTPTest.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000079400 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImageFileInfo.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000296128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFileHlp.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000103976 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFileHlpOther.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000155328 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MatchStr.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000028864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Options.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000093224 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\PolicyManage.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000121896 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Thread.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Transmit.dll
    2018-02-20 18:04 - 2015-12-10 07:14 - 001637928 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
    2018-02-20 18:04 - 2015-12-10 07:04 - 000042536 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\XmlWrapper.dll
    2018-02-20 18:04 - 2015-12-10 07:05 - 000303656 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000898088 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
    2010-08-06 12:15 - 2010-08-06 12:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
    2010-08-06 12:15 - 2010-08-06 12:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
    2018-08-09 16:39 - 2000-07-15 00:00 - 000929844 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\SEC\Natural Color\MFC42D.DLL
    2018-08-09 16:39 - 2000-07-15 00:00 - 000798773 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\SEC\Natural Color\MFCO42D.DLL
    2018-08-09 16:39 - 2000-07-15 00:00 - 000434252 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\SEC\Natural Color\MSVCRTD.dll
    2018-02-20 18:04 - 2016-01-26 09:27 - 002454016 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\python27.dll
    2010-10-29 21:01 - 2010-10-29 21:01 - 001012224 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Logitech\Vid HD\LIBEAY32.dll
    2010-10-29 21:01 - 2010-10-29 21:01 - 000207872 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Logitech\Vid HD\ssleay32.DLL
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [177]
    AlternateDataStreams: C:\Users\VIV\Desktop\Food List.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
    AlternateDataStreams: C:\Users\VIV\Desktop\Food List.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123simsen.com -> www.123simsen.com
    There are 7941 more sites.
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2015-10-30 08:24 - 2019-05-29 09:23 - 000454790 ____R C:\WINDOWS\system32\drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com
    There are 15610 more lines.
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\VIV\desktop\pictures\dsc00038.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    If an entry is included in the fixlist, it will be removed.
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: cphs => 3
    MSCONFIG\Services: dbupdate => 2
    MSCONFIG\Services: dbupdatem => 3
    MSCONFIG\Services: DbxSvc => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: hcwD3bda_dvbt => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: RtkAudioService => 2
    MSCONFIG\Services: TeamViewer => 2
    HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run32: => "ReminderApp"
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{78957C30-BF56-4998-9673-C8F2E32378C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{688B2FD4-E94F-49A8-BB8D-C8AE84830B03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{849BDE31-F4FA-40A8-985B-B182ECBDD183}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1CA06BA6-CAB1-47C1-8362-ECDBB86CBFCB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{8EC9383D-529D-4BCD-BB28-03A1FA4AB44E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{B1EB9096-3EDF-442E-B18C-A67B5751F263}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{43EF1F3B-973E-4225-A88A-1D071A7E34DF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5E53754E-20FD-47B1-9C7B-D256AD72E346}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1EAAA303-7AFA-4A4D-8D36-3C1358192D2E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
    FirewallRules: [{F9049D39-B0F9-4629-9489-8EE238EDE166}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    FirewallRules: [{B962A7C1-3DD2-4901-A9E8-E1F86CC8D79C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    FirewallRules: [{94B0271C-5874-4EF6-9E25-FF1223502DEB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{0429E721-05B9-44A0-935D-6F2DE4D4D171}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{E8FCBDB4-3B7E-44A1-8450-D6FCABCE3D76}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{F79BCDF6-36F3-45A9-89D8-45E8ABD68C36}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{A46783D9-D3C8-41D4-88AE-5F8B50E3A34C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{99381536-22B3-4825-855C-AA2F2CB86C89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{CC4E2C1A-CD30-47D3-A954-9F869246781B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{6E7C7B0A-AB17-4F19-91AF-48D4485DA4EC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1A0176E7-5E7A-48AA-97FB-4E49887B2EA8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [TCP Query User{E2D337D1-FB8E-4358-820D-E932FEEAC4D2}C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
    FirewallRules: [UDP Query User{7C49323F-AF4C-48CA-9605-76FD4FA40434}C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    ==================== Restore Points =========================
    15-06-2019 13:08:16 Windows Update
    15-06-2019 13:09:47 Windows Update
    ==================== Faulty Device Manager Devices =============
    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (06/21/2019 02:51:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program OpenAnyFile.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 3a0c
    Start Time: 01d528386aad768d
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\38184CDCTech.495572C750D15_1.2.102.0_x64__vwv5vk6p12k08\OpenAnyFile.exe
    Report Id: bdfed060-3c50-4d71-a321-56381a2bb629
    Faulting package full name: 38184CDCTech.495572C750D15_1.2.102.0_x64__vwv5vk6p12k08
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (06/16/2019 04:54:16 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
    Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 13600 and the required size was 38744.
    Error: (06/16/2019 04:41:16 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .
    Operation:
    Executing Asynchronous Operation
    Context:
    Current State: DoSnapshotSet
    Error: (06/15/2019 02:58:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Microsoft.Photos.exe version 2019.19041.16510.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 34cc
    Start Time: 01d5238255a8ab49
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Report Id: c2577a3d-a353-41b8-a6f0-f2d416ab0dff
    Faulting package full name: Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (06/14/2019 07:01:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Microsoft.Photos.exe version 2019.19041.16510.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 29b4
    Start Time: 01d522daf78c219c
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Report Id: 2b9b58d8-36e7-406b-bdaa-5f3d4011ca4b
    Faulting package full name: Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (06/14/2019 06:44:10 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupModificationEvent" whose target class "WSP_ReplicationGroupModificationEvent" in //./ROOT/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
    Error: (06/14/2019 06:44:10 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupDepartureEvent" whose target class "WSP_ReplicationGroupDepartureEvent" in //./ROOT/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
    Error: (06/14/2019 06:44:10 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupArrivalEvent" whose target class "WSP_ReplicationGroupArrivalEvent" in //./ROOT/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
    System errors:
    =============
    Error: (06/21/2019 02:28:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Logitech Video Camera Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    Error: (06/21/2019 02:28:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Error: (06/21/2019 02:27:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The DbxSvc service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Norton Utilities 16 Start Manager Service service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Avira Optimizer Host service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Hauppauge MSi2500 DVBT Service service terminated unexpectedly. It has done this 1 time(s).
    CodeIntegrity:
    ===================================
    Date: 2019-06-21 14:32:05.462
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.2.46\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2019-06-21 14:32:03.901
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.2.46\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2019-06-21 14:32:01.517
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.2.46\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2019-06-21 14:31:59.161
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.2.46\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2019-06-21 10:29:10.255
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-21 10:29:10.215
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-21 10:29:10.148
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-21 10:29:10.115
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    ==================== Memory info ===========================
    BIOS: AMI 7.13 09/28/2011
    Motherboard: Foxconn 2ABF
    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
    Percentage of memory in use: 64%
    Total physical RAM: 6048.81 MB
    Available physical RAM: 2133.04 MB
    Total Virtual: 12192.81 MB
    Available Virtual: 5798.61 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:918.8 GB) (Free:642.1 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:11.75 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive g: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:687.1 GB) NTFS
    \\?\Volume{0d8962b0-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
    \\?\Volume{0d8962b0-0000-0000-0000-c0d2e5000000}\ () (Fixed) (Total:0.47 GB) (Free:0.06 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0D8962B0)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=918.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=478 MB) - (Type=27)
    Partition 4: (Not Active) - (Size=11.8 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: 468C624F)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
    ==================== End of Addition.txt ============================
     
  10. theoldandgrey

    theoldandgrey Established Techie7 Member

    Farbar Addtion
    Ran by VIV (21-06-2019 17:12:33)
    Running from C:\Users\VIV\Desktop
    Windows 10 Home Version 1903 18362.175 (X64) (2019-06-14 17:52:54)
    Boot Mode: Normal
    ==========================================================
    ==================== Accounts: =============================
    Administrator (S-1-5-21-1150477090-3809027948-3889013003-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1150477090-3809027948-3889013003-503 - Limited - Disabled)
    Guest (S-1-5-21-1150477090-3809027948-3889013003-501 - Limited - Disabled)
    test (S-1-5-21-1150477090-3809027948-3889013003-1004 - Limited - Enabled)
    tovil (S-1-5-21-1150477090-3809027948-3889013003-1005 - Limited - Disabled)
    VIV (S-1-5-21-1150477090-3809027948-3889013003-1002 - Administrator - Enabled) => C:\Users\VIV
    VL (S-1-5-21-1150477090-3809027948-3889013003-1003 - Administrator - Enabled) => C:\Users\VL
    WDAGUtilityAccount (S-1-5-21-1150477090-3809027948-3889013003-504 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
    Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe)
    Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
    Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
    BlueMail 0.10.31 (HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\8840973a-71a2-52c1-93d6-4bc4cb0bbb6c) (Version: 0.10.31 - BlueMail Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.31.1038.0 - Logitech) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 74.4.115 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
    EaseUS Todo Backup Free 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
    Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.11.507 - Epubor Inc.)
    erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Focus Magic 4.03 (HKLM-x32\...\Focus Magic_is1) (Version: 4.03 - Acclaim Software Ltd)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
    Google Earth Pro (HKLM-x32\...\{9D524A1E-F2FC-444D-B12A-7592CEB56EB5}) (Version: 7.3.2.5776 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
    Greeting Card Factory Deluxe 7.0 (HKLM-x32\...\{55D6B4DA-50E9-47AF-99C1-9A8E3A234763}) (Version: 7.0.0.11 - Nova Development)
    HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
    HP ENVY 5640 series Basic Device Software (HKLM\...\{098DF09B-2BB6-4F24-A778-A57DB1466BD1}) (Version: 40.11.1135.17143 - HP Inc.)
    HP ENVY 5640 series Help (HKLM-x32\...\{B04B1DB6-0AA9-4790-95CE-5A45C8F647FD}) (Version: 34.0.0 - Hewlett Packard)
    HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
    HP Scan Extended (HKLM-x32\...\{11338856-1974-4B3C-ACBC-9F98A8FF79FD}) (Version: 35.0.0.0 - Hewlett-Packard Co.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
    iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
    IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.5.0.6 - IObit)
    IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit)
    Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.3000 - Jasc Software Inc)
    Kobo (HKLM-x32\...\Kobo) (Version: 4.14.10877 - Rakuten Kobo Inc.)
    Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
    Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
    LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.5.0 - Mozilla)
    Mozilla Thunderbird 60.7.2 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 60.7.2 (x86 en-GB)) (Version: 60.7.2 - Mozilla)
    Natural Color (HKLM-x32\...\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}) (Version: - )
    Norton Security (HKLM-x32\...\NGC) (Version: 22.17.2.47 - Symantec Corporation)
    Norton Utilities (HKLM-x32\...\NU) (Version: 16.0.3.44 - Symantec Corporation)
    OneClickdigital Media Manager (HKLM-x32\...\{D27E3096-E1C7-4BF1-923B-13E522646EBF}) (Version: 80.0.0.0 - Recorded Books)
    Opera Mail 1.0 (HKLM-x32\...\Opera 1.0.1044) (Version: 1.0.1044 - Opera Software ASA)
    Opera Stable 60.0.3255.170 (HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\Opera 60.0.3255.170) (Version: 60.0.3255.170 - Opera Software)
    OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
    PrintMaster (HKLM-x32\...\{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}) (Version: - )
    Product Improvement Study for HP ENVY 5640 series (HKLM\...\{C6936AA8-42A6-4D09-8B6C-1C473AD1AA36}) (Version: 40.11.1135.17143 - HP Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
    RogueKiller version 13.2.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.2.0 - Adlice Software)
    Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 2.0.05.13150 - Sony Corporation)
    Sony USB Driver (HKLM-x32\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
    UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
    USB 2.0 Card Reader (HKLM-x32\...\{CFA9C1EE-8D76-477E-9E26-D24C26F11F47}) (Version: 1.3.0.0 - Generic)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
    Packages:
    =========
    Around The World in 80 Days: Hidden Object games -> C:\Program Files\WindowsApps\38552CrispApp.AroundTheWorldin80DaysHiddenObjectga_1.3.1.0_x64__pnrt47fe6g5q6 [2019-03-28] (CrispApp) [MS Ad]
    Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.6.3.0_x86__kgqvnymyfvs32 [2019-06-12] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1530.2.0_x86__kgqvnymyfvs32 [2019-06-13] (king.com)
    Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.29.2900.0_x86__ytsefhwckbdv6 [2019-05-30] (G5 Entertainment AB)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_95.1.531.0_x64__v10z8vjag6ke6 [2019-03-22] (HP Inc.)
    Kobo eBooks -> C:\Program Files\WindowsApps\KoboInc.KoboBooks_5.2.37.0_x86__vk8qsnw174y90 [2019-05-11] (Kobo Inc)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
    March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.1.0.6_x86__h6adky7gbf63m [2019-06-19] (Gameloft.)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.4100.0_x64__8wekyb3d8bbwe [2019-04-21] (Microsoft Studios) [MS Ad]
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-04] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]
    MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    Mystery of the Opera: The Phantom's Secret -> C:\Program Files\WindowsApps\828B5831.MysteryoftheOperathePhantomsSecret_0.7.601.0_x86__ytsefhwckbdv6 [2019-03-22] (G5 Entertainment AB)
    Mystery Society 2: Hidden Objects -> C:\Program Files\WindowsApps\RolltowerStudios.MysterySociety2HiddenObjects_1.1.68.0_x86__gjx78g1qv1y2c [2019-05-09] (Rolltower Studios)
    Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.8.0.0_neutral__v68kp9n051hdp [2019-05-20] (Symantec Corporation)
    Open Any File -> C:\Program Files\WindowsApps\38184CDCTech.495572C750D15_1.2.102.0_x64__vwv5vk6p12k08 [2019-03-22] (For Better Digital Life - 1st Famous Tool Provider)
    OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-05-16] (OverDrive Inc.)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0 [2019-06-18] (Spotify AB)
    The Secret Society® - Hidden Mystery -> C:\Program Files\WindowsApps\828B5831.TheSecretSociety-HiddenMystery_1.41.4100.0_x86__ytsefhwckbdv6 [2019-06-18] (G5 Entertainment AB)
    Unpacker -> C:\Program Files\WindowsApps\AFF540DC.Unpacker_1.1.14.24_x64__v7353qx4kg3sa [2019-03-22] (Jujuba Software) [MS Ad]
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0x6529B43F7ABCD301FA49E3C0E7DBD301070000002600000000000000 => No File
    CustomCLSID: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\VIV\Dropbox [2018-05-06 13:51]
    ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.2.47\NavShExt.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
    ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.2.47\NavShExt.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
    ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.2.47\NavShExt.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
    ==================== Shortcuts & WMI ========================
    (The entries could be listed to be restored or removed.)
    ==================== Loaded Modules (Whitelisted) ==============
    2019-02-27 12:18 - 2002-07-17 03:05 - 000237568 _____ () [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\asn.er.dll
    2010-10-29 21:02 - 2010-10-29 21:02 - 000751616 _____ () [File not signed] C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
    2018-08-09 16:39 - 2000-06-12 15:14 - 000360518 _____ () [File not signed] C:\Program Files (x86)\SEC\Natural Color\LowCMS.dll
    2018-08-09 16:39 - 2002-04-12 14:39 - 000155715 _____ () [File not signed] C:\Program Files (x86)\SEC\Natural Color\NaturalColorLoad.exe
    2019-03-27 17:05 - 2002-07-17 03:05 - 000462848 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\ACE.dll
    2019-03-27 17:05 - 2002-07-17 03:05 - 000929792 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\AGM.dll
    2019-03-27 17:05 - 2002-07-17 03:05 - 000167936 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\BIB.dll
    2019-03-27 17:05 - 2002-07-17 03:05 - 001458176 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\CoolType.dll
    2019-03-27 17:05 - 2002-07-17 03:05 - 000094208 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\OPP.dll
    2019-03-27 17:05 - 2002-07-17 03:06 - 002920448 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\PDFL50.dll
    2019-03-27 17:05 - 2002-07-17 03:22 - 000978944 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Required\ADMPlugin.apl
    2019-03-27 17:05 - 2002-07-17 03:22 - 000106496 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Required\ASDataStream.apl
    2019-03-27 17:05 - 2002-07-17 03:22 - 000069632 ____N (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Required\PNGIcons.apl
    2019-03-27 17:05 - 2002-07-17 03:08 - 000221184 ____N (Adobe Systems, Inc) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\HtmlViewLib.dll
    2019-03-27 17:05 - 2002-07-17 04:35 - 000425984 ____N (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\HelpSystem.dll
    2019-03-27 17:05 - 2002-07-17 03:08 - 000159744 ____N (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\UID.mr.dll
    2019-03-27 17:05 - 2002-07-17 03:07 - 000466944 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\AXEParser.dll
    2019-03-27 17:05 - 2002-07-17 04:20 - 000696320 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Photoshop.dll
    2019-03-27 17:05 - 2019-03-27 17:05 - 015986688 _____ (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe
    2019-03-27 17:05 - 2002-07-17 05:18 - 000053248 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\PLUGIN.dll
    2019-03-27 17:06 - 2002-07-17 05:25 - 000045056 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Plug-Ins\Extensions\FastCore.8BX
    2019-03-27 17:06 - 2002-07-17 05:26 - 000159744 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Plug-Ins\Extensions\MMXCore.8BX
    2019-03-27 17:06 - 2002-07-17 05:28 - 000155648 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Plug-Ins\Extensions\MultiProcessor Support.8BX
    2019-03-27 17:06 - 2002-07-17 05:33 - 000135168 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\Plug-Ins\Parser\PDF Image Import.8BI
    2019-03-27 17:05 - 2002-07-17 05:16 - 001564672 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\PSArt.dll
    2019-03-27 17:05 - 2002-07-17 04:20 - 001781760 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Photoshop Elements 2\PSViews.dll
    2018-02-02 15:01 - 2002-07-17 03:03 - 001155072 ____N (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Common Files\Adobe\Web\AdobeWeb.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000026816 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000128192 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000021184 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000020008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000443944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000040128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000072232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000169512 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000173760 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000018112 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000188608 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000024768 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000080936 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000089640 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000017448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000020520 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000138792 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000027176 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000353832 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000030760 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000281128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000193064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000220864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000148008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000032296 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000769064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000061992 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000076840 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000114880 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000050216 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000024616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000039976 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImageName.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000158248 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 001296424 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000085184 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000068136 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000059944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000056360 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000207912 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000146984 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000064040 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000224808 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000501800 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000043048 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000088616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000056512 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000034856 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000204480 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeHlp.dll
    2018-02-20 18:04 - 2016-06-03 05:15 - 000278720 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    2018-02-20 18:04 - 2016-04-13 09:49 - 000432320 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\uexper.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000139816 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000136232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000060968 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000275496 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000223272 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000253992 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
    2018-02-20 18:04 - 2015-12-10 07:16 - 000249896 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000118328 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll
    2018-02-20 18:04 - 2016-06-03 05:15 - 000039616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    2018-02-20 18:04 - 2016-06-03 05:12 - 000569536 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmdManager.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000020008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ControlPxe.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000689704 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EMail.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000045760 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuPipe.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000220864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackup.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000100904 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackupSize.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000593600 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlImgFile.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000044072 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlSearchImg.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000159272 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Ftp.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000017448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FTPTest.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000079400 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImageFileInfo.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000296128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFileHlp.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000103976 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFileHlpOther.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000155328 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MatchStr.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000028864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Options.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000093224 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\PolicyManage.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000121896 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Thread.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Transmit.dll
    2018-02-20 18:04 - 2015-12-10 07:14 - 001637928 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
    2018-02-20 18:04 - 2015-12-10 07:04 - 000042536 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\XmlWrapper.dll
    2018-02-20 18:04 - 2015-12-10 07:05 - 000303656 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000898088 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
    2010-08-06 12:15 - 2010-08-06 12:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
    2010-08-06 12:15 - 2010-08-06 12:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
    2018-08-09 16:39 - 2000-07-15 00:00 - 000929844 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\SEC\Natural Color\MFC42D.DLL
    2018-08-09 16:39 - 2000-07-15 00:00 - 000798773 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\SEC\Natural Color\MFCO42D.DLL
    2018-08-09 16:39 - 2000-07-15 00:00 - 000434252 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\SEC\Natural Color\MSVCRTD.dll
    2018-02-20 18:04 - 2016-01-26 09:27 - 002454016 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\python27.dll
    2010-10-29 21:01 - 2010-10-29 21:01 - 001012224 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Logitech\Vid HD\LIBEAY32.dll
    2010-10-29 21:01 - 2010-10-29 21:01 - 000207872 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Logitech\Vid HD\ssleay32.DLL
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [177]
    AlternateDataStreams: C:\Users\VIV\Desktop\Food List.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
    AlternateDataStreams: C:\Users\VIV\Desktop\Food List.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123simsen.com -> www.123simsen.com
    There are 7941 more sites.
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2015-10-30 08:24 - 2019-05-29 09:23 - 000454790 ____R C:\WINDOWS\system32\drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com
    There are 15610 more lines.
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\VIV\desktop\pictures\dsc00038.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    If an entry is included in the fixlist, it will be removed.
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: cphs => 3
    MSCONFIG\Services: dbupdate => 2
    MSCONFIG\Services: dbupdatem => 3
    MSCONFIG\Services: DbxSvc => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: hcwD3bda_dvbt => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: RtkAudioService => 2
    MSCONFIG\Services: TeamViewer => 2
    HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run32: => "ReminderApp"
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{78957C30-BF56-4998-9673-C8F2E32378C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{688B2FD4-E94F-49A8-BB8D-C8AE84830B03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{849BDE31-F4FA-40A8-985B-B182ECBDD183}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1CA06BA6-CAB1-47C1-8362-ECDBB86CBFCB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{8EC9383D-529D-4BCD-BB28-03A1FA4AB44E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{B1EB9096-3EDF-442E-B18C-A67B5751F263}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{43EF1F3B-973E-4225-A88A-1D071A7E34DF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5E53754E-20FD-47B1-9C7B-D256AD72E346}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1EAAA303-7AFA-4A4D-8D36-3C1358192D2E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
    FirewallRules: [{F9049D39-B0F9-4629-9489-8EE238EDE166}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    FirewallRules: [{B962A7C1-3DD2-4901-A9E8-E1F86CC8D79C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    FirewallRules: [{94B0271C-5874-4EF6-9E25-FF1223502DEB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{0429E721-05B9-44A0-935D-6F2DE4D4D171}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{E8FCBDB4-3B7E-44A1-8450-D6FCABCE3D76}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{F79BCDF6-36F3-45A9-89D8-45E8ABD68C36}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{A46783D9-D3C8-41D4-88AE-5F8B50E3A34C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{99381536-22B3-4825-855C-AA2F2CB86C89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{CC4E2C1A-CD30-47D3-A954-9F869246781B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{6E7C7B0A-AB17-4F19-91AF-48D4485DA4EC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1A0176E7-5E7A-48AA-97FB-4E49887B2EA8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [TCP Query User{E2D337D1-FB8E-4358-820D-E932FEEAC4D2}C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
    FirewallRules: [UDP Query User{7C49323F-AF4C-48CA-9605-76FD4FA40434}C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    ==================== Restore Points =========================
    15-06-2019 13:08:16 Windows Update
    15-06-2019 13:09:47 Windows Update
    ==================== Faulty Device Manager Devices =============
    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (06/21/2019 02:51:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program OpenAnyFile.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 3a0c
    Start Time: 01d528386aad768d
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\38184CDCTech.495572C750D15_1.2.102.0_x64__vwv5vk6p12k08\OpenAnyFile.exe
    Report Id: bdfed060-3c50-4d71-a321-56381a2bb629
    Faulting package full name: 38184CDCTech.495572C750D15_1.2.102.0_x64__vwv5vk6p12k08
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (06/16/2019 04:54:16 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
    Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 13600 and the required size was 38744.
    Error: (06/16/2019 04:41:16 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .
    Operation:
    Executing Asynchronous Operation
    Context:
    Current State: DoSnapshotSet
    Error: (06/15/2019 02:58:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Microsoft.Photos.exe version 2019.19041.16510.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 34cc
    Start Time: 01d5238255a8ab49
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Report Id: c2577a3d-a353-41b8-a6f0-f2d416ab0dff
    Faulting package full name: Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (06/14/2019 07:01:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Microsoft.Photos.exe version 2019.19041.16510.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 29b4
    Start Time: 01d522daf78c219c
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Report Id: 2b9b58d8-36e7-406b-bdaa-5f3d4011ca4b
    Faulting package full name: Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (06/14/2019 06:44:10 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupModificationEvent" whose target class "WSP_ReplicationGroupModificationEvent" in //./ROOT/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
    Error: (06/14/2019 06:44:10 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupDepartureEvent" whose target class "WSP_ReplicationGroupDepartureEvent" in //./ROOT/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
    Error: (06/14/2019 06:44:10 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupArrivalEvent" whose target class "WSP_ReplicationGroupArrivalEvent" in //./ROOT/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
    System errors:
    =============
    Error: (06/21/2019 02:28:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Logitech Video Camera Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    Error: (06/21/2019 02:28:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Error: (06/21/2019 02:27:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The DbxSvc service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Norton Utilities 16 Start Manager Service service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Avira Optimizer Host service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Hauppauge MSi2500 DVBT Service service terminated unexpectedly. It has done this 1 time(s).
    CodeIntegrity:
    ===================================
    Date: 2019-06-21 14:32:05.462
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.2.46\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2019-06-21 14:32:03.901
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.2.46\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2019-06-21 14:32:01.517
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.2.46\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2019-06-21 14:31:59.161
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.2.46\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2019-06-21 10:29:10.255
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-21 10:29:10.215
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-21 10:29:10.148
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-21 10:29:10.115
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    ==================== Memory info ===========================
    BIOS: AMI 7.13 09/28/2011
    Motherboard: Foxconn 2ABF
    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
    Percentage of memory in use: 64%
    Total physical RAM: 6048.81 MB
    Available physical RAM: 2133.04 MB
    Total Virtual: 12192.81 MB
    Available Virtual: 5798.61 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:918.8 GB) (Free:642.1 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:11.75 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive g: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:687.1 GB) NTFS
    \\?\Volume{0d8962b0-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
    \\?\Volume{0d8962b0-0000-0000-0000-c0d2e5000000}\ () (Fixed) (Total:0.47 GB) (Free:0.06 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0D8962B0)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=918.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=478 MB) - (Type=27)
    Partition 4: (Not Active) - (Size=11.8 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: 468C624F)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
    ==================== End of Addition.txt ============================
     
  11. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    You posted same log twice. I need another log.
     
  12. theoldandgrey

    theoldandgrey Established Techie7 Member

    Looks as though age is catching up with me - sorry

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2019
    Ran by VIV (administrator) on DESKTOP-1FFI7T5 (Hewlett-Packard p6-2018uk) (22-06-2019 14:40:41)
    Running from C:\Users\VIV\Desktop
    Loaded Profiles: VIV (Available Profiles: VIV & VL & DefaultAppPool)
    Platform: Windows 10 Home Version 1903 18362.175 (X64) Language: English (United Kingdom)
    Default browser: Opera
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    () [File not signed] C:\Program Files (x86)\SEC\Natural Color\NaturalColorLoad.exe
    () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    () [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    () [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19053.5.0_x64__8wekyb3d8bbwe\YourPhone.exe
    (Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (AnyMail LLC -> BlueMail Inc.) C:\Users\VIV\AppData\Local\Programs\BlueMail\BlueMail.exe
    (AnyMail LLC -> BlueMail Inc.) C:\Users\VIV\AppData\Local\Programs\BlueMail\BlueMail.exe
    (AnyMail LLC -> BlueMail Inc.) C:\Users\VIV\AppData\Local\Programs\BlueMail\BlueMail.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
    (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
    (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
    (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\74.4.115\QtWebEngineProcess.exe
    (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\74.4.115\QtWebEngineProcess.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
    (Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP ENVY 5640 series\Bin\ScanToPCActivationApp.exe
    (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Logitech Inc -> Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
    (Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
    (Logitech, Inc. -> ) C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
    (Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    (Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe\HxOutlook.exe
    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Mirics Semiconductor Ltd) C:\Windows\System32\Hauppauge\hcwD3dvb\DVBT\DVBservice.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe
    (Opera Software AS -> Opera Software) C:\Users\VIV\AppData\Local\Programs\Opera\60.0.3255.170\opera_crashreporter.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Symantec Corporation -> PC Tools) C:\Program Files\Norton Utilities\Engine\16.0.3.44\sMonitor\StartManSvc.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.2.47\NortonSecurity.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.2.47\NortonSecurity.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.2.47\nsWscSvc.exe
    ==================== Registry (Whitelisted) ===========================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5576512 2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
    HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech, Inc. -> Logitech Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32\...\Run: [ReminderApp] => C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe [185664 2007-08-25] (Nova Development -> )
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-03-13] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\Run: [HP ENVY 5640 series (NET)] => C:\Program Files\HP\HP ENVY 5640 series\Bin\ScanToPCActivationApp.exe [3769992 2017-05-23] (Hewlett Packard -> HP Inc.)
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc -> Logitech Inc.)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-18] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2019-03-27]
    ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk [2019-01-25]
    ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\Broderbund\PrintMaster\PMremind.exe (TLC Multimedia Inc.) [File not signed]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NaturalColorLoad.lnk [2018-08-09]
    ShortcutTarget: NaturalColorLoad.lnk -> C:\Program Files (x86)\SEC\Natural Color\NaturalColorLoad.exe () [File not signed]
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {0F19F4B2-EF7F-4282-BD60-22E93E207D09} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe
    Task: {143E2305-F18F-4AD0-A98C-1ACF63A5155C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
    Task: {2199DB60-16AC-4592-83B8-08EBFA69CC4A} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.2.47\WSCStub.exe [2225296 2019-06-06] (Symantec Corporation -> Symantec Corporation)
    Task: {2568BFF3-BD17-4ECE-9BC1-AD7DFC4A58B5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
    Task: {2DDFD80F-24C1-43E6-BBC8-66AE1148E5DC} - System32\Tasks\SpeedDiskSchedule => C:\Program Files\Norton Utilities\Engine\16.0.3.44\Tools\SpeedDisk\ScheduledDefrag.exe [801016 2018-07-18] (Symantec Corporation -> )
    Task: {31A7E136-B553-4B42-B295-2AC1EE53B317} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-01-30] (Google Inc -> Google Inc.)
    Task: {37B20C76-CD22-4EED-B9CF-FA94F1F39ADC} - \OneDrive Standalone Update Task-S-1-5-21-1150477090-3809027948-3889013003-1001 -> No File <==== ATTENTION
    Task: {3D1C40DC-10E4-48A4-95AE-73247B67DD7F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {43F24B8E-28CC-4B0B-AA55-B42E7731E720} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2225296 2019-06-06] (Symantec Corporation -> Symantec Corporation)
    Task: {44712AA7-0AA1-4275-A31F-6BF62E9DF503} - System32\Tasks\NUSchedule => C:\Program Files\Norton Utilities\Engine\16.0.3.44\NU.exe [4012496 2019-03-08] (Symantec Corporation -> Symantec)
    Task: {48D54CEB-FB75-4515-82E8-907C71447ECA} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {491E0FF4-B8C9-4E23-B1BF-8F735E683111} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [33980984 2019-06-10] (Adlice -> )
    Task: {4FE53368-9DAD-4F80-BAD9-BC7F001A48EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Task: {6DD5F55C-FF5F-4B87-A6B5-44A5767FD09A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-02] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {75FD96A6-907C-4925-98A2-C8FE77F055E0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {7C372985-6D58-4559-8C4E-26BC9345B803} - \OneDrive Standalone Update Task-S-1-5-21-1150477090-3809027948-3889013003-1003 -> No File <==== ATTENTION
    Task: {82C49D0D-401E-4DE9-A8B2-7B7A33DDAD7C} - System32\Tasks\HPCustParticipation HP ENVY 5640 series => C:\Program Files\HP\HP ENVY 5640 series\Bin\HPCustPartic.exe [6438536 2017-05-23] (Hewlett Packard -> HP Inc.)
    Task: {86732E5A-F919-493B-880D-61FAB22A9A1B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-02] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {8CA2E250-254C-4D88-9C4C-1C59C73F3043} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe)
    Task: {8F24CF9F-E307-42BA-9F57-5B8C1F640A6D} - \Optimize Push Notification Data File-S-1-5-21-1150477090-3809027948-3889013003-1003 -> No File <==== ATTENTION
    Task: {905C9423-5B27-4EFE-97A2-1FB9107D6BAA} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.2.47\SymErr.exe [101392 2019-06-06] (Symantec Corporation -> Symantec Corporation)
    Task: {939069D5-832C-4B4F-8046-BD7151C550DC} - System32\Tasks\NUAutoUpdate => C:\Program Files\Norton Utilities\Engine\16.0.3.44\SULauncher.exe [988504 2018-07-18] (Symantec Corporation -> PC Tools)
    Task: {9A89CF0D-5240-4A49-A9DE-7815F41DC155} - System32\Tasks\Opera scheduled Autoupdate 1543596262 => C:\Users\VIV\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software)
    Task: {A5D04C59-F646-49B6-A1A5-E17B1D6C7A18} - System32\Tasks\Uninstaller_SkipUac_VIV => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5286672 2019-04-26] (IObit Information Technology -> IObit)
    Task: {A7C68F05-C472-434E-85FD-E6F79503DB77} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.17.2.47\SymErr.exe [101392 2019-06-06] (Symantec Corporation -> Symantec Corporation)
    Task: {A9B4F320-8754-4769-A4BF-476A66CC1F71} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
    Task: {C935CAD3-1CFB-4A8C-B5B6-3B2604747D09} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.17.2.47\SymErr.exe [101392 2019-06-06] (Symantec Corporation -> Symantec Corporation)
    Task: {C9ABD8F3-388B-4EAA-A1B6-9DCC7DF42596} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {EABAE81C-D7F3-450E-B232-2C4A0CF81E55} - System32\Tasks\Avira\Scan schedule => C:\Program Files\AVAST Software\Avast\AvastUI.exe
    Task: {EDD68386-1E2F-4A72-BDC2-849C6FE3C09D} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.194\DADUpdater.exe
    Task: {F01429E1-6241-465D-9773-0FEBFFEBE0AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-01-30] (Google Inc -> Google Inc.)
    Task: {F7577D23-3742-433B-AE24-F969D4C81C1F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {FCDC04A0-BC04-4415-B305-36BECEC9E804} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_pepper.exe [1452600 2019-06-11] (Adobe Inc. -> Adobe)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\NUAutoUpdate.job => C:\Program Files\Norton Utilities\Engine\16.0.3.44\SULauncher.exe
    Task: C:\WINDOWS\Tasks\NUSchedule.job => C:\Program Files\Norton Utilities\Engine\16.0.3.44\NU.exe
    Task: C:\WINDOWS\Tasks\SpeedDiskSchedule.job => C:\Program Files\Norton Utilities\Engine\16.0.3.44\Tools\SpeedDisk\ScheduledDefrag.exe
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    ProxyEnable: [S-1-5-21-1150477090-3809027948-3889013003-1002] => Proxy is enabled.
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{73e83076-693c-4d47-89f6-b6f4414bcadc}: [DhcpNameServer] 192.168.1.254
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=retail&geo=GB&ver=22.17.2.46&locale=GB_en&guid=31C74C16-C910-4352-8F41-93FEE609C4BB&doi=2016-09-01&o=APN11913&cmpgn=rapha&gct=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=retail&geo=GB&ver=22.17.2.46&locale=GB_en&guid=31C74C16-C910-4352-8F41-93FEE609C4BB&doi=2016-09-01&o=APN11913&cmpgn=rapha&gct=kwd&qsrc=2869
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)
    BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.2.47\coIEPlg.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.2.47\coIEPlg.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.2.47\coIEPlg.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.2.47\coIEPlg.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
    Edge:
    ======
    Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.8.0.0_neutral__v68kp9n051hdp [2019-05-20]
    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
    FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1150477090-3809027948-3889013003-1002: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\VIV\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife -> RocketLife, LLP)
    Chrome:
    =======
    CHR Profile: C:\Users\VIV\AppData\Local\Google\Chrome\User Data\Default [2019-06-18]
    CHR Extension: (Norton Security Toolbar) - C:\Users\VIV\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-04-13]
    CHR Extension: (AdBlock) - C:\Users\VIV\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-06-06]
    CHR Extension: (Norton Identity Safe) - C:\Users\VIV\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2018-02-04]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\VIV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-08]
    CHR Extension: (Chrome Media Router) - C:\Users\VIV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-06]
    CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.2.47\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.17.2.47\Exts\Chrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    Opera:
    =======
    OPR StartupUrls: "chrome://startpage/"
    OPR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2019-06-03]
    OPR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2019-06-16]
    OPR Extension: (Dashlane - Password Manager) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2019-06-18]
    OPR Extension: (AdBlock) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-05-28]
    OPR Extension: (LastPass: Free Password Manager) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2019-06-07]
    OPR Extension: (Notifier for Outlook™) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\ikepgknbnknabklgebiifjpggmkikgfk [2018-04-27]
    OPR Extension: (Whatsapp™ For PC) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjimieccdnabogjoebnblfaahgipddcm [2018-11-30]
    OPR Extension: (Install Chrome Extensions) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2018-08-22]
    OPR Extension: (Boomerang for Gmail) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\mbgokcbnfmmadbglaopglmoagkhgappp [2018-11-30]
    OPR Extension: (Right Inbox for Gmail) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\mflnemhkomgploogccdmcloekbloobgb [2019-05-24]
    OPR Extension: (Amazon Assistant for Opera) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2019-05-24]
    OPR Extension: (F.B.(FluffBusting)Purity) - C:\Users\VIV\AppData\Roaming\Opera Software\Opera Stable\Extensions\ppldhdmhmdcedddamaddkbbakkfhgeeo [2019-06-13]
    ==================== Services (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
    R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2979032 2019-01-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-02] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-02] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
    S3 DiskDoctorService; C:\Program Files\Norton Utilities\Engine\16.0.3.44\Tools\Disk Doctor\DiskDoctorSrv.exe [1168720 2018-07-18] (Symantec Corporation -> Symantec Corporation)
    R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-06-03] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R2 hcwD3bda_dvbt; C:\WINDOWS\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe [2641920 2010-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Mirics Semiconductor Ltd)
    S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [153360 2018-09-25] (IObit Information Technology -> IObit)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-19] (Logitech Inc -> Logitech)
    S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.2.47\NortonSecurity.exe [225608 2019-06-06] (Symantec Corporation -> Symantec Corporation)
    R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.2.47\nsWscSvc.exe [933200 2019-06-06] (Symantec Corporation -> Symantec Corporation)
    R2 NU16StartManagerSvc; C:\Program Files\Norton Utilities\Engine\16.0.3.44\sMonitor\StartManSvc.exe [799992 2018-07-18] (Symantec Corporation -> PC Tools)
    S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    S3 SpeedDiskService; C:\Program Files\Norton Utilities\Engine\16.0.3.44\Tools\SpeedDisk\SpeedDiskSrv.exe [1182640 2018-07-18] (Symantec Corporation -> Symantec Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
    ===================== Drivers (Whitelisted) ======================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.16.4.15\Definitions\BASHDefs\20190619.002\BHDrvx64.sys [1935880 2019-06-18] (Symantec Corporation -> Symantec Corporation)
    R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611020.02F\ccSetx64.sys [192704 2019-06-06] (Symantec Corporation -> Symantec Corporation)
    R1 ccSet_NU; C:\WINDOWS\system32\drivers\NUx64\1000030.02C\ccSetx64.sys [187544 2018-07-18] (Symantec Corporation -> Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515592 2019-06-05] (Symantec Corporation -> Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153096 2019-06-12] (Symantec Corporation -> Symantec Corporation)
    R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R3 hcwD3bda; C:\WINDOWS\system32\DRIVERS\hcwD3bda64.sys [116352 2010-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Mirics)
    R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.16.4.15\Definitions\IPSDefs\20190621.061\IDSvia64.sys [1441800 2019-04-19] (Symantec Corporation -> Symantec Corporation)
    S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [66824 2017-06-15] (IObit Information Technology -> IObit)
    R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2018-10-16] (IObit Information Technology -> IObit)
    R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2018-10-16] (IObit Information Technology -> IObit)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-21] (Malwarebytes Corporation -> Malwarebytes)
    R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2019-03-19] (Microsoft Windows -> MediaTek Inc.)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek Semiconductor Corp -> Realtek )
    R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611020.02F\SRTSP64.SYS [864776 2019-06-06] (Symantec Corporation -> Symantec Corporation)
    R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611020.02F\SRTSPX64.SYS [49672 2019-06-06] (Symantec Corporation -> Symantec Corporation)
    R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611020.02F\SYMEFASI64.SYS [1998552 2019-06-06] (Symantec Corporation -> Symantec Corporation)
    S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611020.02F\SymELAM.sys [25744 2019-06-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
    R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99848 2019-05-09] (Symantec Corporation -> Symantec Corporation)
    S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.16.4.15\SymPlatform\SymEvnt.sys [712200 2019-06-07] (Symantec Corporation -> Symantec Corporation)
    R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611020.02F\Ironx64.SYS [315912 2019-06-06] (Symantec Corporation -> Symantec Corporation)
    R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611020.02F\symnets.sys [573448 2019-06-06] (Symantec Corporation -> Symantec Corporation)
    R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-08-29] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-06-21] (Adlice -> )
    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
    S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611020.02F\wpCtrlDrv.sys [1012120 2019-06-06] (Symantec Corporation -> Symantec Corporation)
    R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2019-01-06] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
    S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
    S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ==================== One month (created) ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-06-22 14:40 - 2019-06-22 14:42 - 000039642 _____ C:\Users\VIV\Desktop\FRST.txt
    2019-06-22 11:16 - 2019-06-22 11:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
    2019-06-21 16:06 - 2019-06-21 16:51 - 000000000 ____D C:\Users\VIV\Desktop\Summer Show
    2019-06-21 14:39 - 2019-06-22 12:42 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
    2019-06-21 14:32 - 2019-06-22 09:31 - 000002408 _____ C:\Users\Public\Desktop\Norton Security.lnk
    2019-06-21 14:32 - 2019-06-22 09:31 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
    2019-06-21 14:32 - 2019-06-21 14:32 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2019-06-21 14:32 - 2019-06-21 14:32 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
    2019-06-21 14:15 - 2019-06-21 14:27 - 000000000 ____D C:\AdwCleaner
    2019-06-21 14:14 - 2019-06-21 14:14 - 007025360 _____ (Malwarebytes) C:\Users\VIV\Desktop\AdwCleaner.exe
    2019-06-21 14:12 - 2019-06-21 14:12 - 000001231 _____ C:\Users\VIV\Desktop\malwarebytes Report.txt
    2019-06-21 10:14 - 2019-06-21 10:14 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-06-21 10:14 - 2019-06-21 10:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-06-21 10:14 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2019-06-21 10:14 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-06-21 10:12 - 2019-06-21 10:13 - 064019096 _____ (Malwarebytes ) C:\Users\VIV\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.586-1.0.11154.exe
    2019-06-21 10:07 - 2019-06-21 10:07 - 000003792 _____ C:\Users\VIV\Desktop\as_7216.tmp
    2019-06-21 10:05 - 2019-06-21 10:05 - 000003792 _____ C:\Users\VIV\Desktop\as_B85.tmp
    2019-06-21 08:43 - 2019-06-21 08:43 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
    2019-06-21 08:42 - 2019-06-21 08:43 - 000000000 ____D C:\ProgramData\RogueKiller
    2019-06-21 08:42 - 2019-06-21 08:42 - 000003152 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
    2019-06-21 08:42 - 2019-06-21 08:42 - 000000905 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2019-06-21 08:42 - 2019-06-21 08:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2019-06-21 08:41 - 2019-06-21 08:42 - 000000000 ____D C:\Program Files\RogueKiller
    2019-06-21 08:40 - 2019-06-21 08:40 - 029932744 _____ (Adlice Software ) C:\Users\VIV\Desktop\RogueKiller_setup_ref3.exe
    2019-06-20 14:14 - 2019-06-20 14:15 - 002418688 _____ (Farbar) C:\Users\VIV\Desktop\FRST64 (1).exe
    2019-06-20 14:12 - 2019-06-20 14:12 - 002418688 _____ (Farbar) C:\Users\VIV\Desktop\FRST64.exe
    2019-06-18 14:57 - 2019-06-18 14:57 - 000004190 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1543596262
    2019-06-18 14:57 - 2019-06-18 14:57 - 000001442 _____ C:\Users\VIV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
    2019-06-17 14:31 - 2019-06-17 14:31 - 000807558 _____ C:\Users\VIV\Downloads\Q3031_VW193_Series_English.zip
    2019-06-16 18:45 - 2019-06-16 18:45 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1150477090-3809027948-3889013003-1002
    2019-06-16 18:45 - 2019-06-16 18:45 - 000002406 _____ C:\Users\VIV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-06-16 17:03 - 2019-06-16 17:03 - 000000000 ____D C:\ProgramData\{F86B0233-9A85-4589-8AAF-524CC4F8211B}
    2019-06-15 13:09 - 2019-06-15 13:09 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-06-15 13:09 - 2019-06-15 13:09 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2019-06-14 19:01 - 2019-06-14 19:01 - 000000000 ____D C:\WINDOWS\PCHEALTH
    2019-06-14 18:56 - 2019-06-14 18:56 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2019-06-14 18:53 - 2019-06-14 18:53 - 000000020 ___SH C:\Users\VIV\ntuser.ini
    2019-06-14 18:52 - 2019-06-14 18:52 - 000000000 _SHDL C:\Documents and Settings
    2019-06-14 18:51 - 2019-06-21 14:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-06-14 18:51 - 2019-06-14 18:52 - 000003764 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2019-06-14 18:51 - 2019-06-14 18:52 - 000003446 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2019-06-14 18:51 - 2019-06-14 18:52 - 000003446 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2019-06-14 18:51 - 2019-06-14 18:52 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2019-06-14 18:51 - 2019-06-14 18:52 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2019-06-14 18:51 - 2019-06-14 18:52 - 000002642 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP ENVY 5640 series
    2019-06-14 18:51 - 2019-06-14 18:52 - 000002572 _____ C:\WINDOWS\System32\Tasks\NUSchedule
    2019-06-14 18:51 - 2019-06-14 18:52 - 000002406 _____ C:\WINDOWS\System32\Tasks\SpeedDiskSchedule
    2019-06-14 18:51 - 2019-06-14 18:52 - 000002394 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_VIV
    2019-06-14 18:51 - 2019-06-14 18:51 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2019-06-14 18:51 - 2019-06-14 18:51 - 000003222 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
    2019-06-14 18:51 - 2019-06-14 18:51 - 000002014 _____ C:\WINDOWS\System32\Tasks\NUAutoUpdate
    2019-06-14 18:51 - 2019-06-14 18:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2019-06-14 18:51 - 2019-06-14 18:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
    2019-06-14 18:51 - 2019-06-14 18:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
    2019-06-14 18:51 - 2019-06-14 18:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
    2019-06-14 18:51 - 2019-06-14 18:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avira
    2019-06-14 18:51 - 2019-06-14 18:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
    2019-06-14 18:51 - 2019-06-14 18:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2019-06-14 18:50 - 2019-06-14 18:51 - 000015243 _____ C:\WINDOWS\diagwrn.xml
    2019-06-14 18:50 - 2019-06-14 18:51 - 000015243 _____ C:\WINDOWS\diagerr.xml
    2019-06-14 18:44 - 2019-06-21 14:37 - 000976308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-06-14 18:29 - 2019-06-14 18:29 - 000000000 ____D C:\ProgramData\USOShared
    2019-06-14 18:28 - 2019-06-14 17:02 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2019-06-14 18:25 - 2019-06-22 14:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-06-14 18:25 - 2019-06-21 14:32 - 000529176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-06-14 18:24 - 2019-06-14 18:52 - 000000000 ____D C:\Windows.old
    2019-06-14 18:22 - 2019-06-14 18:22 - 000066064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WinSetupBoot.sys
    2019-06-14 17:17 - 2019-06-14 18:34 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2019-06-14 17:14 - 2019-06-14 18:53 - 000000000 ____D C:\Users\VIV
    2019-06-14 17:14 - 2019-06-14 18:42 - 000000000 ____D C:\Users\DefaultAppPool
    2019-06-14 17:14 - 2019-06-14 18:24 - 000000000 ____D C:\Users\VL
    2019-06-14 17:14 - 2019-03-19 05:46 - 000001105 _____ C:\Users\VL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-06-14 17:14 - 2019-03-19 05:46 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-06-14 17:13 - 2019-06-14 17:17 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2019-06-14 17:04 - 2019-06-14 17:04 - 025445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 018006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 007802224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 007006720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 006141440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 005919744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 005499904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 005083352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 005014016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 004306944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 004128904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 003837440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 003635200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 003525080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 003486208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2019-06-14 17:04 - 2019-06-14 17:04 - 002494440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 002398208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 002314440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 001510960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 001493944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 001248256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2019-06-14 17:04 - 2019-06-14 17:04 - 001244728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 001105776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 001098712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 001079296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 001039872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
    2019-06-14 17:04 - 2019-06-14 17:04 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000744248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
    2019-06-14 17:04 - 2019-06-14 17:04 - 000737552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2019-06-14 17:04 - 2019-06-14 17:04 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000682744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
    2019-06-14 17:04 - 2019-06-14 17:04 - 000666280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
    2019-06-14 17:04 - 2019-06-14 17:04 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000551824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000537608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000463272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000420360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
    2019-06-14 17:04 - 2019-06-14 17:04 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
    2019-06-14 17:03 - 2019-06-14 17:04 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2019-06-14 17:03 - 2019-06-14 17:03 - 025902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 022610944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 009917992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 008010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 007757312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 007636848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 007103488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 006536976 _____ (Microsoft Corporation)
     
  13. theoldandgrey

    theoldandgrey Established Techie7 Member

    and the next

    C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 006381568 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 006068328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 005939712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 005745504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 005071360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 004577280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 004537344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 003915752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 003771392 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 003734456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 003373256 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 002990392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 002799616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 002769976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 002763312 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2019-06-14 17:03 - 2019-06-14 17:03 - 002698552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 002694144 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 002587328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 002256592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 002081464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001999440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001954952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001893888 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001853440 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001847808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001721344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001688576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001647584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001562640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001515008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaclient.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001473488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001458176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001414144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001392144 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001283384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2019-06-14 17:03 - 2019-06-14 17:03 - 001282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001258496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001213456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001192088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 001072168 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001007160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001007104 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000913408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000911360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000888936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000888056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000879576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000861696 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000822072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000811192 _____ C:\WINDOWS\SysWOW64\locale.nls
    2019-06-14 17:03 - 2019-06-14 17:03 - 000811192 _____ C:\WINDOWS\system32\locale.nls
    2019-06-14 17:03 - 2019-06-14 17:03 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000782120 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000773944 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000773168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000751256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000679368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000674792 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000673320 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000669496 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000667272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000613904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000574976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_9.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000568120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000529072 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000515896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000477712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2019-06-14 17:03 - 2019-06-14 17:03 - 000466624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000462352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000457016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 000451896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000422008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2019-06-14 17:03 - 2019-06-14 17:03 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000404392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000401416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000386832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000379192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000358944 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
    2019-06-14 17:03 - 2019-06-14 17:03 - 000300392 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000284536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000279624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000267728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000261016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityUxHost.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
    2019-06-14 17:03 - 2019-06-14 17:03 - 000220472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000205112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winquic.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 000199184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000194176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winquic.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
    2019-06-14 17:03 - 2019-06-14 17:03 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 000161848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000146744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000139472 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000136720 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000134760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000120352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000116184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GraphicsCapture.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mapistub.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mapi32.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GameChatTranscription.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompMgmtLauncher.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000084520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
    2019-06-14 17:03 - 2019-06-14 17:03 - 000066360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaproxystub.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000056008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000021512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fixmapi.exe
    2019-06-14 17:03 - 2019-06-14 17:03 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDJPN.DLL
    2019-06-14 17:03 - 2019-06-14 17:03 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3r.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2019-06-14 17:03 - 2019-06-14 17:03 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 017786368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 007887656 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 007831368 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 007275008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 007241800 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 006225832 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 006036480 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 004562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 004553616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 004470784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 004034048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 004008960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 004008448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 003725824 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 003684864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 003590672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 003550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 003094528 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 002724352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 002550584 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 002449456 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 002443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 002321408 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 002281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 002178048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaclient.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 002117168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001944064 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001940952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001884672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001830416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001784832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001762304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001754024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-06-14 17:02 - 2019-06-14 17:02 - 001745408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001635328 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001633648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001608704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001553408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 001509728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 001505808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001437184 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 001422848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001395600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001366344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-06-14 17:02 - 2019-06-14 17:02 - 001363456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001333248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsf3gip.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001246000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001149200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 001068856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001065984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 001042944 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2019-06-14 17:02 - 2019-06-14 17:02 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000939504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000909736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2019-06-14 17:02 - 2019-06-14 17:02 - 000876856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000824832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000804880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000726328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000680760 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_9.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2019-06-14 17:02 - 2019-06-14 17:02 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.UserService.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
    2019-06-14 17:02 - 2019-06-14 17:02 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000441352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000363624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000338800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000295936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000223248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000201256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000199688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000199184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000180536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaproxystub.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000146416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\GraphicsCapture.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameChatTranscription.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapistub.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapi32.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
    2019-06-14 17:02 - 2019-06-14 17:02 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 000071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000055608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000037888 _____ C:\WINDOWS\system32\usocoreps.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
    2019-06-14 17:02 - 2019-06-14 17:02 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
    2019-06-14 17:02 - 2019-06-14 17:02 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wci.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\fixmapi.exe
    2019-06-14 17:02 - 2019-06-14 17:02 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
    2019-06-14 17:02 - 2019-06-14 17:02 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
    2019-06-14 16:52 - 2019-06-14 18:34 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2019-06-14 16:52 - 2019-06-14 16:52 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
    2019-06-14 16:52 - 2019-06-14 16:52 - 000000000 ____D C:\WINDOWS\system32\BestPractices
    2019-06-14 16:52 - 2019-06-14 16:52 - 000000000 ____D C:\Program Files\Reference Assemblies
    2019-06-14 16:52 - 2019-06-14 16:52 - 000000000 ____D C:\Program Files\MSBuild
    2019-06-14 16:52 - 2019-06-14 16:52 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2019-06-14 16:52 - 2019-06-14 16:52 - 000000000 ____D C:\inetpub
    2019-06-14 16:51 - 2019-06-14 16:51 - 001166488 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2019-06-14 16:51 - 2019-06-14 16:51 - 000778912 _____ (Microsoft Corporation)
     
  14. theoldandgrey

    theoldandgrey Established Techie7 Member

    and the next
    C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2019-06-14 16:51 - 2019-06-14 16:51 - 000124568 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2019-06-14 16:51 - 2019-06-14 16:51 - 000103072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2019-06-14 16:51 - 2019-06-14 16:51 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2019-06-14 16:51 - 2019-06-14 16:51 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2019-06-14 16:50 - 2019-06-14 16:50 - 004470272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2019-06-14 16:50 - 2019-06-14 16:50 - 000903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
    2019-06-14 16:50 - 2019-06-14 16:50 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
    2019-06-14 16:50 - 2019-06-14 16:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
    2019-06-14 16:50 - 2019-06-14 16:50 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
    2019-06-14 16:50 - 2019-06-14 16:50 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
    2019-06-14 16:50 - 2019-06-14 16:50 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
    2019-06-14 16:35 - 2019-06-14 16:35 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
    2019-06-14 15:53 - 2019-06-14 15:53 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2019-06-14 15:32 - 2019-06-14 15:32 - 000389366 _____ C:\Users\VIV\Desktop\image.jpeg
    2019-06-14 15:23 - 2019-06-14 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Magic
    2019-06-14 15:23 - 2019-06-14 15:29 - 000000166 _____ C:\Users\VIV\AppData\Roaming\PLGComp.ini
    2019-06-14 15:23 - 2019-06-14 15:23 - 000001115 _____ C:\Users\Public\Desktop\Focus Magic.lnk
    2019-06-14 15:23 - 2019-06-14 15:23 - 000000000 ____D C:\Program Files (x86)\Focus Magic
    2019-06-14 15:23 - 2018-06-14 15:41 - 009603248 _____ (Acclaim Software Ltd) C:\WINDOWS\SysWOW64\FocusMag.dll
    2019-06-14 15:23 - 2018-06-14 15:41 - 004146352 _____ (Acclaim Software Ltd) C:\WINDOWS\system32\FocusMag64.dll
    2019-06-14 15:23 - 2015-03-16 02:48 - 005647872 _____ (FreeImage) C:\WINDOWS\SysWOW64\FreeImage.dll
    2019-06-14 15:22 - 2019-06-14 15:23 - 004359864 _____ (Acclaim Software Ltd ) C:\Users\VIV\Desktop\FocusMagic403.exe
    2019-06-14 14:44 - 2019-06-14 18:53 - 000000000 ___DC C:\WINDOWS\Panther
    2019-06-14 14:39 - 2019-06-14 14:39 - 000093696 _____ C:\Users\VIV\Desktop\Questionnaire results.pub
    2019-06-14 14:29 - 2019-06-14 14:29 - 000443123 _____ C:\Users\VIV\Desktop\Questionnaire results.pdf
    2019-06-13 17:13 - 2019-06-13 17:13 - 000092672 _____ C:\Users\VIV\Desktop\Publication3.pub
    2019-06-11 14:42 - 2019-06-11 14:42 - 000089600 _____ C:\Users\VIV\Desktop\BOOKS.pub
    2019-06-11 11:17 - 2019-06-16 18:44 - 000000000 ____D C:\Users\VIV\Desktop\Word Art 2
    2019-06-10 17:23 - 2019-06-10 17:23 - 001889221 _____ C:\Users\VIV\Downloads\Word Art 15.psd
    2019-06-09 15:27 - 2019-06-09 15:27 - 000095232 _____ C:\Users\VIV\Desktop\Quiz.pub
    2019-06-09 11:20 - 2019-06-09 11:20 - 000078693 _____ C:\Users\VIV\Desktop\Gardening Quiz Questions And Answers [2019 Edition].html
    2019-06-07 16:48 - 2019-06-14 16:32 - 000000000 ___RD C:\Users\VIV\Desktop\Word Art
    2019-06-07 16:25 - 2019-06-07 16:25 - 000172785 _____ C:\Users\VIV\Downloads\Word Art 12.jpeg
    2019-06-07 15:39 - 2019-06-07 15:39 - 000211757 _____ C:\Users\VIV\Downloads\Word Art 11.jpeg
    2019-06-07 15:30 - 2019-06-07 15:30 - 000003786 _____ C:\Users\VIV\AppData\Local\recently-used.xbel
    2019-06-07 13:54 - 2019-06-07 13:54 - 000769361 _____ C:\Users\VIV\Downloads\Word_Art_8 (1).svg
    2019-06-07 11:03 - 2019-06-07 11:03 - 000769361 _____ C:\Users\VIV\Downloads\Word_Art_8.svg
    2019-06-06 18:54 - 2019-06-06 18:54 - 000000178 _____ C:\Users\VIV\Downloads\Word Art 5.csv
    2019-06-06 15:59 - 2019-06-06 15:59 - 013153080 _____ (Microsoft Corporation) C:\Users\VIV\Downloads\Silverlight_x64.exe
    2019-06-06 14:54 - 2019-06-06 14:54 - 000208897 _____ C:\Users\VIV\Downloads\Word Art 8.jpeg
    2019-06-06 08:38 - 2019-06-14 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2019-06-05 19:08 - 2019-06-05 19:21 - 000000000 ____D C:\ProgramData\NCH Software
    2019-06-05 18:30 - 2019-06-05 18:30 - 002970317 _____ C:\Users\VIV\Desktop\Food List.jpeg
    2019-06-05 18:27 - 2019-06-05 18:27 - 000456970 _____ C:\Users\VIV\Documents\Scan_0008.pdf
    2019-06-05 11:59 - 2019-06-05 11:59 - 000028637 _____ C:\Users\VIV\Downloads\world-4084556_960_720 2merged copy (3).svg
    2019-06-05 11:59 - 2019-06-05 11:59 - 000027615 _____ C:\Users\VIV\Downloads\world-4084556_960_720 2merged copy (2).svg
    2019-06-05 11:56 - 2019-06-05 11:56 - 000027615 _____ C:\Users\VIV\Downloads\world-4084556_960_720 2merged copy (1).svg
    2019-06-05 11:55 - 2019-06-05 11:56 - 000027615 _____ C:\Users\VIV\Downloads\world-4084556_960_720 2merged copy.svg
    2019-06-04 13:11 - 2019-06-04 13:11 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2019-06-04 13:11 - 2019-06-04 13:11 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2019-06-04 13:11 - 2019-06-04 13:11 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2019-06-04 13:11 - 2019-06-04 13:11 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2019-05-31 14:20 - 2019-05-31 14:20 - 003945408 _____ (Crystal Dew World ) C:\Users\VIV\Downloads\CrystalDiskInfo8_1_0.exe
    2019-05-31 14:15 - 2019-05-31 14:15 - 000000000 ____D C:\Users\VIV\AppData\Local\CrystalDiskMark
    2019-05-31 14:10 - 2019-06-04 17:48 - 000000000 ____D C:\Program Files\CrystalDiskMark6
    2019-05-31 14:09 - 2019-05-31 14:09 - 002931848 _____ (Crystal Dew World ) C:\Users\VIV\Downloads\CrystalDiskMark6_0_2.exe
    2019-05-29 16:13 - 2019-05-29 16:16 - 000071055 _____ C:\Users\VIV\Desktop\TBC Fixtures.htm
    2019-05-29 16:13 - 2019-05-29 16:16 - 000000000 ____D C:\Users\VIV\Desktop\TBC Fixtures_files
    2019-05-29 15:22 - 2019-05-29 15:22 - 000298492 _____ C:\Users\VIV\Desktop\FIXTURES.pdf
    2019-05-29 09:23 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20190529-092354.backup
    2019-05-25 15:14 - 2019-05-25 15:14 - 000025720 _____ C:\Users\VIV\Desktop\RB Digital editions.htm
    2019-05-25 14:07 - 2019-05-25 14:07 - 000000000 ____D C:\Users\VIV\AppData\Roaming\.ecore_tmp
    2019-05-25 14:07 - 2019-05-25 14:07 - 000000000 ____D C:\Users\VIV\.Epubor_Keys
    2019-05-25 14:06 - 2019-06-02 14:27 - 000000000 ____D C:\Users\VIV\EpuborLog
    2019-05-25 14:06 - 2019-06-02 14:27 - 000000000 ____D C:\Users\VIV\AppData\Roaming\.Ultimate
    2019-05-25 14:06 - 2019-05-25 14:07 - 000000000 ____D C:\Users\VIV\Ultimate
    2019-05-25 14:06 - 2019-05-25 14:07 - 000000000 ____D C:\Users\VIV\AppData\Roaming\cali_core4
    2019-05-25 14:06 - 2019-05-25 14:06 - 000000000 ____D C:\Users\VIV\Favorite
    2019-05-25 14:06 - 2019-05-25 14:06 - 000000000 ____D C:\Users\VIV\AppData\Roaming\Ultimate
    ==================== One month (modified) ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-06-22 14:40 - 2018-02-13 20:34 - 000000000 ____D C:\FRST
    2019-06-22 11:13 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-06-22 10:37 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-06-22 09:32 - 2019-03-19 05:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2019-06-22 08:27 - 2018-12-19 17:57 - 000000000 ____D C:\Users\VIV\AppData\Roaming\BlueMail
    2019-06-22 08:25 - 2018-05-10 14:33 - 000000000 ___RD C:\Users\VIV\iCloudDrive
    2019-06-22 08:24 - 2019-02-27 10:39 - 000000000 ____D C:\ProgramData\TEMP
    2019-06-21 20:43 - 2018-02-03 17:15 - 000000000 ____D C:\Users\VIV\AppData\Local\CrashDumps
    2019-06-21 20:41 - 2018-02-16 15:14 - 000000000 ____D C:\Users\VIV\AppData\Local\ElevatedDiagnostics
    2019-06-21 18:54 - 2018-01-29 16:26 - 000000000 ____D C:\Users\VIV\Documents\Outlook Files
    2019-06-21 15:36 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
    2019-06-21 15:00 - 2019-02-08 17:43 - 000000000 ____D C:\Program Files\Common Files\AV
    2019-06-21 14:38 - 2018-04-03 17:02 - 000000000 ____D C:\ProgramData\ProductData
    2019-06-21 14:37 - 2019-01-04 17:57 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
    2019-06-21 14:37 - 2019-01-04 17:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2019-06-21 14:37 - 2019-01-04 17:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-06-21 14:32 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2019-06-21 14:32 - 2019-02-09 16:21 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2019-06-21 14:30 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-06-21 14:28 - 2018-04-03 17:02 - 000000000 ____D C:\Users\VIV\AppData\LocalLow\IObit
    2019-06-21 14:28 - 2018-04-03 17:01 - 000000000 ____D C:\Users\VIV\AppData\Roaming\IObit
    2019-06-21 14:28 - 2018-03-21 18:03 - 000000000 ____D C:\Program Files (x86)\IObit
    2019-06-21 10:34 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-06-21 10:14 - 2018-03-11 17:51 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-06-21 08:32 - 2019-03-08 15:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
    2019-06-20 17:02 - 2018-02-05 18:04 - 000001444 _____ C:\Users\VIV\Desktop\Candy Crush Saga (3).lnk
    2019-06-19 20:29 - 2019-03-08 15:52 - 000000000 ____D C:\Users\VIV\AppData\Roaming\Norton Utilities 16
    2019-06-18 19:02 - 2019-02-08 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    2019-06-18 18:39 - 2018-08-16 16:48 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-06-18 18:39 - 2018-01-30 17:17 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-06-17 14:10 - 2018-03-21 18:03 - 000000000 ____D C:\ProgramData\IObit
    2019-06-16 18:45 - 2018-01-30 11:50 - 000000000 ___RD C:\Users\VIV\OneDrive
    2019-06-15 13:12 - 2018-06-17 09:00 - 000000000 ____D C:\ProgramData\Packages
    2019-06-15 13:11 - 2018-01-30 11:49 - 000000000 ____D C:\Users\VIV\AppData\Local\Packages
    2019-06-15 13:10 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-06-15 08:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ServiceState
    2019-06-15 08:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\appcompat
    2019-06-14 19:05 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
    2019-06-14 18:55 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\USOPrivate
    2019-06-14 18:54 - 2018-04-23 15:24 - 000000000 ____D C:\Users\VIV\AppData\Local\PackageStaging
    2019-06-14 18:53 - 2018-01-30 11:49 - 000000000 ___RD C:\Users\VIV\3D Objects
    2019-06-14 18:53 - 2018-01-30 11:49 - 000000000 ____D C:\Users\VIV\AppData\Local\ConnectedDevicesPlatform
    2019-06-14 18:53 - 2018-01-29 15:33 - 000000000 __RHD C:\Users\Public\AccountPictures
    2019-06-14 18:51 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
    2019-06-14 18:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2019-06-14 18:34 - 2019-03-08 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities
    2019-06-14 18:34 - 2019-02-19 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nova Development
    2019-06-14 18:34 - 2019-02-09 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2019-06-14 18:34 - 2019-01-31 16:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2019-06-14 18:34 - 2019-01-31 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech Camera Settings
    2019-06-14 18:34 - 2019-01-30 17:01 - 000000000 ____D C:\Program Files\Common Files\logishrd
    2019-06-14 18:34 - 2019-01-25 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintMaster
    2019-06-14 18:34 - 2019-01-25 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2019-06-14 18:34 - 2018-08-09 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Natural Color
    2019-06-14 18:34 - 2018-08-02 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2019-06-14 18:34 - 2018-07-31 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
    2019-06-14 18:34 - 2018-06-28 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive for Windows
    2019-06-14 18:34 - 2018-05-10 14:33 - 000000000 ____D C:\Users\VIV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
    2019-06-14 18:34 - 2018-04-18 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
    2019-06-14 18:34 - 2018-04-18 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft
     
  15. theoldandgrey

    theoldandgrey Established Techie7 Member

    and the next
    Office
    2019-06-14 18:34 - 2018-04-16 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
    2019-06-14 18:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2019-06-14 18:34 - 2015-10-30 19:08 - 000000000 ____D C:\WINDOWS\ShellNew
    2019-06-14 18:32 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
    2019-06-14 18:28 - 2018-01-29 15:38 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2019-06-14 18:25 - 2019-03-19 05:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2019-06-14 18:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Web
    2019-06-14 18:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2019-06-14 18:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\spool
    2019-06-14 18:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2019-06-14 18:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2019-06-14 18:24 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2019-06-14 18:24 - 2018-01-29 20:20 - 000000000 ____D C:\Program Files\UNP
    2019-06-14 18:22 - 2019-03-19 05:56 - 000000000 ____D C:\WINDOWS\Setup
    2019-06-14 17:40 - 2019-03-19 05:52 - 000000000 __RHD C:\Users\Public\Libraries
    2019-06-14 17:40 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Registration
    2019-06-14 17:40 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\InfusedApps
    2019-06-14 17:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
    2019-06-14 17:21 - 2018-03-26 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Iosubsys
    2019-06-14 17:21 - 2018-01-29 15:38 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
    2019-06-14 17:21 - 2018-01-29 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\Hauppauge
    2019-06-14 17:21 - 2018-01-29 15:37 - 000000000 ____D C:\WINDOWS\system32\Hauppauge
    2019-06-14 17:18 - 2019-05-16 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
    2019-06-14 17:18 - 2019-05-14 14:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epubor
    2019-06-14 17:18 - 2019-05-13 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recorded Books
    2019-06-14 17:18 - 2019-05-11 16:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
    2019-06-14 17:18 - 2019-04-13 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2019-06-14 17:18 - 2019-04-11 11:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
    2019-06-14 17:18 - 2019-04-07 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2019-06-14 17:18 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Resources
    2019-06-14 17:18 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Help
    2019-06-14 17:18 - 2018-05-10 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
    2019-06-14 17:17 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
    2019-06-14 17:17 - 2018-01-29 15:38 - 000000000 ____D C:\Program Files\Realtek
    2019-06-14 17:15 - 2018-01-30 15:55 - 000000000 ____D C:\Users\VL\AppData\Local\Packages
    2019-06-14 17:10 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2019-06-14 17:10 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
    2019-06-14 17:10 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
    2019-06-14 17:10 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2019-06-14 17:10 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\inetsrv
    2019-06-14 17:10 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2019-06-14 17:10 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2019-06-14 17:10 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellComponents
    2019-06-14 17:10 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-06-14 16:50 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
    2019-06-14 16:50 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
    2019-06-14 16:50 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
    2019-06-14 16:50 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
    2019-06-14 16:50 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\lv-LV
    2019-06-14 16:50 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\lt-LT
    2019-06-14 16:50 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\et-EE
    2019-06-14 16:50 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
    2019-06-12 11:42 - 2018-01-30 16:14 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-06-12 11:37 - 2018-01-30 16:13 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-06-10 12:05 - 2019-04-26 14:54 - 000000000 ____D C:\Users\VIV\Desktop\WI Competition
    2019-06-07 15:29 - 2018-07-19 13:56 - 000000000 ____D C:\Users\VIV\AppData\Local\babl-0.1
    2019-06-07 15:28 - 2019-02-24 12:33 - 000000000 ____D C:\Users\VIV\AppData\Local\gtk-2.0
    2019-06-06 08:39 - 2018-02-02 17:27 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2019-06-05 18:30 - 2018-01-29 16:27 - 000000000 ____D C:\Users\VIV\Documents\Scanned Documents
    2019-06-04 15:00 - 2018-01-30 12:06 - 000000000 ____D C:\Users\VIV\AppData\Local\PlaceholderTileLogoFolder
    2019-05-26 17:10 - 2018-02-17 15:16 - 000000000 ____D C:\Users\VIV\Downloads\modules
    2019-05-25 15:25 - 2018-02-17 15:16 - 000000000 ____D C:\Users\VIV\Downloads\defaults
    2019-05-25 09:24 - 2019-05-21 14:48 - 000000000 ____D C:\Users\VIV\AppData\Local\Kingsoft
    2019-05-25 09:24 - 2019-05-21 14:48 - 000000000 ____D C:\ProgramData\kingsoft
    2019-05-25 09:23 - 2019-05-21 14:48 - 000000000 ____D C:\Users\VIV\AppData\Roaming\kingsoft
    ==================== Files in the root of some directories ================
    2018-02-24 16:56 - 2018-02-24 17:03 - 000022398 _____ () C:\Users\VIV\AppData\Roaming\Comma Separated Values (Windows).ADR
    2019-06-14 15:23 - 2019-06-14 15:29 - 000000166 _____ () C:\Users\VIV\AppData\Roaming\PLGComp.ini
    2018-02-11 16:49 - 2018-02-11 16:49 - 000000000 _____ () C:\Users\VIV\AppData\Roaming\signature.txt
    2019-03-24 09:52 - 2019-03-24 09:52 - 000004096 ____H () C:\Users\VIV\AppData\Local\keyfile3.drm
    2019-06-07 15:30 - 2019-06-07 15:30 - 000003786 _____ () C:\Users\VIV\AppData\Local\recently-used.xbel
    2018-11-16 15:41 - 2018-11-16 15:41 - 000000017 _____ () C:\Users\VIV\AppData\Local\resmon.resmoncfg
    ==================== SigCheck ===============================
    (There is no automatic fix for files that do not pass verification.)
    ==================== End of FRST.txt ============================
     
  16. theoldandgrey

    theoldandgrey Established Techie7 Member

    Additions
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2019
    Ran by VIV (22-06-2019 14:48:18)
    Running from C:\Users\VIV\Desktop
    Windows 10 Home Version 1903 18362.175 (X64) (2019-06-14 17:52:54)
    Boot Mode: Normal
    ==========================================================
    ==================== Accounts: =============================
    Administrator (S-1-5-21-1150477090-3809027948-3889013003-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1150477090-3809027948-3889013003-503 - Limited - Disabled)
    Guest (S-1-5-21-1150477090-3809027948-3889013003-501 - Limited - Disabled)
    test (S-1-5-21-1150477090-3809027948-3889013003-1004 - Limited - Enabled)
    tovil (S-1-5-21-1150477090-3809027948-3889013003-1005 - Limited - Disabled)
    VIV (S-1-5-21-1150477090-3809027948-3889013003-1002 - Administrator - Enabled) => C:\Users\VIV
    VL (S-1-5-21-1150477090-3809027948-3889013003-1003 - Administrator - Enabled) => C:\Users\VL
    WDAGUtilityAccount (S-1-5-21-1150477090-3809027948-3889013003-504 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
    Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe)
    Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
    Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
    BlueMail 0.10.31 (HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\8840973a-71a2-52c1-93d6-4bc4cb0bbb6c) (Version: 0.10.31 - BlueMail Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.31.1038.0 - Logitech) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 74.4.115 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
    EaseUS Todo Backup Free 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
    Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.11.507 - Epubor Inc.)
    erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Focus Magic 4.03 (HKLM-x32\...\Focus Magic_is1) (Version: 4.03 - Acclaim Software Ltd)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
    Google Earth Pro (HKLM-x32\...\{9D524A1E-F2FC-444D-B12A-7592CEB56EB5}) (Version: 7.3.2.5776 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
    Greeting Card Factory Deluxe 7.0 (HKLM-x32\...\{55D6B4DA-50E9-47AF-99C1-9A8E3A234763}) (Version: 7.0.0.11 - Nova Development)
    HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
    HP ENVY 5640 series Basic Device Software (HKLM\...\{098DF09B-2BB6-4F24-A778-A57DB1466BD1}) (Version: 40.11.1135.17143 - HP Inc.)
    HP ENVY 5640 series Help (HKLM-x32\...\{B04B1DB6-0AA9-4790-95CE-5A45C8F647FD}) (Version: 34.0.0 - Hewlett Packard)
    HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
    HP Scan Extended (HKLM-x32\...\{11338856-1974-4B3C-ACBC-9F98A8FF79FD}) (Version: 35.0.0.0 - Hewlett-Packard Co.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
    iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
    IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.5.0.6 - IObit)
    IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit)
    Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.3000 - Jasc Software Inc)
    Kobo (HKLM-x32\...\Kobo) (Version: 4.14.10877 - Rakuten Kobo Inc.)
    Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
    Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
    LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.5.0 - Mozilla)
    Mozilla Thunderbird 60.7.2 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 60.7.2 (x86 en-GB)) (Version: 60.7.2 - Mozilla)
    Natural Color (HKLM-x32\...\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}) (Version: - )
    Norton Security (HKLM-x32\...\NGC) (Version: 22.17.2.47 - Symantec Corporation)
    Norton Utilities (HKLM-x32\...\NU) (Version: 16.0.3.44 - Symantec Corporation)
    OneClickdigital Media Manager (HKLM-x32\...\{D27E3096-E1C7-4BF1-923B-13E522646EBF}) (Version: 80.0.0.0 - Recorded Books)
    Opera Mail 1.0 (HKLM-x32\...\Opera 1.0.1044) (Version: 1.0.1044 - Opera Software ASA)
    Opera Stable 60.0.3255.170 (HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\Opera 60.0.3255.170) (Version: 60.0.3255.170 - Opera Software)
    OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
    PrintMaster (HKLM-x32\...\{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}) (Version: - )
    Product Improvement Study for HP ENVY 5640 series (HKLM\...\{C6936AA8-42A6-4D09-8B6C-1C473AD1AA36}) (Version: 40.11.1135.17143 - HP Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
    RogueKiller version 13.2.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.2.0 - Adlice Software)
    Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 2.0.05.13150 - Sony Corporation)
    Sony USB Driver (HKLM-x32\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
    UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
    USB 2.0 Card Reader (HKLM-x32\...\{CFA9C1EE-8D76-477E-9E26-D24C26F11F47}) (Version: 1.3.0.0 - Generic)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
    Packages:
    =========
    Around The World in 80 Days: Hidden Object games -> C:\Program Files\WindowsApps\38552CrispApp.AroundTheWorldin80DaysHiddenObjectga_1.3.1.0_x64__pnrt47fe6g5q6 [2019-03-28] (CrispApp) [MS Ad]
    Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.6.3.0_x86__kgqvnymyfvs32 [2019-06-12] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1530.2.0_x86__kgqvnymyfvs32 [2019-06-13] (king.com)
    Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.29.2900.0_x86__ytsefhwckbdv6 [2019-05-30] (G5 Entertainment AB)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_95.1.531.0_x64__v10z8vjag6ke6 [2019-03-22] (HP Inc.)
    Kobo eBooks -> C:\Program Files\WindowsApps\KoboInc.KoboBooks_5.2.37.0_x86__vk8qsnw174y90 [2019-05-11] (Kobo Inc)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
    March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.1.0.6_x86__h6adky7gbf63m [2019-06-19] (Gameloft.)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.4100.0_x64__8wekyb3d8bbwe [2019-04-21] (Microsoft Studios) [MS Ad]
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-04] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]
    MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
    Mystery of the Opera: The Phantom's Secret -> C:\Program Files\WindowsApps\828B5831.MysteryoftheOperathePhantomsSecret_0.7.601.0_x86__ytsefhwckbdv6 [2019-03-22] (G5 Entertainment AB)
    Mystery Society 2: Hidden Objects -> C:\Program Files\WindowsApps\RolltowerStudios.MysterySociety2HiddenObjects_1.1.68.0_x86__gjx78g1qv1y2c [2019-05-09] (Rolltower Studios)
    Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.8.0.0_neutral__v68kp9n051hdp [2019-05-20] (Symantec Corporation)
    Open Any File -> C:\Program Files\WindowsApps\38184CDCTech.495572C750D15_1.2.102.0_x64__vwv5vk6p12k08 [2019-03-22] (For Better Digital Life - 1st Famous Tool Provider)
    OverDrive - Library eBooks & Audiobooks -> C:\Program Files\WindowsApps\2FA138F6.OverDriveMediaConsole_3.8.0.5_neutral__daecb9042jmvt [2019-05-16] (OverDrive Inc.)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0 [2019-06-18] (Spotify AB)
    The Secret Society® - Hidden Mystery -> C:\Program Files\WindowsApps\828B5831.TheSecretSociety-HiddenMystery_1.41.4100.0_x86__ytsefhwckbdv6 [2019-06-18] (G5 Entertainment AB)
    Unpacker -> C:\Program Files\WindowsApps\AFF540DC.Unpacker_1.1.14.24_x64__v7353qx4kg3sa [2019-03-22] (Jujuba Software) [MS Ad]
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0x6529B43F7ABCD301FA49E3C0E7DBD301070000002600000000000000 => No File
    CustomCLSID: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\VIV\Dropbox [2018-05-06 13:51]
    ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.2.47\NavShExt.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
    ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.2.47\NavShExt.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
    ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.2.47\buShell.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.2.47\NavShExt.dll [2019-06-06] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit Information Technology -> IObit)
    ==================== Shortcuts & WMI ========================
    (The entries could be listed to be restored or removed.)
    ==================== Loaded Modules (Whitelisted) ==============
    2010-10-29 21:02 - 2010-10-29 21:02 - 000751616 _____ () [File not signed] C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
    2018-08-09 16:39 - 2000-06-12 15:14 - 000360518 _____ () [File not signed] C:\Program Files (x86)\SEC\Natural Color\LowCMS.dll
    2018-08-09 16:39 - 2002-04-12 14:39 - 000155715 _____ () [File not signed] C:\Program Files (x86)\SEC\Natural Color\NaturalColorLoad.exe
    2019-04-18 08:52 - 2019-04-17 01:54 - 001955328 _____ () [File not signed] C:\Users\VIV\AppData\Local\Programs\BlueMail\ffmpeg.dll
    2019-04-18 08:52 - 2019-04-17 01:54 - 000017920 _____ () [File not signed] C:\Users\VIV\AppData\Local\Programs\BlueMail\libegl.dll
    2019-04-18 08:52 - 2019-04-17 01:54 - 003687936 _____ () [File not signed] C:\Users\VIV\AppData\Local\Programs\BlueMail\libglesv2.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000026816 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000128192 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000021184 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000020008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000443944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000040128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000072232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000169512 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000173760 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000018112 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000188608 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000024768 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000080936 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000089640 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000017448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000020520 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000138792 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000027176 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000353832 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000030760 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000281128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000193064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000220864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000148008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000032296 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000769064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000061992 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000076840 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000114880 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000050216 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000024616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000039976 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImageName.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000158248 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 001296424 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000085184 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000068136 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000059944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000056360 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000207912 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000146984 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000064040 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000224808 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000501800 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000043048 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000088616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000056512 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000034856 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000204480 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeHlp.dll
    2018-02-20 18:04 - 2016-06-03 05:15 - 000278720 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    2018-02-20 18:04 - 2016-04-13 09:49 - 000432320 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\uexper.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000139816 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000136232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000060968 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000275496 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000223272 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000253992 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
    2018-02-20 18:04 - 2015-12-10 07:16 - 000249896 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll
    2018-02-20 18:04 - 2015-12-10 07:16 - 000118328 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll
    2018-02-20 18:04 - 2016-06-03 05:15 - 000039616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    2018-02-20 18:04 - 2016-06-03 05:12 - 000569536 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmdManager.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000020008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ControlPxe.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000689704 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EMail.dll
    2018-02-20 18:04 - 2016-06-03 05:12 - 000045760 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuPipe.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000220864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackup.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000100904 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackupSize.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000593600 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlImgFile.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000044072 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlSearchImg.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000159272 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Ftp.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000017448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FTPTest.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000079400 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImageFileInfo.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000296128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFileHlp.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000103976 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFileHlpOther.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000155328 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MatchStr.dll
    2018-02-20 18:04 - 2016-06-03 05:13 - 000028864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Options.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000093224 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\PolicyManage.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000121896 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Thread.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Transmit.dll
    2018-02-20 18:04 - 2015-12-10 07:14 - 001637928 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
    2018-02-20 18:04 - 2015-12-10 07:04 - 000042536 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\XmlWrapper.dll
    2018-02-20 18:04 - 2015-12-10 07:05 - 000303656 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll
    2018-02-20 18:04 - 2015-12-10 07:04 - 000898088 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
    2018-08-09 16:39 - 2000-07-15 00:00 - 000929844 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\SEC\Natural Color\MFC42D.DLL
    2018-08-09 16:39 - 2000-07-15 00:00 - 000798773 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\SEC\Natural Color\MFCO42D.DLL
    2018-08-09 16:39 - 2000-07-15 00:00 - 000434252 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\SEC\Natural Color\MSVCRTD.dll
    2019-04-18 08:52 - 2019-04-17 01:54 - 017863680 _____ (Node.js) [File not signed] C:\Users\VIV\AppData\Local\Programs\BlueMail\node.dll
    2018-02-20 18:04 - 2016-01-26 09:27 - 002454016 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\python27.dll
    2010-10-29 21:01 - 2010-10-29 21:01 - 001012224 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Logitech\Vid HD\LIBEAY32.dll
    2010-10-29 21:01 - 2010-10-29 21:01 - 000207872 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Logitech\Vid HD\ssleay32.DLL
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [177]
    AlternateDataStreams: C:\Users\VIV\Desktop\Food List.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
    AlternateDataStreams: C:\Users\VIV\Desktop\Food List.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\123simsen.com -> www.123simsen.com
    There are 7941 more sites.
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2015-10-30 08:24 - 2019-05-29 09:23 - 000454790 ____R C:\WINDOWS\system32\drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com
    There are 15610 more lines.
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\VIV\desktop\pictures\dsc00038.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    If an entry is included in the fixlist, it will be removed.
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: cphs => 3
    MSCONFIG\Services: dbupdate => 2
    MSCONFIG\Services: dbupdatem => 3
    MSCONFIG\Services: DbxSvc => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: hcwD3bda_dvbt => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: RtkAudioService => 2
    MSCONFIG\Services: TeamViewer => 2
    HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run32: => "ReminderApp"
    HKU\S-1-5-21-1150477090-3809027948-3889013003-1002\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{78957C30-BF56-4998-9673-C8F2E32378C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{688B2FD4-E94F-49A8-BB8D-C8AE84830B03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{849BDE31-F4FA-40A8-985B-B182ECBDD183}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1CA06BA6-CAB1-47C1-8362-ECDBB86CBFCB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{8EC9383D-529D-4BCD-BB28-03A1FA4AB44E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{B1EB9096-3EDF-442E-B18C-A67B5751F263}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{43EF1F3B-973E-4225-A88A-1D071A7E34DF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5E53754E-20FD-47B1-9C7B-D256AD72E346}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.108.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1EAAA303-7AFA-4A4D-8D36-3C1358192D2E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
    FirewallRules: [{F9049D39-B0F9-4629-9489-8EE238EDE166}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    FirewallRules: [{B962A7C1-3DD2-4901-A9E8-E1F86CC8D79C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    FirewallRules: [{94B0271C-5874-4EF6-9E25-FF1223502DEB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{0429E721-05B9-44A0-935D-6F2DE4D4D171}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{E8FCBDB4-3B7E-44A1-8450-D6FCABCE3D76}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{F79BCDF6-36F3-45A9-89D8-45E8ABD68C36}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{A46783D9-D3C8-41D4-88AE-5F8B50E3A34C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{99381536-22B3-4825-855C-AA2F2CB86C89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{CC4E2C1A-CD30-47D3-A954-9F869246781B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{6E7C7B0A-AB17-4F19-91AF-48D4485DA4EC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1A0176E7-5E7A-48AA-97FB-4E49887B2EA8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [TCP Query User{E2D337D1-FB8E-4358-820D-E932FEEAC4D2}C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
    FirewallRules: [UDP Query User{7C49323F-AF4C-48CA-9605-76FD4FA40434}C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 5640 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    ==================== Restore Points =========================
    15-06-2019 13:08:16 Windows Update
    15-06-2019 13:09:47 Windows Update
    ==================== Faulty Device Manager Devices =============
    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (06/21/2019 08:42:59 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: PhotoshopElements.exe, version: 2.0.0.0, time stamp: 0x3d35504d
    Faulting module name: PhotoshopElements.exe, version: 2.0.0.0, time stamp: 0x3d35504d
    Exception code: 0xc000041d
    Fault offset: 0x007e4601
    Faulting process ID: 0x37ec
    Faulting application start time: 0x01d52841fcab0ee6
    Faulting application path: C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe
    Faulting module path: C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe
    Report ID: 49cfdf53-c32a-4403-857b-655579fdfabf
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (06/21/2019 08:42:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: PhotoshopElements.exe, version: 2.0.0.0, time stamp: 0x3d35504d
    Faulting module name: PhotoshopElements.exe, version: 2.0.0.0, time stamp: 0x3d35504d
    Exception code: 0xc0000005
    Fault offset: 0x007e4601
    Faulting process ID: 0x37ec
    Faulting application start time: 0x01d52841fcab0ee6
    Faulting application path: C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe
    Faulting module path: C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe
    Report ID: caf119b4-524a-43a5-bcee-00e24c68b2d2
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (06/21/2019 02:51:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program OpenAnyFile.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 3a0c
    Start Time: 01d528386aad768d
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\38184CDCTech.495572C750D15_1.2.102.0_x64__vwv5vk6p12k08\OpenAnyFile.exe
    Report Id: bdfed060-3c50-4d71-a321-56381a2bb629
    Faulting package full name: 38184CDCTech.495572C750D15_1.2.102.0_x64__vwv5vk6p12k08
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (06/16/2019 04:54:16 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
    Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 13600 and the required size was 38744.
    Error: (06/16/2019 04:41:16 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .
    Operation:
    Executing Asynchronous Operation
    Context:
    Current State: DoSnapshotSet
    Error: (06/15/2019 02:58:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Microsoft.Photos.exe version 2019.19041.16510.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 34cc
    Start Time: 01d5238255a8ab49
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Report Id: c2577a3d-a353-41b8-a6f0-f2d416ab0dff
    Faulting package full name: Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (06/14/2019 07:01:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Microsoft.Photos.exe version 2019.19041.16510.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 29b4
    Start Time: 01d522daf78c219c
    Termination Time: 4294967295
    Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Report Id: 2b9b58d8-36e7-406b-bdaa-5f3d4011ca4b
    Faulting package full name: Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App
    Hang type: Quiesce
    Error: (06/14/2019 06:44:10 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupModificationEvent" whose target class "WSP_ReplicationGroupModificationEvent" in //./ROOT/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
    System errors:
    =============
    Error: (06/21/2019 02:28:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Logitech Video Camera Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    Error: (06/21/2019 02:28:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    Error: (06/21/2019 02:27:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The DbxSvc service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Norton Utilities 16 Start Manager Service service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Avira Optimizer Host service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
    Error: (06/21/2019 02:27:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Hauppauge MSi2500 DVBT Service service terminated unexpectedly. It has done this 1 time(s).
    CodeIntegrity:
    ===================================
    Date: 2019-06-21 14:32:05.462
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.2.46\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2019-06-21 14:32:03.901
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.2.46\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2019-06-21 14:32:01.517
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.2.46\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2019-06-21 14:31:59.161
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.2.46\WSCStub.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2019-06-21 10:29:10.255
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-21 10:29:10.215
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-21 10:29:10.148
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    Date: 2019-06-21 10:29:10.115
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
    ==================== Memory info ===========================
    BIOS: AMI 7.13 09/28/2011
    Motherboard: Foxconn 2ABF
    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
    Percentage of memory in use: 79%
    Total physical RAM: 6048.81 MB
    Available physical RAM: 1264.59 MB
    Total Virtual: 12192.81 MB
    Available Virtual: 4068.67 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:918.8 GB) (Free:641.83 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:11.75 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive g: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:687.1 GB) NTFS
    \\?\Volume{0d8962b0-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
    \\?\Volume{0d8962b0-0000-0000-0000-c0d2e5000000}\ () (Fixed) (Total:0.47 GB) (Free:0.06 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0D8962B0)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=918.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=478 MB) - (Type=27)
    Partition 4: (Not Active) - (Size=11.8 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: 468C624F)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
    ==================== End of Addition.txt ============================
     
  17. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  18. theoldandgrey

    theoldandgrey Established Techie7 Member

    I have had a problem with this as it didn't save to my desktop. I have searched and eventually found this, I hope it is correct

    Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
    Ran by viv (29-11-2016 14:22:27) Run:1
    Running from C:\Users\viv\Desktop
    Loaded Profiles: viv (Available Profiles: viv & DefaultAppPool)
    Boot Mode: Normal
    ==============================================
    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    ShortcutTarget: Dropbox.lnk -> C:\Users\viv\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll => No File
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll => No File
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    U3 idsvc; no ImagePath
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.5.15\Definitions\SDSDefs\20161114.001\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.5.15\Definitions\SDSDefs\20161114.001\EX64.SYS [X]
    2011-11-08 20:54 - 2011-06-09 23:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011
    2014-04-26 17:40 - 2014-04-26 17:41 - 0003754 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    2016-10-22 15:37 - 2016-10-23 07:53 - 21874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
    2015-09-29 15:40 - 2015-09-29 15:40 - 0007606 _____ () C:\Users\viv\AppData\Local\Resmon.ResmonCfg
    2016-10-18 15:23 - 2016-10-18 15:23 - 0000000 _____ () C:\Users\viv\AppData\Local\{C2DB19B7-AF68-4653-BCF5-46BD852AD7C0}
    2016-01-20 15:38 - 2016-01-20 15:38 - 0000057 _____ () C:\ProgramData\Ament.ini
    2013-10-29 09:16 - 2016-11-27 17:14 - 0089855 _____ () C:\ProgramData\hpzinstall.log
    C:\Users\viv\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\VL\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcaxkt.dll
    Task: {00B0322C-4E52-4BA1-BB14-392B1527123C} - \{866353D9-E228-4D04-9892-9EA050EBCD55} -> No File <==== ATTENTION
    Task: {01E8192F-32D8-4709-BDAF-871B76F92607} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {02584166-8BF7-447B-9E7A-E2400FCB4327} - \{31D4D842-83FD-42A8-AEAD-B399EE1AD6A7} -> No File <==== ATTENTION
    Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - \Microsoft\Windows\Media Center\OCURActivate -> No File <==== ATTENTION
    Task: {0707E2C9-4406-414F-B160-DC7103A863E1} - \{A5960EB1-6D10-4F5C-BEC7-E55EAF53EE7B} -> No File <==== ATTENTION
    Task: {08674060-FD54-4A67-9D06-F60E9BD6D72F} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
    Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
    Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
    Task: {0BE61CD9-41AE-4826-8546-236FC938AF29} - \{B19EBD5F-A5F6-4824-AFE8-F23E90BE90F7} -> No File <==== ATTENTION
    Task: {0F5E6DC1-03F9-4845-B2F1-218D9BA4EB36} - \{CEF4333D-BCBF-4372-9A05-828F3A880EF9} -> No File <==== ATTENTION
    Task: {10CCCB11-703A-4206-B1F5-A88A1720C97D} - \{3E20EE6B-DC46-4DB3-A20F-5D64B2B1CA1E} -> No File <==== ATTENTION
    Task: {10F79DD5-4B9F-4E1D-9D0B-4A7E450548A0} - \{BC479442-0266-4318-8C06-3956BDECC6D2} -> No File <==== ATTENTION
    Task: {13A57EC3-CAEB-40A4-A081-921A18A6E5BB} - \Norton Identity Safe\Norton Error Processor -> No File <==== ATTENTION
    Task: {168C7B57-8907-4F61-9DB2-6E371C788D9B} - \{BB9DDB10-46AC-4F8E-8609-8858D6B10C15} -> No File <==== ATTENTION
    Task: {1751DECE-4306-42CC-8D72-DBC928D33D36} - \{BCBC4A01-1B0E-4410-B325-5D3C2A599200} -> No File <==== ATTENTION
    Task: {19A3FC03-8E10-4A4C-A200-44A2FCE885C3} - \SyncToyCmd.exe. -> No File <==== ATTENTION
    Task: {1BD33920-2467-4282-9EB4-C836CA9FB205} - \{0B4F9A7A-F94C-489A-94AF-70270FB4F840} -> No File <==== ATTENTION
    Task: {1C8FCC79-929F-4DC7-A47A-FA582A783E4A} - \{5B66A18E-F454-4B73-A87D-546794D9463E} -> No File <==== ATTENTION
    Task: {1E546E2E-5671-4008-BCFC-C552CBCFDC50} - \{BF59438F-36F2-4A0B-948F-EB87D05CB68F} -> No File <==== ATTENTION
    Task: {1F72DD3F-9871-4BA4-B6CD-A7581D0573B9} - \{CEE3FB00-5EA3-4193-81FC-05BE5152A495} -> No File <==== ATTENTION
    Task: {1FC0951F-5E8A-4ABD-A895-2FDEB3630F72} - \{C1282485-3C13-48FD-97E5-02039CE97F10} -> No File <==== ATTENTION
    Task: {219E6417-7BDB-492C-9B72-D6476D14FDF8} - \{AF4A2B92-5AA6-460E-859D-07E58AEC9755} -> No File <==== ATTENTION
    Task: {224FA285-53E8-4BB4-A07E-920CDB3DA5AE} - \{1B16B944-2A8A-4AA3-9C9E-FA5E4160E848} -> No File <==== ATTENTION
    Task: {233B5912-C9B5-4352-8562-719CB4C7C227} - \{9D30123D-E693-4770-9D64-9B132F1AFC51} -> No File <==== ATTENTION
    Task: {2648583D-0905-49BE-947A-A20D42214DE5} - \{37DE9114-F4DA-4DE7-AB7C-AE12372FB4C1} -> No File <==== ATTENTION
    Task: {26488808-91D2-43F0-8BA4-B3CC9720D90B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {270F6889-2A6D-4D30-8ECD-C4BA20C5FB29} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {276E4442-95B5-410A-8FCA-EEBF113EB0C8} - \{5A697237-F26A-4790-A0E5-D030CDA23580} -> No File <==== ATTENTION
    Task: {2B834F88-636B-4D3D-A4B8-C215E43128BE} - \{D4A1BC02-1EDB-47BF-B94D-DDAFD0B6AB53} -> No File <==== ATTENTION
    Task: {2C0734F2-133E-4233-BF82-D12D326D8D18} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {2C401845-018E-46BE-A5BA-257708CC6862} - \{4DF891CE-1211-444D-9618-658CB47CC1F0} -> No File <==== ATTENTION
    Task: {2D80DA57-8516-4E42-A499-5D0BFF844B98} - \{8A8A347D-459E-4FF3-A3A9-1277671C35E9} -> No File <==== ATTENTION
    Task: {2DAB9005-74E3-407F-860D-D935B340D7B9} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
    Task: {3146957C-2E04-45E1-8B0D-E95B00EE7CF8} - \DropboxUpdateTaskUserS-1-5-21-1708836296-2231183269-51003188-1001Core -> No File <==== ATTENTION
    Task: {3306090E-508B-46C8-92A2-286DE3A35AA1} - \{947FADCB-3182-43A4-B0AC-901D344848D9} -> No File <==== ATTENTION
    Task: {34604FDA-4B75-4AB7-8CE3-2C8B3521885C} - \{BFA8330A-D484-4F38-9502-4ABF3E938BEE} -> No File <==== ATTENTION
    Task: {35058198-90A3-4B6D-8717-AB5546E015A5} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
    Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - \Microsoft\Windows\Media Center\ActivateWindowsSearch -> No File <==== ATTENTION
    Task: {36430668-B5DB-469B-8676-062B27AEE7A6} - \{20420B0E-4734-4A0F-99CF-792FB9AB0140} -> No File <==== ATTENTION
    Task: {39302454-8503-4A66-A892-864BA2398524} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
    Task: {3B96CA06-468B-4F7E-9C8C-AF4723112084} - \{289DB278-A5A5-4FD9-AA07-BDE1A923DFDB} -> No File <==== ATTENTION
    Task: {3E5E31C0-C51B-472B-A962-40BB00579E43} - \{847C5DA9-DEA3-4517-934F-1AA77E686C9B} -> No File <==== ATTENTION
    Task: {3F5112CB-BEFC-4A33-91CC-3332F4CDDA39} - \{EE78EABC-E18B-445F-B392-0DB48E9D0B83} -> No File <==== ATTENTION
    Task: {3F90C385-C96E-4FBB-B2DA-F4305FDEE69D} - \{C5B0A4AE-58FF-44F6-8E44-7EFEEDA5FC17} -> No File <==== ATTENTION
    Task: {4019C968-F839-4423-9A58-0A1F6B9849C6} - \SDMsgUpdate (TE) -> No File <==== ATTENTION
    Task: {42E968A9-6CE0-4283-B7C5-3848F7889C16} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan -> No File <==== ATTENTION
    Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - \Microsoft\Windows\Media Center\RegisterSearch -> No File <==== ATTENTION
    Task: {4532C46D-DE7E-496F-96FF-459B2A26CC96} - \{5CEE4ECA-A8C1-4E9B-A3CF-9273167B4042} -> No File <==== ATTENTION
    Task: {4654E2ED-FEF9-4B0D-BFD3-76C4F845BF38} - \{921E695B-9828-4180-B7E1-7919757A139A} -> No File <==== ATTENTION
    Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
    Task: {4A6B36D4-D7EB-4063-AC7E-764D21D4DCA5} - \Microsoft\Windows\Media Center\mcupdate_scheduled -> No File <==== ATTENTION
    Task: {4B97F6BF-9CE2-4725-9C02-34AC9ED662ED} - \Microsoft\Windows\WindowsBackup\Windows Backup Monitor -> No File <==== ATTENTION
    Task: {4C047FE6-03CD-4219-98E0-9D73D8780D0F} - \{68A0AE81-73D3-43C3-BD7B-C4B23DA2E987} -> No File <==== ATTENTION
    Task: {4CE0591A-F64E-40BD-8B47-5570A441F1D8} - \Driver Booster SkipUAC (VL) -> No File <==== ATTENTION
    Task: {4E075547-3A53-4518-97BD-DB55F509826A} - \{D7EEEC83-B566-4F48-9300-DBDF3D259D4F} -> No File <==== ATTENTION
    Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - \Microsoft\Windows\Media Center\ReindexSearchRoot -> No File <==== ATTENTION
    Task: {505230CE-12F8-4ABD-939A-131DDAA1C8FD} - \{2D589C49-EF3A-4DEB-9299-9A4AB2569CBC} -> No File <==== ATTENTION
    Task: {51014F12-8FCF-4721-9D11-8DB3D49F4502} - \{57B0BCBF-6DFA-4C1B-A0FC-ADF52F35142C} -> No File <==== ATTENTION
    Task: {510B64F9-CCC3-4792-9ED9-69C6E78B27E2} - \SDMsgUpdate (Local) -> No File <==== ATTENTION
    Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 -> No File <==== ATTENTION
    Task: {53B59E00-156A-4B0C-97FD-C57E6FEDB1F0} - \{1BA91D2C-1393-47D0-BDEF-D93ECDAB0ABB} -> No File <==== ATTENTION
    Task: {54A8FC16-348E-45F0-8EA0-45B3240042D8} - \Softland\FBackup 5\FBackup 5 Tray Agent_VL -> No File <==== ATTENTION
    Task: {54EEBF54-4603-49B7-883C-C322F634E652} - \{5AC9BBDC-5C53-4E91-8371-FA0AB50B0F2A} -> No File <==== ATTENTION
    Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - \Microsoft\Windows\Media Center\InstallPlayReady -> No File <==== ATTENTION
    Task: {56825EA2-B17E-4AC6-B651-6D94E031BA5E} - \Hewlett-Packard\HP Support Assistant\Update Check -> No File <==== ATTENTION
    Task: {57FA4BD7-453C-4410-ADE0-878416F82658} - \{F73BDC06-8B70-49E9-BFE2-12CB72CFDB4E} -> No File <==== ATTENTION
    Task: {582074CD-36CC-4DA7-8D08-396F925E4C5E} - \{72CA89D8-754D-44A9-A610-474CEE57FC23} -> No File <==== ATTENTION
    Task: {5892852B-5DF8-4103-8DCF-48431A7F8D0E} - \CLARUS_DRIVE_MANAGER\Clarus_Drive_Manager -> No File <==== ATTENTION
    Task: {599235A8-9537-48E5-A5B3-D1193EB9AA2B} - \Softland\FBackup 5\fba_Mirror -> No File <==== ATTENTION
    Task: {5A2003D4-20D6-4E50-8909-DC75DE5528AE} - \{0D6BD924-139D-4C32-BDB5-7148BC7FB9E6} -> No File <==== ATTENTION
    Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
    Task: {5BCFCC02-6CF3-4329-B499-94BAC1ABE8CE} - \{2650E87D-A4D0-4AB8-908E-30F897B4EF27} -> No File <==== ATTENTION
    Task: {5C46DB15-A6EB-46EA-BEF8-0113144FDCB5} - \{89BBC87C-AA00-4C29-A976-C3869BD3CDC4} -> No File <==== ATTENTION
    Task: {5D09F156-19C8-4B2E-AD3D-5F4FC1456095} - \{106E501F-1259-4493-8449-4AA3A33688F3} -> No File <==== ATTENTION
    Task: {5D7E1389-476B-4B40-8F22-292F3F41A015} - \Microsoft\Windows\WindowsBackup\AutomaticBackup -> No File <==== ATTENTION
    Task: {5DDCC8BB-B621-493E-8E1B-C22B92BB40F7} - \{CD10FE93-62CD-4024-960B-DEB5050F2FEE} -> No File <==== ATTENTION
    Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
    Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
    Task: {628F7A79-8E87-4A28-B89A-DAA0AA66497D} - \{A01EBFDA-0F68-4F32-A4EE-57ABB03FBB81} -> No File <==== ATTENTION
    Task: {62C2A36C-4BBD-4370-A3A9-C2A94125E0B0} - \{FA30564A-7B63-48AF-9740-D5C09AD0377C} -> No File <==== ATTENTION
    Task: {62D4EBE9-E570-4397-B43B-C02B801A1C0A} - \{D496E30B-D583-49DE-BACC-A22E5EC6F4B6} -> No File <==== ATTENTION
    Task: {62DF9F40-B237-4DFB-9D81-F2256D72DE0E} - \{6DD85478-3D2C-4118-A08D-0B4892107ED5} -> No File <==== ATTENTION
    Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - \Microsoft\Windows\Media Center\PeriodicScanRetry -> No File <==== ATTENTION
    Task: {6A60187F-9BC5-4171-97F0-41C9B0B903A5} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
    Task: {6C2F6EB4-65C8-4F43-A248-91C9CEBC3EAD} - \{7C5AF559-C639-4415-9C88-EB282E379DCE} -> No File <==== ATTENTION
    Task: {6CCC6E40-FF59-474C-871C-4867A15371D4} - \{B0A98566-3126-44ED-AE81-54C7E18A01B6} -> No File <==== ATTENTION
    Task: {7090F4C5-41EA-4E83-9513-8173AD4E6CE2} - \{1E3E7BA5-6305-4A93-A3D9-A04E0B2B5EBB} -> No File <==== ATTENTION
    Task: {717D3F5B-A00E-44D6-A174-39B2429995F2} - \{865582D0-8285-470D-88C2-EAC7862F7686} -> No File <==== ATTENTION
    Task: {748475B3-C434-4277-9816-3ED0028BCD2A} - \HPCustParticipation HP ENVY 5640 series -> No File <==== ATTENTION
    Task: {7534BB44-9878-4205-9265-304821507C71} - \{8D613294-D610-4E1D-AD21-C20B8157C17E} -> No File <==== ATTENTION
    Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - \Microsoft\Windows\Media Center\OCURDiscovery -> No File <==== ATTENTION
    Task: {773D7085-A29F-4C15-B760-B391FAF43272} - \{F40687B6-9C14-495A-B529-A0E7DDDBF724} -> No File <==== ATTENTION
    Task: {776FE2E1-3215-44FB-BD71-4BFFDFD499DF} - \{451DA341-8BB5-4E6F-A614-E27FACEE12B0} -> No File <==== ATTENTION
    Task: {78231FB5-77A6-435A-8B99-906AEFA8A37C} - \{BE1E28F3-E560-44B6-8E60-3DE2E2D4BA17} -> No File <==== ATTENTION
    Task: {7BA78A5A-FB8C-455D-BEF9-34324E52347E} - \{C3DDF078-ADB1-40F9-A5A4-19BD0B35AB9E} -> No File <==== ATTENTION
    Task: {7EF0F2A3-897B-42FC-976B-3C886A7A64BF} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report -> No File <==== ATTENTION
    Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - \Microsoft\Windows\Media Center\PvrRecoveryTask -> No File <==== ATTENTION
    Task: {80BFE7D3-F002-4C59-8254-07DC2C2ED587} - \DropboxUpdateTaskUserS-1-5-21-1708836296-2231183269-51003188-1001UA -> No File <==== ATTENTION
    Task: {823941A3-15D4-46A7-8893-9548B275333E} - \{C1DD1763-0620-429D-A451-3300A4945B08} -> No File <==== ATTENTION
    Task: {840F33BC-DAB5-4B19-AC5A-365268752295} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA -> No File <==== ATTENTION
    Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
    Task: {86BA8949-006A-4287-BAAD-672EDB8DCF97} - \{C9E6FC5B-3DA0-42D2-888D-6859BF33D182} -> No File <==== ATTENTION
    Task: {87D2A461-54FC-4F6D-90E4-D88BBA06A58F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {8A570D6E-08C5-461B-AC94-9619581D59E2} - \Bvckup 2 -> No File <==== ATTENTION
    Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - \Microsoft\Windows\Media Center\mcupdate -> No File <==== ATTENTION
    Task: {8F869558-CFE7-4CBF-9451-D0A429864769} - \{B96D0100-172C-4B30-8D2C-9029DA063C1F} -> No File <==== ATTENTION
    Task: {9117FFE8-EAE8-4B79-8C3C-46EB2AD4314F} - \{40639EC7-813E-45CA-89A9-C56603462ECF} -> No File <==== ATTENTION
    Task: {92415188-86AD-49DE-9F7F-9BFB9E4E2F71} - \{A604356C-DBAE-4E2A-9081-5B3B62A1FC09} -> No File <==== ATTENTION
    Task: {94D61568-0E22-4219-87DB-A3DCC629ECF2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {951E5374-94D3-4E67-B046-89560BC2EB42} - \{1D87CFEE-5698-4E32-AC31-7B401E44FBD0} -> No File <==== ATTENTION
    Task: {952F4021-F0BC-42C5-BDC5-2B1968E155FE} - \{EC27769D-5A2C-4EB8-B33D-B9392252CFB5} -> No File <==== ATTENTION
    Task: {96B68799-CA77-4F93-AD2E-84302D976F7D} - \{AF9713AF-0AD8-4B0A-A59B-7741CD08691E} -> No File <==== ATTENTION
    Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - \Microsoft\Windows\Media Center\PBDADiscovery -> No File <==== ATTENTION
    Task: {994AE844-4DD5-4910-B518-56BA537D2F1D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - \Microsoft\Windows\Media Center\RecordingRestart -> No File <==== ATTENTION
    Task: {A075F591-71B3-40E5-B0C1-CF7D358C444B} - \HP Photo Creations Communicator -> No File <==== ATTENTION
    Task: {A1D32215-460B-4EE4-98AD-F79A2AE08616} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {A64818A2-BD9B-4CBB-97E3-47E1B5E7573F} - \{2A519F2B-A055-4ADE-B2D8-D0682B7AD0F5} -> No File <==== ATTENTION
    Task: {A684A615-31D5-4026-883A-77B408A9DBF1} - \{E3E117CE-2FED-4D31-A770-E1231B437765} -> No File <==== ATTENTION
    Task: {A8F8666E-C1B0-493B-A1BC-947C9C51A6A3} - \{13BDBB54-F07C-45D2-8B5D-270232CF5575} -> No File <==== ATTENTION
    Task: {A9736B75-7B28-4ABC-AD61-1BC859BB1915} - \{2858301D-3ADF-4988-8C10-DB9055F51F1D} -> No File <==== ATTENTION
    Task: {A98C5136-37A3-4821-ADAE-5720BFE79FD2} - \{3991145E-B8D6-473F-A107-F3F4084F6504} -> No File <==== ATTENTION
    Task: {AA495AAA-9B51-493B-829A-1116A19BB462} - \{22482491-2380-4DE7-BDD5-FABD43CA12BA} -> No File <==== ATTENTION
    Task: {AB1B1205-2BD1-4BD4-BC26-8DF39AF87541} - \{A7A35CB9-446A-48F2-BD12-075F08CC9465} -> No File <==== ATTENTION
    Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
    Task: {AC40C5EB-6170-4D55-8D07-68827B4984AE} - \{CF14AE7B-C4DD-4BC9-97EB-4F854179DCC7} -> No File <==== ATTENTION
    Task: {AC841E62-2602-4F43-901B-1B3EA89F9C0E} - \{AC3D628D-ADB4-4554-AE81-FEC3C5D14078} -> No File <==== ATTENTION
    Task: {AD1704C2-9EF2-4F6C-819E-3A652E8CD7C2} - \{19755BD7-DF5D-484B-8992-31285002351E} -> No File <==== ATTENTION
    Task: {ADA6B2D6-8B93-4D5A-B7DE-BDB543887D05} - \{6C3659B1-0877-4083-9BD2-EBD371346589} -> No File <==== ATTENTION
    Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService -> No File <==== ATTENTION
    Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
    Task: {B250D467-5632-47A6-ABB5-963B11CBC131} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis -> No File <==== ATTENTION
    Task: {B61DF045-D4EB-45F0-84BF-9BDA36D83945} - \{2DE5BFB5-A7DD-4171-8985-383FDDE8D074} -> No File <==== ATTENTION
    Task: {B99D050F-6426-4350-BB0B-907D83CED4A0} - \{F7EA3E34-B44B-48C8-BFDA-D2BD5189B490} -> No File <==== ATTENTION
    Task: {BA2E13C8-F876-49CE-911F-5BE3CE4996C2} - \{F401749E-C277-4FBF-B6E2-D5A11A07BC57} -> No File <==== ATTENTION
    Task: {BA59A122-3AD0-4BE5-B0FE-79B459C229F6} - \CCleanerSkipUAC -> No File <==== ATTENTION
    Task: {BA7DA392-35BF-43D6-B08D-7D6D6211A0A6} - \{76BBE1E0-F354-4673-9916-505EA7F5E4FF} -> No File <==== ATTENTION
    Task: {BAF089B6-DA0D-4A74-9A67-4C72E60BEC25} - \{0CAC93A5-EC28-41E8-909E-E8ACADB85364} -> No File <==== ATTENTION
    Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - \Microsoft\Windows\Media Center\UpdateRecordPath -> No File <==== ATTENTION
    Task: {BC411491-4ED5-4A49-B26F-85A0B5D4946A} - \{3FF01488-BB5C-4833-B2D7-032F52490EDD} -> No File <==== ATTENTION
    Task: {BD632CBE-23CF-40A9-A64F-7A6748821ECB} - \Adobe Flash Player Updater -> No File <==== ATTENTION
    Task: {BDF9F78F-4279-435D-BCF3-FA1688B9126A} - \{0FCDA0D4-CE24-45BC-8207-9DFA855F6916} -> No File <==== ATTENTION
    Task: {BE647D08-940F-401F-AB8E-EF9710C42FFD} - \{835C9410-CD2C-4F48-A2D1-5A3E9F3DEA51} -> No File <==== ATTENTION
    Task: {C066CA2C-E0AD-4272-9AF9-AA64ED8E238B} - \{ABB4A332-9248-488F-9815-71D212BB21F2} -> No File <==== ATTENTION
    Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
    Task: {C1061FA9-BFC8-4320-95CE-99159129343D} - \{82221211-BC47-47A7-B9AB-69E8FBD8F096} -> No File <==== ATTENTION
    Task: {C1A099E6-F533-4280-96AE-44B174F91861} - \{3AACC43D-864F-4684-B978-CB2BA09DE192} -> No File <==== ATTENTION
    Task: {C2C2872B-8EBC-495B-8802-755013122F45} - \{5A3B82EA-670D-4299-B00B-12D2EC57AC3A} -> No File <==== ATTENTION
    Task: {C349107D-374F-4A4D-82BF-F640B3E47391} - \{53C8CACC-DB1C-4447-80D1-7AB71CFA5C6D} -> No File <==== ATTENTION
    Task: {C4ADE0A7-3C55-4898-8800-D093FED37998} - \{310BB20A-6550-4C12-AFAD-DA24798DC41A} -> No File <==== ATTENTION
    Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 -> No File <==== ATTENTION
    Task: {C695A2C4-F8E5-4F23-8184-F2C54FD8AB0B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {C8CBF35B-DD55-41C9-84B6-02CAAE6887B9} - \{88B7A07C-5303-4C00-8E32-769C3D395B0F} -> No File <==== ATTENTION
    Task: {CA08E380-5399-4B1E-8463-DEAC6B3BB1B3} - \{A75F65F7-A07A-4A75-A875-0461C9E8E09B} -> No File <==== ATTENTION
    Task: {CB9EB354-084B-44C8-999D-0C400CF32198} - \{7363CB94-79D3-4D72-8C8B-AC9F95BDDAF1} -> No File <==== ATTENTION
    Task: {CBC36DDF-3854-4313-85C5-86A7D1696BCD} - \{D3DECA36-E805-4765-9A7C-F89C595D5CEA} -> No File <==== ATTENTION
    Task: {CBD551F5-6930-4BFC-AD01-37AF8D94B1DE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {CD9C3516-B549-4324-BE65-78BF14FFF3D5} - \RunAsStdUser Task -> No File <==== ATTENTION
    Task: {D1557CD2-0D1E-4B57-BB0E-884445CE209C} - \{3823D14F-2C22-4010-ACD1-03256CFD0900} -> No File <==== ATTENTION
    Task: {D1C3C737-7B31-485A-BEC2-3BB0334F2201} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
    Task: {D273F64D-27DE-4A80-A995-9BDC28C8BAC7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {D2D3BA4D-B1C0-4009-BE9D-B7D482E4C673} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
    Task: {D43A9AA6-A4BB-48D6-8B9D-F8A14F4638F5} - \{34DEDBB7-D901-47C5-9E8B-6D9B6AC8C617} -> No File <==== ATTENTION
    Task: {D5F223A5-CF2D-4531-95D9-C5AEC83792DB} - \{A1684031-9302-4646-851E-B714BCA9427B} -> No File <==== ATTENTION
    Task: {DA76E219-15D9-42DF-8CFB-1A136A499AB9} - \User_Feed_Synchronization-{FC8309D2-C0BD-48BE-A96C-E4B165B4C3C1} -> No File <==== ATTENTION
    Task: {DB4A89C0-EBDF-4FF7-9C5F-E1A940E9FFC4} - \{0BB270BB-9434-44AD-8DD9-43AB7E1F9B2F} -> No File <==== ATTENTION
    Task: {DC73A053-A3D7-4D4A-A277-C4082C757EF9} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
    Task: {DC79EE43-E847-4934-B83A-1DA1220C0C8A} - \{EBE388CE-B2CB-449A-BA90-45F3A926D63F} -> No File <==== ATTENTION
    Task: {DD23EF31-557A-4A57-9946-AB59784478E2} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task -> No File <==== ATTENTION
    Task: {DEF57E9F-97C3-40D8-B113-ABECE88B273B} - \{C73986D0-C583-460E-BA86-459770547A21} -> No File <==== ATTENTION
    Task: {DEF77F6A-774A-482A-B822-C4507E0BA30A} - \{9826FF62-C8B4-45A6-8CA3-ADDA6B5EC4AC} -> No File <==== ATTENTION
    Task: {E009A3D9-8991-42D2-B2DE-00284BA4FDE3} - \{DD20B6AA-FBC4-4142-BAEB-90622A6AD346} -> No File <==== ATTENTION
    Task: {E0621631-3A82-4A26-8027-8F93F6C7A5A0} - \ServicePlan -> No File <==== ATTENTION
    Task: {E0C10BE9-5284-477F-B44C-2BCEA946F005} - \{D6F25A7F-186B-4744-AC3F-853486DA2E63} -> No File <==== ATTENTION
    Task: {E20126F8-C5A4-4961-8661-770FE2A73870} - \{1688286B-E294-44D3-84D5-1B0FE74E6CC4} -> No File <==== ATTENTION
    Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
    Task: {E76064A8-060E-44AC-8210-4E310BFF7ED7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {E8593985-A19B-4AD7-B60D-D1F5609E9DD2} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
    Task: {E993E95C-2B4C-487A-A5C5-44742F3AA4F1} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
    Task: {EAD69E4B-9551-47F3-8AB0-A8C52DDD9D25} - \{584D009D-91BC-4826-8BBF-B6E096AA1D05} -> No File <==== ATTENTION
    Task: {EB3604A8-49E6-4E5C-9DC6-2D393BD14C1D} - \Microsoft\Windows\RemovalTools\MRT_HB -> No File <==== ATTENTION
    Task: {EDB0A8B6-46BE-4BD4-8E78-B8AD1539E994} - \{317331E2-1729-4DA0-9C66-68F78DF4A039} -> No File <==== ATTENTION
    Task: {EDF7FEC2-EA9E-4F33-A614-D583C992BC94} - \User_Feed_Synchronization-{D82970FC-8F67-49E1-AFE8-195859DA49F4} -> No File <==== ATTENTION
    Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
    Task: {EEA76689-16CA-4DC0-AD49-9F48D4F7478A} - \{002C7E02-2AF8-470C-91C4-71841D68E68C} -> No File <==== ATTENTION
    Task: {EF02F893-0CF0-4970-9838-E9FBBEFA3CA5} - \{12167E99-8BE8-48E1-B213-DBB3A7ECFE1B} -> No File <==== ATTENTION
    Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - \Microsoft\Windows\Media Center\ehDRMInit -> No File <==== ATTENTION
    Task: {F36BA6E6-5032-41F3-88B7-3659E477C62C} - \{2FBE43F4-897E-4C62-9A53-9C021B3FB394} -> No File <==== ATTENTION
    Task: {F41FD6DF-4097-484B-8027-F1447F5420DE} - \{A0B72FD3-04F6-4F88-AB0F-F60260DCE217} -> No File <==== ATTENTION
    Task: {F4E03C7D-BD19-466E-84BC-67E2403E6F25} - \{7F57DF5C-329C-4749-87DF-39D3A55DD727} -> No File <==== ATTENTION
    Task: {F55F3C21-1B8D-4B52-8B35-CD1B562D18C5} - \{25289DA9-EE60-40E9-9BAF-50CECD5A14E4} -> No File <==== ATTENTION
    Task: {F56072BC-F3F1-4F31-8790-A22C61872057} - \{FC9ED5C8-AC96-49F4-8CDE-697DABB62024} -> No File <==== ATTENTION
    Task: {F5A1448C-E9B3-4305-B0AE-248BBCD6D0B9} - \{DCFE7302-6074-4EE6-8C1F-1C6CE2CD5DF8} -> No File <==== ATTENTION
    Task: {FC2C7D4E-6CBA-435A-855E-35F3B4FDCABB} - \{EE79DE75-660D-4FBF-ADDD-6215312C6A8A} -> No File <==== ATTENTION
    Task: {FC53C4C7-776B-4949-821A-A8FA5CE97E23} - \Tweaking.com - Windows Repair Tray Icon -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:373E1720 [121]
    AlternateDataStreams: C:\Users\VL\Documents\Dinton WI:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\VL\Documents\Hort Soc 2006:com.dropbox.attributes [168]
    *****************
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    C:\Users\viv\AppData\Roaming\Dropbox\bin\Dropbox.exe => not found.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
    HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{0347C33E-8762-4905-BF09-768834316C61}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}" => key removed successfully
    "HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
    dbx => service removed successfully
    idsvc => service removed successfully
    NAVENG => service could not remove
    NAVEX15 => service could not remove
    C:\Program Files\HP SimplePass 2011 => moved successfully
    C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully
    C:\Program Files (x86)\Common Files\lpuninstall.exe => moved successfully
    C:\Users\viv\AppData\Local\Resmon.ResmonCfg => moved successfully
    C:\Users\viv\AppData\Local\{C2DB19B7-AF68-4653-BCF5-46BD852AD7C0} => moved successfully
    C:\ProgramData\Ament.ini => moved successfully
    C:\ProgramData\hpzinstall.log => moved successfully
    C:\Users\viv\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\VL\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcaxkt.dll => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00B0322C-4E52-4BA1-BB14-392B1527123C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00B0322C-4E52-4BA1-BB14-392B1527123C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{866353D9-E228-4D04-9892-9EA050EBCD55}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{01E8192F-32D8-4709-BDAF-871B76F92607}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01E8192F-32D8-4709-BDAF-871B76F92607}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02584166-8BF7-447B-9E7A-E2400FCB4327}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02584166-8BF7-447B-9E7A-E2400FCB4327}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31D4D842-83FD-42A8-AEAD-B399EE1AD6A7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{042937CB-5476-4C2A-8480-C5E036578E2B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{042937CB-5476-4C2A-8480-C5E036578E2B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0707E2C9-4406-414F-B160-DC7103A863E1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0707E2C9-4406-414F-B160-DC7103A863E1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A5960EB1-6D10-4F5C-BEC7-E55EAF53EE7B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08674060-FD54-4A67-9D06-F60E9BD6D72F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08674060-FD54-4A67-9D06-F60E9BD6D72F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict1" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict2" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BE61CD9-41AE-4826-8546-236FC938AF29}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BE61CD9-41AE-4826-8546-236FC938AF29}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B19EBD5F-A5F6-4824-AFE8-F23E90BE90F7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F5E6DC1-03F9-4845-B2F1-218D9BA4EB36}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F5E6DC1-03F9-4845-B2F1-218D9BA4EB36}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CEF4333D-BCBF-4372-9A05-828F3A880EF9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10CCCB11-703A-4206-B1F5-A88A1720C97D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10CCCB11-703A-4206-B1F5-A88A1720C97D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3E20EE6B-DC46-4DB3-A20F-5D64B2B1CA1E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10F79DD5-4B9F-4E1D-9D0B-4A7E450548A0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10F79DD5-4B9F-4E1D-9D0B-4A7E450548A0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BC479442-0266-4318-8C06-3956BDECC6D2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13A57EC3-CAEB-40A4-A081-921A18A6E5BB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13A57EC3-CAEB-40A4-A081-921A18A6E5BB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Identity Safe\Norton Error Processor" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{168C7B57-8907-4F61-9DB2-6E371C788D9B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{168C7B57-8907-4F61-9DB2-6E371C788D9B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BB9DDB10-46AC-4F8E-8609-8858D6B10C15}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1751DECE-4306-42CC-8D72-DBC928D33D36}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1751DECE-4306-42CC-8D72-DBC928D33D36}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BCBC4A01-1B0E-4410-B325-5D3C2A599200}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19A3FC03-8E10-4A4C-A200-44A2FCE885C3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19A3FC03-8E10-4A4C-A200-44A2FCE885C3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SyncToyCmd.exe." => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BD33920-2467-4282-9EB4-C836CA9FB205}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BD33920-2467-4282-9EB4-C836CA9FB205}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0B4F9A7A-F94C-489A-94AF-70270FB4F840}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C8FCC79-929F-4DC7-A47A-FA582A783E4A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C8FCC79-929F-4DC7-A47A-FA582A783E4A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5B66A18E-F454-4B73-A87D-546794D9463E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E546E2E-5671-4008-BCFC-C552CBCFDC50}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E546E2E-5671-4008-BCFC-C552CBCFDC50}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BF59438F-36F2-4A0B-948F-EB87D05CB68F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F72DD3F-9871-4BA4-B6CD-A7581D0573B9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F72DD3F-9871-4BA4-B6CD-A7581D0573B9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CEE3FB00-5EA3-4193-81FC-05BE5152A495}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FC0951F-5E8A-4ABD-A895-2FDEB3630F72}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FC0951F-5E8A-4ABD-A895-2FDEB3630F72}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C1282485-3C13-48FD-97E5-02039CE97F10}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{219E6417-7BDB-492C-9B72-D6476D14FDF8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{219E6417-7BDB-492C-9B72-D6476D14FDF8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF4A2B92-5AA6-460E-859D-07E58AEC9755}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{224FA285-53E8-4BB4-A07E-920CDB3DA5AE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{224FA285-53E8-4BB4-A07E-920CDB3DA5AE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1B16B944-2A8A-4AA3-9C9E-FA5E4160E848}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{233B5912-C9B5-4352-8562-719CB4C7C227}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{233B5912-C9B5-4352-8562-719CB4C7C227}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9D30123D-E693-4770-9D64-9B132F1AFC51}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2648583D-0905-49BE-947A-A20D42214DE5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2648583D-0905-49BE-947A-A20D42214DE5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{37DE9114-F4DA-4DE7-AB7C-AE12372FB4C1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26488808-91D2-43F0-8BA4-B3CC9720D90B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26488808-91D2-43F0-8BA4-B3CC9720D90B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{270F6889-2A6D-4D30-8ECD-C4BA20C5FB29}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{270F6889-2A6D-4D30-8ECD-C4BA20C5FB29}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{276E4442-95B5-410A-8FCA-EEBF113EB0C8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{276E4442-95B5-410A-8FCA-EEBF113EB0C8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5A697237-F26A-4790-A0E5-D030CDA23580}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B834F88-636B-4D3D-A4B8-C215E43128BE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B834F88-636B-4D3D-A4B8-C215E43128BE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D4A1BC02-1EDB-47BF-B94D-DDAFD0B6AB53}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C0734F2-133E-4233-BF82-D12D326D8D18}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C0734F2-133E-4233-BF82-D12D326D8D18}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C401845-018E-46BE-A5BA-257708CC6862}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C401845-018E-46BE-A5BA-257708CC6862}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4DF891CE-1211-444D-9618-658CB47CC1F0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D80DA57-8516-4E42-A499-5D0BFF844B98}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D80DA57-8516-4E42-A499-5D0BFF844B98}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8A8A347D-459E-4FF3-A3A9-1277671C35E9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2DAB9005-74E3-407F-860D-D935B340D7B9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DAB9005-74E3-407F-860D-D935B340D7B9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3146957C-2E04-45E1-8B0D-E95B00EE7CF8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3146957C-2E04-45E1-8B0D-E95B00EE7CF8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskUserS-1-5-21-1708836296-2231183269-51003188-1001Core" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3306090E-508B-46C8-92A2-286DE3A35AA1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3306090E-508B-46C8-92A2-286DE3A35AA1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{947FADCB-3182-43A4-B0AC-901D344848D9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34604FDA-4B75-4AB7-8CE3-2C8B3521885C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34604FDA-4B75-4AB7-8CE3-2C8B3521885C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BFA8330A-D484-4F38-9502-4ABF3E938BEE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35058198-90A3-4B6D-8717-AB5546E015A5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35058198-90A3-4B6D-8717-AB5546E015A5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35A742C1-2971-4943-A2E3-29AD462FFAAC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35A742C1-2971-4943-A2E3-29AD462FFAAC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36430668-B5DB-469B-8676-062B27AEE7A6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36430668-B5DB-469B-8676-062B27AEE7A6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{20420B0E-4734-4A0F-99CF-792FB9AB0140}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39302454-8503-4A66-A892-864BA2398524}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39302454-8503-4A66-A892-864BA2398524}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B96CA06-468B-4F7E-9C8C-AF4723112084}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B96CA06-468B-4F7E-9C8C-AF4723112084}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{289DB278-A5A5-4FD9-AA07-BDE1A923DFDB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E5E31C0-C51B-472B-A962-40BB00579E43}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E5E31C0-C51B-472B-A962-40BB00579E43}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{847C5DA9-DEA3-4517-934F-1AA77E686C9B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F5112CB-BEFC-4A33-91CC-3332F4CDDA39}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F5112CB-BEFC-4A33-91CC-3332F4CDDA39}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EE78EABC-E18B-445F-B392-0DB48E9D0B83}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F90C385-C96E-4FBB-B2DA-F4305FDEE69D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F90C385-C96E-4FBB-B2DA-F4305FDEE69D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C5B0A4AE-58FF-44F6-8E44-7EFEEDA5FC17}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4019C968-F839-4423-9A58-0A1F6B9849C6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4019C968-F839-4423-9A58-0A1F6B9849C6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SDMsgUpdate (TE)" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42E968A9-6CE0-4283-B7C5-3848F7889C16}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42E968A9-6CE0-4283-B7C5-3848F7889C16}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{448270B0-5154-498D-B24D-AE71E7DB5927}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{448270B0-5154-498D-B24D-AE71E7DB5927}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4532C46D-DE7E-496F-96FF-459B2A26CC96}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4532C46D-DE7E-496F-96FF-459B2A26CC96}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5CEE4ECA-A8C1-4E9B-A3CF-9273167B4042}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4654E2ED-FEF9-4B0D-BFD3-76C4F845BF38}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4654E2ED-FEF9-4B0D-BFD3-76C4F845BF38}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{921E695B-9828-4180-B7E1-7919757A139A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControlsMigration" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A6B36D4-D7EB-4063-AC7E-764D21D4DCA5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A6B36D4-D7EB-4063-AC7E-764D21D4DCA5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B97F6BF-9CE2-4725-9C02-34AC9ED662ED}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B97F6BF-9CE2-4725-9C02-34AC9ED662ED}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\Windows Backup Monitor" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C047FE6-03CD-4219-98E0-9D73D8780D0F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C047FE6-03CD-4219-98E0-9D73D8780D0F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{68A0AE81-73D3-43C3-BD7B-C4B23DA2E987}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CE0591A-F64E-40BD-8B47-5570A441F1D8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CE0591A-F64E-40BD-8B47-5570A441F1D8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (VL)" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E075547-3A53-4518-97BD-DB55F509826A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E075547-3A53-4518-97BD-DB55F509826A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D7EEEC83-B566-4F48-9300-DBDF3D259D4F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{505230CE-12F8-4ABD-939A-131DDAA1C8FD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{505230CE-12F8-4ABD-939A-131DDAA1C8FD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D589C49-EF3A-4DEB-9299-9A4AB2569CBC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51014F12-8FCF-4721-9D11-8DB3D49F4502}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51014F12-8FCF-4721-9D11-8DB3D49F4502}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{57B0BCBF-6DFA-4C1B-A0FC-ADF52F35142C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{510B64F9-CCC3-4792-9ED9-69C6E78B27E2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{510B64F9-CCC3-4792-9ED9-69C6E78B27E2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SDMsgUpdate (Local)" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53ABC437-1B0B-41C8-BFA8-0949927B2CAE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53ABC437-1B0B-41C8-BFA8-0949927B2CAE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53B59E00-156A-4B0C-97FD-C57E6FEDB1F0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53B59E00-156A-4B0C-97FD-C57E6FEDB1F0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1BA91D2C-1393-47D0-BDEF-D93ECDAB0ABB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{54A8FC16-348E-45F0-8EA0-45B3240042D8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54A8FC16-348E-45F0-8EA0-45B3240042D8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Softland\FBackup 5\FBackup 5 Tray Agent_VL" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54EEBF54-4603-49B7-883C-C322F634E652}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54EEBF54-4603-49B7-883C-C322F634E652}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5AC9BBDC-5C53-4E91-8371-FA0AB50B0F2A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55FDF64B-3C5A-49F4-9EC4-597B575CA285}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55FDF64B-3C5A-49F4-9EC4-597B575CA285}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56825EA2-B17E-4AC6-B651-6D94E031BA5E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56825EA2-B17E-4AC6-B651-6D94E031BA5E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\Update Check" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57FA4BD7-453C-4410-ADE0-878416F82658}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57FA4BD7-453C-4410-ADE0-878416F82658}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F73BDC06-8B70-49E9-BFE2-12CB72CFDB4E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{582074CD-36CC-4DA7-8D08-396F925E4C5E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{582074CD-36CC-4DA7-8D08-396F925E4C5E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{72CA89D8-754D-44A9-A610-474CEE57FC23}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5892852B-5DF8-4103-8DCF-48431A7F8D0E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5892852B-5DF8-4103-8DCF-48431A7F8D0E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CLARUS_DRIVE_MANAGER\Clarus_Drive_Manager" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{599235A8-9537-48E5-A5B3-D1193EB9AA2B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{599235A8-9537-48E5-A5B3-D1193EB9AA2B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Softland\FBackup 5\fba_Mirror" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A2003D4-20D6-4E50-8909-DC75DE5528AE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A2003D4-20D6-4E50-8909-DC75DE5528AE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0D6BD924-139D-4C32-BDB5-7148BC7FB9E6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControls" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BCFCC02-6CF3-4329-B499-94BAC1ABE8CE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BCFCC02-6CF3-4329-B499-94BAC1ABE8CE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2650E87D-A4D0-4AB8-908E-30F897B4EF27}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C46DB15-A6EB-46EA-BEF8-0113144FDCB5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C46DB15-A6EB-46EA-BEF8-0113144FDCB5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{89BBC87C-AA00-4C29-A976-C3869BD3CDC4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D09F156-19C8-4B2E-AD3D-5F4FC1456095}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D09F156-19C8-4B2E-AD3D-5F4FC1456095}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{106E501F-1259-4493-8449-4AA3A33688F3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D7E1389-476B-4B40-8F22-292F3F41A015}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D7E1389-476B-4B40-8F22-292F3F41A015}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\AutomaticBackup" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DDCC8BB-B621-493E-8E1B-C22B92BB40F7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DDCC8BB-B621-493E-8E1B-C22B92BB40F7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD10FE93-62CD-4024-960B-DEB5050F2FEE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60C6872D-D8C5-4B88-8980-45D08F81447E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60C6872D-D8C5-4B88-8980-45D08F81447E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{611C823C-437B-46E7-9683-5312DFFCFD7B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{611C823C-437B-46E7-9683-5312DFFCFD7B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Policy Install" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{628F7A79-8E87-4A28-B89A-DAA0AA66497D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{628F7A79-8E87-4A28-B89A-DAA0AA66497D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A01EBFDA-0F68-4F32-A4EE-57ABB03FBB81}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62C2A36C-4BBD-4370-A3A9-C2A94125E0B0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62C2A36C-4BBD-4370-A3A9-C2A94125E0B0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FA30564A-7B63-48AF-9740-D5C09AD0377C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62D4EBE9-E570-4397-B43B-C02B801A1C0A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62D4EBE9-E570-4397-B43B-C02B801A1C0A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D496E30B-D583-49DE-BACC-A22E5EC6F4B6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62DF9F40-B237-4DFB-9D81-F2256D72DE0E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62DF9F40-B237-4DFB-9D81-F2256D72DE0E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6DD85478-3D2C-4118-A08D-0B4892107ED5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66373DB8-4A8D-49A8-88A9-7AC45A9257AE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66373DB8-4A8D-49A8-88A9-7AC45A9257AE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A60187F-9BC5-4171-97F0-41C9B0B903A5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A60187F-9BC5-4171-97F0-41C9B0B903A5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C2F6EB4-65C8-4F43-A248-91C9CEBC3EAD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C2F6EB4-65C8-4F43-A248-91C9CEBC3EAD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C5AF559-C639-4415-9C88-EB282E379DCE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CCC6E40-FF59-474C-871C-4867A15371D4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CCC6E40-FF59-474C-871C-4867A15371D4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B0A98566-3126-44ED-AE81-54C7E18A01B6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7090F4C5-41EA-4E83-9513-8173AD4E6CE2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7090F4C5-41EA-4E83-9513-8173AD4E6CE2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1E3E7BA5-6305-4A93-A3D9-A04E0B2B5EBB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{717D3F5B-A00E-44D6-A174-39B2429995F2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{717D3F5B-A00E-44D6-A174-39B2429995F2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{865582D0-8285-470D-88C2-EAC7862F7686}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{748475B3-C434-4277-9816-3ED0028BCD2A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{748475B3-C434-4277-9816-3ED0028BCD2A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP ENVY 5640 series" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7534BB44-9878-4205-9265-304821507C71}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7534BB44-9878-4205-9265-304821507C71}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8D613294-D610-4E1D-AD21-C20B8157C17E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76028AB5-AC97-4F06-8327-7D5A47A19935}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76028AB5-AC97-4F06-8327-7D5A47A19935}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{773D7085-A29F-4C15-B760-B391FAF43272}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{773D7085-A29F-4C15-B760-B391FAF43272}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F40687B6-9C14-495A-B529-A0E7DDDBF724}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{776FE2E1-3215-44FB-BD71-4BFFDFD499DF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{776FE2E1-3215-44FB-BD71-4BFFDFD499DF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{451DA341-8BB5-4E6F-A614-E27FACEE12B0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78231FB5-77A6-435A-8B99-906AEFA8A37C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78231FB5-77A6-435A-8B99-906AEFA8A37C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BE1E28F3-E560-44B6-8E60-3DE2E2D4BA17}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BA78A5A-FB8C-455D-BEF9-34324E52347E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BA78A5A-FB8C-455D-BEF9-34324E52347E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C3DDF078-ADB1-40F9-A5A4-19BD0B35AB9E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EF0F2A3-897B-42FC-976B-3C886A7A64BF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EF0F2A3-897B-42FC-976B-3C886A7A64BF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8019363D-BCAD-4773-B90D-F17D42075CBA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8019363D-BCAD-4773-B90D-F17D42075CBA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80BFE7D3-F002-4C59-8254-07DC2C2ED587}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80BFE7D3-F002-4C59-8254-07DC2C2ED587}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskUserS-1-5-21-1708836296-2231183269-51003188-1001UA" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{823941A3-15D4-46A7-8893-9548B275333E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{823941A3-15D4-46A7-8893-9548B275333E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C1DD1763-0620-429D-A451-3300A4945B08}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{840F33BC-DAB5-4B19-AC5A-365268752295}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{840F33BC-DAB5-4B19-AC5A-365268752295}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{848DCC36-520C-4946-BF68-C7EFFEFA2F84}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{848DCC36-520C-4946-BF68-C7EFFEFA2F84}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86BA8949-006A-4287-BAAD-672EDB8DCF97}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86BA8949-006A-4287-BAAD-672EDB8DCF97}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C9E6FC5B-3DA0-42D2-888D-6859BF33D182}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87D2A461-54FC-4F6D-90E4-D88BBA06A58F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87D2A461-54FC-4F6D-90E4-D88BBA06A58F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A570D6E-08C5-461B-AC94-9619581D59E2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A570D6E-08C5-461B-AC94-9619581D59E2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bvckup 2" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D77A25D-FD6A-481A-B0D6-9678902CB9A5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D77A25D-FD6A-481A-B0D6-9678902CB9A5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F869558-CFE7-4CBF-9451-D0A429864769}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F869558-CFE7-4CBF-9451-D0A429864769}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B96D0100-172C-4B30-8D2C-9029DA063C1F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9117FFE8-EAE8-4B79-8C3C-46EB2AD4314F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9117FFE8-EAE8-4B79-8C3C-46EB2AD4314F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{40639EC7-813E-45CA-89A9-C56603462ECF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92415188-86AD-49DE-9F7F-9BFB9E4E2F71}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92415188-86AD-49DE-9F7F-
     
  19. theoldandgrey

    theoldandgrey Established Techie7 Member

    The rest I hope
    9BFB9E4E2F71}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A604356C-DBAE-4E2A-9081-5B3B62A1FC09}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94D61568-0E22-4219-87DB-A3DCC629ECF2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94D61568-0E22-4219-87DB-A3DCC629ECF2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{951E5374-94D3-4E67-B046-89560BC2EB42}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{951E5374-94D3-4E67-B046-89560BC2EB42}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1D87CFEE-5698-4E32-AC31-7B401E44FBD0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{952F4021-F0BC-42C5-BDC5-2B1968E155FE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{952F4021-F0BC-42C5-BDC5-2B1968E155FE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EC27769D-5A2C-4EB8-B33D-B9392252CFB5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96B68799-CA77-4F93-AD2E-84302D976F7D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96B68799-CA77-4F93-AD2E-84302D976F7D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF9713AF-0AD8-4B0A-A59B-7741CD08691E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97D57FBC-B035-440C-88E7-9E676CD64057}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97D57FBC-B035-440C-88E7-9E676CD64057}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{994AE844-4DD5-4910-B518-56BA537D2F1D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{994AE844-4DD5-4910-B518-56BA537D2F1D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9EE88514-786B-4C6B-B761-AD00A3815399}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EE88514-786B-4C6B-B761-AD00A3815399}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A075F591-71B3-40E5-B0C1-CF7D358C444B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A075F591-71B3-40E5-B0C1-CF7D358C444B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP Photo Creations Communicator" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1D32215-460B-4EE4-98AD-F79A2AE08616}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1D32215-460B-4EE4-98AD-F79A2AE08616}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A64818A2-BD9B-4CBB-97E3-47E1B5E7573F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A64818A2-BD9B-4CBB-97E3-47E1B5E7573F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A519F2B-A055-4ADE-B2D8-D0682B7AD0F5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A684A615-31D5-4026-883A-77B408A9DBF1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A684A615-31D5-4026-883A-77B408A9DBF1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E3E117CE-2FED-4D31-A770-E1231B437765}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8F8666E-C1B0-493B-A1BC-947C9C51A6A3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8F8666E-C1B0-493B-A1BC-947C9C51A6A3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{13BDBB54-F07C-45D2-8B5D-270232CF5575}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9736B75-7B28-4ABC-AD61-1BC859BB1915}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9736B75-7B28-4ABC-AD61-1BC859BB1915}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2858301D-3ADF-4988-8C10-DB9055F51F1D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A98C5136-37A3-4821-ADAE-5720BFE79FD2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A98C5136-37A3-4821-ADAE-5720BFE79FD2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3991145E-B8D6-473F-A107-F3F4084F6504}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA495AAA-9B51-493B-829A-1116A19BB462}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA495AAA-9B51-493B-829A-1116A19BB462}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{22482491-2380-4DE7-BDD5-FABD43CA12BA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB1B1205-2BD1-4BD4-BC26-8DF39AF87541}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB1B1205-2BD1-4BD4-BC26-8DF39AF87541}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A7A35CB9-446A-48F2-BD12-075F08CC9465}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABE81196-0AAC-419A-993A-CA0F9FA7E738}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABE81196-0AAC-419A-993A-CA0F9FA7E738}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC40C5EB-6170-4D55-8D07-68827B4984AE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC40C5EB-6170-4D55-8D07-68827B4984AE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CF14AE7B-C4DD-4BC9-97EB-4F854179DCC7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC841E62-2602-4F43-901B-1B3EA89F9C0E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC841E62-2602-4F43-901B-1B3EA89F9C0E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AC3D628D-ADB4-4554-AE81-FEC3C5D14078}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD1704C2-9EF2-4F6C-819E-3A652E8CD7C2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD1704C2-9EF2-4F6C-819E-3A652E8CD7C2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{19755BD7-DF5D-484B-8992-31285002351E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADA6B2D6-8B93-4D5A-B7DE-BDB543887D05}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADA6B2D6-8B93-4D5A-B7DE-BDB543887D05}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6C3659B1-0877-4083-9BD2-EBD371346589}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0783751-AFAE-4BFF-B02A-3C74BBADC98E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0783751-AFAE-4BFF-B02A-3C74BBADC98E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B250D467-5632-47A6-ABB5-963B11CBC131}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B250D467-5632-47A6-ABB5-963B11CBC131}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\PC Health Analysis" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B61DF045-D4EB-45F0-84BF-9BDA36D83945}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B61DF045-D4EB-45F0-84BF-9BDA36D83945}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2DE5BFB5-A7DD-4171-8985-383FDDE8D074}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B99D050F-6426-4350-BB0B-907D83CED4A0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99D050F-6426-4350-BB0B-907D83CED4A0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F7EA3E34-B44B-48C8-BFDA-D2BD5189B490}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA2E13C8-F876-49CE-911F-5BE3CE4996C2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA2E13C8-F876-49CE-911F-5BE3CE4996C2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F401749E-C277-4FBF-B6E2-D5A11A07BC57}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA59A122-3AD0-4BE5-B0FE-79B459C229F6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA59A122-3AD0-4BE5-B0FE-79B459C229F6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA7DA392-35BF-43D6-B08D-7D6D6211A0A6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA7DA392-35BF-43D6-B08D-7D6D6211A0A6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{76BBE1E0-F354-4673-9916-505EA7F5E4FF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAF089B6-DA0D-4A74-9A67-4C72E60BEC25}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAF089B6-DA0D-4A74-9A67-4C72E60BEC25}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0CAC93A5-EC28-41E8-909E-E8ACADB85364}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB891099-3F04-45DA-8DFA-066AB33B0F7D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB891099-3F04-45DA-8DFA-066AB33B0F7D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC411491-4ED5-4A49-B26F-85A0B5D4946A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC411491-4ED5-4A49-B26F-85A0B5D4946A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3FF01488-BB5C-4833-B2D7-032F52490EDD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD632CBE-23CF-40A9-A64F-7A6748821ECB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD632CBE-23CF-40A9-A64F-7A6748821ECB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDF9F78F-4279-435D-BCF3-FA1688B9126A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDF9F78F-4279-435D-BCF3-FA1688B9126A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0FCDA0D4-CE24-45BC-8207-9DFA855F6916}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE647D08-940F-401F-AB8E-EF9710C42FFD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE647D08-940F-401F-AB8E-EF9710C42FFD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{835C9410-CD2C-4F48-A2D1-5A3E9F3DEA51}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C066CA2C-E0AD-4272-9AF9-AA64ED8E238B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C066CA2C-E0AD-4272-9AF9-AA64ED8E238B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ABB4A332-9248-488F-9815-71D212BB21F2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0F395F2-9715-4314-A840-2E6C417F6A32}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0F395F2-9715-4314-A840-2E6C417F6A32}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1061FA9-BFC8-4320-95CE-99159129343D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1061FA9-BFC8-4320-95CE-99159129343D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{82221211-BC47-47A7-B9AB-69E8FBD8F096}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1A099E6-F533-4280-96AE-44B174F91861}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1A099E6-F533-4280-96AE-44B174F91861}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3AACC43D-864F-4684-B978-CB2BA09DE192}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2C2872B-8EBC-495B-8802-755013122F45}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2C2872B-8EBC-495B-8802-755013122F45}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5A3B82EA-670D-4299-B00B-12D2EC57AC3A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C349107D-374F-4A4D-82BF-F640B3E47391}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C349107D-374F-4A4D-82BF-F640B3E47391}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{53C8CACC-DB1C-4447-80D1-7AB71CFA5C6D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4ADE0A7-3C55-4898-8800-D093FED37998}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4ADE0A7-3C55-4898-8800-D093FED37998}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{310BB20A-6550-4C12-AFAD-DA24798DC41A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6429797-F491-4F5C-BD36-6AC08CF60D18}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6429797-F491-4F5C-BD36-6AC08CF60D18}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C695A2C4-F8E5-4F23-8184-F2C54FD8AB0B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C695A2C4-F8E5-4F23-8184-F2C54FD8AB0B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8CBF35B-DD55-41C9-84B6-02CAAE6887B9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8CBF35B-DD55-41C9-84B6-02CAAE6887B9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{88B7A07C-5303-4C00-8E32-769C3D395B0F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA08E380-5399-4B1E-8463-DEAC6B3BB1B3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA08E380-5399-4B1E-8463-DEAC6B3BB1B3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A75F65F7-A07A-4A75-A875-0461C9E8E09B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB9EB354-084B-44C8-999D-0C400CF32198}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB9EB354-084B-44C8-999D-0C400CF32198}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7363CB94-79D3-4D72-8C8B-AC9F95BDDAF1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBC36DDF-3854-4313-85C5-86A7D1696BCD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBC36DDF-3854-4313-85C5-86A7D1696BCD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D3DECA36-E805-4765-9A7C-F89C595D5CEA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CBD551F5-6930-4BFC-AD01-37AF8D94B1DE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBD551F5-6930-4BFC-AD01-37AF8D94B1DE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD9C3516-B549-4324-BE65-78BF14FFF3D5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD9C3516-B549-4324-BE65-78BF14FFF3D5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1557CD2-0D1E-4B57-BB0E-884445CE209C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1557CD2-0D1E-4B57-BB0E-884445CE209C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3823D14F-2C22-4010-ACD1-03256CFD0900}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1C3C737-7B31-485A-BEC2-3BB0334F2201}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1C3C737-7B31-485A-BEC2-3BB0334F2201}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D273F64D-27DE-4A80-A995-9BDC28C8BAC7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D273F64D-27DE-4A80-A995-9BDC28C8BAC7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2D3BA4D-B1C0-4009-BE9D-B7D482E4C673}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2D3BA4D-B1C0-4009-BE9D-B7D482E4C673}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D43A9AA6-A4BB-48D6-8B9D-F8A14F4638F5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D43A9AA6-A4BB-48D6-8B9D-F8A14F4638F5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{34DEDBB7-D901-47C5-9E8B-6D9B6AC8C617}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5F223A5-CF2D-4531-95D9-C5AEC83792DB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5F223A5-CF2D-4531-95D9-C5AEC83792DB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A1684031-9302-4646-851E-B714BCA9427B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA76E219-15D9-42DF-8CFB-1A136A499AB9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA76E219-15D9-42DF-8CFB-1A136A499AB9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{FC8309D2-C0BD-48BE-A96C-E4B165B4C3C1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB4A89C0-EBDF-4FF7-9C5F-E1A940E9FFC4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB4A89C0-EBDF-4FF7-9C5F-E1A940E9FFC4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0BB270BB-9434-44AD-8DD9-43AB7E1F9B2F}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC73A053-A3D7-4D4A-A277-C4082C757EF9} => key not found.
    C:\WINDOWS\System32\Tasks\Norton Security\Norton Autofix => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security\Norton Autofix" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC79EE43-E847-4934-B83A-1DA1220C0C8A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC79EE43-E847-4934-B83A-1DA1220C0C8A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EBE388CE-B2CB-449A-BA90-45F3A926D63F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD23EF31-557A-4A57-9946-AB59784478E2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD23EF31-557A-4A57-9946-AB59784478E2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DEF57E9F-97C3-40D8-B113-ABECE88B273B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEF57E9F-97C3-40D8-B113-ABECE88B273B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C73986D0-C583-460E-BA86-459770547A21}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DEF77F6A-774A-482A-B822-C4507E0BA30A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEF77F6A-774A-482A-B822-C4507E0BA30A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9826FF62-C8B4-45A6-8CA3-ADDA6B5EC4AC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E009A3D9-8991-42D2-B2DE-00284BA4FDE3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E009A3D9-8991-42D2-B2DE-00284BA4FDE3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DD20B6AA-FBC4-4142-BAEB-90622A6AD346}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0621631-3A82-4A26-8027-8F93F6C7A5A0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0621631-3A82-4A26-8027-8F93F6C7A5A0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ServicePlan" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0C10BE9-5284-477F-B44C-2BCEA946F005}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0C10BE9-5284-477F-B44C-2BCEA946F005}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D6F25A7F-186B-4744-AC3F-853486DA2E63}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E20126F8-C5A4-4961-8661-770FE2A73870}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E20126F8-C5A4-4961-8661-770FE2A73870}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1688286B-E294-44D3-84D5-1B0FE74E6CC4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E6010D43-6AE7-4B59-8E67-EC78FD8E8E96}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6010D43-6AE7-4B59-8E67-EC78FD8E8E96}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E76064A8-060E-44AC-8210-4E310BFF7ED7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E76064A8-060E-44AC-8210-4E310BFF7ED7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E8593985-A19B-4AD7-B60D-D1F5609E9DD2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8593985-A19B-4AD7-B60D-D1F5609E9DD2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E993E95C-2B4C-487A-A5C5-44742F3AA4F1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E993E95C-2B4C-487A-A5C5-44742F3AA4F1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA3F661E-B31C-44A9-B40C-E3D5D56149D4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA3F661E-B31C-44A9-B40C-E3D5D56149D4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAD69E4B-9551-47F3-8AB0-A8C52DDD9D25}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAD69E4B-9551-47F3-8AB0-A8C52DDD9D25}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{584D009D-91BC-4826-8BBF-B6E096AA1D05}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB3604A8-49E6-4E5C-9DC6-2D393BD14C1D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB3604A8-49E6-4E5C-9DC6-2D393BD14C1D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemovalTools\MRT_HB" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDB0A8B6-46BE-4BD4-8E78-B8AD1539E994}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDB0A8B6-46BE-4BD4-8E78-B8AD1539E994}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{317331E2-1729-4DA0-9C66-68F78DF4A039}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDF7FEC2-EA9E-4F33-A614-D583C992BC94}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDF7FEC2-EA9E-4F33-A614-D583C992BC94}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{D82970FC-8F67-49E1-AFE8-195859DA49F4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEA76689-16CA-4DC0-AD49-9F48D4F7478A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEA76689-16CA-4DC0-AD49-9F48D4F7478A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{002C7E02-2AF8-470C-91C4-71841D68E68C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF02F893-0CF0-4970-9838-E9FBBEFA3CA5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF02F893-0CF0-4970-9838-E9FBBEFA3CA5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{12167E99-8BE8-48E1-B213-DBB3A7ECFE1B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2511BEE-366D-49C8-BB06-D1D74AAAE162}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2511BEE-366D-49C8-BB06-D1D74AAAE162}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F36BA6E6-5032-41F3-88B7-3659E477C62C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F36BA6E6-5032-41F3-88B7-3659E477C62C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2FBE43F4-897E-4C62-9A53-9C021B3FB394}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F41FD6DF-4097-484B-8027-F1447F5420DE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F41FD6DF-4097-484B-8027-F1447F5420DE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A0B72FD3-04F6-4F88-AB0F-F60260DCE217}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4E03C7D-BD19-466E-84BC-67E2403E6F25}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4E03C7D-BD19-466E-84BC-67E2403E6F25}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F57DF5C-329C-4749-87DF-39D3A55DD727}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F55F3C21-1B8D-4B52-8B35-CD1B562D18C5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F55F3C21-1B8D-4B52-8B35-CD1B562D18C5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{25289DA9-EE60-40E9-9BAF-50CECD5A14E4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F56072BC-F3F1-4F31-8790-A22C61872057}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F56072BC-F3F1-4F31-8790-A22C61872057}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FC9ED5C8-AC96-49F4-8CDE-697DABB62024}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5A1448C-E9B3-4305-B0AE-248BBCD6D0B9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5A1448C-E9B3-4305-B0AE-248BBCD6D0B9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DCFE7302-6074-4EE6-8C1F-1C6CE2CD5DF8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC2C7D4E-6CBA-435A-855E-35F3B4FDCABB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC2C7D4E-6CBA-435A-855E-35F3B4FDCABB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EE79DE75-660D-4FBF-ADDD-6215312C6A8A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC53C4C7-776B-4949-821A-A8FA5CE97E23}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC53C4C7-776B-4949-821A-A8FA5CE97E23}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tweaking.com - Windows Repair Tray Icon" => key removed successfully
    C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
    C:\Users\VL\Documents\Dinton WI => ":com.dropbox.attributes" ADS removed successfully.
    C:\Users\VL\Documents\Hort Soc 2006 => ":com.dropbox.attributes" ADS removed successfully.
    ==== End of Fixlog 14:22:37 ====
     
  20. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program