Featured Post

Avira Antivirus Pro - Review 2020 - PCMag India

Image
Avira Antivirus Pro - Review 2020 - PCMag IndiaAvira Antivirus Pro - Review 2020 - PCMag IndiaPosted: 11 Jun 2020 12:00 AM PDTEvery computer needs antivirus protection, and one way companies can support that aim is to provide free antivirus to the masses. But these companies can't survive unless some users shell out their hard-earned cash for paid antivirus utilities. Piling on pro-only tools and components is one way companies encourage upgrading to a paid antivirus. Avira Antivirus Pro adds several components not available to users of Avira Free Security, but they don't really add much value. The biggest reason to pay for it is if you want to use Avira in a commercial setting, which isn't allowed with the free version.Avira's pricing is undeniably on the high side, with a list price of $59.88 per year for one license, $71.88 for three, and $95.88 for five. Admittedly, it seems to be perpetually on sale; just now, the one-license price is discounted to $44.99. That…

HDD runs constantly and Malwarebytes found Trojan tasks scheduled - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

HDD runs constantly and Malwarebytes found Trojan tasks scheduled - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer


HDD runs constantly and Malwarebytes found Trojan tasks scheduled - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Posted: 27 Apr 2020 02:06 PM PDT

The only clue that malware was active was that the hard disk runs constantly. My malware program (Webroot) can identify no infected file. Neither could Avast. I ran Malwarebytes, which found this:

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{33C8B960-AC7D-4574-8687-4A9AE9ED60AE}|Path (Trojan.Agent.Generic)
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{33C8B960-AC7D-4574-8687-4A9AE9ED60AE}(Trojan.Agent.Generic)
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OptimizerTask (Trojan.Agent.Generic)

I'm running Windows 7 (yes, I know that's not secure; I am moving to a new build with Windows 10 soon).

Malwarebytes offers to remove the offending registry entries, but when that is done and the computer restarted they reappear (or fail to get deleted).

=====================BEGIN FILE CONTENTS=============================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-04-2020
Ran by [UserName] (ATTENTION: The user is not administrator) on ATLAS (27-04-2020 13:36:15)
Running from D:\Downloads\From 3-30-20
Loaded Profiles: Admin-Atlas & [UserName] (Available Profiles: Admin-Atlas & [UserName])
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Windows\system\HsMgr64.exe
() [File not signed] C:\Windows\SysWOW64\HsMgr.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) D:\APP\iTunes\iTunesHelper.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <2>
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(FreeDownloadManager.org) [File not signed] D:\APP\Free Download Manager\fdm.exe
(GOG Sp. z o.o. -> GOG.com) D:\APP\GOG Galaxy\GalaxyClient Helper.exe <2>
(GOG Sp. z o.o. -> GOG.com) D:\APP\GOG Galaxy\GalaxyClient.exe
(GOG Sp. z o.o. -> GOG.com) D:\APP\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Malwarebytes Corporation -> Malwarebytes Corporation) D:\APP\Malwarebytes\mbar\mbar.exe
(Microsoft Corporation -> Microsoft Corporation) D:\APP\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <11>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtime Soft Ltd -> Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Realtime Soft Ltd -> Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Realtime Soft Ltd -> Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(Realtime Soft Ltd -> Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe
(Saitek) [File not signed] C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) [File not signed] C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Webroot Inc. -> Webroot) C:\Program Files\Webroot\WRSA.exe
Failed to access process -> AdminService.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> armsvc.exe
Failed to access process -> ASGT.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> BRAdmin.Service.exe
Failed to access process -> BrYNSvc.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> dllhost.exe
Failed to access process -> FCUpdateService.exe
Failed to access process -> iPodService.exe
Failed to access process -> IPROSetMonitor.exe
Failed to access process -> LogiRegistryService.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> nvcontainer.exe
Failed to access process -> NVDisplay.Container.exe
Failed to access process -> NVDisplay.Container.exe
Failed to access process -> rundll32.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> services.exe
Failed to access process -> smss.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sqlbrowser.exe
Failed to access process -> sqlservr.exe
Failed to access process -> sqlwriter.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> taskeng.exe
Failed to access process -> wininit.exe
Failed to access process -> winlogon.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> WRCoreService.x64.exe
Failed to access process -> WRSA.exe
Failed to access process -> WRSkyClient.x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [8769536 2011-05-12] (C-Media Corporation) [File not signed]
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () [File not signed]
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2012-10-15] (Saitek) [File not signed]
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-10-15] (Saitek) [File not signed]
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18591352 2018-03-19] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1841600 2018-11-30] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => D:\APP\iTunes\iTunesHelper.exe [309560 2020-03-22] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [108216 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [4878504 2020-04-08] (Webroot Inc. -> Webroot)
HKLM-x32\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [54332920 2017-11-19] (Hammer & Chisel Inc. -> Discord Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2892800 2017-03-30] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [File not signed]
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\RunOnce: [AvRepair] => C:\Program Files\AVAST Software\Avast\setup\instup.exe [1750240 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Rootkit (cleanup)] => "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe" "C:\ProgramData\Malwarebytes' Anti-Malware (portable)"
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Run: [Google Update] => C:\Users\[UserName]\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-03-20] (Google LLC -> Google LLC)
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Run: [GalaxyClient] => D:\GAMES\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Run: [Free Download Manager] => D:\APP\Free Download Manager\fdm.exe [10203648 2019-01-30] (FreeDownloadManager.org) [File not signed]
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Run: [Akamai NetSession Interface] => "C:\Users\[UserName]\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Run: [launchOnStartup] => D:\APP\GOG Galaxy\GalaxyClient.exe [8030280 2020-02-24] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-03-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-03-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\MountPoints2: {062c47d5-68eb-11e8-a71c-f46d0448770c} - V:\autorun.exe
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\MountPoints2: {062c47db-68eb-11e8-a71c-f46d0448770c} - V:\autorun.exe
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\MountPoints2: {062c4bd0-68eb-11e8-a71c-f46d0448770c} - V:\autorun.exe
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\MountPoints2: {1ad26b96-ff28-11e9-a825-f46d0448770c} - W:\setup.exe
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\MountPoints2: {5ae7f76e-1b48-11ea-8448-f46d0448770c} - W:\setup.exe
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\MountPoints2: {9bdbd68d-fbc4-11e7-8a55-f46d0448770c} - V:\setup.exe
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\MountPoints2: {9bdbd68f-fbc4-11e7-8a55-f46d0448770c} - V:\setup.exe
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\MountPoints2: {9bdbd694-fbc4-11e7-8a55-f46d0448770c} - V:\setup.exe
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\MountPoints2: {9bdbd7eb-fbc4-11e7-8a55-f46d0448770c} - W:\setup.exe
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\MountPoints2: {9bdbd8ab-fbc4-11e7-8a55-f46d0448770c} - V:\setup-multi2.exe
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\MountPoints2: {9bdbd8ad-fbc4-11e7-8a55-f46d0448770c} - V:\setup-multi2.exe
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\MountPoints2: {9bdbd8af-fbc4-11e7-8a55-f46d0448770c} - V:\setup-multi2.exe
HKU\S-1-5-21-104492957-518664412-1176862475-1004\...\MountPoints2: {f5f0f489-fcba-11e8-ad2a-f46d0448770c} - V:\Setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.122\Installer\chrmstp.exe [2020-04-23] (Google LLC -> Google LLC)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [189584 2019-11-21] (NVIDIA Corporation -> NVIDIA Corporation)
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Users\[UserName]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-04-22]
ShortcutTarget: Send to OneNote.lnk -> D:\APP\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Admin-Atlas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2015-03-21]
ShortcutTarget: MagicDisc.lnk -> D:\APP\MagicDisc\MagicDisc.exe (MagicISO, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-12-18]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Inc. -> Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-18]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Inc. -> Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-08-09]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Inc. -> Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-08-09]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Inc. -> Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2020-03-29]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2014-10-14]
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.128.1
Tcpip\..\Interfaces\{14F58849-40D0-43BD-8E4E-3F0386FA0C53}: [DhcpNameServer] 192.168.128.1
Tcpip\..\Interfaces\{8D1D5574-18AC-47A6-B4C4-665BC175EE3F}: [DhcpNameServer] 192.168.128.1
Tcpip\..\Interfaces\{DF0F99F5-FC19-4F3C-892E-71A6D73185F6}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-104492957-518664412-1176862475-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
URLSearchHook: [S-1-5-21-104492957-518664412-1176862475-1000] ATTENTION => Default URLSearchHook is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\APP\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\APP\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-18] (Webroot Inc. -> Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2020-03-15] (Webroot Inc. -> Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\APP\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-18] (Webroot Inc. -> Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2020-03-15] (Webroot Inc. -> Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-18] (Webroot Inc. -> Webroot)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-18] (Webroot Inc. -> Webroot)
Toolbar: HKU\S-1-5-21-104492957-518664412-1176862475-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
IE Session Restore: HKU\S-1-5-21-104492957-518664412-1176862475-1004 -> is enabled.
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2019-01-25] (Belarc, Inc. -> Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\APP\Microsoft Office\Office15\MSOSB.DLL [2019-08-19] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0tdaf8vl.default-1401677697909
FF ProfilePath: C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909 [2020-04-27]
FF Session Restore: Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909 -> is enabled.
FF Extension: (Clear Flash Cookies) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\clear-flash-cookies@cpeterso.com.xpi [2017-11-20]
FF Extension: (Cookie AutoDelete) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\CookieAutoDelete@kennydo.com.xpi [2020-04-23]
FF Extension: (Free Download Manager) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\fdm_ffext2@freedownloadmanager.org.xpi [2018-11-14]
FF Extension: (HTTPS Everywhere) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\https-everywhere@eff.org.xpi [2020-04-07]
FF Extension: (Decentraleyes) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2020-04-07]
FF Extension: (Privacy Badger) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2020-02-21]
FF Extension: (Reddit Enhancement Suite) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2020-04-25]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\sp@avast.com.xpi [2020-03-30]
FF Extension: (LastPass: Free Password Manager) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\support@lastpass.com.xpi [2020-04-17]
FF Extension: (uBlock Origin) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\uBlock0@raymondhill.net.xpi [2020-04-21]
FF Extension: (uGet Integration) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\uget-integration@slgobinath.xpi [2018-06-22]
FF Extension: (Reddit Masstagger) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\{5e1c12e6-57bf-448f-be3c-579688023809}.xpi [2019-11-16]
FF Extension: (NoScript) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2020-04-21]
FF Extension: (Webroot Password Manager) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2015-12-18] [Legacy]
FF Extension: (Webroot Password Manager) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}.xpi [2015-08-21] [Legacy]
FF Extension: (Open in uGet Download Manager) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\{be1116e1-7480-442a-9cc0-22fd2654fed3}.xpi [2018-11-14]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-04-01]
FF Extension: (DownThemAll!) - C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2019-09-05]
FF SearchPlugin: C:\Users\[UserName]\AppData\Roaming\Mozilla\Firefox\Profiles\0tdaf8vl.default-1401677697909\searchplugins\duckduckgo.xml [2014-08-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\APP\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - D:\APP\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2017-04-18] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\APP\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> d:\APP\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> d:\APP\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> d:\APP\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> D:\APP\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-104492957-518664412-1176862475-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\[UserName]\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-104492957-518664412-1176862475-1004: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default [2020-04-24]
CHR Session Restore: Default -> is enabled.
CHR Extension: (Free Download Manager) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2020-01-30]
CHR Extension: (Docs) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-08]
CHR Extension: (Google Search) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-20]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-04-18]
CHR Extension: (PredictIt Enhancer) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnalakacgfchopnehlkkljkcphjaoj [2016-04-24]
CHR Extension: (Disconnect) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2020-03-13]
CHR Extension: (Skype) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-03]
CHR Extension: (Webroot Password Manager) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2017-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Remove Cookie!) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg [2020-02-04]
CHR Extension: (Webroot Password Manager) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-08-10]
CHR Extension: (Beebs - Access BBC iPlayer, ITV & Channel 4) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmliiafmgjkgkfadkpomlefdllhajdi [2018-09-24]
CHR Extension: (Gmail) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-12]
CHR Extension: (Chrome Media Router) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-11]
CHR Profile: C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-04-19]
CHR Profile: C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-04-21]
CHR Extension: (Google Slides) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-19]
CHR Extension: (Google Docs) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-19]
CHR Extension: (Google Drive) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-19]
CHR Extension: (YouTube) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-19]
CHR Extension: (Google Search) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-19]
CHR Extension: (Google Sheets) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-19]
CHR Extension: (Webroot Filtering Extension) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-04-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19]
CHR Extension: (Skype Click to Call) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-19]
CHR Extension: (Google Wallet) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-19]
CHR Extension: (Gmail) - C:\Users\[UserName]\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-08-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-03-12] (Apple Inc. -> Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5504928 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [345384 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
R2 Brother BRAdmin Service; C:\Program Files (x86)\Brother\BRAdmin Professional 4\BRAdmin.Service.exe [186504 2020-01-20] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [298496 2017-03-22] (Brother Industries, Ltd.) [File not signed]
S3 DAUpdaterSvc; D:\GAMES\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-08-30] (BioWare -> BioWare)
R2 FoxitCloudUpdateService; d:\app\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Incorporated -> Foxit Software Inc.)
S3 GalaxyClientService; D:\APP\GOG Galaxy\GalaxyClientService.exe [1242696 2020-02-24] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-24] (GOG Sp. z o.o. -> GOG.com)
S4 HPSLPSVC; D:\TEMP\7zS078D\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [202872 2018-03-19] (Logitech Inc -> Logitech Inc.)
R2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; D:\APP\Origin\OriginClientService.exe [1930608 2015-03-15] (Electronic Arts, Inc. -> Electronic Arts)
S3 ProtonVPN Service; D:\app\ProtonVPN\ProtonVPNService.exe [101696 2020-03-11] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; D:\app\ProtonVPN\ProtonVPN.UpdateService.exe [60736 2020-03-11] (ProtonVPN AG -> )
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesUpdateService.exe [32648 2020-03-11] (SteelSeries ApS -> )
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 WRCoreService; C:\Program Files\Webroot\Core\WRCoreService.x64.exe [1643224 2019-10-02] (Webroot Inc. -> Webroot, Inc.)
R3 WRSkyClient; C:\Program Files\Webroot\Core\WRSkyClient.x64.exe [2950832 2019-10-02] (Webroot Inc. -> Webroot, Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [4878504 2020-04-08] (Webroot Inc. -> Webroot)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 2256C1C5; C:\Windows\System32\drivers\2256C1C5.sys [255928 2020-03-30] (Malwarebytes Corporation -> Malwarebytes)
R0 2568572D; C:\Windows\System32\drivers\2568572D.sys [255928 2020-04-27] (Malwarebytes Corporation -> Malwarebytes)
R0 54158381; C:\Windows\System32\drivers\54158381.sys [255928 2020-04-08] (Malwarebytes Corporation -> Malwarebytes)
S3 7315D23C; C:\Windows\system32\drivers\7315D23C.sys [255928 2020-03-31] (Malwarebytes Corporation -> Malwarebytes)
R3 7552868A; C:\Windows\system32\drivers\7552868A.sys [255928 2020-04-27] (Malwarebytes Corporation -> Malwarebytes)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37856 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [206120 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [234776 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [178968 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60696 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
R3 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42984 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175920 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
S3 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [500960 2020-04-20] (Avast Software s.r.o. -> AVAST Software)
S3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-17] (AVAST Software s.r.o. -> AVAST Software)
S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109480 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85056 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851808 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [459408 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [235696 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [317280 2020-04-17] (Avast Software s.r.o. -> AVAST Software)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [51872 2011-03-13] (Atheros Communications Inc. -> Windows ® Win 7 DDK provider)
R3 chdrvr01; C:\Windows\System32\DRIVERS\chdrvr01.sys [248496 2012-08-25] (Joystick Technologies LLC -> CH Products)
R3 chdrvr02; C:\Windows\System32\DRIVERS\chdrvr02.sys [11440 2012-08-25] (Joystick Technologies LLC -> CH Products)
R3 chdrvr03; C:\Windows\System32\DRIVERS\chdrvr03.sys [24240 2012-08-25] (Joystick Technologies LLC -> CH Products)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Electronics Incorporation -> C-Media Inc)
R3 gwsfilter; C:\Windows\System32\drivers\gwsfilter.sys [19224 2012-08-18] (Good Work Systems, Inc. -> Good Work Systems)
R3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [26968 2018-11-09] (SteelSeries ApS -> Windows ® Win 7 DDK provider)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-01-23] (Logitech Inc -> Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech -> Logitech Inc.)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [192952 2020-04-27] (Malwarebytes Corporation -> Malwarebytes)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R3 mcdbus; C:\Windows\SysWOW64\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R0 mv91cons; C:\Windows\System32\DRIVERS\mv91cons.sys [24880 2011-03-14] (Marvell Semiconductor -> Marvell Semiconductor Inc.)
R0 mvs91xx; C:\Windows\System32\DRIVERS\mvs91xx.sys [313136 2011-03-14] (Marvell Semiconductor -> Marvell Semiconductor, Inc.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [80384 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corporation -> NVIDIA Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [75600 2019-04-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ProtonVPNSplitTunnel; D:\app\ProtonVPN\x64\Win7\ProtonVPN.SplitTunnelDriver.sys [22456 2020-01-15] (ProtonVPN AG -> Proton Technologies AG)
S3 SaiK0CD0; C:\Windows\System32\DRIVERS\SaiK0CD0.sys [180544 2012-09-20] (Mad Catz Inc -> Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-10-15] (Madcatz Europe Ltd -> Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-10-15] (Madcatz Europe Ltd -> Saitek)
S3 SaiU0CD0; C:\Windows\System32\DRIVERS\SaiU0CD0.sys [47168 2012-09-20] (Mad Catz Inc -> Saitek)
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [46408 2017-06-01] (SteelSeries ApS -> SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [46520 2018-11-09] (SteelSeries ApS -> SteelSeries ApS)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [35768 2020-01-15] (ProtonVPN AG -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 WRCore; C:\Windows\system32\drivers\WRCore.x64.sys [148336 2019-08-09] (Webroot Inc. -> Webroot, Inc.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [143592 2019-11-04] (Webroot Inc. -> Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [67912 2020-01-08] (Webroot Inc. -> Webroot)
U3 aswbdisk; no ImagePath
S0 FqkLKwmq; System32\drivers\FqkLKwmq.sys [X]
S0 ivhrYKxL; System32\drivers\ivhrYKxL.sys [X]
S0 keZXnWWb; System32\drivers\keZXnWWb.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-27 13:26 - 2020-04-27 13:26 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7552868A.sys
2020-04-27 13:24 - 2020-04-27 13:24 - 000000000 ___RD C:\Users\[UserName]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2020-04-27 13:19 - 2020-04-27 13:19 - 000007119 _____ C:\Users\[UserName]\AppData\Local\recently-used.xbel
2020-04-27 13:12 - 2020-04-27 13:36 - 000000000 ____D C:\FRST
2020-04-21 14:21 - 2020-04-21 14:21 - 000001122 _____ C:\Users\[UserName]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tutanota Desktop.lnk
2020-04-18 09:25 - 2020-04-27 12:51 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2568572D.sys
2020-04-18 06:32 - 2020-04-17 06:31 - 000337048 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-04-17 06:31 - 2020-04-20 10:32 - 000500960 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2020-04-17 06:31 - 2020-04-17 06:31 - 000235696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-04-17 06:31 - 2020-04-17 06:31 - 000175920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-04-17 06:31 - 2020-04-17 06:31 - 000038152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2020-04-15 12:42 - 2020-04-15 12:42 - 000000000 ____D C:\ProgramData\WRCore
2020-04-09 17:39 - 2020-04-11 09:49 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2020-04-08 14:15 - 2020-04-08 15:42 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\54158381.sys
2020-04-01 21:36 - 2020-04-01 21:36 - 000000000 ____D C:\Users\[UserName]\AppData\Roaming\PowerENGAGE
2020-04-01 17:49 - 2020-04-01 17:49 - 000000000 ____D C:\Users\[UserName]\AppData\LocalLow\Brother
2020-04-01 15:51 - 2020-04-01 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother Administrator Utilities
2020-04-01 15:51 - 2020-04-01 15:51 - 000000000 ____D C:\ProgramData\Brother BRAdmin
2020-04-01 15:37 - 2020-04-01 17:49 - 000000000 ____D C:\Users\[UserName]\AppData\Roaming\Brother
2020-04-01 15:37 - 2020-04-01 15:37 - 000000000 ____D C:\Users\[UserName]\AppData\Local\Brother_Industries,_Ltd
2020-04-01 15:36 - 2020-04-27 09:36 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE
2020-04-01 15:36 - 2020-04-01 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2020-04-01 15:36 - 2020-04-01 15:37 - 000000000 ____D C:\Users\Admin-Atlas\AppData\Roaming\PowerENGAGE
2020-04-01 15:36 - 2020-04-01 15:37 - 000000000 ____D C:\ProgramData\Brother
2020-04-01 15:36 - 2020-04-01 15:36 - 000002050 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
2020-04-01 15:36 - 2020-04-01 15:36 - 000001676 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2020-04-01 15:36 - 2020-04-01 15:36 - 000000000 ____D C:\Program Files (x86)\Browny02
2020-04-01 15:24 - 2020-04-01 15:51 - 000000000 ____D C:\Program Files (x86)\Brother
2020-03-31 12:55 - 2020-03-31 12:55 - 000000000 ____D C:\ia_a1d3f5c9c4d1_temp
2020-03-31 09:41 - 2020-03-31 09:41 - 000000104 ___SH C:\Users\[UserName]\AppData\Local\00000134
2020-03-31 09:41 - 2020-03-31 09:41 - 000000000 ____D C:\Users\[UserName]\AppData\Local\Disk Savvy Ultimate
2020-03-31 08:59 - 2020-03-31 09:37 - 000000000 ____D C:\Users\[UserName]\AppData\Roaming\RidNacs
2020-03-31 05:33 - 2020-03-31 05:33 - 000000000 ____D C:\Program Files\Common Files\Webroot
2020-03-30 17:52 - 2020-03-31 17:33 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7315D23C.sys
2020-03-30 15:33 - 2020-03-30 17:38 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2256C1C5.sys
2020-03-30 15:33 - 2020-03-30 15:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-03-30 15:32 - 2020-04-27 13:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-03-30 15:32 - 2020-04-27 13:26 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2020-03-30 15:26 - 2020-03-30 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-03-30 14:05 - 2020-03-30 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recover Keys
2020-03-30 14:05 - 2020-03-30 14:05 - 000000000 ____D C:\Users\Admin-Atlas\AppData\Roaming\Recover Keys
2020-03-30 14:00 - 2020-03-30 14:00 - 000000000 ____D C:\Users\Admin-Atlas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iSumsoft Product Key Finder
2020-03-30 13:46 - 2020-03-30 13:46 - 000002134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2020-03-30 13:46 - 2020-03-30 13:46 - 000002122 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2020-03-30 13:46 - 2020-03-30 13:46 - 000000000 ____D C:\Program Files (x86)\Belarc
2020-03-30 13:37 - 2020-03-30 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2020-03-30 13:31 - 2020-03-30 13:31 - 000000000 ____D C:\Users\[UserName]\AppData\Roaming\AVAST Software
2020-03-30 13:31 - 2020-03-30 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2020-03-30 12:15 - 2020-04-17 06:31 - 000851808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-03-30 12:15 - 2020-04-17 06:31 - 000459408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-03-30 12:15 - 2020-04-17 06:31 - 000317280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-03-30 12:15 - 2020-04-17 06:31 - 000234776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-03-30 12:15 - 2020-04-17 06:31 - 000206120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-03-30 12:15 - 2020-04-17 06:31 - 000178968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-03-30 12:15 - 2020-04-17 06:31 - 000109480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-03-30 12:15 - 2020-04-17 06:31 - 000085056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-03-30 12:15 - 2020-04-17 06:31 - 000060696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-03-30 12:15 - 2020-04-17 06:31 - 000042984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-03-30 12:15 - 2020-04-17 06:31 - 000037856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2020-03-30 12:15 - 2020-03-30 12:15 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2020-03-30 12:08 - 2020-03-30 12:08 - 000000000 ____D C:\Program Files\AVAST Software
2020-03-30 12:07 - 2020-03-30 12:15 - 000000000 ____D C:\ProgramData\AVAST Software
2020-03-30 11:56 - 2020-03-30 11:56 - 000000000 ____D C:\Windows\pss
2020-03-29 05:51 - 2020-03-29 05:51 - 000000000 ____D C:\Users\[UserName]\AppData\LocalLow\Ookla
2020-03-29 05:51 - 2020-03-29 05:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedtest By Ookla
2020-03-29 05:51 - 2020-03-29 05:51 - 000000000 ____D C:\Program Files\Speedtest
2020-03-28 18:13 - 2020-03-28 18:13 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-27 13:34 - 2015-08-09 23:12 - 000000000 ____D C:\ProgramData\WRData
2020-04-27 13:32 - 2009-07-13 21:45 - 000030736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-04-27 13:32 - 2009-07-13 21:45 - 000030736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-04-27 13:30 - 2009-07-13 22:13 - 000950724 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-27 13:30 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2020-04-27 13:27 - 2016-11-20 09:12 - 000000000 ____D C:\Users\[UserName]\AppData\LocalLow\Mozilla
2020-04-27 13:26 - 2013-07-08 05:43 - 000000000 ____D C:\ProgramData\NVIDIA
2020-04-27 13:25 - 2013-07-09 00:47 - 000000000 ____D C:\Users\[UserName]\AppData\Local\CrashDumps
2020-04-27 13:24 - 2020-03-16 19:42 - 000000000 ___RD C:\Users\[UserName]\iCloudDrive
2020-04-27 13:24 - 2018-11-14 10:08 - 000000000 ____D C:\Users\[UserName]\AppData\Local\Free Download Manager
2020-04-27 13:24 - 2013-07-08 05:36 - 000174232 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2020-04-27 13:24 - 2013-07-08 05:36 - 000105048 _____ (Webroot) C:\Windows\system32\WRusr.dll
2020-04-27 13:24 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-27 13:22 - 2013-07-14 17:52 - 000000000 ____D C:\Users\[UserName]\AppData\Roaming\vlc
2020-04-27 13:19 - 2013-07-09 04:08 - 000000000 ____D C:\Users\[UserName]\AppData\Roaming\deluge
2020-04-27 13:15 - 2020-03-15 23:51 - 000000000 ____D C:\Users\[UserName]\AppData\Roaming\tutanota-desktop
2020-04-27 02:00 - 2013-07-09 00:45 - 000000000 ____D C:\Users\[UserName]\AppData\Local\Adobe
2020-04-23 17:35 - 2014-02-03 00:21 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-18 09:21 - 2016-12-30 02:06 - 000002259 _____ C:\Users\[UserName]\.kdiff3rc
2020-04-18 08:50 - 2013-07-08 02:20 - 000000000 ____D C:\Users\Admin-Atlas
2020-04-18 08:49 - 2020-01-27 11:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-04-18 08:49 - 2013-07-08 14:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-15 12:42 - 2013-07-08 05:36 - 000000000 ____D C:\Program Files\Webroot
2020-04-01 15:44 - 2013-07-08 04:57 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-04-01 06:37 - 2020-03-15 23:51 - 000000000 ____D C:\Users\[UserName]\AppData\Local\tutanota-desktop-updater
2020-04-01 05:28 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
2020-03-31 12:59 - 2014-09-22 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2020-03-31 08:55 - 2013-07-15 01:28 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMES
2020-03-31 08:37 - 2015-09-21 13:34 - 000000000 ____D C:\Users\Admin-Atlas\AppData\Local\Steam
2020-03-30 14:55 - 2013-10-21 00:57 - 000000000 ____D C:\Users\[UserName]\AppData\Local\Microsoft Help
2020-03-30 14:51 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2020-03-30 13:39 - 2013-07-09 00:42 - 000000000 ____D C:\Windows\system32\Macromed
2020-03-30 13:39 - 2013-07-09 00:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-03-30 12:10 - 2013-07-08 06:08 - 000937602 _____ C:\Windows\ntbtlog.txt
2020-03-29 04:14 - 2016-12-29 01:42 - 000000000 ____D C:\Users\[UserName]\AppData\Roaming\steelseries-engine-3-client
2020-03-29 04:11 - 2020-03-26 14:30 - 000000000 ____D C:\Program Files (x86)\iMobie
2020-03-28 19:33 - 2013-07-21 16:43 - 000000000 ____D C:\Windows\system32\MRT
2020-03-28 19:28 - 2013-10-02 15:49 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2020-03-28 19:28 - 2013-07-08 07:35 - 121542864 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories ========

2015-08-09 23:13 - 2015-12-18 12:27 - 012964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2017-04-11 20:51 - 2017-04-18 15:28 - 000000132 _____ () C:\Users\[UserName]\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-11-30 17:12 - 2014-10-12 11:05 - 000000132 _____ () C:\Users\[UserName]\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-03-15 09:35 - 2017-03-15 09:35 - 000000100 _____ () C:\Users\[UserName]\AppData\Roaming\ScriptStudioLayout.ini
2017-03-15 09:35 - 2017-03-15 09:35 - 000000046 _____ () C:\Users\[UserName]\AppData\Roaming\ScriptStudioOptions.ini
2020-03-31 09:41 - 2020-03-31 09:41 - 000000104 ___SH () C:\Users\[UserName]\AppData\Local\00000134
2013-11-30 17:33 - 2014-08-16 15:21 - 000001456 _____ () C:\Users\[UserName]\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-04-27 13:19 - 2020-04-27 13:19 - 000007119 _____ () C:\Users\[UserName]\AppData\Local\recently-used.xbel
2013-08-25 02:45 - 2013-08-25 02:45 - 000000017 _____ () C:\Users\[UserName]\AppData\Local\resmon.resmoncfg

==================== FLock ==============================

2020-04-27 09:36 C:\Config.Msi
2013-07-21 16:39 C:\found.000
2013-05-16 21:35 C:\MSOCache
2013-07-08 02:20 C:\Recovery
2020-04-18 08:48 C:\Windows\system32\config
2009-07-13 22:09 C:\Windows\system32\FxsTmp
2009-07-13 20:20 C:\Windows\system32\ias
2009-07-13 20:20 C:\Windows\system32\Msdtc
2009-07-13 20:20 C:\Windows\system32\NetworkList
2020-04-18 06:32 C:\Windows\system32\Tasks
2014-06-06 11:52 C:\Windows\system32\wdi
2009-07-13 22:09 C:\Windows\system32\wfp
2013-09-08 20:11 C:\Windows\LiveKernelReports
2020-03-25 08:22 C:\Windows\MEMORY.DMP
2020-03-25 08:23 C:\Windows\Minidump
2009-07-13 19:34 C:\Windows\ModemLogs
2013-07-08 14:21 C:\Windows\Prefetch
2009-07-13 20:20 C:\Windows\SysWOW64\config
2009-07-13 22:32 C:\Windows\SysWOW64\FxsTmp
2009-07-13 20:20 C:\Windows\SysWOW64\Msdtc
2009-07-13 20:20 C:\Windows\SysWOW64\NetworkList
2009-07-13 20:20 C:\Windows\SysWOW64\Tasks
2016-08-23 23:36 C:\Users\Admin-Atlas\.oracle_jre_usage
2018-11-17 11:34 C:\Users\Admin-Atlas\ansel
2018-09-01 20:19 C:\Users\Admin-Atlas\Desktop
2013-07-16 19:41 C:\Users\Admin-Atlas\Documents
2018-05-10 20:13 C:\Users\Admin-Atlas\Downloads
2020-04-27 13:35 C:\Users\Admin-Atlas\NTUSER.DAT
2020-04-27 13:35 C:\Users\Admin-Atlas\ntuser.dat.LOG1
2013-07-08 02:20 C:\Users\Admin-Atlas\ntuser.dat.LOG2
2013-07-08 02:57 C:\Users\Admin-Atlas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2013-07-08 02:57 C:\Users\Admin-Atlas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2013-07-08 02:57 C:\Users\Admin-Atlas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2017-07-22 05:10 C:\Users\Admin-Atlas\NTUSER.DAT{02e48839-6ea5-11e7-9246-f46d0448770c}.TM.blf
2017-07-22 05:10 C:\Users\Admin-Atlas\NTUSER.DAT{02e48839-6ea5-11e7-9246-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2017-07-22 05:10 C:\Users\Admin-Atlas\NTUSER.DAT{02e48839-6ea5-11e7-9246-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2014-03-06 15:16 C:\Users\Admin-Atlas\NTUSER.DAT{02e9ccf6-a564-11e3-b7ba-f46d0448770c}.TM.blf
2014-03-06 15:16 C:\Users\Admin-Atlas\NTUSER.DAT{02e9ccf6-a564-11e3-b7ba-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2014-03-06 15:16 C:\Users\Admin-Atlas\NTUSER.DAT{02e9ccf6-a564-11e3-b7ba-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2017-01-07 08:37 C:\Users\Admin-Atlas\NTUSER.DAT{0a48197a-d3d3-11e6-acec-f46d0448770c}.TM.blf
2017-01-07 08:37 C:\Users\Admin-Atlas\NTUSER.DAT{0a48197a-d3d3-11e6-acec-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2017-01-07 08:37 C:\Users\Admin-Atlas\NTUSER.DAT{0a48197a-d3d3-11e6-acec-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2017-05-23 15:31 C:\Users\Admin-Atlas\NTUSER.DAT{0b88e6f4-4006-11e7-9483-0026832d8849}.TM.blf
2017-05-23 15:31 C:\Users\Admin-Atlas\NTUSER.DAT{0b88e6f4-4006-11e7-9483-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2017-05-23 15:31 C:\Users\Admin-Atlas\NTUSER.DAT{0b88e6f4-4006-11e7-9483-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2017-03-18 18:34 C:\Users\Admin-Atlas\NTUSER.DAT{101ad228-0c44-11e7-960e-0026832d8849}.TM.blf
2017-03-18 18:34 C:\Users\Admin-Atlas\NTUSER.DAT{101ad228-0c44-11e7-960e-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2017-03-18 18:34 C:\Users\Admin-Atlas\NTUSER.DAT{101ad228-0c44-11e7-960e-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2017-05-23 15:13 C:\Users\Admin-Atlas\NTUSER.DAT{10970443-4005-11e7-a83e-0026832d8849}.TM.blf
2017-05-23 15:13 C:\Users\Admin-Atlas\NTUSER.DAT{10970443-4005-11e7-a83e-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2017-05-23 15:13 C:\Users\Admin-Atlas\NTUSER.DAT{10970443-4005-11e7-a83e-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2013-09-06 21:11 C:\Users\Admin-Atlas\NTUSER.DAT{1a3c68ff-1772-11e3-9e12-0026832d8849}.TM.blf
2013-09-06 21:11 C:\Users\Admin-Atlas\NTUSER.DAT{1a3c68ff-1772-11e3-9e12-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2013-09-06 21:11 C:\Users\Admin-Atlas\NTUSER.DAT{1a3c68ff-1772-11e3-9e12-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2019-11-05 05:05 C:\Users\Admin-Atlas\NTUSER.DAT{1ad260df-ff28-11e9-a825-f46d0448770c}.TM.blf
2019-11-05 05:05 C:\Users\Admin-Atlas\NTUSER.DAT{1ad260df-ff28-11e9-a825-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2019-11-05 05:05 C:\Users\Admin-Atlas\NTUSER.DAT{1ad260df-ff28-11e9-a825-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2014-12-03 15:13 C:\Users\Admin-Atlas\NTUSER.DAT{1f548557-739a-11e4-bcb7-0026832d8849}.TM.blf
2014-12-03 15:13 C:\Users\Admin-Atlas\NTUSER.DAT{1f548557-739a-11e4-bcb7-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2014-12-03 15:13 C:\Users\Admin-Atlas\NTUSER.DAT{1f548557-739a-11e4-bcb7-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2017-08-22 04:17 C:\Users\Admin-Atlas\NTUSER.DAT{2484b7e8-85df-11e7-96b3-f46d0448770c}.TM.blf
2017-08-22 04:17 C:\Users\Admin-Atlas\NTUSER.DAT{2484b7e8-85df-11e7-96b3-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2017-08-22 04:17 C:\Users\Admin-Atlas\NTUSER.DAT{2484b7e8-85df-11e7-96b3-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2018-06-26 14:14 C:\Users\Admin-Atlas\NTUSER.DAT{263e0d16-7963-11e8-9065-f46d0448770c}.TM.blf
2018-06-26 14:14 C:\Users\Admin-Atlas\NTUSER.DAT{263e0d16-7963-11e8-9065-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2018-06-26 14:14 C:\Users\Admin-Atlas\NTUSER.DAT{263e0d16-7963-11e8-9065-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2016-12-21 12:34 C:\Users\Admin-Atlas\NTUSER.DAT{28eb539f-c72f-11e6-bf52-0026832d8849}.TM.blf
2016-12-21 12:34 C:\Users\Admin-Atlas\NTUSER.DAT{28eb539f-c72f-11e6-bf52-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2016-12-21 12:34 C:\Users\Admin-Atlas\NTUSER.DAT{28eb539f-c72f-11e6-bf52-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2017-04-03 00:05 C:\Users\Admin-Atlas\NTUSER.DAT{2a1c2aa8-17ce-11e7-9b70-0026832d8849}.TM.blf
2017-04-03 00:05 C:\Users\Admin-Atlas\NTUSER.DAT{2a1c2aa8-17ce-11e7-9b70-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2017-04-03 00:05 C:\Users\Admin-Atlas\NTUSER.DAT{2a1c2aa8-17ce-11e7-9b70-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2015-05-15 21:57 C:\Users\Admin-Atlas\NTUSER.DAT{2d65b935-f123-11e4-95b1-f46d0448770c}.TM.blf
2015-05-15 21:57 C:\Users\Admin-Atlas\NTUSER.DAT{2d65b935-f123-11e4-95b1-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2015-05-15 21:57 C:\Users\Admin-Atlas\NTUSER.DAT{2d65b935-f123-11e4-95b1-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2015-05-25 21:14 C:\Users\Admin-Atlas\NTUSER.DAT{2d65bbf1-f123-11e4-95b1-f46d0448770c}.TM.blf
2015-05-25 21:14 C:\Users\Admin-Atlas\NTUSER.DAT{2d65bbf1-f123-11e4-95b1-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2015-05-25 21:14 C:\Users\Admin-Atlas\NTUSER.DAT{2d65bbf1-f123-11e4-95b1-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2017-07-05 05:00 C:\Users\Admin-Atlas\NTUSER.DAT{2eca473e-6111-11e7-8fc2-0026832d8849}.TM.blf
2017-07-05 05:00 C:\Users\Admin-Atlas\NTUSER.DAT{2eca473e-6111-11e7-8fc2-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2017-07-05 05:00 C:\Users\Admin-Atlas\NTUSER.DAT{2eca473e-6111-11e7-8fc2-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2019-12-13 22:47 C:\Users\Admin-Atlas\NTUSER.DAT{2fc52fbc-1dc5-11ea-ae04-f46d0448770c}.TM.blf
2019-12-13 22:47 C:\Users\Admin-Atlas\NTUSER.DAT{2fc52fbc-1dc5-11ea-ae04-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2019-12-13 22:47 C:\Users\Admin-Atlas\NTUSER.DAT{2fc52fbc-1dc5-11ea-ae04-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2020-04-18 08:50 C:\Users\Admin-Atlas\NTUSER.DAT{30f97248-818c-11ea-9990-e69b58e9b57f}.TM.blf
2020-04-18 08:50 C:\Users\Admin-Atlas\NTUSER.DAT{30f97248-818c-11ea-9990-e69b58e9b57f}.TMContainer00000000000000000001.regtrans-ms
2020-04-18 08:50 C:\Users\Admin-Atlas\NTUSER.DAT{30f97248-818c-11ea-9990-e69b58e9b57f}.TMContainer00000000000000000002.regtrans-ms
2013-12-26 01:24 C:\Users\Admin-Atlas\NTUSER.DAT{3d1fad1c-6e06-11e3-bf68-0026832d8849}.TM.blf
2013-12-26 01:24 C:\Users\Admin-Atlas\NTUSER.DAT{3d1fad1c-6e06-11e3-bf68-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2013-12-26 01:24 C:\Users\Admin-Atlas\NTUSER.DAT{3d1fad1c-6e06-11e3-bf68-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2015-08-03 22:28 C:\Users\Admin-Atlas\NTUSER.DAT{3f12422e-368a-11e5-bcd9-f46d0448770c}.TM.blf
2015-08-03 22:28 C:\Users\Admin-Atlas\NTUSER.DAT{3f12422e-368a-11e5-bcd9-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2015-08-03 22:28 C:\Users\Admin-Atlas\NTUSER.DAT{3f12422e-368a-11e5-bcd9-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2019-10-10 10:54 C:\Users\Admin-Atlas\NTUSER.DAT{414de672-eb86-11e9-8a30-f46d0448770c}.TM.blf
2019-10-10 10:54 C:\Users\Admin-Atlas\NTUSER.DAT{414de672-eb86-11e9-8a30-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2019-10-10 10:54 C:\Users\Admin-Atlas\NTUSER.DAT{414de672-eb86-11e9-8a30-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2017-03-02 09:00 C:\Users\Admin-Atlas\NTUSER.DAT{41652232-ff61-11e6-ac21-0026832d8849}.TM.blf
2017-03-02 09:00 C:\Users\Admin-Atlas\NTUSER.DAT{41652232-ff61-11e6-ac21-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2017-03-02 09:00 C:\Users\Admin-Atlas\NTUSER.DAT{41652232-ff61-11e6-ac21-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2015-08-19 02:03 C:\Users\Admin-Atlas\NTUSER.DAT{6497c98f-4602-11e5-8551-0026832d8849}.TM.blf
2015-08-19 02:03 C:\Users\Admin-Atlas\NTUSER.DAT{6497c98f-4602-11e5-8551-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2015-08-19 02:03 C:\Users\Admin-Atlas\NTUSER.DAT{6497c98f-4602-11e5-8551-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2014-07-14 01:02 C:\Users\Admin-Atlas\NTUSER.DAT{6802b772-0aff-11e4-96cc-f46d0448770c}.TM.blf
2014-07-14 01:02 C:\Users\Admin-Atlas\NTUSER.DAT{6802b772-0aff-11e4-96cc-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2014-07-14 01:02 C:\Users\Admin-Atlas\NTUSER.DAT{6802b772-0aff-11e4-96cc-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2013-08-25 18:44 C:\Users\Admin-Atlas\NTUSER.DAT{69e2c729-0d6e-11e3-86d5-0026832d8849}.TM.blf
2013-08-25 18:44 C:\Users\Admin-Atlas\NTUSER.DAT{69e2c729-0d6e-11e3-86d5-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2013-08-25 18:44 C:\Users\Admin-Atlas\NTUSER.DAT{69e2c729-0d6e-11e3-86d5-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2015-11-19 04:13 C:\Users\Admin-Atlas\NTUSER.DAT{79e8f1b7-8e96-11e5-8182-0026832d8849}.TM.blf
2015-11-19 04:13 C:\Users\Admin-Atlas\NTUSER.DAT{79e8f1b7-8e96-11e5-8182-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2015-11-19 04:13 C:\Users\Admin-Atlas\NTUSER.DAT{79e8f1b7-8e96-11e5-8182-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2016-06-26 18:29 C:\Users\Admin-Atlas\NTUSER.DAT{7b96b37c-2b6f-11e6-b415-0026832d8849}.TM.blf
2016-06-26 18:29 C:\Users\Admin-Atlas\NTUSER.DAT{7b96b37c-2b6f-11e6-b415-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2016-06-26 18:29 C:\Users\Admin-Atlas\NTUSER.DAT{7b96b37c-2b6f-11e6-b415-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2020-03-11 01:05 C:\Users\Admin-Atlas\NTUSER.DAT{7e8a7ca4-4d2c-11ea-885f-f46d0448770c}.TM.blf
2020-03-11 01:05 C:\Users\Admin-Atlas\NTUSER.DAT{7e8a7ca4-4d2c-11ea-885f-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2020-03-11 01:05 C:\Users\Admin-Atlas\NTUSER.DAT{7e8a7ca4-4d2c-11ea-885f-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2020-03-30 15:26 C:\Users\Admin-Atlas\NTUSER.DAT{7ed86f2c-72d4-11ea-ae96-f46d0448770c}.TM.blf
2020-03-30 15:26 C:\Users\Admin-Atlas\NTUSER.DAT{7ed86f2c-72d4-11ea-ae96-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2020-03-30 15:26 C:\Users\Admin-Atlas\NTUSER.DAT{7ed86f2c-72d4-11ea-ae96-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2013-09-21 22:11 C:\Users\Admin-Atlas\NTUSER.DAT{81c2198c-1e40-11e3-a266-0026832d8849}.TM.blf
2013-09-21 22:11 C:\Users\Admin-Atlas\NTUSER.DAT{81c2198c-1e40-11e3-a266-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2013-09-21 22:11 C:\Users\Admin-Atlas\NTUSER.DAT{81c2198c-1e40-11e3-a266-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2015-01-07 06:35 C:\Users\Admin-Atlas\NTUSER.DAT{8457cc62-946a-11e4-9440-f46d0448770c}.TM.blf
2015-01-07 06:35 C:\Users\Admin-Atlas\NTUSER.DAT{8457cc62-946a-11e4-9440-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2015-01-07 06:35 C:\Users\Admin-Atlas\NTUSER.DAT{8457cc62-946a-11e4-9440-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2014-04-07 05:50 C:\Users\Admin-Atlas\NTUSER.DAT{8986180d-be48-11e3-b376-0026832d8849}.TM.blf
2014-04-07 05:50 C:\Users\Admin-Atlas\NTUSER.DAT{8986180d-be48-11e3-b376-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2014-04-07 05:50 C:\Users\Admin-Atlas\NTUSER.DAT{8986180d-be48-11e3-b376-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2018-04-03 04:16 C:\Users\Admin-Atlas\NTUSER.DAT{91bba4fc-36f1-11e8-99fe-f46d0448770c}.TM.blf
2018-04-03 04:16 C:\Users\Admin-Atlas\NTUSER.DAT{91bba4fc-36f1-11e8-99fe-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2018-04-03 04:16 C:\Users\Admin-Atlas\NTUSER.DAT{91bba4fc-36f1-11e8-99fe-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2018-01-17 21:02 C:\Users\Admin-Atlas\NTUSER.DAT{9bdbcb27-fbc4-11e7-8a55-f46d0448770c}.TM.blf
2018-01-17 21:02 C:\Users\Admin-Atlas\NTUSER.DAT{9bdbcb27-fbc4-11e7-8a55-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2018-01-17 21:02 C:\Users\Admin-Atlas\NTUSER.DAT{9bdbcb27-fbc4-11e7-8a55-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2013-12-19 00:20 C:\Users\Admin-Atlas\NTUSER.DAT{9c648225-687d-11e3-9146-0026832d8849}.TM.blf
2013-12-19 00:20 C:\Users\Admin-Atlas\NTUSER.DAT{9c648225-687d-11e3-9146-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2013-12-19 00:20 C:\Users\Admin-Atlas\NTUSER.DAT{9c648225-687d-11e3-9146-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2013-12-26 01:06 C:\Users\Admin-Atlas\NTUSER.DAT{a13f1028-6e04-11e3-9cb5-f46d0448770c}.TM.blf
2013-12-26 01:06 C:\Users\Admin-Atlas\NTUSER.DAT{a13f1028-6e04-11e3-9cb5-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2013-12-26 01:06 C:\Users\Admin-Atlas\NTUSER.DAT{a13f1028-6e04-11e3-9cb5-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2017-01-31 04:11 C:\Users\Admin-Atlas\NTUSER.DAT{a5945f08-e78d-11e6-a8f4-0026832d8849}.TM.blf
2017-01-31 04:11 C:\Users\Admin-Atlas\NTUSER.DAT{a5945f08-e78d-11e6-a8f4-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2017-01-31 04:11 C:\Users\Admin-Atlas\NTUSER.DAT{a5945f08-e78d-11e6-a8f4-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2015-08-09 23:30 C:\Users\Admin-Atlas\NTUSER.DAT{aef0579f-3f23-11e5-b568-f46d0448770c}.TM.blf
2015-08-09 23:30 C:\Users\Admin-Atlas\NTUSER.DAT{aef0579f-3f23-11e5-b568-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2015-08-09 23:30 C:\Users\Admin-Atlas\NTUSER.DAT{aef0579f-3f23-11e5-b568-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2017-07-06 08:45 C:\Users\Admin-Atlas\NTUSER.DAT{b32bdf55-6261-11e7-908f-0026832d8849}.TM.blf
2017-07-06 08:45 C:\Users\Admin-Atlas\NTUSER.DAT{b32bdf55-6261-11e7-908f-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2017-07-06 08:45 C:\Users\Admin-Atlas\NTUSER.DAT{b32bdf55-6261-11e7-908f-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2013-10-08 18:41 C:\Users\Admin-Atlas\NTUSER.DAT{b74934fa-3083-11e3-9c0a-0026832d8849}.TM.blf
2013-10-08 18:41 C:\Users\Admin-Atlas\NTUSER.DAT{b74934fa-3083-11e3-9c0a-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2013-10-08 18:41 C:\Users\Admin-Atlas\NTUSER.DAT{b74934fa-3083-11e3-9c0a-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2019-05-13 02:34 C:\Users\Admin-Atlas\NTUSER.DAT{b7d51503-7516-11e9-b401-f46d0448770c}.TM.blf
2019-05-13 02:34 C:\Users\Admin-Atlas\NTUSER.DAT{b7d51503-7516-11e9-b401-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2019-05-13 02:34 C:\Users\Admin-Atlas\NTUSER.DAT{b7d51503-7516-11e9-b401-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2017-03-07 04:56 C:\Users\Admin-Atlas\NTUSER.DAT{be9ed9f4-027a-11e7-b47d-f46d0448770c}.TM.blf
2017-03-07 04:56 C:\Users\Admin-Atlas\NTUSER.DAT{be9ed9f4-027a-11e7-b47d-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2017-03-07 04:56 C:\Users\Admin-Atlas\NTUSER.DAT{be9ed9f4-027a-11e7-b47d-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2018-08-15 20:32 C:\Users\Admin-Atlas\NTUSER.DAT{c6fbafac-a104-11e8-863e-f46d0448770c}.TM.blf
2018-08-15 20:32 C:\Users\Admin-Atlas\NTUSER.DAT{c6fbafac-a104-11e8-863e-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2018-08-15 20:32 C:\Users\Admin-Atlas\NTUSER.DAT{c6fbafac-a104-11e8-863e-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2016-12-29 02:35 C:\Users\Admin-Atlas\NTUSER.DAT{caba39f6-cda9-11e6-b7d6-f46d0448770c}.TM.blf
2016-12-29 02:35 C:\Users\Admin-Atlas\NTUSER.DAT{caba39f6-cda9-11e6-b7d6-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2016-12-29 02:35 C:\Users\Admin-Atlas\NTUSER.DAT{caba39f6-cda9-11e6-b7d6-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2017-08-18 04:03 C:\Users\Admin-Atlas\NTUSER.DAT{cbae1fea-83f7-11e7-9790-f46d0448770c}.TM.blf
2017-08-18 04:03 C:\Users\Admin-Atlas\NTUSER.DAT{cbae1fea-83f7-11e7-9790-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2017-08-18 04:03 C:\Users\Admin-Atlas\NTUSER.DAT{cbae1fea-83f7-11e7-9790-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2016-02-05 16:37 C:\Users\Admin-Atlas\NTUSER.DAT{d57fb774-cc54-11e5-800b-0026832d8849}.TM.blf
2016-02-05 16:37 C:\Users\Admin-Atlas\NTUSER.DAT{d57fb774-cc54-11e5-800b-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2016-02-05 16:37 C:\Users\Admin-Atlas\NTUSER.DAT{d57fb774-cc54-11e5-800b-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2016-07-04 04:18 C:\Users\Admin-Atlas\NTUSER.DAT{d5ff258a-41cd-11e6-a882-0026832d8849}.TM.blf
2016-07-04 04:18 C:\Users\Admin-Atlas\NTUSER.DAT{d5ff258a-41cd-11e6-a882-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2016-07-04 04:18 C:\Users\Admin-Atlas\NTUSER.DAT{d5ff258a-41cd-11e6-a882-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2014-07-16 21:54 C:\Users\Admin-Atlas\NTUSER.DAT{dc56dc6f-0cf8-11e4-aeab-f46d0448770c}.TM.blf
2014-07-16 21:54 C:\Users\Admin-Atlas\NTUSER.DAT{dc56dc6f-0cf8-11e4-aeab-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2014-07-16 21:54 C:\Users\Admin-Atlas\NTUSER.DAT{dc56dc6f-0cf8-11e4-aeab-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2016-10-21 00:21 C:\Users\Admin-Atlas\NTUSER.DAT{ddccb852-975e-11e6-9179-0026832d8849}.TM.blf
2016-10-21 00:21 C:\Users\Admin-Atlas\NTUSER.DAT{ddccb852-975e-11e6-9179-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2016-10-21 00:21 C:\Users\Admin-Atlas\NTUSER.DAT{ddccb852-975e-11e6-9179-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2019-06-30 05:27 C:\Users\Admin-Atlas\NTUSER.DAT{de85e5ac-9a9b-11e9-8ac7-f46d0448770c}.TM.blf
2019-06-30 05:27 C:\Users\Admin-Atlas\NTUSER.DAT{de85e5ac-9a9b-11e9-8ac7-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2019-06-30 05:27 C:\Users\Admin-Atlas\NTUSER.DAT{de85e5ac-9a9b-11e9-8ac7-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2019-02-05 19:02 C:\Users\Admin-Atlas\NTUSER.DAT{df19c4ce-29b2-11e9-b9ee-f46d0448770c}.TM.blf
2019-02-05 19:02 C:\Users\Admin-Atlas\NTUSER.DAT{df19c4ce-29b2-11e9-b9ee-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2019-02-05 19:02 C:\Users\Admin-Atlas\NTUSER.DAT{df19c4ce-29b2-11e9-b9ee-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2015-09-21 14:20 C:\Users\Admin-Atlas\NTUSER.DAT{e01afc42-60a4-11e5-a64d-f46d0448770c}.TM.blf
2015-09-21 14:20 C:\Users\Admin-Atlas\NTUSER.DAT{e01afc42-60a4-11e5-a64d-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2015-09-21 14:20 C:\Users\Admin-Atlas\NTUSER.DAT{e01afc42-60a4-11e5-a64d-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2019-06-12 05:03 C:\Users\Admin-Atlas\NTUSER.DAT{e3a7491a-8d09-11e9-8df3-f46d0448770c}.TM.blf
2019-06-12 05:03 C:\Users\Admin-Atlas\NTUSER.DAT{e3a7491a-8d09-11e9-8df3-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2019-06-12 05:03 C:\Users\Admin-Atlas\NTUSER.DAT{e3a7491a-8d09-11e9-8df3-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2019-09-12 03:14 C:\Users\Admin-Atlas\NTUSER.DAT{eef158d2-d53a-11e9-b19b-f46d0448770c}.TM.blf
2019-09-12 03:14 C:\Users\Admin-Atlas\NTUSER.DAT{eef158d2-d53a-11e9-b19b-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2019-09-12 03:14 C:\Users\Admin-Atlas\NTUSER.DAT{eef158d2-d53a-11e9-b19b-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2015-07-08 04:59 C:\Users\Admin-Atlas\NTUSER.DAT{f02ccacd-2565-11e5-ad92-f46d0448770c}.TM.blf
2015-07-08 04:59 C:\Users\Admin-Atlas\NTUSER.DAT{f02ccacd-2565-11e5-ad92-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2015-07-08 04:59 C:\Users\Admin-Atlas\NTUSER.DAT{f02ccacd-2565-11e5-ad92-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2013-08-31 12:57 C:\Users\Admin-Atlas\NTUSER.DAT{f5608f70-1234-11e3-9fc5-0026832d8849}.TM.blf
2013-08-31 12:57 C:\Users\Admin-Atlas\NTUSER.DAT{f5608f70-1234-11e3-9fc5-0026832d8849}.TMContainer00000000000000000001.regtrans-ms
2013-08-31 12:57 C:\Users\Admin-Atlas\NTUSER.DAT{f5608f70-1234-11e3-9fc5-0026832d8849}.TMContainer00000000000000000002.regtrans-ms
2018-12-10 13:36 C:\Users\Admin-Atlas\NTUSER.DAT{f5f0ed89-fcba-11e8-ad2a-f46d0448770c}.TM.blf
2018-12-10 13:36 C:\Users\Admin-Atlas\NTUSER.DAT{f5f0ed89-fcba-11e8-ad2a-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2018-12-10 13:36 C:\Users\Admin-Atlas\NTUSER.DAT{f5f0ed89-fcba-11e8-ad2a-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2017-08-05 06:26 C:\Users\Admin-Atlas\NTUSER.DAT{fdf10057-799f-11e7-976f-f46d0448770c}.TM.blf
2017-08-05 06:26 C:\Users\Admin-Atlas\NTUSER.DAT{fdf10057-799f-11e7-976f-f46d0448770c}.TMContainer00000000000000000001.regtrans-ms
2017-08-05 06:26 C:\Users\Admin-Atlas\NTUSER.DAT{fdf10057-799f-11e7-976f-f46d0448770c}.TMContainer00000000000000000002.regtrans-ms
2013-07-08 02:20 C:\Users\Admin-Atlas\ntuser.ini
2018-09-26 20:42 C:\Users\Admin-Atlas\AppData\LocalLow
2014-10-09 18:23 C:\Users\Admin-Atlas\AppData\Roaming\Adobe
2015-12-18 02:46 C:\Users\Admin-Atlas\AppData\Roaming\Apple Computer
2013-07-08 05:18 C:\Users\Admin-Atlas\AppData\Roaming\ASUS
2014-09-18 01:06 C:\Users\Admin-Atlas\AppData\Roaming\cYo
2013-08-13 20:34 C:\Users\Admin-Atlas\AppData\Roaming\Dragon Age Toolset
2014-10-15 05:34 C:\Users\Admin-Atlas\AppData\Roaming\Foxit Software
2013-07-08 02:20 C:\Users\Admin-Atlas\AppData\Roaming\Identities
2020-03-26 14:34 C:\Users\Admin-Atlas\AppData\Roaming\iMobie
2015-02-21 01:20 C:\Users\Admin-Atlas\AppData\Roaming\Kalypso Media
2014-10-10 00:03 C:\Users\Admin-Atlas\AppData\Roaming\Leadertech
2014-01-04 21:49 C:\Users\Admin-Atlas\AppData\Roaming\Logishrd
2013-07-09 00:33 C:\Users\Admin-Atlas\AppData\Roaming\Macromedia
2009-07-14 00:45 C:\Users\Admin-Atlas\AppData\Roaming\Media Center Programs
2018-08-30 16:13 C:\Users\Admin-Atlas\AppData\Roaming\Mount&Blade Warband
2013-07-08 14:52 C:\Users\Admin-Atlas\AppData\Roaming\Mozilla
2014-04-20 12:32 C:\Users\Admin-Atlas\AppData\Roaming\Mumble
2018-02-20 03:59 C:\Users\Admin-Atlas\AppData\Roaming\NVIDIA
2018-05-11 20:33 C:\Users\Admin-Atlas\AppData\Roaming\PC.Building.Simulator.Early.Access.v0.7.10.1.[REPACK]
2020-04-01 15:37 C:\Users\Admin-Atlas\AppData\Roaming\PowerENGAGE
2014-10-14 08:29 C:\Users\Admin-Atlas\AppData\Roaming\Realtime Soft
2020-03-30 14:05 C:\Users\Admin-Atlas\AppData\Roaming\Recover Keys
2014-10-15 05:34 C:\Users\Admin-Atlas\AppData\Roaming\Stellarium
2014-10-09 18:02 C:\Users\Admin-Atlas\AppData\Roaming\Sun
2020-03-16 02:04 C:\Users\Admin-Atlas\AppData\Roaming\tutanota-desktop
2013-07-13 00:28 C:\Users\Admin-Atlas\AppData\Roaming\VASSAL
2013-07-09 04:03 C:\Users\Admin-Atlas\AppData\Roaming\vlc
2015-04-04 10:03 C:\Users\Admin-Atlas\AppData\Roaming\Wargaming.net
2013-08-25 21:49 C:\Users\Admin-Atlas\AppData\Roaming\WinRAR
2014-08-20 21:19 C:\Users\Admin-Atlas\AppData\Roaming\XBMC
2018-05-05 20:41 C:\Users\Admin-Atlas\AppData\Local\ElevatedDiagnostics

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened.
Access is denied.

==================== End of FRST.txt ========================


Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US