1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved I'm having a serious problem with my computer

Discussion in 'Virus & Other Malware Removal' started by buttkiss, Nov 10, 2018.

Thread Status:
Not open for further replies.
Advertisement
  1. buttkiss

    buttkiss Thread Starter

    Joined:
    Oct 26, 2018
    Messages:
    9
    I have a HP pavilion and running Windows 10. I'm not sure what is happening; but I think I may have a virus or other malware problem.

    I have to keep fighting to get connected to the internet. When I try the "troubleshooting" button, it said it couldn't identify the problem. I ran the Network Diagnostics and it said HP Network Check is unable to fix your network at this time.

    The one thing I noticed every time I turned my PC on or rebooted, This always popped up:

    Regrun Partazan - Bootwatch Antirootkit. Greatis Software (c) 2007-2016.

    The fact that I've never noticed this before makes me wonder if this is the problem.

    I ran the sysinfo utility and here is the result:

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics, AMD64 Family 22 Model 0 Stepping 1
    Processor Count: 4
    RAM: 3532 Mb
    Graphics Card: AMD Radeon HD 8400 / R3 Series, 512 Mb
    Hard Drives: C: 911 GB (405 GB Free); D: 17 GB (2 GB Free);
    Motherboard: Hewlett-Packard, 2B05
    Antivirus: Windows Defender, Enabled and Updated

    Please help me if you can. I would totally appreciate any help you can give me.

    Thank you for reading
     
  2. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Hi buttkiss,

    I would be happy to see if this is malware related. Let's get started:

    Hello buttkiss, and welcome to Tech Support Guy

    My name is Joeicam :), you can call me Joe, and I will be assisting you every step of the way.

    Please Note: I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you have two people looking at your problem.

    If you have any questions or comments, or aren't quite sure about what to do, STOP AND ASK.

    Before we begin, please familiarize yourself with the following:
    • Back up your files and folders, as sometimes malware infections can be severe. It's a good habit to plan for the worst.
    • Please follow my instructions exactly, and do not repeat any steps more than once, unless instructed.
    • Copy/Paste entire contents of your logs, and submit inside your post, instead of submitting as an attachment, unless told otherwise.
    • If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
    Finally:
    • As malware removal can be a complicated, multistep process, you should stick with me until I declare your system to be clean of all threats. It may seem like your system is running properly, but that does not mean that the infection is completely gone.
    • You must reply to this post within four days, if you do not, then the topic will be closed.
    • However, if you need more time to run the tools and fixes, or would like your topic to be reopened, please PM me or any Moderator to reactivate your topic.

    If I have not responded to your post within 24 hours, then send me a private message (PM).
    Otherwise, all communication is done in the forums.


    Let's get to work! :)

    ____________________________________________________________________________________________________

    The fixes presented are specific to your problem and should only be used for the issue on this machine!
    ____________________________________________________________________________________________________

    Step 1 of 1: FRST Scan

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
    • Please copy and paste the logs back here.

    ===============================================

    When you reply to me, I need to see:
    • Any questions/concerns you might have, or if you were not able to complete any of the steps above
    • The copied and pasted results of the FRST.txt and Addition.txt logs
     
  3. buttkiss

    buttkiss Thread Starter

    Joined:
    Oct 26, 2018
    Messages:
    9
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.11.2018
    Ran by alyce (administrator) on DESKTOP (10-11-2018 15:56:00)
    Running from C:\Users\Alice\Desktop
    Loaded Profiles: alyce (Available Profiles: alyce)
    Platform: Windows 10 Home Version 1803 17134.345 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\DriverStore\FileRepository\c0334715.inf_amd64_1209b1bc273e20ba\B334718\atiesrxx.exe
    (AMD) C:\Windows\System32\DriverStore\FileRepository\c0334715.inf_amd64_1209b1bc273e20ba\B334718\atieclxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    () C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe
    () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\Music.UI.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    (Creative Home) C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2009\Planner\PLNRnote.exe
    (Illustrate) C:\Program Files (x86)\Illustrate\dBpoweramp\uMediaLibrary.exe
    (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Illustrate) C:\Program Files (x86)\Illustrate\dBpoweramp\Asset-uPNP.exe
    (Illustrate) C:\Program Files (x86)\Illustrate\dBpoweramp\Asset-uPNP.exe
    (Mega Limited) C:\Users\Alice\AppData\Local\MEGAsync\MEGAsync.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
    (AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
    (AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
    (AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8500480 2015-08-07] (Realtek Semiconductor)
    HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [216248 2013-09-26] (WinZip Computing International, LLC)
    HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
    HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-12] (Nullsoft, Inc.)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2014-02-21] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-2121509380-3955967994-4141527572-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7673664 2013-11-20] (OrdinarySoft)
    Startup: C:\Users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Asset UPnP uMediaLibrary.lnk [2016-05-08]
    ShortcutTarget: Asset UPnP uMediaLibrary.lnk -> C:\Program Files (x86)\Illustrate\dBpoweramp\uMediaLibrary.exe (Illustrate)
    Startup: C:\Users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Asset UPnP.lnk [2016-05-08]
    ShortcutTarget: Asset UPnP.lnk -> C:\Program Files (x86)\Illustrate\dBpoweramp\Asset-uPNP.exe (Illustrate)
    Startup: C:\Users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-07-02]
    ShortcutTarget: MEGAsync.lnk -> C:\Users\Alice\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder 2009.lnk [2016-04-22]
    ShortcutTarget: Event Planner Reminder 2009.lnk -> C:\Windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe (Macrovision Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk [2016-04-22]
    ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\Broderbund\PrintMaster\pmremind.exe (Broderbund Properties LLC)
    BootExecute: autocheck autochk * Partizan

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{8bbf7e02-03a7-43e2-8bf4-4398a87604fb}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{d582896a-8a28-425b-8ca9-032448765e0a}: [DhcpNameServer] 192.168.3.1
    Tcpip\..\Interfaces\{dad44c31-6a48-4db4-b717-15d1aefc2471}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.5.0.19
    HKU\S-1-5-21-2121509380-3955967994-4141527572-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-2121509380-3955967994-4141527572-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-09] (Google Inc.)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
    BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-08] (Oracle Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-09] (Google Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-08] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-09] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-09] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2121509380-3955967994-4141527572-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-2121509380-3955967994-4141527572-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-09] (Google Inc.)

    FireFox:
    ========
    FF DefaultProfile: bfxemvez.default
    FF ProfilePath: C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\bfxemvez.default [2018-05-29]
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-21] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-08] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-08] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2014-01-22] ( )
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-02-21] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-02-21] (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2121509380-3955967994-4141527572-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Alice\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-08-19] (Citrix Online)

    Chrome:
    =======
    CHR Profile: C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default [2017-03-30]
    CHR Extension: (Google Slides) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-09]
    CHR Extension: (Google Docs) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-22]
    CHR Extension: (Google Drive) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-22]
    CHR Extension: (YouTube) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-22]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-08-22]
    CHR Extension: (Avast SafePrice) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-22]
    CHR Extension: (Google Sheets) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-09]
    CHR Extension: (Google Docs Offline) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-22]
    CHR Extension: (Avast Online Security) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-22]
    CHR Extension: (RealDownloader) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2016-05-09]
    CHR Extension: (Norton Identity Safe) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-05-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-09]
    CHR Extension: (Gmail) - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-22]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0334715.inf_amd64_1209b1bc273e20ba\B334718\atiesrxx.exe [507808 2018-10-18] (AMD)
    S3 AssetUPnP; C:\Program Files (x86)\Illustrate\dBpoweramp\Asset-UPnPService.exe [77824 2016-03-11] () [File not signed]
    R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2018-10-17] (AMD) [File not signed]
    R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-09] (CyberLink Corp.)
    R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-09] (CyberLink)
    R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-09] (CyberLink)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
    R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [313584 2015-08-07] (Realtek Semiconductor)
    R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe [186760 2014-01-22] ()
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25192 2017-06-29] ()
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-23] (Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-23] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0334715.inf_amd64_1209b1bc273e20ba\B334718\atikmdag.sys [47499168 2018-10-18] (Advanced Micro Devices, Inc.)
    R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0334715.inf_amd64_1209b1bc273e20ba\B334718\atikmpag.sys [589728 2018-10-18] (Advanced Micro Devices, Inc.)
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-10-29] (Malwarebytes)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-10-29] (Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-11-10] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-11-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-10] (Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-11-10] (Malwarebytes)
    R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
    U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-04-18] (Greatis Software)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek )
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-23] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-23] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-23] (Microsoft Corporation)
    U5 REALPLAYERUPDATESVC; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-11-10 15:56 - 2018-11-10 15:58 - 000021572 _____ C:\Users\Alice\Desktop\FRST.txt
    2018-11-10 15:55 - 2018-11-10 15:56 - 000000000 ____D C:\FRST
    2018-11-10 15:47 - 2018-11-10 15:47 - 002415616 _____ (Farbar) C:\Users\Alice\Desktop\FRST64.exe
    2018-11-10 15:42 - 2018-11-10 15:42 - 001775616 _____ (Farbar) C:\Users\Alice\Desktop\FRST.exe
    2018-11-10 08:21 - 2018-11-10 14:25 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2018-11-10 08:21 - 2018-11-10 08:21 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2018-11-10 08:21 - 2018-11-10 08:21 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2018-11-10 08:21 - 2018-11-10 08:21 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2018-10-29 16:58 - 2018-10-29 16:58 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2018-10-28 11:01 - 2018-10-28 11:01 - 000000000 ____D C:\Users\Alice\AppData\LocalLow\AMD
    2018-10-28 10:48 - 2018-10-28 10:48 - 000003160 _____ C:\WINDOWS\System32\Tasks\StartCN
    2018-10-28 10:48 - 2018-10-28 10:48 - 000003074 _____ C:\WINDOWS\System32\Tasks\StartDVR
    2018-10-28 10:48 - 2018-10-28 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
    2018-10-28 10:48 - 2018-10-28 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
    2018-10-28 10:48 - 2018-10-28 10:48 - 000000000 ____D C:\ProgramData\AMD
    2018-10-28 10:47 - 2018-10-28 10:47 - 000000000 ____D C:\Program Files (x86)\AMD
    2018-10-28 10:37 - 2018-10-28 10:37 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2018-10-28 10:26 - 2018-10-28 10:26 - 000000000 ____D C:\Users\Alice\AppData\Local\RadeonInstaller
    2018-10-18 08:55 - 2018-10-18 08:55 - 001587616 _____ (AMD) C:\WINDOWS\system32\coinst_18.40.dll
    2018-10-18 08:55 - 2018-10-18 08:55 - 000570976 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
    2018-10-18 08:55 - 2018-10-18 08:55 - 000491936 _____ C:\WINDOWS\system32\dgtrayicon.exe
    2018-10-18 08:55 - 2018-10-18 08:55 - 000481888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
    2018-10-18 08:55 - 2018-10-18 08:55 - 000476784 _____ C:\WINDOWS\system32\GameManager64.dll
    2018-10-18 08:55 - 2018-10-18 08:55 - 000381552 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
    2018-10-18 08:55 - 2018-10-18 08:55 - 000184432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
    2018-10-18 08:55 - 2018-10-18 08:55 - 000162912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
    2018-10-18 08:55 - 2018-10-18 08:55 - 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
    2018-10-18 08:55 - 2018-10-18 08:55 - 000153208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
    2018-10-18 08:55 - 2018-10-18 08:55 - 000138344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
    2018-10-18 08:55 - 2018-10-18 08:55 - 000124464 _____ C:\WINDOWS\system32\kapp_ci.sbin
    2018-10-18 08:55 - 2018-10-18 08:55 - 000119760 _____ C:\WINDOWS\system32\kapp_si.sbin
    2018-10-18 08:55 - 2018-10-18 08:55 - 000046176 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
    2018-10-18 08:55 - 2018-10-18 08:55 - 000043104 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
    2018-10-18 08:55 - 2018-10-18 08:55 - 000019200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
    2018-10-18 08:55 - 2018-10-18 08:55 - 000019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 003708320 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 003336800 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 001191840 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000919968 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000750496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000552864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000544624 _____ C:\WINDOWS\system32\amdmiracast.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000465312 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000382880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000199160 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000178592 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000154528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000144624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000136880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000136880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000127904 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000124832 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000124352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000069536 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
    2018-10-18 08:54 - 2018-10-18 08:54 - 000034450 _____ C:\WINDOWS\system32\AMDKernelEvents.man
    2018-10-17 12:58 - 2018-10-17 12:58 - 000166728 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
    2018-10-17 12:58 - 2018-10-17 12:58 - 000137888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-11-10 15:50 - 2014-01-05 12:14 - 000000000 ____D C:\WEB DOWNLOADS
    2018-11-10 15:35 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-11-10 14:30 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-11-10 14:19 - 2014-01-06 17:17 - 000001057 _____ C:\Users\Alice\AppData\Roaming\vso_ts_preview.xml
    2018-11-10 14:19 - 2014-01-06 16:57 - 000000000 ____D C:\Users\Alice\AppData\Roaming\VSO
    2018-11-10 14:08 - 2018-06-07 14:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-11-10 12:51 - 2015-10-15 08:47 - 000000000 ____D C:\Users\Alice\Documents\My PSP Files
    2018-11-10 08:25 - 2018-06-07 14:41 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-11-10 08:25 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF
    2018-11-10 08:21 - 2018-06-07 15:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-11-10 08:20 - 2018-04-11 15:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2018-11-10 08:20 - 2017-07-28 11:46 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2018-11-10 08:18 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-11-10 08:16 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\NDF
    2018-11-10 07:20 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-11-09 19:11 - 2014-01-04 14:20 - 000000000 ____D C:\Users\Alice\Documents\ConvertXToDVD
    2018-11-09 06:23 - 2018-06-07 15:50 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5FA95761-F04A-43B0-892D-C7F3AB9FC12D}
    2018-11-08 20:00 - 2017-08-16 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2018-11-08 20:00 - 2017-08-16 16:17 - 000000000 ____D C:\Program Files (x86)\Java
    2018-11-08 19:57 - 2017-08-16 16:18 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2018-11-08 19:50 - 2017-09-13 12:10 - 000002232 _____ C:\Users\Alice\Desktop\JDownloader 2.lnk
    2018-11-08 19:01 - 2017-09-13 12:05 - 000000000 ____D C:\Users\Alice\AppData\Local\JDownloader v2.0
    2018-11-08 18:49 - 2017-01-29 20:13 - 000000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForalyce.job
    2018-11-08 10:56 - 2018-06-07 15:49 - 000003240 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForalyce
    2018-10-29 16:57 - 2018-09-25 15:45 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2018-10-29 07:50 - 2018-06-07 14:37 - 000421712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-10-28 10:52 - 2018-04-14 12:46 - 000000000 ____D C:\Users\Alice\AppData\Local\AMD
    2018-10-28 10:48 - 2017-07-28 11:46 - 000000000 ____D C:\Program Files\AMD
    2018-10-28 10:46 - 2013-07-24 12:25 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
    2018-10-28 10:37 - 2013-04-03 18:17 - 000000000 ____D C:\ProgramData\Package Cache
    2018-10-28 10:23 - 2014-01-19 21:51 - 000000000 ____D C:\AMD
    2018-10-26 15:20 - 2014-01-06 12:20 - 000000000 ____D C:\Users\Alice\Documents\PASSWORDS
    2018-10-25 19:14 - 2016-05-09 10:37 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-10-24 12:59 - 2016-02-08 07:54 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2018-10-23 22:27 - 2013-07-24 12:26 - 000000000 ____D C:\ProgramData\Temp
    2018-10-23 06:56 - 2018-03-01 07:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2018-10-18 08:55 - 2016-05-29 17:37 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
    2018-10-18 08:55 - 2016-05-29 17:37 - 000339360 _____ C:\WINDOWS\system32\clinfo.exe
    2018-10-18 08:54 - 2016-05-29 17:37 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
    2018-10-18 08:54 - 2016-05-29 17:37 - 001629088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 001191840 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 000899920 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
    2018-10-18 08:54 - 2016-05-29 17:37 - 000899920 _____ C:\WINDOWS\system32\atiapfxx.blb
    2018-10-18 08:54 - 2016-05-29 17:37 - 000753056 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
    2018-10-18 08:54 - 2016-05-29 17:37 - 000467872 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 000432032 _____ C:\WINDOWS\system32\atieah64.exe
    2018-10-18 08:54 - 2016-05-29 17:37 - 000377248 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 000349088 _____ C:\WINDOWS\SysWOW64\atieah32.exe
    2018-10-18 08:54 - 2016-05-29 17:37 - 000249248 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 000218016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 000173200 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 000169064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 000159648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 000148928 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 000135584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 000132512 _____ C:\WINDOWS\system32\atidxx64.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 000112912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 000112912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 000111520 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
    2018-10-18 08:54 - 2016-05-29 17:37 - 000108448 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
    2018-10-16 05:23 - 2016-05-26 10:18 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2018-10-15 14:10 - 2018-07-10 03:51 - 000000000 ____D C:\ProgramData\Packages

    ==================== Files in the root of some directories =======

    2015-02-03 03:57 - 2015-03-02 04:02 - 000000053 _____ () C:\Users\Alice\AppData\Roaming\LogFile.txt
    2014-01-06 17:17 - 2018-11-10 14:19 - 000001057 _____ () C:\Users\Alice\AppData\Roaming\vso_ts_preview.xml
    2014-02-21 15:42 - 2014-07-19 07:51 - 000000132 _____ () C:\Users\Alice\AppData\Roaming\WB.CFG

    Some files in TEMP:
    ====================
    2018-11-08 19:55 - 2018-11-08 19:55 - 001892728 _____ (Oracle Corporation) C:\Users\Alice\AppData\Local\Temp\jre-8u191-windows-au.exe
    2018-11-08 18:48 - 2018-11-08 18:48 - 000040448 ____N () C:\Users\Alice\AppData\Local\Temp\proxy_vole483337067736031479.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-06-07 14:37

    ==================== End of FRST.txt ============================
     
  4. buttkiss

    buttkiss Thread Starter

    Joined:
    Oct 26, 2018
    Messages:
    9
    Good Morning Joe. My computer is so much worse this morning. It actually took me from 5:00 to 7:00 to get to this reply point. I couldn't get my email to open for a very long time and getting in here again was quite a feat.
    I hope the files you asked me to copy and paste from frst.exe was complete. I did copy and paste them in my document folder just in case.

    Something is taking control of my computer and it's not me.
    I just really need your help Joe. I appreciate any help you can give me. I didn't thank you yesterday after my post; and I didn't mean to be rude. It was very stressful getting the right program to do the scan. They both said they could do harm so I freaked out for a minute.

    Please let me know my next step. I'll do my best to follow your instructions.
    Thanks again for your help.
    alyce
     
  5. buttkiss

    buttkiss Thread Starter

    Joined:
    Oct 26, 2018
    Messages:
    9
    Good Morning Joe. My computer is so much worse this morning. It actually took me from 5:00 to 7:00 to get to this reply point. I couldn't get my email to open for a very long time and getting in here again was quite a feat.
    I hope the files you asked me to copy and paste from frst.exe was complete. I did copy and paste them in my document folder just in case.

    Something is taking control of my computer and it's not me.
    I just really need your help Joe. I appreciate any help you can give me. I didn't thank you yesterday after my post; and I didn't mean to be rude. It was very stressful getting the right program to do the scan. They both said they could do harm so I freaked out for a minute.

    Please let me know my next step. I'll do my best to follow your instructions.
    Thanks again for your help.
    alyce
     
  6. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Sorry to hear that! I'll do my best to analyze your logs and see if I can find what's causing your computer to be like this. If you have another computer to use, you could always run the scans on the slow machine, and transfer the logs over to the good machine with a flash drive and post them here. If you decide to go that route, let me know, as we should install some protective programs on your good machine first. Additionally, do you have the other log that FRST created? It's called Addition.txt and should be on your Desktop as well.

    Oh no worries! I didn't think you were rude :). I'm happy to help :). I know what it's like to be in your position with a slow performing computer like that. And don't worry about the program I had you install, it's 100% safe, and is used by many malware removers.

    The only other thing I'm waiting for is the copied/pasted results of the Addition.txt file, which should be located on your Desktop or in the folder you said you saved them in. Also, if you would like to go the route of using a good computer to transfer the log files let me know. The risk is transferring the malware to your good machine using the flash drive, so we need to install programs on your good machine first, incase your slow machine is badly infected.

    - Joe
     
  7. buttkiss

    buttkiss Thread Starter

    Joined:
    Oct 26, 2018
    Messages:
    9
    Hi again Joe, I only have this one computer unfortunately. Believe it or not I did post the ADDITION.TXT yesterday. I have no idea what happened to it. Here it is again. Thank you for your help and your patience.

    alyce

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.11.2018
    Ran by alyce (10-11-2018 16:15:59)
    Running from C:\Users\Alice\Desktop
    Windows 10 Home Version 1803 17134.345 (X64) (2018-06-07 21:53:23)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2121509380-3955967994-4141527572-500 - Administrator - Disabled)
    alyce (S-1-5-21-2121509380-3955967994-4141527572-1001 - Administrator - Enabled) => C:\Users\Alice
    DefaultAccount (S-1-5-21-2121509380-3955967994-4141527572-503 - Limited - Disabled)
    Guest (S-1-5-21-2121509380-3955967994-4141527572-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2121509380-3955967994-4141527572-1005 - Limited - Enabled)
    WDAGUtilityAccount (S-1-5-21-2121509380-3955967994-4141527572-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4 Elements II (HKLM-x32\...\WTA-3aa5a508-81ba-415e-8451-177922056923) (Version: 2.2.0.98 - WildTangent) Hidden
    7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
    Airport Mania (HKLM-x32\...\WTA-e8a1910e-6999-4a5d-a63a-7957730eb468) (Version: 2.2.0.95 - WildTangent) Hidden
    albrechto (HKLM\...\albrechto) (Version: 2013.12.07.011955 - albrechto) <==== ATTENTION
    Alcor Micro USB Card Reader Driver (HKLM-x32\...\{0DEB2EEB-BE9A-44B1-9D90-183250B61785}) (Version: 20.13.3317.03143 - Alcor Micro Corp.) Hidden
    Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{0DEB2EEB-BE9A-44B1-9D90-183250B61785}) (Version: 20.13.3317.03143 - Alcor Micro Corp.)
    AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.10.1 - Advanced Micro Devices, Inc.)
    Artensoft Photo Mosaic Wizard (HKLM\...\Artensoft Photo Mosaic Wizard_is1) (Version: 1.7 - Artensoft)
    Ashampoo Music Studio 4 v.4.1.2 (HKLM-x32\...\{91B33C97-7650-0EB0-B6C7-DDBA2932B7B4}_is1) (Version: 4.1.2 - Ashampoo GmbH & Co. KG)
    Ashampoo Photo Card 2 (HKLM-x32\...\{C92AB6F1-9669-833A-7A3A-D142D43B14E5}_is1) (Version: 2.0.3 - Ashampoo GmbH & Co. KG)
    Asset UPnP (HKLM-x32\...\Asset UPnP) (Version: Release 5.1 - Illustrate)
    Azteca (HKLM-x32\...\WTA-228eb7fd-a4ef-4bef-9120-c84e11d0c25c) (Version: 2.2.0.97 - WildTangent) Hidden
    Bejeweled 3 (HKLM-x32\...\WTA-69216bdc-26b2-4854-bdb1-c3d9357b5610) (Version: 2.2.0.98 - WildTangent) Hidden
    Blasterball 2 Deluxe (remove only) (HKLM-x32\...\Blasterball 2 Deluxe) (Version: - )
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bounce Symphony (HKLM-x32\...\WTA-6a4f63b8-0a02-40bc-8f54-961328012b75) (Version: 2.2.0.97 - WildTangent) Hidden
    Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
    Build-a-lot (HKLM-x32\...\WTA-66cc6d4b-bd43-4631-aea1-8b8f8999299c) (Version: 2.2.0.98 - WildTangent) Hidden
    calibre (HKLM-x32\...\{CF5F9723-E951-4080-BF78-7263A1C9C396}) (Version: 3.32.0 - Kovid Goyal)
    Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
    ConvertXtoDVD 4.1.9.347 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.9.347 - )
    Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-188c9500-ee25-4527-bd9a-dc5b9c032863) (Version: 2.2.0.110 - WildTangent) Hidden
    Cradle of Rome 2 (HKLM-x32\...\WTA-d2d10c3b-ddc1-4f58-9935-d7d21eda6e3a) (Version: 2.2.0.98 - WildTangent) Hidden
    Curse at Twilight (HKLM-x32\...\WTA-9dfb1b25-bf17-4655-818a-3fbd39ef5518) (Version: 3.0.2.32 - WildTangent) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3007 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3007 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 16.2 - Illustrate)
    dBpoweramp CD Writer (HKLM-x32\...\dBpoweramp CD Writer) (Version: Release 3.1 - Illustrate)
    Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
    Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-f57ac10b-c25f-4369-b2df-bbf29800e748) (Version: 3.0.2.32 - WildTangent) Hidden
    DriverUpdate (HKLM\...\{253A11FF-F5D6-4BB0-9659-BA5E8D6EB1BF}) (Version: 4.1.3 - Slimware Utilities Holdings, Inc.) Hidden
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    Farm Frenzy (HKLM-x32\...\WTA-6ba4354a-8583-4980-a376-a4f5f3842f41) (Version: 2.2.0.98 - WildTangent) Hidden
    File Association Helper (HKLM\...\{572D0504-2C67-4016-801F-D70879A3026A}) (Version: 1.1.6.53763 - WinZip Computing International, LLC)
    FileSearchy Pro (HKLM-x32\...\FileSearchy Pro) (Version: 1.11 - Midlinesoft)
    GameHouse Games Collection: Academy of Magic (HKLM-x32\...\Academy of Magic) (Version: - )
    GameHouse Games Collection: Adventure Inlay - Safari Edition (HKLM-x32\...\Adventure Inlay - Safari Edition) (Version: - )
    GameHouse Games Collection: Adventure Inlay (HKLM-x32\...\Adventure Inlay) (Version: - )
    GameHouse Games Collection: Air Strike 3D (HKLM-x32\...\Air Strike 3D) (Version: - )
    GameHouse Games Collection: Alien Sky (HKLM-x32\...\Alien Sky) (Version: - )
    GameHouse Games Collection: Aloha Solitaire (HKLM-x32\...\Aloha Solitaire) (Version: - )
    GameHouse Games Collection: Aloha TriPeaks (HKLM-x32\...\Aloha TriPeaks) (Version: - )
    GameHouse Games Collection: Ancient Tri-Jong (HKLM-x32\...\Ancient Tri-Jong) (Version: - )
    GameHouse Games Collection: Ancient Tripeaks (HKLM-x32\...\Ancient Tripeaks) (Version: - )
    GameHouse Games Collection: Astrobatics (HKLM-x32\...\Astrobatics) (Version: - )
    GameHouse Games Collection: Atlantis (HKLM-x32\...\Atlantis) (Version: - )
    GameHouse Games Collection: Atomaders (HKLM-x32\...\Atomaders) (Version: - )
    GameHouse Games Collection: Bejeweled 2 (HKLM-x32\...\Bejeweled 2) (Version: - )
    GameHouse Games Collection: Bewitched (HKLM-x32\...\Bewitched) (Version: - )
    GameHouse Games Collection: Big Kahuna Reef (HKLM-x32\...\Big Kahuna Reef) (Version: - )
    GameHouse Games Collection: Boggle Supreme (HKLM-x32\...\Boggle Supreme) (Version: - )
    GameHouse Games Collection: Bounce Out Blitz (HKLM-x32\...\Bounce Out Blitz) (Version: - )
    GameHouse Games Collection: Casino Island To Go (HKLM-x32\...\Casino Island To Go) (Version: - )
    GameHouse Games Collection: Chainz (HKLM-x32\...\Chainz) (Version: - )
    GameHouse Games Collection: Chainz 2 - Relinked (HKLM-x32\...\Chainz 2: Relinked) (Version: - )
    GameHouse Games Collection: Charm Solitaire (HKLM-x32\...\Charm Solitaire) (Version: - )
    GameHouse Games Collection: Charm Tale (HKLM-x32\...\Charm Tale) (Version: - )
    GameHouse Games Collection: Chicktionary (HKLM-x32\...\Chicktionary) (Version: - )
    GameHouse Games Collection: Chuzzle Deluxe (HKLM-x32\...\Chuzzle Deluxe) (Version: - )
    GameHouse Games Collection: Collapse! Crunch (HKLM-x32\...\Collapse! Crunch) (Version: - )
    GameHouse Games Collection: Combo Chaos! (HKLM-x32\...\Combo Chaos!) (Version: - )
    GameHouse Games Collection: Crystal Path (HKLM-x32\...\Crystal Path) (Version: - )
    GameHouse Games Collection: Cubis Gold 2 (HKLM-x32\...\Cubis Gold 2) (Version: - )
    GameHouse Games Collection: Digby's Donuts (HKLM-x32\...\Digby's Donuts) (Version: - )
    GameHouse Games Collection: Diner Dash (HKLM-x32\...\Diner Dash) (Version: - )
    GameHouse Games Collection: Feeding Frenzy (HKLM-x32\...\Feeding Frenzy) (Version: - )
    GameHouse Games Collection: Fiber Twig (HKLM-x32\...\Fiber Twig) (Version: - )
    GameHouse Games Collection: Five Card Deluxe (HKLM-x32\...\Five Card Deluxe) (Version: - )
    GameHouse Games Collection: Flip Words (HKLM-x32\...\Flip Words) (Version: - )
    GameHouse Games Collection: Flying Leo (HKLM-x32\...\Flying Leo) (Version: - )
    GameHouse Games Collection: Fortune Tiles Gold (HKLM-x32\...\Fortune Tiles Gold) (Version: - )
    GameHouse Games Collection: Fresco Wizard (HKLM-x32\...\Fresco Wizard) (Version: - )
    GameHouse Games Collection: GameHouse Sudoku (HKLM-x32\...\GameHouse Sudoku) (Version: - )
    GameHouse Games Collection: Gearz (HKLM-x32\...\Gearz) (Version: - )
    GameHouse Games Collection: Granny in Paradise (HKLM-x32\...\Granny in Paradise) (Version: - )
    GameHouse Games Collection: Gutterball (HKLM-x32\...\Gutterball) (Version: - )
    GameHouse Games Collection: Gutterball 2 (HKLM-x32\...\Gutterball 2) (Version: - )
    GameHouse Games Collection: Hamsterball (HKLM-x32\...\Hamsterball) (Version: - )
    GameHouse Games Collection: Hello! (HKLM-x32\...\Hello!) (Version: - )
    GameHouse Games Collection: Holiday Express (HKLM-x32\...\Holiday Express) (Version: - )
    GameHouse Games Collection: Iggle Pop! (HKLM-x32\...\Iggle Pop!) (Version: - )
    GameHouse Games Collection: Incadia (HKLM-x32\...\Incadia) (Version: - )
    GameHouse Games Collection: Incredible Ink (HKLM-x32\...\Incredible Ink) (Version: - )
    GameHouse Games Collection: Insaniquarium Deluxe (HKLM-x32\...\Insaniquarium Deluxe) (Version: - )
    GameHouse Games Collection: Inspector Parker (HKLM-x32\...\Inspector Parker) (Version: - )
    GameHouse Games Collection: Invadazoid (HKLM-x32\...\Invadazoid) (Version: - )
    GameHouse Games Collection: Jewel Quest (HKLM-x32\...\Jewel Quest) (Version: - )
    GameHouse Games Collection: Lemonade Tycoon (HKLM-x32\...\Lemonade Tycoon) (Version: - )
    GameHouse Games Collection: Luxor (HKLM-x32\...\Luxor) (Version: - )
    GameHouse Games Collection: Mad Caps (HKLM-x32\...\Mad Caps) (Version: - )
    GameHouse Games Collection: Magic Ball (HKLM-x32\...\Magic Ball Deluxe) (Version: - )
    GameHouse Games Collection: Magic Ball 2 - New Worlds (HKLM-x32\...\Magic Ball 2 - New Worlds) (Version: - )
    GameHouse Games Collection: Magic Ball 2 (HKLM-x32\...\Magic Ball 2) (Version: - )
    GameHouse Games Collection: Magic Inlay (HKLM-x32\...\Magic Inlay) (Version: - )
    GameHouse Games Collection: Magic Vines (HKLM-x32\...\Magic Vines) (Version: - )
    GameHouse Games Collection: Mah Jong Adventures (HKLM-x32\...\Mah Jong Adventures) (Version: - )
    GameHouse Games Collection: Mah Jong Medley (HKLM-x32\...\Mah Jong Medley) (Version: - )
    GameHouse Games Collection: Mah Jong Quest (HKLM-x32\...\Mah Jong Quest) (Version: - )
    GameHouse Games Collection: Mahjong Garden To Go (HKLM-x32\...\Mahjong Garden To Go) (Version: - )
    GameHouse Games Collection: Mahjong Towers Eternity (HKLM-x32\...\Mahjong Towers Eternity) (Version: - )
    GameHouse Games Collection: Maui Wowee (HKLM-x32\...\Maui Wowee) (Version: - )
    GameHouse Games Collection: Phlinx To Go (HKLM-x32\...\Phlinx To Go) (Version: - )
    GameHouse Games Collection: Pin High Country Club Golf (HKLM-x32\...\Pin High Country Club Golf) (Version: - )
    GameHouse Games Collection: Pizza Frenzy (HKLM-x32\...\Pizza Frenzy) (Version: - )
    GameHouse Games Collection: Platypus (HKLM-x32\...\Platypus) (Version: - )
    GameHouse Games Collection: Poker Superstars (HKLM-x32\...\Poker Superstars) (Version: - )
    GameHouse Games Collection: Puzzle Express (HKLM-x32\...\Puzzle Express) (Version: - )
    GameHouse Games Collection: Puzzle Inlay (HKLM-x32\...\Puzzle Inlay) (Version: - )
    GameHouse Games Collection: Puzzle Solitaire (HKLM-x32\...\Puzzle Solitaire) (Version: - )
    GameHouse Games Collection: QBz (HKLM-x32\...\QBz) (Version: - )
    GameHouse Games Collection: Reader's Digest Super Word Power (HKLM-x32\...\Reader's Digest Super Word Power) (Version: - )
    GameHouse Games Collection: Ricochet (HKLM-x32\...\Ricochet) (Version: - )
    GameHouse Games Collection: Ricochet Lost Worlds - Recharged (HKLM-x32\...\Ricochet Lost Worlds: Recharged) (Version: - )
    GameHouse Games Collection: Ricochet Lost Worlds (HKLM-x32\...\Ricochet Lost Worlds) (Version: - )
    GameHouse Games Collection: Roller Rush (HKLM-x32\...\Roller Rush) (Version: - )
    GameHouse Games Collection: Saints & Sinners Bingo (HKLM-x32\...\Saints & Sinners Bingo) (Version: - )
    GameHouse Games Collection: SCRABBLE (HKLM-x32\...\SCRABBLE) (Version: - )
    GameHouse Games Collection: Shape Shifter (HKLM-x32\...\Shape Shifter) (Version: - )
    GameHouse Games Collection: Slingo Deluxe (HKLM-x32\...\Slingo Deluxe) (Version: - )
    GameHouse Games Collection: Spelvin (HKLM-x32\...\Spelvin) (Version: - )
    GameHouse Games Collection: Splash (HKLM-x32\...\Splash) (Version: - )
    GameHouse Games Collection: Spring Sprang Sprung (HKLM-x32\...\Spring Sprang Sprung) (Version: - )
    GameHouse Games Collection: Super 5-Line Slots (HKLM-x32\...\Super 5-Line Slots) (Version: - )
    GameHouse Games Collection: Super Blackjack! (HKLM-x32\...\Super Blackjack!) (Version: - )
    GameHouse Games Collection: Super Bounce Out! (HKLM-x32\...\Super Bounce Out!) (Version: - )
    GameHouse Games Collection: Super Candy Cruncher (HKLM-x32\...\Super Candy Cruncher) (Version: - )
    GameHouse Games Collection: Super Collapse! (HKLM-x32\...\Super Collapse!) (Version: - )
    GameHouse Games Collection: Super Collapse! II (HKLM-x32\...\Super Collapse! II) (Version: - )
    GameHouse Games Collection: Super Collapse! II Platinum (HKLM-x32\...\Super Collapse! II Platinum) (Version: - )
    GameHouse Games Collection: Super Fruit Frolic (HKLM-x32\...\Super Fruit Frolic) (Version: - )
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 1 (HKLM-x32\...\Super GameHouse Solitaire Vol. 1) (Version: - )
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 2 (HKLM-x32\...\Super GameHouse Solitaire Vol. 2) (Version: - )
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 3 (HKLM-x32\...\Super GameHouse Solitaire Vol. 3) (Version: - )
    GameHouse Games Collection: Super Gem Drop (HKLM-x32\...\Super Gem Drop) (Version: - )
    GameHouse Games Collection: Super Glinx! (HKLM-x32\...\Super Glinx!) (Version: - )
    GameHouse Games Collection: Super Letter Linker (HKLM-x32\...\Super Letter Linker) (Version: - )
    GameHouse Games Collection: Super Mah Jong Solitaire (HKLM-x32\...\Super Mah Jong Solitaire) (Version: - )
    GameHouse Games Collection: Super Nisqually (HKLM-x32\...\Super Nisqually) (Version: - )
    GameHouse Games Collection: Super PileUp! (HKLM-x32\...\Super PileUp!) (Version: - )
    GameHouse Games Collection: Super Pool (HKLM-x32\...\Super Pool) (Version: - )
    GameHouse Games Collection: Super Pop & Drop! (HKLM-x32\...\Super Pop & Drop!) (Version: - )
    GameHouse Games Collection: Super Rumble Cube (HKLM-x32\...\Super Rumble Cube) (Version: - )
    GameHouse Games Collection: Super SpongeBob Collapse! (HKLM-x32\...\Super SpongeBob Collapse!) (Version: - )
    GameHouse Games Collection: Super TextTwist (HKLM-x32\...\Super TextTwist) (Version: - )
    GameHouse Games Collection: Super WHATword (HKLM-x32\...\Super WHATword) (Version: - )
    GameHouse Games Collection: Super Wild Wild Words (HKLM-x32\...\Super Wild Wild Words) (Version: - )
    GameHouse Games Collection: Tap a Jam (HKLM-x32\...\Tap a Jam) (Version: - )
    GameHouse Games Collection: Ten Pin Championship Bowling Pro (HKLM-x32\...\Ten Pin Championship Bowling Pro) (Version: - )
    GameHouse Games Collection: Tennis Titans (HKLM-x32\...\Tennis Titans) (Version: - )
    GameHouse Games Collection: Tradewinds 2 (HKLM-x32\...\Tradewinds 2) (Version: - )
    GameHouse Games Collection: Trivia Machine (HKLM-x32\...\Trivia Machine) (Version: - )
    GameHouse Games Collection: Tropical Swaps (HKLM-x32\...\Tropical Swaps) (Version: - )
    GameHouse Games Collection: Tumblebugs (HKLM-x32\...\Tumblebugs) (Version: - )
    GameHouse Games Collection: Turtle Bay (HKLM-x32\...\Turtle Bay) (Version: - )
    GameHouse Games Collection: Twistingo (HKLM-x32\...\Twistingo) (Version: - )
    GameHouse Games Collection: Ultimate Dominoes (HKLM-x32\...\Ultimate Dominoes) (Version: - )
    GameHouse Games Collection: Varmintz Deluxe (HKLM-x32\...\Varmintz Deluxe) (Version: - )
    GameHouse Games Collection: Walls of Jericho, The (HKLM-x32\...\Walls of Jericho, The) (Version: - )
    GameHouse Games Collection: Wheel of Fortune (HKLM-x32\...\Wheel of Fortune) (Version: - )
    GameHouse Games Collection: Word Jolt (HKLM-x32\...\Word Jolt) (Version: - )
    GameHouse Games Collection: Word Slinger (HKLM-x32\...\Word Slinger) (Version: - )
    GameHouse Games Collection: WordJong To Go (HKLM-x32\...\WordJong To Go) (Version: - )
    GameHouse Games Collection: Zuma Deluxe (HKLM-x32\...\Zuma Deluxe) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-076916e6-2b6e-4580-b7a6-7c20894a32fc) (Version: 2.2.0.110 - WildTangent) Hidden
    Greeting Card Builder 3.2.0 (HKLM-x32\...\{82647B93-3F9C-4BBA-8801-E54DEB46736A}_is1) (Version: - PearlMountain Technology Co., Ltd)
    Hallmark Card Studio 2009 (HKLM-x32\...\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}) (Version: 10.0.0.28 - Creative Home)
    Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-4807f16c-1623-4306-8c66-00c0a9921fe2) (Version: 2.2.0.98 - WildTangent) Hidden
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-2121509380-3955967994-4141527572-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
    HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.24.3 - Hewlett-Packard Company)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
    Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
    JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
    Jewel Match 3 (HKLM-x32\...\WTA-7d9e851b-84ba-4025-8a19-114dd528b533) (Version: 2.2.0.98 - WildTangent) Hidden
    KC Softwares KCleaner (HKLM-x32\...\KC Softwares KCleaner_is1) (Version: 3.2.8.91 - KC Softwares)
    K-Lite Codec Pack 13.4.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.4.5 - KLCP)
    Luxor Evolved (HKLM-x32\...\WTA-ef5dcbeb-5b0b-4ea3-8e21-de804fdef7f8) (Version: 2.2.0.98 - WildTangent) Hidden
    Magic DVD Copier V9.0.1 (HKLM-x32\...\Magic DVD Copier_is1) (Version: - Magic DVD Software, Inc.)
    Mah Jong Medley (HKLM-x32\...\WTA-612bd0bb-4d9a-4fc3-97a9-f6170c18229c) (Version: 2.2.0.95 - WildTangent) Hidden
    Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\WTA-2f4da11d-27ce-4400-8ea2-582600089a47) (Version: 2.2.0.98 - WildTangent) Hidden
    Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
    MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2121509380-3955967994-4141527572-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
    MiPony 2.5.4 (HKLM-x32\...\MiPony) (Version: 2.5.4 - )
    Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 56.0 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0 (x64 en-US)) (Version: 56.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-eb828d46-ca11-4a50-bffe-c5d5cd200080) (Version: 2.2.0.98 - WildTangent) Hidden
    Nero 11 Mini Repack (HKLM\...\NMMS11) (Version: - )
    Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
    OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
    Paint Shop Pro 7 (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
    PDF to X 6.0 (HKLM-x32\...\PDF to X_is1) (Version: - TriSun Software Limited)
    Peggle Deluxe 1.00 (HKLM-x32\...\Peggle Deluxe 1.00) (Version: - )
    Peggle Nights (HKLM-x32\...\WTA-acb3f55b-8b2e-41b2-836e-857e887029ee) (Version: 2.2.0.98 - WildTangent) Hidden
    Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
    Photo Stamp Remover 6.1 (HKLM-x32\...\Photo Stamp Remover_is1) (Version: 6.1 - SoftOrbits)
    Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation)
    PhotoScissors 1.1 (HKLM\...\{664FCCAE-8187-4EC5-B191-758C040C999C}_is1) (Version: - teorex)
    Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.1.1.2 - Pinger Inc.) Hidden
    Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
    Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-4ba57f77-1a06-4238-9caf-781961fd56f5) (Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (HKLM-x32\...\WTA-4121edee-bf7b-4734-8ead-5015293cca78) (Version: 2.2.0.97 - WildTangent) Hidden
    PrintMaster 12 (HKLM-x32\...\{2A304FDE-F4E3-446D-AA0D-31425C897B71}) (Version: - Broderbund LLC)
    ProShow Gold (HKLM-x32\...\ProShow Gold) (Version: - Photodex Corporation)
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    RealDownloader (HKLM-x32\...\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}) (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
    Roads of Rome 3 (HKLM-x32\...\WTA-de332ddd-96ed-43cd-b538-6ac5313f3a85) (Version: 2.2.0.98 - WildTangent) Hidden
    Royal Envoy 2 Collector's Edition (HKLM-x32\...\WTA-fa8ad2a9-0785-4d4c-bd41-ebc982caba17) (Version: 3.0.2.32 - WildTangent) Hidden
    SoftOrbits Photo Retoucher 1.3 (HKLM-x32\...\SoftOrbits Photo Retoucher_is1) (Version: 1.3 - SoftOrbits)
    SoftSkin Photo Makeup 1.2 (HKLM-x32\...\SoftSkin Photo Makeup_is1) (Version: 1.2 - SoftOrbits)
    Start Menu X version 5.02 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 5.02 - OrdinarySoft)
    Tales of Lagoona (HKLM-x32\...\WTA-ec2705cc-3663-405e-9563-62ce538533e3) (Version: 2.2.0.110 - WildTangent) Hidden
    UnHackMe GE 8.80 release (HKLM-x32\...\UnHackMe Giveaway Edition_is1) (Version: - Greatis Software, LLC.)
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
    Vacation Questâ„¢ - Australia (HKLM-x32\...\WTA-53bd5bac-04f0-49b0-a87a-c9faafb201fd) (Version: 3.0.2.32 - WildTangent) Hidden
    Web Companion (HKLM-x32\...\{74ac22ee-6be9-4a0f-a2d1-3466af079b2d}) (Version: 3.1.1602.3093 - Lavasoft)
    Web Companion (HKLM-x32\...\{b75f73c5-a5bf-4d32-bbd5-83b1edd9b47f}) (Version: 2.3.1521.2957 - Lavasoft)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.5 - WildTangent) Hidden
    WildTangent Updater (HKLM-x32\...\wcmdmgr.exe) (Version: - )
    WildTangent Web Driver (HKLM-x32\...\wtwebdriver) (Version: - )
    Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-2121509380-3955967994-4141527572-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
    Youda Jewel Shop (HKLM-x32\...\WTA-ed1e67a6-a26c-4073-8a4c-5bd003539692) (Version: 3.0.2.32 - WildTangent) Hidden
    Zuma's Revenge (HKLM-x32\...\WTA-923c5cba-73e8-481c-937d-80b08f9394dd) (Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alice\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-16] ()
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alice\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-16] ()
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alice\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-16] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alice\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-16] ()
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alice\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-16] ()
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alice\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-16] ()
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
    ContextMenuHandlers1: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} => C:\Program Files\File Association Helper\FAHDll.dll [2013-09-26] (WinZip Computing International, LLC)
    ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Alice\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-16] ()
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
    ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Alice\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-16] ()
    ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Alice\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-16] ()
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Alice\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-16] ()
    ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-10-17] (Advanced Micro Devices, Inc.)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {12CA9233-8E35-4F6A-B703-FF450940E47B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {14AB945B-3DC4-4CAF-B25D-01D6732E4DDA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-10-10] (Microsoft Corporation)
    Task: {171247CA-1B6F-412F-AC73-431F8C5392C1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {29560ACC-02EB-4079-A70B-C7192BA5DCC8} - System32\Tasks\FileSearchyPro_SkipUAC => C:\Program Files (x86)\FileSearchy Pro\FileSearchyPro.exe [2014-02-13] ()
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {402E3B1C-583C-4726-B38D-22322EF0B52B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-19] ()
    Task: {40B359F8-44DE-4352-A820-EB9F3084E002} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
    Task: {45BBD406-3575-46D4-B144-E078D8927524} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {46BF592F-A966-4353-B2C9-E8901ECA0A70} - \WPD\SqmUpload_S-1-5-21-2121509380-3955967994-4141527572-1001 -> No File <==== ATTENTION
    Task: {4CF81D87-F35C-494F-B463-F8F7BA5A5E64} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
    Task: {4E4FD862-D7F5-41B2-A5A5-122D1A4FE9E5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {5DDD4932-CF0F-4825-B136-9C5EBC2A9426} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {6E77D862-52E7-4ACB-9A75-F0D328211842} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeNowTask => C:\WINDOWS\System32\GWX\GWXUXWorker.exe
    Task: {748A974E-A102-4101-BB82-D0F979A8CA34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
    Task: {7854054F-ADEB-4017-B819-ED9B66AD1E52} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
    Task: {838C064F-E57D-4741-8E6C-799DE1AADF23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {8AFB7568-BB5A-4D0F-97F1-28D963EDE29F} - System32\Tasks\HPCeeScheduleForalyce => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {9194A739-B53E-4F4C-AC33-81C1966538FB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {926BC591-4070-452C-B017-674015A47D06} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
    Task: {970ABF8B-6017-4364-963F-43ADA2A7F09A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {970EE454-7D48-46EA-8533-A7BF701CD3E2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {97E9DD6C-6131-4B53-B4D5-7C6375D43AF7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {9A69734F-0756-4599-8ED2-DE12EEFD69FC} - System32\Tasks\{21B58E7E-654D-42CA-B4E4-4E34DB0FDDF3} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\uninstall.exe"
    Task: {9B505D1F-2D2B-478F-8D9E-13DCB4EDC7D8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {9D4DF638-D373-42D6-B496-C9E44F226602} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
    Task: {A8AF04AC-97E7-410D-B58E-4BD8986C89BA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {B6F4944F-7662-46A9-887A-702EF50F2590} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-10-17] (Advanced Micro Devices, Inc.)
    Task: {B9B99E16-E7A9-4CF9-8F08-B624B2608062} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
    Task: {C4B4365E-3E7B-46CE-AF5B-45F7C3BEE4F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-09] (Google Inc.)
    Task: {CEC2E5F6-CE1E-410F-910C-A0CA56A0845B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
    Task: {CF3F9FCD-4745-4725-864D-7C28612937BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
    Task: {CFAE278A-2FE5-419B-A768-FB54D2FFC272} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {D14E290A-7F45-4899-832C-F23DA7FDB0A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
    Task: {D310024E-06F3-4771-A34D-FB46FA14B9BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
    Task: {D5A02DE2-3B53-46E7-A293-E0EE599F4381} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {DA22EF43-2A59-40ED-A794-A4F182CA7EF5} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2121509380-3955967994-4141527572-1001 => C:\Users\Alice\AppData\Local\MEGAsync\MEGAupdater.exe [2018-01-19] (Mega Limited)
    Task: {DBCB8492-9591-4EB7-8758-F571BB60C9FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
    Task: {DBE6C96A-7424-457D-8C67-A23AC3422254} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2121509380-3955967994-4141527572-1001 => C:\Users\Alice\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
    Task: {E5D3C9A1-4D05-4D45-86E2-007DF32FE917} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-09] (Google Inc.)
    Task: {E7A151F4-44A0-48B0-A51D-2C52BFC60F96} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2017-04-14] (Greatis Software)
    Task: {E973DC58-728A-4007-9632-8C36AFA0719E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {F3051D9E-77AB-4721-ABBB-19A7A42FDDD2} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-08-18] ()
    Task: {FA48DF75-D929-4E5B-BB98-9EA29BC5BE31} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-10-17] (Advanced Micro Devices, Inc.)
    Task: {FDB2393A-3873-4998-A8DA-0B99C82C35B2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {FF7919B7-9059-4219-9BAA-932A23ED925D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\HPCeeScheduleForalyce.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2013-08-14 15:19 - 2013-08-14 15:19 - 000039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-01-22 10:27 - 2014-01-22 10:27 - 000186760 _____ () C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
    2017-06-29 08:45 - 2017-06-29 08:45 - 000025192 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
    2017-06-29 08:45 - 2017-06-29 08:45 - 000017000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
    2017-06-29 08:45 - 2017-06-29 08:45 - 000036968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
    2018-09-25 15:45 - 2018-10-29 16:57 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2018-09-25 15:45 - 2018-10-29 16:57 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2012-10-30 14:05 - 2012-10-30 14:05 - 000607744 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.DLL
    2017-06-07 14:09 - 2017-11-16 18:03 - 000598528 _____ () C:\Users\Alice\AppData\Local\MEGAsync\ShellExtX64.dll
    2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-06-27 21:32 - 2018-06-27 21:32 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
    2018-06-27 21:32 - 2018-06-27 21:32 - 002552832 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
    2018-10-10 05:34 - 2018-09-19 21:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-10-15 14:08 - 2018-10-15 14:10 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
    2018-10-23 11:39 - 2018-10-23 11:40 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
    2018-10-23 11:39 - 2018-10-23 11:40 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
    2018-10-23 11:39 - 2018-10-23 11:40 - 010978304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\LibWrapper.dll
    2018-10-23 11:39 - 2018-10-23 11:40 - 002810368 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\skypert.dll
    2018-10-23 11:39 - 2018-10-23 11:40 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
    2018-10-05 19:25 - 2018-10-05 19:26 - 032535040 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\Music.UI.exe
    2018-10-05 19:25 - 2018-10-05 19:26 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\SharedUI.dll
    2017-12-01 07:34 - 2017-12-01 07:36 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
    2017-10-06 07:14 - 2017-10-06 07:15 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-10-05 19:25 - 2018-10-05 19:26 - 005951488 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2018-10-05 19:25 - 2018-10-05 19:25 - 009073152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\EntPlat.dll
    2016-02-13 07:06 - 2016-02-13 07:06 - 000117920 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18091.10321.0_x64__8wekyb3d8bbwe\GNSDK_FP.DLL
    2018-10-27 03:26 - 2018-10-27 03:28 - 035118592 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
    2018-10-27 03:26 - 2018-10-27 03:28 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\SharedUI.dll
    2018-10-27 03:26 - 2018-10-27 03:28 - 005987328 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2017-10-06 07:14 - 2017-10-06 07:15 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-10-27 03:26 - 2018-10-27 03:28 - 009064448 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntPlat.dll
    2018-07-10 03:47 - 2018-07-10 03:51 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
    2018-10-23 11:39 - 2018-10-23 11:40 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () C:\Program Files\AMD\Performance Profile Client\Platform.dll
    2018-03-13 03:47 - 2018-03-13 03:47 - 003109888 _____ () C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
    2018-03-13 03:47 - 2018-03-13 03:47 - 000912896 _____ () C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
    2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () C:\Program Files\AMD\Performance Profile Client\Device.dll
    2018-09-26 08:38 - 2018-09-26 08:40 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2018-09-26 08:38 - 2018-09-26 08:40 - 069128192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2018-09-26 08:38 - 2018-09-26 08:40 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
    2017-12-13 05:58 - 2017-12-13 06:03 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
    2018-08-31 05:47 - 2018-08-31 05:51 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
    2018-04-26 04:36 - 2018-04-26 04:39 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
    2018-08-31 05:47 - 2018-08-31 05:51 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
    2018-08-20 19:59 - 2018-08-20 20:03 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_core320.dll
    2018-08-20 19:59 - 2018-08-20 20:03 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
    2018-04-05 04:25 - 2018-04-05 04:28 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
    2018-09-26 08:38 - 2018-09-26 08:40 - 014171648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
    2018-08-31 05:47 - 2018-08-31 05:51 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngine.dll
    2018-09-26 08:38 - 2018-09-26 08:40 - 002866176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
    2018-08-31 05:47 - 2018-08-31 05:51 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
    2018-07-27 05:34 - 2018-07-27 05:35 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2016-04-13 02:38 - 2017-11-16 18:03 - 000798208 _____ () C:\Users\Alice\AppData\Local\MEGAsync\libsodium.dll
    2013-07-24 12:29 - 2013-03-12 08:51 - 000626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-03-12 23:53 - 2013-03-12 23:53 - 000015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
    AlternateDataStreams: C:\ProgramData\Temp:70B3C619 [124]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-2121509380-3955967994-4141527572-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2121509380-3955967994-4141527572-1001\...\webcompanion.com -> hxxp://webcompanion.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2013-08-22 07:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2121509380-3955967994-4141527572-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alice\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\thecapitolbymoonlight.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKLM\...\StartupApproved\StartupFolder: => "Event Reminder.lnk"
    HKLM\...\StartupApproved\Run: => "TelevisionFanatic Home Page Guard 64 bit"
    HKLM\...\StartupApproved\Run: => "FAHConsole"
    HKLM\...\StartupApproved\Run: => "RTHDVCPL"
    HKLM\...\StartupApproved\Run32: => "StartCCC"
    HKLM\...\StartupApproved\Run32: => "NBAgent"
    HKLM\...\StartupApproved\Run32: => "TkBellExe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{6F913F93-9363-4237-8C34-083C6CA32C8D}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe
    FirewallRules: [TCP Query User{B597F6BF-6AEA-4EB9-9BF9-7641A9D0E747}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe
    FirewallRules: [{10C74A28-3E20-4C24-AD1B-571DB1F929CA}] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
    FirewallRules: [{B4E427FD-3918-4963-94E2-EF4FD4ED2ED3}] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
    FirewallRules: [UDP Query User{1C78526A-D314-4F3D-9936-229D803D1ACB}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
    FirewallRules: [TCP Query User{59976021-8011-436B-8AD9-92A388B88A96}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
    FirewallRules: [UDP Query User{350BFDCC-2C8C-4699-91CA-40D5C9D4C267}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
    FirewallRules: [TCP Query User{C80BDC0B-F81C-426D-8D76-9AD9B70211AB}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
    FirewallRules: [UDP Query User{21A2B24C-C3C1-4125-9444-36B2E281BB2B}C:\program files (x86)\illustrate\dbpoweramp\asset-upnp.exe] => (Allow) C:\program files (x86)\illustrate\dbpoweramp\asset-upnp.exe
    FirewallRules: [TCP Query User{C2301C64-BEA9-460A-9516-0F738D712CFE}C:\program files (x86)\illustrate\dbpoweramp\asset-upnp.exe] => (Allow) C:\program files (x86)\illustrate\dbpoweramp\asset-upnp.exe
    FirewallRules: [{4654CD0B-A9B0-423C-B671-694388230801}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{6527735B-E6A7-444F-9949-CC284B843E2D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{455B1A09-0F90-4522-9E04-672318A3BAAF}] => (Allow) LPort=26125
    FirewallRules: [{49A02B87-CB98-4B38-AABA-EAD9CC273856}] => (Allow) LPort=26125
    FirewallRules: [{D9589AF4-E006-457A-99D0-739E23528970}] => (Allow) C:\Program Files (x86)\Illustrate\dBpoweramp\Asset-uPNP.exe
    FirewallRules: [{328EC71C-23D0-4914-9E6C-D44A6D2D1C08}] => (Allow) C:\Program Files (x86)\Illustrate\dBpoweramp\Asset-uPNP.exe
    FirewallRules: [{A56EEE5C-11CC-4454-9437-B84822CE7067}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{061CFB17-E976-40BA-A5A5-35E80E439A07}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
    FirewallRules: [{D5F4C266-1891-4F42-A32C-21EF58CBEEAE}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
    FirewallRules: [{DACB8099-B251-4812-A40F-42066352674E}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
    FirewallRules: [{858D993A-F06E-4076-B7F7-2C3C2AE472EF}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
    FirewallRules: [{9A813D7B-C288-402A-B80F-BF03C5CB7D42}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
    FirewallRules: [{A5ABC2A2-302E-4102-AB05-CF04396287A1}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
    FirewallRules: [{0C14327F-45FC-450A-A28C-96A3E7A8AB52}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
    FirewallRules: [{3F2D5157-3BBA-48B3-BE4E-A0BF849E0652}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
    FirewallRules: [{B7F8A856-CBAC-4309-89E7-E01E37E7DB7E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
    FirewallRules: [{4D06F128-CD58-4A1F-97D5-4D65366A5E0B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
    FirewallRules: [{AE8DA7E7-9738-461D-9BA9-08DA4A669818}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{2A8771A8-C4CF-445D-B0B5-DE653882BF12}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{7304FA47-160D-40EF-BDE2-67C26B40D57F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{4C86A245-0A9C-4D84-BC45-EB614FDC7F19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A4FE1F35-0B0E-4208-9543-3532257B5DB8}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{886F95BA-3133-4870-8B95-1D2BB79B97E0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{C9DE9132-1FB0-4B47-9595-9822B4E9A3AD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    FirewallRules: [{9B8E7DA5-7C19-4275-B996-854B4C6D46F0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{A9B151D1-01E2-435C-9FB2-D55F406349A7}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
    FirewallRules: [{7E36E0B3-1947-4F3F-A390-12EC007915FD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{D4A56772-4595-4852-A70C-0096FEF220B8}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{901C4655-AC33-4979-83E9-ABB94E251A77}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{AF99976E-CF02-4064-8AC9-590B2C0C4ACB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{F59122F2-8E5B-46B1-93CC-9C0C02159021}] => (Allow) LPort=2869
    FirewallRules: [{779CA69E-35C8-4FF3-A40A-1D04A630D310}] => (Allow) LPort=1900
    FirewallRules: [{8779328C-954F-43A7-9BE4-A58AD460D1BD}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
    FirewallRules: [{2CE6BAC8-87D3-4257-815B-802FD52C7EC2}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
    FirewallRules: [{4826DD7C-5983-4ABC-B1D6-66F34E228F51}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
    FirewallRules: [{B63815C4-5186-44DA-BEA7-6100CE808BC0}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
    FirewallRules: [{2C11FAFE-6DB1-46D4-BA65-F0E9C787C500}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
    FirewallRules: [{3452B4F8-BB60-4800-AAA4-904009326C74}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
    FirewallRules: [TCP Query User{96A1AB1C-9C90-4BBC-8268-9A3CDBB0CEFC}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
    FirewallRules: [UDP Query User{E0F2610F-8116-4938-912A-B1F5E4DF915D}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
    FirewallRules: [{0F4D58B8-EF05-4AC8-BBAC-2801D161F596}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
    FirewallRules: [{7815F79A-C424-4260-8DE5-93DB3CC7EE3A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
    FirewallRules: [{F9351023-A92F-4FAC-99FA-910E9FC37A8A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
    FirewallRules: [{5B69082B-E8B6-40BE-8DF7-EA029E8C70D8}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
    FirewallRules: [{E24F0AE2-3C5F-41C6-92C0-83BD76B46056}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
    FirewallRules: [{F9D61511-0335-4FB8-B44C-A55157DEE870}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
    FirewallRules: [{D9F18AF5-1D37-4914-9461-974591EA3B42}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
    FirewallRules: [{1C8E315B-DE4C-4D15-88A8-123296EA0787}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
    FirewallRules: [{F5D0C44D-9B23-4FA8-B55A-9557C760F116}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
    FirewallRules: [{941D07AA-44FB-4D24-B0A9-6607E5D1BBDE}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
    FirewallRules: [{51A060A5-4157-4160-B5FD-246C0C6E70DA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{6020C88C-0118-4FC3-8C06-CDDD58BE535A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{55A49259-B0BB-4F2B-B7A8-4C776169DF87}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe
    FirewallRules: [UDP Query User{FA00CAA7-B65D-411B-98B8-9A0076D9CF10}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe
    FirewallRules: [{5C47D6C7-92FB-4260-9912-B083FCE35A28}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    30-10-2018 09:51:10 Windows Modules Installer
    06-11-2018 13:47:59 Scheduled Checkpoint
    08-11-2018 11:52:19 Windows Modules Installer
    10-11-2018 07:51:47 Windows Modules Installer

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/10/2018 03:44:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: e88

    Start Time: 01d4793e60623735

    Termination Time: 31

    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Report Id: 5fbb6fc7-9cc3-4504-a6e1-f00b47fb1c43

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (11/10/2018 12:53:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Paint Shop Pro 9.exe, version: 9.0.0.0, time stamp: 0x41210e3b
    Faulting module name: igCGM13d.dll_unloaded, version: 13.3.1.0, time stamp: 0x40f549fe
    Exception code: 0xc0000005
    Fault offset: 0x00008bc0
    Faulting process id: 0x2410
    Faulting application start time: 0x01d479266bad1af6
    Faulting application path: C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe
    Faulting module path: igCGM13d.dll
    Report Id: 0350b219-2e8c-4e34-afe2-e8f65322e7ff
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/10/2018 12:44:44 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Paint Shop Pro 9.exe, version: 9.0.0.0, time stamp: 0x41210e3b
    Faulting module name: igCGM13d.dll_unloaded, version: 13.3.1.0, time stamp: 0x40f549fe
    Exception code: 0xc0000005
    Fault offset: 0x00008bc0
    Faulting process id: 0x23b0
    Faulting application start time: 0x01d47925599bdf70
    Faulting application path: C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe
    Faulting module path: igCGM13d.dll
    Report Id: 2aa0cd2e-eb5d-4831-9985-3cf5055d2762
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/10/2018 12:38:27 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Paint Shop Pro 9.exe, version: 9.0.0.0, time stamp: 0x41210e3b
    Faulting module name: igCGM13d.dll_unloaded, version: 13.3.1.0, time stamp: 0x40f549fe
    Exception code: 0xc0000005
    Fault offset: 0x00008bc0
    Faulting process id: 0x444
    Faulting application start time: 0x01d4792459524061
    Faulting application path: C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe
    Faulting module path: igCGM13d.dll
    Report Id: f72d82c7-2a2f-434f-aff2-17cba66d8c12
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/10/2018 12:25:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Paint Shop Pro 9.exe, version: 9.0.0.0, time stamp: 0x41210e3b
    Faulting module name: igCGM13d.dll_unloaded, version: 13.3.1.0, time stamp: 0x40f549fe
    Exception code: 0xc0000005
    Fault offset: 0x00008bc0
    Faulting process id: 0x1718
    Faulting application start time: 0x01d4792289549c60
    Faulting application path: C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe
    Faulting module path: igCGM13d.dll
    Report Id: 2483c5d6-715a-4ce9-8718-c96feff7a7b0
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/10/2018 09:07:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 1140

    Start Time: 01d47905f31b3f4a

    Termination Time: 82

    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Report Id: a531b303-0bf1-4ca7-8252-843ff129500f

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (11/10/2018 07:52:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (11/10/2018 07:38:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 22a4

    Start Time: 01d478f64e1c5eda

    Termination Time: 27

    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Report Id: 27d243fb-2f04-461d-acb3-7eb1897066bf

    Faulting package full name:

    Faulting package-relative application ID:


    System errors:
    =============
    Error: (11/10/2018 02:52:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {0358B920-0AC7-461F-98F4-58E32CD89148}
    and APPID
    {3EB3C877-1F16-487C-9050-104DBCD66683}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2018 02:52:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {0358B920-0AC7-461F-98F4-58E32CD89148}
    and APPID
    {3EB3C877-1F16-487C-9050-104DBCD66683}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2018 12:29:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Desktop\alyce SID (S-1-5-21-2121509380-3955967994-4141527572-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2018 12:29:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Desktop\alyce SID (S-1-5-21-2121509380-3955967994-4141527572-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2018 12:27:47 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Desktop\alyce SID (S-1-5-21-2121509380-3955967994-4141527572-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2018 12:27:45 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Desktop\alyce SID (S-1-5-21-2121509380-3955967994-4141527572-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2018 12:27:44 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Desktop\alyce SID (S-1-5-21-2121509380-3955967994-4141527572-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/10/2018 12:27:43 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Desktop\alyce SID (S-1-5-21-2121509380-3955967994-4141527572-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2018-11-10 07:58:28.899
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {997915A8-1287-4E5A-8322-12148B227DB6}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-11-08 08:33:16.276
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {F984344A-3BDD-4C9C-AF24-C34C4F187464}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-10-30 19:25:45.824
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {61324F5D-D043-463A-A75F-40D10B36BDA5}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-10-30 17:17:36.701
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {7DCBDC9C-CAA7-41E6-B933-CB52B952DB32}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-10-22 09:27:49.056
    Description:
    Windows Defender Antivirus has detected a suspicious behavior.
    Name: Informational:Behavior/ModifiedKernel
    ID: 2046935444
    Severity: Low
    Category: Suspicious Behavior
    Path Found: process:_0
    Detection Origin: Unknown
    Detection Type: Suspicious
    Detection Source: Real-Time Protection
    Status: Executing
    Process Name: Unknown
    Signature ID: 717259538435
    Signature Version: AV: 1.279.292.0, AS: 1.279.292.0
    Engine Version: 1.1.15400.4
    Fidelity Label: Low
    Target File Name:

    Date: 2018-11-07 06:05:25.011
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.279.1298.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15400.4
    Error code: 0x80240016
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2018-10-16 06:25:12.189
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.277.1152.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15300.6
    Error code: 0x80240016
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2018-09-29 10:45:06.787
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.277.235.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15300.6
    Error code: 0x80240016
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    CodeIntegrity:
    ===================================

    Date: 2018-11-10 15:40:00.858
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-11-10 15:40:00.026
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-11-10 15:39:44.554
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-11-10 15:39:44.546
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-11-10 15:38:38.910
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-11-10 15:37:24.817
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-11-10 15:37:23.969
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-11-10 15:37:08.630
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    ==================== Memory info ===========================

    Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics
    Percentage of memory in use: 74%
    Total physical RAM: 3532.66 MB
    Available physical RAM: 887.3 MB
    Total Virtual: 7116.66 MB
    Available Virtual: 2363.29 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:911.51 GB) (Free:404.95 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (Recovery Image) (Fixed) (Total:17.7 GB) (Free:2.15 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (KNIT_THIS) (CDROM) (Total:2.18 GB) (Free:0 GB) UDF

    \\?\Volume{055ea13d-d49d-49b9-aeac-3ec6c8c893be}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS
    \\?\Volume{bfb727a6-d248-45cb-a3ee-5808bdbd8b93}\ () (Fixed) (Total:0.83 GB) (Free:0.45 GB) NTFS
    \\?\Volume{b4c90be9-d7cf-4a2e-b0e1-210ca65f4cf6}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.3 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 412CA52E)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  8. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Hey Alyce,
    That is odd! But that's how tech can be sometimes. Thank you for posting that, and no problem about not having another computer. We will do what we can! I'll be analyzing your logs and will be getting back to you with a fix soon here :).
     
  9. buttkiss

    buttkiss Thread Starter

    Joined:
    Oct 26, 2018
    Messages:
    9
    Hi Joe, It's been a few days since I sent the addition txt, and I haven't heard from you. I was wondering if you found anything that could be giving me this problem

    thanks

    buttkiss
     
  10. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Hey Alyce, thank you for checking in. I'm still here, but I'm waiting for my post to get approved before I post it here :)
     
  11. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Hi Alyce, since we've last spoken, what is the status of your computer? I've put together a fix below to get us started.

    Going back to this really quick, it looks like the statement you made:
    Is related to the software UnHackMe GE 8.80 release that you have on your computer. If you uninstalled the software, then I think the message would go away.

    Step 1 of 4: Uninstalling Programs

    Please uninstall the following programs. Do so by right-clicking the Start button > selecting Apps & Featuresl > finding, double-clicking, and uninstalling > the programs
    below:
    These include:
    • albrechto
    • JDownloader 2
    • MiPony 2.5.4
    Step 2 of 4: Fix with FRST

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    • Open FRST. Please copy the entire contents of the code box below, excluding the word "Quote". (To do this highlight the contents of the box, right click on it and select copy.
    • Navigate back to FRST and click on Fix

    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Step 3 of 4: Clean with AdwCleaner

    Download AdwCleaner from here. Save the file to the desktop.

    Close all open windows and browsers.
    • XP users: Double click the AdwCleaner icon to start the program.
    • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    [​IMG]
    • Click the Scan Now button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Scan results - "Clean & Repair" will remove the selected threats from your computer.
    • Click the Clean & Repair button.
    • Everything checked will be moved to Quarantine.
    • Click on Clean & Restart Now
    [​IMG]

    On reboot a screen similar to the one below will be displayed.
    [​IMG]

    Click on "View Log File" and copy/paste that in your next reply. This report is also saved to C:\AdwCleaner\Logs\AdwCleanerC00].txt

    Step 4 of 4:Re-Scan with FRST

    • Right-click the FRST application and select run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
    • Please copy and paste the logs back here.
    ===============================================

    When you reply to me, I need to see:
    • Any questions/concerns you might have, or if you were not able to complete any of the steps above
    • The copied and pasted results of the Fixlog.txt in Step 2.
    • The copied and pasted results of the AdwCleaner log file
    • The copied and pasted results of FRST.txt and Addition.txt log files
     
  12. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Hi Alyce, just checking. Were you able to get these scans completed?
     
  13. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help :).

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please begin a New Topic.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - having serious problem
  1. aidee12
    Replies:
    1
    Views:
    406
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1218949

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice