Additional scan result of Farbar Recovery Scan Tool (x64) Version: 6.02.2019
Ran by bak (08-02-2019 10:13:14)
Running from C:\Users\bak\Downloads
Windows 10 Pro Version 1803 17134.556 (X64) (2018-06-09 01:00:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3876622254-4242009388-153297093-500 - Administrator - Disabled)
bak (S-1-5-21-3876622254-4242009388-153297093-1001 - Administrator - Enabled) => C:\Users\bak
DefaultAccount (S-1-5-21-3876622254-4242009388-153297093-503 - Limited - Disabled)
Guest (S-1-5-21-3876622254-4242009388-153297093-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3876622254-4242009388-153297093-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3876622254-4242009388-153297093-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe After Effects CC 2019 (HKLM-x32\...\AEFT_16_0) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Bridge CC 2018 (HKLM-x32\...\KBRG_8_0_1) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.0.421 - Adobe Systems Incorporated)
Adobe Fuse CC (Beta) (HKLM-x32\...\{B57067F9-E97B-46EE-94F5-179373B81A6C}) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2019 (HKLM-x32\...\AME_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
Adobe Premiere Rush CC (HKLM-x32\...\RUSH_1_0_1) (Version: 1.0.1 - Adobe Systems Incorporated)
ALLConverter PRO 1.3 (HKLM-x32\...\{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1) (Version: - ALLCinema, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.1.1 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (HKLM\...\{BA6C6C01-097B-4E79-9CAA-0FB9F863ED7C}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{D9908CED-5ABB-FEE9-FC84-743F4D38637C}) (Version: 10.1.16299.15 - Microsoft) Hidden
Beechcraft King Air Blackhawk C90BXP (HKLM-x32\...\Beechcraft King Air Blackhawk C90BXP) (Version: - )
Blender (HKLM\...\{B1DF3793-1651-4AE5-9CA0-E845DD8B526B}) (Version: 2.79.0 - Blender Foundation)
Bombardier CL-415 (HKLM-x32\...\Bombardier CL-415) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Cessna 206H1 (HKLM-x32\...\Cessna 206H1) (Version: - )
Cessna_172_Sport (HKLM-x32\...\Cessna_172_Sport) (Version: - )
CopyTrans Control Center désinstallation uniquement (HKU\S-1-5-21-3876622254-4242009388-153297093-1001\...\CopyTrans Suite) (Version: 4.017 - WindSolutions)
CyberLink DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.3019 - CyberLink Corp.)
De Havilland DHC-3 Otter NG (HKLM-x32\...\De Havilland DHC-3 Otter NG) (Version: - )
DeezLoader 3.1.1 (HKLM\...\8675f592-6f7d-534e-a92f-1cdf755ecc58) (Version: 3.1.1 - ExtendLord)
DHC2 Beaver Alaska Tours flotteurs (HKLM-x32\...\DHC2 Beaver Alaska Tours flotteurs ) (Version: - )
DHC-3 Otter PZL (HKLM-x32\...\DHC-3 Otter PZL) (Version: - )
Douglas C-133B Cargomaster (HKLM-x32\...\Douglas C-133B Cargomaster) (Version: - )
Elevated Installer (HKLM-x32\...\{98EFD351-ECFC-41FA-83A4-7BFF16ED65E7}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
EMDB 3.17 (HKLM-x32\...\EMDB_is1) (Version: - Wicked & Wild Inc.)
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 5.21 - NCH Software)
FliteSchool Private (HKLM-x32\...\FliteSchool Private) (Version: - )
Free Studio (HKLM-x32\...\Free Studio_is1) (Version: 6.6.10.511 - Digital Wave Ltd)
Garmin Express (HKLM-x32\...\{1e266d7b-b23c-4e1e-afd0-0ee47558133d}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{61863549-E2F6-443E-94FE-622AE4168B7E}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
iCloud (HKLM\...\{5FEE6A85-BB93-49AB-8927-F1D780BB6727}) (Version: 7.8.0.7 - Apple Inc.)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
Junkers Ju-52/3m (HKLM-x32\...\Junkers Ju-52/3m) (Version: - )
Kits Configuration Installer (HKLM-x32\...\{86E59C8F-61D5-1782-A3CE-60AE7E4D7791}) (Version: 10.1.16299.15 - Microsoft) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 4.01.0817.01 - )
LightScribe System Software 1.14.19.1 (HKLM-x32\...\{513148E7-B7A1-48B2-B518-668701E546F5}) (Version: 1.14.19.1 - LightScribe)
Maule M7-260 (HKLM-x32\...\Maule M7-260) (Version: - )
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.19 - McAfee, Inc.)
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R18 - McAfee, Inc.)
Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3876622254-4242009388-153297093-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.17.1298.831 - Microsoft Corporation)
MiPony 2.5.6 (HKLM-x32\...\MiPony) (Version: 2.5.6 - )
Mozart 2005 (HKLM-x32\...\Mozart 2005) (Version: - )
MSI Development Tools (HKLM-x32\...\{973CACA2-E018-065B-0580-F2784802E299}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Nero 7 Essentials (HKLM-x32\...\{66B6D13A-9CC1-417D-B6F2-58AA539D1033}) (Version: 7.03.1303 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
Opera Stable 58.0.3135.53 (HKLM-x32\...\Opera 58.0.3135.53) (Version: 58.0.3135.53 - Opera Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
SDK ARM Additions (HKLM-x32\...\{7922BB77-0B59-840A-AC80-D560A34D75C5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{C87DF65C-A672-7E08-A083-E7D48FE8DB70}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
SketchUp 2017 (HKLM\...\{7B8F376D-7D82-41A4-A14E-6DAAA426CBD9}) (Version: 17.2.2555 - Trimble Navigation Limited)
Sukhoi_SU_31 (HKLM-x32\...\Sukhoi_SU_31) (Version: - )
UltraMixer 6.0.3 (HKLM\...\{28ca9f27-5817-4edb-8654-19473cbb55c0}_is1) (Version: 6.0.3 - UltraMixer Digital Audio Solutions)
Unity (HKLM-x32\...\Unity) (Version: 2018.2.15f1 - Unity Technologies ApS)
Unity Hub 1.2.0 (HKLM\...\Unity Technologies - Hub) (Version: 1.2.0 - Unity Technologies Inc.)
Universal CRT Extension SDK (HKLM-x32\...\{A5FA2886-1925-133F-0D41-B9A8ECEA0A2D}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{B739B4C5-EEEC-8E70-0276-38C4779AF398}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{E053089E-7953-3219-814F-F485FC151C54}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B9424F08-0617-C4F6-A798-5A9250C1A738}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{D261CEA1-AB8D-9CFA-4407-BCEFC78661AC}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
VC10 C1K RAF (HKLM-x32\...\VC10 C1K RAF) (Version: - )
vcpp_crt.redist.clickonce (HKLM-x32\...\{D182FB25-9A73-4725-A2C4-2C33900B920E}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 6.10 - NCH Software)
Visual Studio Community 2017 (HKLM-x32\...\5de44cd1) (Version: 15.8.28010.2050 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{4C60D242-B039-4DBB-A202-BE55478E8500}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{DC4F558F-90E2-4B9C-8A2B-5DD92EF71F84}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{31312BFA-5D30-4B56-BACB-BFE26CE2E285}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{8EB2C670-04C2-482D-BACD-B4095E27FD39}) (Version: 15.6.27309 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{D98207CC-2AF6-474C-8375-9735AB86B7EB}) (Version: 15.8.28010 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 8.04 - NCH Software)
WinAppDeploy (HKLM-x32\...\{9690D51C-4435-1C20-7819-66CCAB0F03F9}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{385A1387-A488-9E90-3635-086129610034}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{D7DD3171-DA58-52A1-95B2-4769640855AF}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7336279F-8F8F-5530-A543-3BE963846C0A}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E414A474-0A87-4F66-C409-A4D9857CFD34}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{CE760B86-975B-F514-5673-0ED4332B801B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{5E67F8BE-D8D2-257F-CE19-419A2D5125C7}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A2AA063E-AF50-A1F5-8925-A06EB1556644}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{7D4C7F4A-02A9-E434-6451-C8787DF28C1F}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{BC467065-9374-5345-DA3F-FCF073304A25}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3876622254-4242009388-153297093-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-24] (Nero AG -> Nero AG)
ContextMenuHandlers1-x32: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2018-11-16] ()
ContextMenuHandlers1-x32: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2019-01-07] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-10-01] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2018-11-16] ()
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2019-01-07] (McAfee, Inc. -> McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {047C96E1-F08F-43F2-959C-AF2CA569E1DC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0604535E-383A-4A4F-865B-530AAA7BF688} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-12-02] (McAfee, Inc. -> McAfee, Inc.)
Task: {07DB4F97-057D-470A-B72F-6EAE367745D8} - System32\Tasks\{53580E19-4E44-4440-94D0-6DE278C31C42} => C:\Windows\system32\pcalua.exe -a "C:\Users\bak\Downloads\YouTube Video Downloader PRO 5.9.4 (20180214) RePack by вовава\YouTube.Video.Downloader.PRO.5.9.4.exe" -d "C:\Users\bak\Downloads\YouTube Video Downloader PRO 5.9.4 (20180214) RePack by вовава"
Task: {0935E040-099D-4960-8D15-CF55412424F3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {12B29339-D46B-4760-A162-73C3C03F34A0} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.6.319\mcdatrep.exe [2019-02-07] (McAfee, Inc. -> McAfee, LLC.)
Task: {13625B2B-DE4F-47A3-AFBD-BF19AD9AE85F} - System32\Tasks\AdobeAAMUpdater-1.0-bak-PC-bak => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {24E5A267-D056-462D-9EB0-3E61EDCD6062} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2A936252-12CF-4A76-8FB9-F72AB76514C5} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe
Task: {3B844E5C-9F87-4E7A-B18F-034A18EE14EC} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-09-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {4589C340-660F-4A9C-BCFA-E776EEBBC857} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2018-11-13] (McAfee, Inc. -> McAfee, Inc.)
Task: {48D90194-1D0A-4EDA-8CCF-01BF0DC0ACCA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {4BA8CC93-AC1D-43D8-977B-539D6E105CD9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4D37CE49-DDB9-4031-9D96-11CA0C3875E0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6B91C9AE-7F37-47A8-82C7-DFF926CBBC44} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {6BB12816-1091-437C-99D9-6359279F8113} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {798F00BD-2B81-4E07-AF85-E156FDB6A4C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {87ADCEE6-F0D0-4FC9-B0FE-CC2CE19ADE9A} - System32\Tasks\S-1-5-21-3876622254-4242009388-153297093-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Windows -> Microsoft Corporation)
Task: {8E77179B-1BFA-47E3-A820-17596045A432} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {91082088-4AF3-44D7-B2BA-E577887212A5} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-rolin005@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {93473331-4D74-464E-8262-8CC13ABC50F7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc. -> Apple Inc.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {95A90FC5-A58B-4E23-BC68-D84C804EE048} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {986D3033-69A3-49E2-AD1D-CD616CF904F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-15] (Google Inc -> Google Inc.)
Task: {99CD9A55-93B8-4897-9565-DD549ED558B1} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2018-10-30] (McAfee, Inc. -> McAfee, Inc.)
Task: {9B969857-A76A-47BA-A284-7B82E3909BCB} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9E625727-9286-494D-9782-A6B2A4818603} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A277E448-DA9B-4398-8A0A-9586D80321A6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {AB2A0191-A7C5-46A7-9932-352D355B65A4} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BEAB270A-525D-42A9-A9FB-BFBB19455AD9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C0800CBA-4051-40F3-BC3C-D7A8F3CB9FD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-15] (Google Inc -> Google Inc.)
Task: {C66441E1-2848-4164-948E-EE1932FBD498} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CC7D4DD6-6250-4540-A385-56F582FD2245} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D656905C-E771-45B6-A485-8ED5E1DA733B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DC34EF9F-9460-47F9-A751-49FD9828B0EE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EC195ADC-352D-48BA-A217-FC0B69C1144C} - System32\Tasks\AdobeGCInvoker-1.0-bak-PC-bak => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {ECAB5BBB-A8F6-4699-899D-896C54BE4034} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-08-31] (Garmin International, Inc. -> )
Task: {F2E4954B-154E-4020-B2F4-C4BC55CC8289} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {F6185C9E-8F1F-49A1-8AF9-F3764477CC38} - System32\Tasks\Opera scheduled Autoupdate 1525374287 => C:\Program Files\Opera\launcher.exe [2019-01-30] (Opera Software AS -> Opera Software)
Task: {F84CACDB-6908-4D11-872F-7ED7239634A4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FC10C9E4-2533-42EF-8CC8-E553A1A3BB15} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FD7AA574-39E7-4012-A613-153322E1EF15} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

Shortcut: C:\Users\bak\Favorites\Site de téléchargement NCH Software.lnk -> hxxp://www.nchsoftware.com/fr/index.htm

==================== Loaded Modules (Whitelisted) ==============

2018-06-23 05:56 - 2018-06-23 05:56 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-10-21 01:17 - 2018-10-21 01:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-03-15 20:14 - 2018-03-15 20:14 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-03-05 19:47 - 2018-03-05 19:47 - 000614848 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-11 14:41 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-02-05 09:11 - 2019-01-09 03:10 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-30 20:42 - 2019-01-30 20:45 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-01-30 20:42 - 2019-01-30 20:45 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-04 09:25 - 2018-10-04 09:26 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-30 20:42 - 2019-01-30 20:43 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-30 20:42 - 2019-01-30 20:43 - 011029504 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-01-30 20:42 - 2019-01-30 20:45 - 002923520 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\skypert.dll
2019-01-30 20:42 - 2019-01-30 20:44 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-12-14 12:34 - 2018-12-14 12:35 - 002384384 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\Processing.NDI.Lib.UWP.x64.dll
2018-10-22 12:59 - 2018-10-22 12:59 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-10-22 12:59 - 2018-10-22 12:59 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-11-04 21:08 - 2018-11-04 21:09 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-11-04 21:09 - 2018-11-04 21:09 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2018-11-04 21:09 - 2018-11-04 21:09 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2016-09-13 01:01 - 2016-09-13 01:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 01:01 - 2016-09-13 01:01 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 01:01 - 2016-09-13 01:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 01:01 - 2016-09-13 01:01 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 01:01 - 2016-09-13 01:01 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 01:01 - 2016-09-13 01:01 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 01:01 - 2016-09-13 01:01 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-10-06 19:54 - 2018-10-06 19:54 - 000436744 _____ () C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
2018-11-25 21:43 - 2018-11-25 21:43 - 038537672 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
2019-01-31 22:46 - 2019-01-31 22:50 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-31 22:46 - 2019-01-31 22:50 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-05-04 09:55 - 2018-05-04 10:07 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-31 22:46 - 2019-01-31 22:48 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-16 09:44 - 2019-01-16 09:46 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-01-31 22:46 - 2019-01-31 22:50 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-01-31 22:46 - 2019-01-31 22:48 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-28 16:29 - 2018-08-28 16:35 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 16:34 - 2018-07-26 16:38 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-31 22:46 - 2019-01-31 22:48 - 000094720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineVideoDataProvider.UWP.dll
2019-01-31 22:46 - 2019-01-31 22:48 - 000048128 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\ImageDecoding.dll
2019-01-31 22:46 - 2019-01-31 22:50 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll
2019-02-05 10:40 - 2019-01-30 01:37 - 000694872 _____ () C:\Program Files\Opera\58.0.3135.53\opera_elf.dll
2019-02-05 10:40 - 2019-01-30 01:37 - 109932632 _____ () C:\Program Files\Opera\58.0.3135.53\opera_browser.dll
2019-02-05 10:40 - 2019-01-30 01:37 - 005212760 _____ () C:\Program Files\Opera\58.0.3135.53\libglesv2.dll
2019-02-05 10:40 - 2019-01-30 01:37 - 000117336 _____ () C:\Program Files\Opera\58.0.3135.53\libegl.dll
2018-05-11 01:24 - 2016-05-11 15:11 - 000104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2018-05-11 01:24 - 2016-05-11 15:11 - 000020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2018-05-11 01:24 - 2016-05-11 15:11 - 000044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2007-07-12 12:55 - 2007-07-12 12:55 - 001581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2007-08-14 12:59 - 2007-08-14 12:59 - 006365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2007-07-12 12:55 - 2007-07-12 12:55 - 000131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2018-10-21 01:17 - 2018-10-21 01:17 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-06-23 05:56 - 2018-06-23 05:56 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-10-21 01:17 - 2018-10-21 01:17 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-04-18 04:45 - 2017-04-18 04:45 - 001227264 _____ () C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2017-04-09 22:49 - 2017-04-09 22:49 - 067109376 _____ () C:\Program Files (x86)\Garmin\Express\libcef.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000325632 _____ () C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2018-08-31 12:54 - 2018-08-31 12:54 - 000073216 _____ () C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2018-09-06 00:29 - 2018-09-06 00:29 - 081764312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2018-09-06 00:29 - 2018-09-06 00:29 - 002257360 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\swiftshader\libglesv2.dll
2018-09-06 00:29 - 2018-09-06 00:29 - 000110544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\swiftshader\libegl.dll
2019-01-13 22:35 - 2019-01-13 22:35 - 000142888 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\fs-ext\build\Release\fs-ext.node
2019-01-13 22:35 - 2019-01-13 22:35 - 000278056 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2019-01-13 22:35 - 2019-01-13 22:35 - 000142888 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\ref\build\Release\binding.node
2019-01-13 22:35 - 2019-01-13 22:35 - 000152616 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\ffi\build\Release\ffi_bindings.node
2019-01-13 22:35 - 2019-01-13 22:35 - 000097320 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2019-01-13 22:35 - 2019-01-13 22:35 - 000110120 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-04-18 04:45 - 2017-04-18 04:45 - 000808960 _____ () C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2017-04-09 22:49 - 2017-04-09 22:49 - 002246144 _____ () C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2017-04-09 22:49 - 2017-04-09 22:49 - 000079360 _____ () C:\Program Files (x86)\Garmin\Express\libegl.dll
2019-01-12 05:22 - 2019-01-12 05:22 - 000122352 _____ () \\?\C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\js\node_modules\bufferutil\build\Release\bufferutil.node
2019-01-12 05:22 - 2019-01-12 05:22 - 000127472 _____ () \\?\C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\js\node_modules\fs-ext\build\Release\fs-ext.node
2019-01-12 05:22 - 2019-01-12 05:22 - 000142320 _____ () \\?\C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\js\node_modules\ref\build\Release\binding.node
2019-01-12 05:22 - 2019-01-12 05:22 - 000150512 _____ () \\?\C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\js\node_modules\ffi\build\Release\ffi_bindings.node
2019-01-12 05:21 - 2019-01-12 05:21 - 000271336 _____ () \\?\C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2019-01-12 05:21 - 2019-01-12 05:21 - 000097776 _____ () C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2019-01-12 05:22 - 2019-01-12 05:22 - 000110064 _____ () \\?\C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3876622254-4242009388-153297093-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\theme1\img1.jpg
DNS Servers: 82.163.143.146 - 82.163.142.148
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3672B636-538F-44C8-B200-E2EAF6530F67}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.)
FirewallRules: [{7F95A388-BB02-4AB7-BA42-D5151DBBE19C}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.)
FirewallRules: [{80975E93-A4D3-407B-857F-53DBED1EC246}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{BEAC6CA4-1A47-4DE8-98CF-83F379D6D88F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{D9BDDA35-9F69-48ED-BFC4-0B5C4B8A3F3E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{878F0CCD-CA37-4FEE-954E-51AC3C15493D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{DDA5CBC7-7D98-4C9A-B339-144347EABB0E}C:\users\bak\downloads\utorrent182\utorrent182.exe] => (Allow) C:\users\bak\downloads\utorrent182\utorrent182.exe No File
FirewallRules: [UDP Query User{0B4ACE72-BE05-493E-BF0A-AA049758145C}C:\users\bak\downloads\utorrent182\utorrent182.exe] => (Allow) C:\users\bak\downloads\utorrent182\utorrent182.exe No File
FirewallRules: [TCP Query User{73872063-1AAD-48E5-A15B-96FAEA9E29D0}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe No File
FirewallRules: [UDP Query User{2BB8B7F1-C8E8-4DAB-B600-A99172EC8DE9}C:\program files (x86)\starcraft\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\starcraft.exe No File
FirewallRules: [{EFC4B089-515E-4A88-B570-A0C598A1AB87}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{F19F15A1-C8F3-471C-8CE7-AAF446EA5F86}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{900DC135-3B06-460A-BFB7-DE956EFAC255}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{7ABB4D17-249C-42F1-8450-EF02CFD33409}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [TCP Query User{C1C70408-A7BA-4E7B-92CA-7D6476F715F3}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe No File
FirewallRules: [UDP Query User{0CAFF27F-E43E-4345-B0DB-257C3063E2BD}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe No File
FirewallRules: [TCP Query User{A46FEEFB-D2CF-4059-A058-3F7FA41CF39A}C:\program files (x86)\starcraft ii\versions\base62848\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base62848\sc2_x64.exe No File
FirewallRules: [UDP Query User{0DCD9A37-6E69-4387-A368-EE989F6FE3D0}C:\program files (x86)\starcraft ii\versions\base62848\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base62848\sc2_x64.exe No File
FirewallRules: [TCP Query User{0C5F1EB0-98D1-4A2D-A338-2693C8CA20C8}C:\program files\deezloader\deezloader.exe] => (Allow) C:\program files\deezloader\deezloader.exe (ExtendLord)
FirewallRules: [UDP Query User{EA1EB0E8-D00B-45BA-9406-0AA718508AA3}C:\program files\deezloader\deezloader.exe] => (Allow) C:\program files\deezloader\deezloader.exe (ExtendLord)
FirewallRules: [{E5E778AF-FBFC-42B1-A522-6CC8B3431A0C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6A44E8F8-E2CA-404E-BB6D-3F609D64EC74}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{720F4001-1310-43CB-9BEF-0155A1C66FE4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6E29F48B-DDF5-4345-B51A-51A4C540F9E7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6CDD5FB3-5FA3-4F52-B150-6D1E17E367DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{EFC5EDA6-BB93-4212-89D6-8A37335BF1BF}C:\users\bak\appdata\local\temp\7zs20f5\enterprisedu.exe] => (Allow) C:\users\bak\appdata\local\temp\7zs20f5\enterprisedu.exe No File
FirewallRules: [UDP Query User{5875D86A-E4E3-41C1-B6C0-38775B6CC565}C:\users\bak\appdata\local\temp\7zs20f5\enterprisedu.exe] => (Allow) C:\users\bak\appdata\local\temp\7zs20f5\enterprisedu.exe No File
FirewallRules: [TCP Query User{6CD1B4C5-8589-4882-BCF3-B2E146A4F3CA}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{871B8639-46AD-4A2C-9A0E-BDFB7EACB3A9}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{6F3F3446-E73C-4880-9708-AB3CCDC489E5}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{A0C071C2-76A3-4B42-9571-40294DFFDE8B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{C7D4F242-6678-4DFD-A129-519EBBE63C3B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{019FF471-7F6E-4BAC-AC3F-1CFEAD92AC2A}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [TCP Query User{125A5ADA-F18A-45B9-B0C0-3805198F893C}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [UDP Query User{7DEF144B-7676-41C6-B6E6-10EC80EB23FE}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [{8EEB37E0-51EA-4CBD-82C4-BB990B076854}] => (Allow) C:\Program Files\Unity\Hub\Editor\2018.2.15f1\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{F837CCD1-00ED-48B0-8588-34AA3F11F6CA}] => (Block) C:\Program Files\Unity\Hub\Editor\2018.2.15f1\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [TCP Query User{9D6263D8-A1C4-4AF4-B350-049DF53A7D8F}C:\program files\unity\hub\editor\2018.2.15f1\editor\unity.exe] => (Allow) C:\program files\unity\hub\editor\2018.2.15f1\editor\unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [UDP Query User{B0755A41-061E-44D2-BE5E-1EDEED5F9BF8}C:\program files\unity\hub\editor\2018.2.15f1\editor\unity.exe] => (Allow) C:\program files\unity\hub\editor\2018.2.15f1\editor\unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{2DA81DAD-6E06-4864-B762-5035203A5E89}] => (Allow) C:\Program Files\Opera\57.0.3098.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{7FB9418B-B865-4998-AC74-87509856B7E0}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{0D40B514-5924-4712-9142-9739EBBDFBA8}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{90EA15B6-86E2-4F30-A431-009177264B15}] => (Allow) C:\Program Files\Opera\58.0.3135.53\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{E8ED6347-BA63-4E1B-AA6A-302101D4780E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{E5A5C909-9A01-4792-B1D0-E48D615EF36F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{7309FEBA-5E45-45A1-A239-B3233CEC7E17}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{034EFEDA-BC3F-4CE9-9751-DD921EC142A5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)

==================== Restore Points =========================

05-02-2019 09:09:19 Windows Update
05-02-2019 09:09:54 Windows Update

==================== Faulty Device Manager Devices =============

Name: USB camera
Description: USB camera
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2019 12:00:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 10.0.17134.556, time stamp: 0xf23cada5
Faulting module name: sysmain.dll, version: 10.0.17134.191, time stamp: 0xd2f66a7b
Exception code: 0xc0000420
Fault offset: 0x00000000000bc426
Faulting process id: 0x9c0
Faulting application start time: 0x01d4befc5a7f15c3
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: c5e1ba52-357d-4dc4-b3e8-0e72a4624d94
Faulting package full name:
Faulting package-relative application ID:

Error: (02/07/2019 10:14:05 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (02/07/2019 10:14:05 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (02/07/2019 10:14:05 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (02/07/2019 10:14:04 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (02/07/2019 10:14:04 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (02/07/2019 10:14:04 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.

Error: (02/07/2019 10:14:04 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF.


System errors:
=============
Error: (02/08/2019 08:37:48 AM) (Source: DCOM) (EventID: 10016) (User: BAK-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user bak-PC\bak SID (S-1-5-21-3876622254-4242009388-153297093-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/08/2019 08:35:36 AM) (Source: DCOM) (EventID: 10016) (User: BAK-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user bak-PC\bak SID (S-1-5-21-3876622254-4242009388-153297093-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/08/2019 08:26:29 AM) (Source: DCOM) (EventID: 10016) (User: BAK-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user bak-PC\bak SID (S-1-5-21-3876622254-4242009388-153297093-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/08/2019 07:58:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/08/2019 07:58:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/08/2019 07:58:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/07/2019 11:36:53 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (02/07/2019 10:46:55 PM) (Source: DCOM) (EventID: 10016) (User: BAK-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user bak-PC\bak SID (S-1-5-21-3876622254-4242009388-153297093-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-01-24 21:40:18.221
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Users\bak\AppData\Local\Microsoft\WUDHost.exe; process:_pid:4188,ProcessStart:131928573208805229
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Users\bak\AppData\Local\Microsoft\WUDHost.exe
Signature Version: AV: 1.285.54.0, AS: 1.285.54.0, NIS: 1.285.54.0
Engine Version: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-01-24 21:38:41.192
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Users\bak\AppData\Local\Microsoft\WUDHost.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.285.54.0, AS: 1.285.54.0, NIS: 1.285.54.0
Engine Version: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-01-24 08:45:40.285
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: file:_C:\Users\bak\AppData\Local\Microsoft\WUDHost.exe; process:_pid:14196,ProcessStart:131927721386301786
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.283.3541.0, AS: 1.283.3541.0, NIS: 1.283.3541.0
Engine Version: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-23 22:08:30.090
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {509B60EB-1F39-427C-BACF-B2F8F9FBE2B7}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-01-23 22:08:30.086
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Name: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Severity: Severe
Category: Trojan
Path: file:_C:\Users\bak\AppData\Local\Microsoft\WUDHost.exe; process:_pid:14196,ProcessStart:131927721386301786
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: C:\Users\bak\AppData\Local\Microsoft\WUDHost.exe
Signature Version: AV: 1.283.3541.0, AS: 1.283.3541.0, NIS: 1.283.3541.0
Engine Version: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-02-05 09:36:26.251
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.912.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-02-04 21:49:04.443
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.793.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-01-23 00:55:34.811
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.3541.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-01-17 08:57:30.299
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.3051.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-01-09 08:30:21.609
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.2599.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-02-08 10:13:34.701
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-08 10:13:34.699
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-08 10:08:23.142
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-08 10:08:23.140
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-08 09:58:48.103
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-08 09:58:48.100
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-08 09:58:33.845
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-08 09:58:33.843
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 52%
Total physical RAM: 8183.89 MB
Available physical RAM: 3864.4 MB
Total Virtual: 16375.89 MB
Available Virtual: 11049.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.26 GB) (Free:813.44 GB) NTFS
Drive d: () (Fixed) (Total:111.78 GB) (Free:50.69 GB) NTFS
Drive i: (ROLIN External) (Fixed) (Total:2794.51 GB) (Free:1096.69 GB) NTFS
Drive j: (ROLIN) (Removable) (Total:28.8 GB) (Free:18.88 GB) FAT32
Drive k: (WD My Passport) (Fixed) (Total:931.28 GB) (Free:243.32 GB) NTFS

\\?\Volume{18a2c945-ba55-11df-9e88-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS
\\?\Volume{50e184df-0000-0000-0000-70a6e8000000}\ () (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
\\?\Volume{729b81e7-739c-4dfc-ac0e-b8313a5da0e4}\ (EFI) (Fixed) (Total:0.19 GB) (Free:0.19 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.3 GB) (Disk ID: 50E184DF)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=462 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: B5C5B5C5)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.

========================================================
Disk: 3 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 4 (Size: 28.8 GB) (Disk ID: 9D3A12CA)
Partition 1: (Not Active) - (Size=28.8 GB) - (Type=0B)

==================== End of Addition.txt ============================