Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do I have a browser redirector? A DNS hijack?


  • This topic is locked This topic is locked
3 replies to this topic

#1 Oblianthe

Oblianthe

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 07 September 2017 - 05:36 PM

The internet on one computer in my house is bolluxed. I can't figure out if it's a browser redirect or a DNS hijack or some kind of virus. When the computer is just sitting around, the connection is happy as can be. Data flowing through it properly. But when I open a browser - the connection drops out. Not every time, but most of the time. And when it does connect, it will run long enough to let me stream Netflix or Amazon for 5 minutes, then cut out. Then I have to manually reconnect the WiFi, because the "Connect Automatically" button won't stay checked. And sometimes, there aren't any networks at all. I've tried everything I can think of.
 
I went into the Event Viewer and found a few non-critical problems. Solved most of them. Except one. The main error that stands out to me in Event Viewer is DNS Client Events EVENT ID 1014, "Name resolution for the name *application-address* timed out after none of the configured DNS servers responded." The three applications that come up most are WPAD, Dropbox and "redirector.gvt1.com." That last one sounds like a hijack to me. My antivirus has stopped several outbound connections to adware sites.
 
I also did a DNS flush and all that stuff. Then I even did a Network Reset. Still having the same problem. Whenever I access the internet the internet chooses to drop out. Eventually it will let me back in. But then randomly cut out.
 
I have BitDefender Internet Edition and Malwarebytes Premium. They haven't hit on anything yet. Anything beyond that, I'm not really familiar with. I've had viruses in the past and followed the advice on Bleepingcomputer to get of them myself. But this is something different. I can't pin it down. It's really insidious.
 
Attached are the FRST files. Thanks for any help you can provide.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Tamlyn (administrator) on TAMLYNPC (07-09-2017 16:47:56)
Running from C:\
Loaded Profiles: Tamlyn (Available Profiles: Tamlyn & Administrator)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Stardock Software, Inc) D:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
(Stardock Software, Inc) D:\Program Files (x86)\Stardock\Start10\Start10_64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(The OpenVPN Project) D:\Program Files\OpenVPN\bin\openvpnserv.exe
(Foxit Software Inc.) D:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(SparkLabs) D:\Program Files\Viscosity\ViscosityService.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\dexpot.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(2BrightSparks Pte. Ltd.) D:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\Dexpot64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\plugins\Dexcube.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\plugins\DexControl.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Kensington) C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google, Inc) C:\Users\Percy\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(SparkLabs) D:\Program Files\Viscosity\Viscosity.exe
() C:\Program Files\Audient\USBAudioDriver\iD.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
() D:\Documents\Utilities\! Tweaks\ShellFolderFix\ShellFolderFixUI.exe
(WordWeb Software) D:\Program Files (x86)\WordWeb\wweb32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() D:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-02-28] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-29] (Logitech Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-08-22] (Dropbox, Inc.)
HKLM-x32\...\Run: [Kensington TrackballWorks Helper] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [435200 2015-02-14] (Kensington)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [559104 2015-08-25] (Nikon Corporation)
HKLM-x32\...\Run: [WordWeb] => D:\Program Files (x86)\WordWeb\wweb32.exe [82048 2015-10-06] (WordWeb Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Run: [Kensington TrackballWorks] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [435200 2015-02-14] (Kensington)
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-17] (Valve Corporation)
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25607952 2017-08-04] (Google)
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Run: [Google Update] => C:\Users\Percy\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Run: [Google Photos Backup] => C:\Users\Percy\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Run: [Viscosity] => D:\Program Files\Viscosity\Viscosity.exe [1460424 2017-09-05] (SparkLabs)
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Run: [OpenVPN-GUI] => D:\Program Files\OpenVPN\bin\openvpn-gui.exe [638592 2017-07-14] ()
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Policies\Explorer: [HideSCAVolume] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iD Autostart.lnk [2017-01-22]
ShortcutTarget: iD Autostart.lnk -> C:\Program Files\Audient\USBAudioDriver\iD.exe ()
Startup: C:\Users\Percy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-10-21]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Percy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2016-11-25]
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Percy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShellFolderFix.lnk [2017-02-25]
ShortcutTarget: ShellFolderFix.lnk -> D:\Documents\Utilities\! Tweaks\ShellFolderFix\ShellFolderFixUI.exe ()
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 75.75.75.75
Tcpip\..\Interfaces\{01CA98B9-2C6C-4A9E-80DE-D1673D23F30C}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{0acee55d-8f34-467c-8bfd-05e3f93aeb56}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{1e1c5cc4-68fe-4a1d-9f63-cb9b5d672a98}: [DhcpNameServer] 10.200.0.2 10.200.0.3
Tcpip\..\Interfaces\{32827184-7525-442A-B48E-09EB92E68C90}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{3ec58953-09da-4f51-b9eb-513cb28a1577}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{506efc35-9a2a-453c-9147-eb924c6af151}: [NameServer] 198.18.0.1,198.18.0.2
Tcpip\..\Interfaces\{506efc35-9a2a-453c-9147-eb924c6af151}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{561C6B80-D582-4D32-A6F1-AA9C8825B414}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{765d4161-62ca-4bf6-9beb-2e4d36b3ee81}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{765d4161-62ca-4bf6-9beb-2e4d36b3ee81}: [DhcpNameServer] 75.75.76.76 75.75.75.75 75.75.75.75
Tcpip\..\Interfaces\{8c90fde0-f84f-455d-a913-c21b95a0467a}: [NameServer] 198.18.0.1,198.18.0.2
Tcpip\..\Interfaces\{8c90fde0-f84f-455d-a913-c21b95a0467a}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{9c5df479-56d0-423c-8321-2d0f07766050}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9c5df479-56d0-423c-8321-2d0f07766050}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{A756AD2D-1407-4A2D-9BCD-A98535DE2F20}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-188082552-3623890906-2265681388-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-188082552-3623890906-2265681388-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-07-26] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-07-26] (Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-31] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-31] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-07-26] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-07-26] (Bitdefender)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-04-30]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-01-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-188082552-3623890906-2265681388-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Percy\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-188082552-3623890906-2265681388-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Percy\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2017-05-16] (Microsoft Corporation)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default [2017-09-07]
CHR Extension: (Google Slides) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-27]
CHR Extension: (EML, MHT Viewer with Drive) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahbjckdnggnfmchoildeljnilenlkoao [2017-02-15]
CHR Extension: (Google Docs) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-27]
CHR Extension: (Google Drive) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27]
CHR Extension: (YouTube) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-27]
CHR Extension: (uBlock Origin) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-09-05]
CHR Extension: (Google Sheets) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-27]
CHR Extension: (PDF Compressor - Smallpdf.com) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gealeehfjeflamgnohlhabaefbfjfjgc [2017-01-12]
CHR Extension: (Google Docs Offline) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-08-30]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2017-02-23]
CHR Extension: (SingleFile Core) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma [2016-09-27]
CHR Extension: (SingleFile) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle [2016-09-27]
CHR Extension: (Tom's Hardware - My Threads) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nddbmgcnelmmhlfibkmfnhnfeccaliip [2017-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Evernote Web Clipper) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-08-30]
CHR Extension: (Gmail) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\Percy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-07]
CHR HKU\S-1-5-21-188082552-3623890906-2265681388-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (SingleFile Core) - C:\Users\Percy\AppData\Roaming\Opera Software\Opera Stable\Extensions\ejmpikefailopkdnglnenfhpepfoghnn [2016-09-16]
OPR Extension: (SingleFile) - C:\Users\Percy\AppData\Roaming\Opera Software\Opera Stable\Extensions\gibebmeiainjjoclcbbfmjjlnnnnabfa [2016-09-16]
OPR Extension: (LastPass: Free Password Manager) - C:\Users\Percy\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2017-07-11]
OPR Extension: (uBlock Origin) - C:\Users\Percy\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2017-07-31]
OPR Extension: (Save Text to PDF) - C:\Users\Percy\AppData\Roaming\Opera Software\Opera Stable\Extensions\mbeceobfimiibpifmpnlcdkkbicmdfnl [2017-01-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-02] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-08-22] (Dropbox, Inc.)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [103072 2017-06-27] (Bitdefender)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 FoxitReaderService; D:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-09-29] (Logitech Inc.)
R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-03-27] (NVIDIA Corporation)
S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed]
R2 OpenVPNServiceInteractive; D:\Program Files\OpenVPN\bin\openvpnserv.exe [72832 2017-07-14] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; D:\Program Files\OpenVPN\bin\openvpnserv.exe [72832 2017-07-14] (The OpenVPN Project)
R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Start10; D:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [220440 2017-07-18] (Stardock Software, Inc)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-17] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-07-26] (Bitdefender)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 ViscosityService; D:\Program Files\Viscosity\ViscosityService.exe [213192 2017-09-05] (SparkLabs)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1445008 2017-09-07] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 Fitbit Connect; D:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [X]
S2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AE3000; C:\WINDOWS\system32\DRIVERS\AE3000w1064.sys [2253648 2015-12-30] (MediaTek Inc.)
S3 Alpham1; C:\WINDOWS\System32\drivers\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
S3 Alpham2; C:\WINDOWS\System32\drivers\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [34416 2016-03-24] (AnvSoft Inc.)
R3 audientusbaudio; C:\WINDOWS\System32\drivers\audientusbaudio_x64.sys [288328 2015-12-08] ()
R3 audientusbaudioks; C:\WINDOWS\system32\DRIVERS\audientusbaudioks_x64.sys [56904 2015-12-08] ()
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1612648 2017-05-30] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [879600 2017-05-30] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [133088 2017-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-12-12] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-12-12] (Disc Soft Ltd)
S3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [538088 2017-03-15] (Intel Corporation)
S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)
S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-07-08] ()
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-02-27] (REALiX™)
R0 ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [305120 2017-03-20] (Bitdefender)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
R0 MBAMChameleon; C:\WINDOWS\System32\drivers\MBAMChameleon.sys [188352 2017-09-07] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-09-07] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-09-07] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-09-07] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47552 2017-03-27] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [76840 2017-03-31] (NVIDIA Corporation)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45048 2017-03-10] (The OpenVPN Project)
R3 tbwkern; C:\WINDOWS\System32\drivers\tbwkern.sys [32848 2013-05-15] ()
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 visctap0901; C:\WINDOWS\System32\drivers\visctap0901.sys [59760 2016-08-11] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-07 16:47 - 2017-09-07 16:48 - 000031599 _____ C:\FRST.txt
2017-09-07 16:46 - 2017-09-07 16:46 - 000000000 ____D C:\Users\Percy\AppData\Roaming\Viscosity
2017-09-07 16:36 - 2017-09-07 16:36 - 000001180 _____ C:\WINDOWS\wininit.ini
2017-09-07 16:26 - 2017-09-07 16:17 - 002395648 _____ (Farbar) C:\FRST64.exe
2017-09-07 16:17 - 2017-09-07 16:47 - 000000000 ____D C:\FRST
2017-09-07 15:41 - 2017-09-07 15:41 - 000000000 ____D C:\Users\Percy\OpenVPN
2017-09-07 15:40 - 2017-09-07 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2017-09-07 15:40 - 2017-09-07 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2017-09-07 15:40 - 2017-09-07 15:40 - 000000000 ____D C:\Program Files\TAP-Windows
2017-09-07 15:18 - 2017-09-07 15:18 - 000000218 _____ C:\Users\Percy\AppData\Local\recently-used.xbel
2017-09-06 20:05 - 2017-09-06 20:05 - 000000000 ____D C:\Users\Percy\AppData\Local\ESET
2017-09-06 19:55 - 2017-09-06 19:55 - 000109204 _____ C:\TDSSKiller.3.1.0.15_06.09.2017_19.55.02_log.txt
2017-09-06 15:51 - 2017-09-06 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-09-06 15:51 - 2017-09-06 15:51 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-09-06 15:51 - 2017-09-06 15:51 - 000000000 ____D C:\WINDOWS\addins
2017-09-04 16:53 - 2017-09-04 16:53 - 000000000 ____D C:\Program Files\Common Files\Viscosity
2017-09-04 16:08 - 2017-09-05 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Viscosity
2017-09-04 16:08 - 2016-08-11 12:27 - 000059760 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\visctap0901.sys
2017-09-01 08:20 - 2017-09-01 08:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-31 16:35 - 2017-09-07 03:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-08-31 16:35 - 2017-08-31 16:35 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-08-31 16:35 - 2017-08-31 16:35 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-08-31 16:35 - 2017-08-31 16:35 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-08-31 16:35 - 2017-08-31 16:35 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-08-31 16:34 - 2017-08-31 16:35 - 000000000 ____D C:\WINDOWS\SHELLNEW
2017-08-31 16:34 - 2017-08-31 16:34 - 000000000 __RHD C:\MSOCache
2017-08-31 16:34 - 2017-08-31 16:34 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2017-08-31 16:34 - 2017-08-31 16:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-31 16:34 - 2017-08-31 16:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-08-31 14:37 - 2017-08-31 14:37 - 000000000 ____D C:\Users\Percy\AppData\Roaming\Prodiance
2017-08-26 15:16 - 2017-08-26 15:16 - 000012881 _____ C:\Deluge-log.txt
2017-08-26 14:55 - 2017-08-26 14:55 - 000007613 _____ C:\Users\Percy\AppData\Local\Resmon.ResmonCfg
2017-08-23 23:34 - 2017-08-23 23:34 - 000003468 _____ C:\WINDOWS\System32\Tasks\Shutdown 4^40
2017-08-23 14:38 - 2017-08-23 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-22 11:55 - 2017-08-22 11:55 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-08-22 11:55 - 2017-08-22 11:55 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-08-22 11:55 - 2017-08-22 11:55 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-08-22 11:55 - 2017-08-22 11:55 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-08-13 08:55 - 2017-08-13 08:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Software Studio
2017-08-09 11:07 - 2017-07-31 21:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 11:07 - 2017-07-31 21:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 11:07 - 2017-07-31 21:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 11:07 - 2017-07-31 21:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 11:07 - 2017-07-31 21:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 11:07 - 2017-07-31 21:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 11:07 - 2017-07-31 21:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 11:07 - 2017-07-31 21:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 11:07 - 2017-07-31 21:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 11:07 - 2017-07-31 21:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 11:07 - 2017-07-31 21:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 11:07 - 2017-07-31 21:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 11:07 - 2017-07-31 21:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 11:07 - 2017-07-31 21:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 11:07 - 2017-07-31 21:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 11:07 - 2017-07-31 21:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 11:07 - 2017-07-31 21:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 11:07 - 2017-07-31 21:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 11:07 - 2017-07-31 21:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 11:07 - 2017-07-31 21:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 11:07 - 2017-07-31 21:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 11:07 - 2017-07-31 21:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 11:07 - 2017-07-31 21:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 11:07 - 2017-07-31 21:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 11:07 - 2017-07-31 21:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 11:07 - 2017-07-31 21:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 11:07 - 2017-07-31 21:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 11:07 - 2017-07-31 21:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 11:07 - 2017-07-31 21:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 11:07 - 2017-07-31 21:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 11:07 - 2017-07-31 21:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 11:07 - 2017-07-31 21:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 11:07 - 2017-07-31 21:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 11:07 - 2017-07-31 21:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 11:07 - 2017-07-31 21:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 11:07 - 2017-07-31 21:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 11:07 - 2017-07-31 21:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 11:07 - 2017-07-31 21:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 11:07 - 2017-07-31 21:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 11:07 - 2017-07-31 21:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 11:07 - 2017-07-31 21:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 11:07 - 2017-07-31 21:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 11:07 - 2017-07-31 21:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 11:07 - 2017-07-31 21:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 11:07 - 2017-07-31 21:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 11:07 - 2017-07-31 20:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 11:07 - 2017-07-31 20:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 11:07 - 2017-07-31 20:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 11:07 - 2017-07-31 20:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 11:07 - 2017-07-31 20:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 11:07 - 2017-07-31 20:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 11:07 - 2017-07-31 20:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 11:07 - 2017-07-31 20:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 11:07 - 2017-07-31 20:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 11:07 - 2017-07-31 20:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 11:07 - 2017-07-31 20:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 11:07 - 2017-07-31 20:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 11:07 - 2017-07-31 20:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 11:07 - 2017-07-31 20:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 11:07 - 2017-07-31 20:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 11:07 - 2017-07-31 20:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 11:07 - 2017-07-31 17:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 11:07 - 2017-07-28 00:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-09 11:07 - 2017-07-28 00:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 11:07 - 2017-07-28 00:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 11:07 - 2017-07-28 00:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-09 11:07 - 2017-07-28 00:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-09 11:07 - 2017-07-28 00:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-09 11:07 - 2017-07-28 00:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-09 11:07 - 2017-07-28 00:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-09 11:07 - 2017-07-28 00:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 11:07 - 2017-07-28 00:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-09 11:07 - 2017-07-28 00:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-09 11:07 - 2017-07-28 00:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-09 11:07 - 2017-07-28 00:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-09 11:07 - 2017-07-28 00:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-09 11:07 - 2017-07-28 00:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 11:07 - 2017-07-28 00:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 11:07 - 2017-07-28 00:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 11:07 - 2017-07-28 00:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-09 11:07 - 2017-07-28 00:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-09 11:07 - 2017-07-28 00:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-09 11:07 - 2017-07-28 00:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-09 11:07 - 2017-07-28 00:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 11:07 - 2017-07-28 00:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-09 11:07 - 2017-07-28 00:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-09 11:07 - 2017-07-28 00:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 11:07 - 2017-07-28 00:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-09 11:07 - 2017-07-27 23:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 11:07 - 2017-07-27 23:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-09 11:07 - 2017-07-27 23:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-09 11:07 - 2017-07-27 23:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-09 11:07 - 2017-07-27 23:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-09 11:07 - 2017-07-27 23:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-09 11:07 - 2017-07-27 23:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-09 11:07 - 2017-07-27 23:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-09 11:07 - 2017-07-27 23:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 11:07 - 2017-07-27 23:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 11:07 - 2017-07-27 23:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 11:07 - 2017-07-27 23:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 11:07 - 2017-07-27 23:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-09 11:07 - 2017-07-27 23:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-09 11:07 - 2017-07-27 23:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-09 11:07 - 2017-07-27 23:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-09 11:07 - 2017-07-27 23:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-09 11:07 - 2017-07-27 23:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-09 11:07 - 2017-07-27 23:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-09 11:07 - 2017-07-27 23:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-09 11:07 - 2017-07-27 23:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-09 11:07 - 2017-07-27 23:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-09 11:07 - 2017-07-27 23:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-09 11:07 - 2017-07-27 23:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-09 11:07 - 2017-07-27 23:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-09 11:07 - 2017-07-27 23:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-09 11:07 - 2017-07-27 23:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-09 11:07 - 2017-07-27 23:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-09 11:07 - 2017-07-27 23:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-09 11:07 - 2017-07-27 23:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-09 11:07 - 2017-07-27 23:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-09 11:07 - 2017-07-27 23:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-09 11:07 - 2017-07-27 23:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-09 11:07 - 2017-07-27 23:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-09 11:07 - 2017-07-27 23:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-09 11:07 - 2017-07-27 23:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-09 11:07 - 2017-07-27 23:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-09 11:07 - 2017-07-27 23:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-09 11:07 - 2017-07-27 23:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 11:07 - 2017-07-27 23:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-09 11:07 - 2017-07-27 23:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-09 11:07 - 2017-07-27 23:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-09 11:07 - 2017-07-27 23:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-09 11:07 - 2017-07-27 23:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 11:07 - 2017-07-27 23:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-09 11:07 - 2017-07-27 23:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-09 11:07 - 2017-07-27 23:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 11:07 - 2017-07-27 23:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-09 11:07 - 2017-07-27 23:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-09 11:07 - 2017-07-27 23:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-09 11:07 - 2017-07-27 23:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-09 11:07 - 2017-07-27 23:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 11:07 - 2017-07-27 23:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-09 11:07 - 2017-07-27 23:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-09 11:07 - 2017-07-27 23:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 11:07 - 2017-07-27 23:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-09 11:07 - 2017-07-27 23:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-09 11:07 - 2017-07-27 23:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 11:07 - 2017-07-27 23:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-09 11:07 - 2017-07-27 23:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-09 11:07 - 2017-07-27 23:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-09 11:07 - 2017-07-27 23:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-09 11:07 - 2017-07-27 23:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-09 11:07 - 2017-07-27 23:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 11:07 - 2017-07-27 23:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 11:07 - 2017-07-27 23:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-09 11:07 - 2017-07-27 23:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-09 11:07 - 2017-07-27 23:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-09 11:07 - 2017-07-27 23:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-09 11:07 - 2017-07-27 23:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 11:07 - 2017-07-27 23:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 11:07 - 2017-07-27 23:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-09 11:07 - 2017-07-27 23:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-09 11:07 - 2017-07-27 23:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-09 11:07 - 2017-07-27 23:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-09 11:07 - 2017-07-27 23:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-09 11:07 - 2017-07-27 23:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 11:07 - 2017-07-27 23:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-09 11:07 - 2017-07-27 23:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-09 11:07 - 2017-07-27 23:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 11:07 - 2017-07-27 23:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 11:07 - 2017-07-27 23:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 11:07 - 2017-07-27 23:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-09 11:07 - 2017-07-27 23:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-09 11:07 - 2017-07-27 23:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-09 11:07 - 2017-07-27 23:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-09 11:07 - 2017-07-27 23:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-09 11:07 - 2017-07-27 23:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-09 11:07 - 2017-07-27 23:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 11:07 - 2017-07-27 23:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-09 11:07 - 2017-07-27 23:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-09 11:07 - 2017-07-27 23:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-09 11:07 - 2017-07-27 23:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-09 11:07 - 2017-07-27 23:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-09 11:07 - 2017-07-27 23:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-09 11:07 - 2017-07-27 23:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 11:07 - 2017-07-27 23:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 11:07 - 2017-07-27 23:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 11:07 - 2017-07-27 23:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 11:07 - 2017-07-27 23:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 11:07 - 2017-07-27 23:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 11:07 - 2017-07-27 23:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-09 11:06 - 2017-07-31 21:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 11:06 - 2017-07-31 21:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 11:06 - 2017-07-31 21:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 11:06 - 2017-07-31 21:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 11:06 - 2017-07-31 21:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 11:06 - 2017-07-31 21:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 11:06 - 2017-07-31 20:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 11:06 - 2017-07-31 20:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 11:06 - 2017-07-31 20:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 11:06 - 2017-07-31 20:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 11:06 - 2017-07-31 20:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 11:06 - 2017-07-31 20:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 11:06 - 2017-07-31 20:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 11:06 - 2017-07-31 20:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 11:06 - 2017-07-31 20:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 11:06 - 2017-07-31 20:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 11:06 - 2017-07-31 20:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 11:06 - 2017-07-31 20:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 11:06 - 2017-07-31 20:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 11:06 - 2017-07-31 20:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 11:06 - 2017-07-31 20:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 11:06 - 2017-07-31 20:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 11:06 - 2017-07-31 20:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 11:06 - 2017-07-31 20:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 11:06 - 2017-07-31 20:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 11:06 - 2017-07-31 20:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 11:06 - 2017-07-31 20:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 11:06 - 2017-07-31 20:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 11:06 - 2017-07-31 20:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 11:06 - 2017-07-31 20:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 11:06 - 2017-07-31 20:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 11:06 - 2017-07-31 20:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 11:06 - 2017-07-31 20:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 11:06 - 2017-07-31 20:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 11:06 - 2017-07-28 00:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-09 11:06 - 2017-07-28 00:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-09 11:06 - 2017-07-28 00:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-09 11:06 - 2017-07-28 00:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-09 11:06 - 2017-07-28 00:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-09 11:06 - 2017-07-28 00:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-09 11:06 - 2017-07-28 00:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-09 11:06 - 2017-07-28 00:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 11:06 - 2017-07-28 00:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-09 11:06 - 2017-07-28 00:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-09 11:06 - 2017-07-27 23:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-09 11:06 - 2017-07-27 23:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-09 11:06 - 2017-07-27 23:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-09 11:06 - 2017-07-27 23:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-09 11:06 - 2017-07-27 23:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-09 11:06 - 2017-07-27 23:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-09 11:06 - 2017-07-27 23:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-09 11:06 - 2017-07-27 23:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-09 11:06 - 2017-07-27 23:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 11:06 - 2017-07-27 23:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-09 11:06 - 2017-07-27 23:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 11:06 - 2017-07-27 23:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-09 11:06 - 2017-07-27 23:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-09 11:06 - 2017-07-27 23:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-09 11:06 - 2017-07-27 23:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-09 11:06 - 2017-07-27 23:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-09 11:06 - 2017-07-27 23:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-09 11:06 - 2017-07-27 23:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-09 11:06 - 2017-07-27 23:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-09 11:06 - 2017-07-27 23:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-09 11:06 - 2017-07-27 23:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 11:06 - 2017-07-27 23:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 11:06 - 2017-07-27 23:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-09 11:06 - 2017-07-27 23:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-09 11:06 - 2017-07-27 23:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 11:06 - 2017-07-27 23:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-09 11:06 - 2017-07-27 23:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 11:06 - 2017-07-27 23:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 11:06 - 2017-07-27 23:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-09 11:06 - 2017-07-27 23:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 11:06 - 2017-07-27 23:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 11:06 - 2017-07-27 23:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-09 11:06 - 2017-07-27 23:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-09 11:06 - 2017-07-27 23:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-09 11:06 - 2017-07-27 23:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-09 11:06 - 2017-07-27 23:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 11:06 - 2017-07-27 23:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-09 11:06 - 2017-07-27 23:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 11:06 - 2017-07-27 23:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-09 11:06 - 2017-07-27 23:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 11:06 - 2017-07-27 23:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-09 11:06 - 2017-07-27 23:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 11:06 - 2017-07-27 23:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 11:06 - 2017-07-27 23:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 11:06 - 2017-07-27 23:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 11:06 - 2017-07-27 23:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 11:06 - 2017-07-27 23:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-09 11:06 - 2017-07-27 23:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-09 11:06 - 2017-07-27 23:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-09 11:06 - 2017-07-27 23:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 11:06 - 2017-07-27 23:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-09 11:06 - 2017-07-27 23:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 11:06 - 2017-07-27 23:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 11:06 - 2017-07-27 23:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-08 15:26 - 2017-08-26 16:43 - 000001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-08-08 15:25 - 2017-09-06 19:43 - 000000000 ____D C:\Users\Percy\AppData\Roaming\TeamViewer
2017-08-08 15:25 - 2017-08-08 15:25 - 000000000 ____D C:\Users\Percy\AppData\Local\TeamViewer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-07 16:47 - 2017-04-15 21:04 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-07 16:47 - 2016-04-11 13:39 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-09-07 16:46 - 2017-03-18 06:40 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2017-09-07 16:46 - 2017-02-21 17:18 - 000000000 ___RD C:\Users\Percy\Google Drive
2017-09-07 16:46 - 2017-01-26 21:18 - 000188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-07 16:46 - 2017-01-26 21:18 - 000101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-07 16:46 - 2017-01-26 21:18 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-07 16:46 - 2016-07-25 23:07 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-07 16:46 - 2015-08-22 01:23 - 000000000 ____D C:\Users\Percy\AppData\Roaming\Dexpot
2017-09-07 16:45 - 2017-04-15 21:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-07 16:45 - 2017-03-18 06:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-09-07 16:45 - 2016-07-25 23:07 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-07 16:45 - 2016-01-01 10:33 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-09-07 16:45 - 2015-08-07 18:33 - 000152527 _____ C:\bdlog.txt
2017-09-07 16:36 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-07 16:36 - 2015-08-07 20:03 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-07 16:30 - 2016-12-10 17:39 - 000000000 ____D C:\ProgramData\Adobe
2017-09-07 16:29 - 2016-12-12 14:18 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-09-07 15:41 - 2017-04-15 21:04 - 000000000 ____D C:\Users\Percy
2017-09-07 15:27 - 2017-04-15 21:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-07 15:18 - 2016-06-21 21:07 - 000000000 ____D C:\Users\Percy\AppData\Roaming\deluge
2017-09-07 14:48 - 2017-04-15 21:14 - 003204250 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-07 14:33 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-07 08:35 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-07 08:34 - 2015-12-13 00:46 - 000000000 ____D C:\Users\Percy\AppData\Local\CrashDumps
2017-09-07 03:50 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-07 00:36 - 2016-06-20 15:11 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-09-06 23:21 - 2017-07-28 17:10 - 000000000 ____D C:\ProgramData\KMSAutoS
2017-09-06 19:57 - 2015-08-07 23:27 - 000000000 ____D C:\Program Files (x86)\Opera
2017-09-06 19:49 - 2016-06-20 19:54 - 000000000 ____D C:\AdwCleaner
2017-09-06 19:42 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-06 17:20 - 2015-08-07 20:07 - 000000000 ____D C:\Users\Percy\AppData\Roaming\MusicBee
2017-09-06 15:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-09-06 15:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-06 15:51 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-06 11:43 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-04 09:37 - 2016-03-07 01:40 - 000000000 ____D C:\Users\Percy\AppData\Roaming\Anvsoft
2017-09-04 09:31 - 2015-08-28 02:33 - 000000000 ____D C:\Users\Percy\AppData\Roaming\REAPER
2017-09-02 10:57 - 2016-10-21 15:01 - 000000000 ____D C:\Users\Percy\Evernote
2017-09-02 10:43 - 2017-04-15 21:04 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-09-01 09:12 - 2017-04-15 21:03 - 005019712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-01 08:22 - 2013-08-22 08:25 - 000000167 _____ C:\WINDOWS\win.ini
2017-08-31 22:48 - 2015-08-07 11:01 - 000000000 ____D C:\Users\Percy\AppData\Roaming\Adobe
2017-08-31 16:49 - 2017-07-28 17:10 - 000003786 _____ C:\WINDOWS\System32\Tasks\KMSAutoNet
2017-08-31 16:49 - 2017-07-28 17:10 - 000000000 ____D C:\Users\Percy\AppData\Local\MSfree Inc
2017-08-31 16:35 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-31 16:35 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-31 16:35 - 2015-10-11 12:34 - 000000000 ____D C:\Program Files\Microsoft Office
2017-08-31 16:34 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-28 15:19 - 2016-09-27 16:12 - 000002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-26 14:58 - 2016-07-26 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2017-08-26 14:38 - 2015-08-07 19:12 - 000000000 ____D C:\Users\Percy\AppData\Local\ElevatedDiagnostics
2017-08-25 21:27 - 2017-06-30 09:14 - 000001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-08-25 21:27 - 2017-04-15 21:14 - 000003956 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1439008087
2017-08-24 14:20 - 2016-01-19 01:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-08-23 14:38 - 2015-08-07 19:14 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-20 00:01 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-20 00:01 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-20 00:01 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-20 00:01 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-20 00:01 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-20 00:01 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-20 00:01 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-20 00:01 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-09 11:09 - 2015-08-08 21:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 11:08 - 2015-08-08 21:54 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-09 08:58 - 2015-08-07 11:01 - 000000000 ____D C:\Users\Percy\AppData\Local\Packages
2017-08-08 20:32 - 2017-05-22 20:20 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-08 20:32 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-08 20:32 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-08 15:13 - 2016-10-20 10:32 - 000000000 ____D C:\Users\Percy\AppData\Local\ConnectedDevicesPlatform

==================== Files in the root of some directories =======

2015-12-20 12:58 - 2015-12-20 12:58 - 000000268 ___RH () C:\Users\Percy\AppData\Roaming\PageLibraries
2017-01-10 04:22 - 2017-01-10 04:22 - 000000054 _____ () C:\Users\Percy\AppData\Roaming\pdfcompressor.ini
2015-12-20 12:58 - 2015-12-20 12:58 - 000000268 ___RH () C:\Users\Percy\AppData\Roaming\People
2017-07-03 16:10 - 2017-07-03 16:10 - 000000331 ____H () C:\Users\Percy\AppData\Local\CacheConfig.dat
2017-09-07 15:18 - 2017-09-07 15:18 - 000000218 _____ () C:\Users\Percy\AppData\Local\recently-used.xbel
2017-08-26 14:55 - 2017-08-26 14:55 - 000007613 _____ () C:\Users\Percy\AppData\Local\Resmon.ResmonCfg
2017-06-08 21:46 - 2017-06-08 21:46 - 000030966 _____ () C:\ProgramData\agent.update.1496976360.bdinstall.bin
2017-02-14 14:12 - 2017-02-14 14:12 - 000386092 _____ () C:\ProgramData\cl.1487099441.bdinstall.bin
2017-02-14 14:13 - 2017-02-14 14:13 - 000056853 _____ () C:\ProgramData\dm.1487099589.bdinstall.bin
2017-07-11 16:11 - 2017-07-11 16:11 - 000040641 _____ () C:\ProgramData\dm.update.1499807485.bdinstall.bin
2017-04-15 21:04 - 2017-04-15 21:04 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-04-17 19:57 - 2017-04-17 19:57 - 000019535 _____ () C:\ProgramData\empty.ico
2015-12-20 12:58 - 2015-12-20 12:58 - 000000268 ___RH () C:\ProgramData\Perl
2015-12-20 12:58 - 2015-12-20 12:58 - 000000268 ___RH () C:\ProgramData\Piano
2015-12-20 12:58 - 2015-12-20 12:58 - 000000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-12-20 12:58 - 2015-12-20 12:58 - 000000020 ____H () C:\ProgramData\PKP_DLev.DAT
2015-12-20 12:58 - 2015-12-20 12:58 - 000000012 ___RH () C:\ProgramData\Podcasting
2015-12-20 12:58 - 2015-12-20 12:58 - 000000012 ___RH () C:\ProgramData\Printer Icons

Some zero byte size files/folders:
==========================
C:\Windows\System32\BDSandBoxUISkin32.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-04 22:43

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Tamlyn (07-09-2017 16:48:25)
Running from C:\
Windows 10 Home Version 1703 (X64) (2017-04-16 02:17:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-188082552-3623890906-2265681388-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-188082552-3623890906-2265681388-503 - Limited - Disabled)
Guest (S-1-5-21-188082552-3623890906-2265681388-501 - Limited - Disabled)
Tamlyn (S-1-5-21-188082552-3623890906-2265681388-1001 - Administrator - Enabled) => C:\Users\Percy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version: - )
AbleWord v3.0 (HKLM-x32\...\AbleWord_is1) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.4 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.66 - Hulubulu Software)
Amazon Kindle (HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Amazon Kindle) (Version: 1.19.2.46095 - Amazon)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Any Audio Converter 5.8.8 (HKLM-x32\...\Any Audio Converter_is1) (Version: - Any-Audio-Converter.com)
Any Video Converter Ultimate 5.9.3 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audient USB Audio Driver v3.2.0 (HKLM-x32\...\Software_Audient_audientusbaudio_Setup) (Version: 3.2.0 - Audient)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.28.1503 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.23.1101 - Bitdefender)
Bitdefender Total Security 2017 (HKLM\...\Bitdefender) (Version: 21.0.23.1101 - Bitdefender)
calibre (HKLM-x32\...\{1F1FE718-ACE3-4D26-A9F0-7F443B3526F1}) (Version: 2.77.0 - Kovid Goyal)
Capture NX-D (HKLM\...\{794529D3-D489-4CF2-B2ED-CF241809E5EC}) (Version: 1.3.0 - Nikon Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
CloneSpy 3.22 - 64 bit (HKLM\...\CloneSpy) (Version: 3.22 - The CloneSpy Team)
Contents64 (HKLM\...\{1CDDC143-E149-4945-A5C9-8B366D8C2FC6}) (Version: 18.0.0.181 - Corel Corporation) Hidden
CPUID CPU-Z 1.80 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version: - )
Dexpot (HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Dexpot) (Version: 1.6.14 - Dexpot GbR)
Dishonored Game of the Year Edition (HKLM-x32\...\RGlzaG9ub3JlZA==_is1) (Version: 1 - )
Dishonored 2 (HKLM\...\Steam App 403640) (Version: - Arkane Studios)
Dropbox (HKLM-x32\...\Dropbox) (Version: 33.4.23 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
eBook Converter (HKLM-x32\...\eBookConverter) (Version: 1.2.1 - eBook Converter)
Evernote v. 6.5.4 (HKLM-x32\...\{D47E7D82-0D98-11E7-A6D6-005056951CAD}) (Version: 6.5.4.4720 - Evernote Corp.)
Faasoft Audio Converter 5.4.3.5989 (HKLM-x32\...\{6A4806A7-4A4C-458C-B42F-BB508CA69F3F}_is1) (Version: - Faasoft Corporation)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.4.1208 - Foxit Software Inc.)
Free JPG To PDF Converter 2.5 (HKLM-x32\...\Free JPG To PDF Converter_is1) (Version: 2.5 - )
Free PDF Compressor (HKLM-x32\...\{418FAC0D-8A31-44EB-9FE4-563F6D84693C}) (Version: 1.0.0 - Free PDF Solutions)
Free PDF Splitter (HKLM-x32\...\{FDD848D0-C82C-4DD0-9853-65D5067FBFB1}) (Version: 1.0.0 - Free PDF Solutions)
Free PDF to Epub Converter (HKLM-x32\...\{7413BD2E-C185-4ACA-8FE8-0DD423BF2BBB}}_is1) (Version: - Free PDF Solutions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Drive (HKLM-x32\...\{A90339B3-2C3F-492E-B3A7-0BDFC691E526}) (Version: 2.34.6425.2548 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GPAC (remove only) (HKLM-x32\...\GPAC) (Version: - )
ICA (HKLM-x32\...\{A22A80C4-F237-4B5A-825F-0731971ECBE6}) (Version: 18.0.0.181 - Corel Corporation) Hidden
Icaros 3.0.1 (HKLM\...\Icaros_is1) (Version: 3.0.1.0 - Tabibito Technology)
iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{619e726e-d2b4-4e28-9568-c964fd81ee6c}) (Version: 10.1.1.14 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.6 (HKLM-x32\...\{2B710CA5-99F0-4D29-962C-29A7CFF7A989}) (Version: 2.6.0.32 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel)
IPM_VS_Pro64 (HKLM\...\{CEE838EA-72D1-4149-91F5-5591AFE0CBBC}) (Version: 18.0 - Corel Corporation) Hidden
IPVanish (HKLM-x32\...\{84A3D623-3A5D-422A-BE1E-28C33C463655}) (Version: 2.1.2.0 - IPVanish.com) Hidden
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Janus 4.3 (HKLM-x32\...\ST5UNST #1) (Version: - )
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Logitech Gaming Software 8.88 (HKLM\...\Logitech Gaming Software) (Version: 8.88.30 - Logitech Inc.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Manager (HKLM-x32\...\{3802F563-BAD7-47F3-AF91-ED1C9467B224}) (Version: 3.0.7.25771 - ANDREA VACONDIO) Hidden
MediaHuman Audio Converter version 1.9.6.1 (HKLM-x32\...\MHAudioConverter_is1) (Version: 1.9.6.1 - MediaHuman)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
MetaX for Windows (HKLM-x32\...\{37C00961-B793-45A8-9BEF-0E9A281107B0}) (Version: 2.25 - No Bull Software)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MKVToolNix 15.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 15.0.0 - Moritz Bunkus)
MovieLibrary (HKLM-x32\...\{0A4CF8ED-BB77-489E-AAC5-32FE672DC6D3}) (Version: 2.09 - No Bull Software)
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
My MP4Box GUI 0.6.0.6 (HKLM\...\{3FBE3061-F2BC-4D3A-B4A9-8FB15C503F87}_is1) (Version: 0.6.0.6 - Matt Bodin)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.2.0 - Nikon Corporation)
No Man's Sky (HKLM\...\Steam App 275850) (Version: - Hello Games)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 368.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
OpenVPN 2.4.3-I602 (HKLM\...\OpenVPN) (Version: 2.4.3-I602 - OpenVPN Technologies, Inc.)
Opera Stable 47.0.2631.71 (HKLM-x32\...\Opera 47.0.2631.71) (Version: 47.0.2631.71 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F37}) (Version: 4.0.16 - dotPDN LLC)
PDF Merge (HKLM-x32\...\{50217A00-46B2-40E3-8664-5C93BFFA03B0}) (Version: 1.0.0 - Free PDF Soulutions)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFlite 2.0.0.0 (HKLM-x32\...\PDFlite) (Version: 2.0.0.0 - Amnis Technology Ltd)
PDFsam Basic (HKLM-x32\...\{67DFA6CA-3FCA-46A3-8C78-8C668BCDE9AD}) (Version: 3.20.5.0 - Andrea Vacondio)
Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.1.1 - Nikon Corporation)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 3.0.4 - Portforward, LLC)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version: - Prism Studios)
PotPlayer (HKLM-x32\...\PotPlayer) (Version: - Kakao Corp.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Scrivener (HKLM-x32\...\Scrivener 1710) (Version: 1710 - Literature and Latte)
Setup (HKLM-x32\...\{CC55892B-B7A6-4F5F-BFB4-F69D77E2D7D5}) (Version: 18.0.0.181 - Corel Corporation) Hidden
Share64 (HKLM\...\{3BB9B652-3725-419E-869F-7A5F7FE82C28}) (Version: 18.0.0.181 - Corel Corporation) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Solar Fire v9 (HKLM-x32\...\{93397832-4E51-47E9-A10D-6C17C50E1F17}) (Version: 9.0.17 - Esoteric Technologies Pty Ltd)
Stardock Start10 (HKLM-x32\...\Stardock Start10) (Version: 1.56 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 8.2.11.0 - 2BrightSparks)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.82216 - TeamViewer)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
TrackballWorks (HKLM-x32\...\{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}) (Version: 1.2 - Kensington Computer Products Group)
Tweaks.com Logon Changer (HKLM-x32\...\{528BA2FD-E247-45E4-9174-2F2CF795BFC7}) (Version: 3.0.0 - Advanced PC Media LLC)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{DED3C7C7-564E-4FF5-9A2F-53CB356ECD74}) (Version: - Microsoft)
ViewNX-i (HKLM\...\{C67A5551-26C1-4C7B-A9DF-AD148549D482}) (Version: 1.1.0 - Nikon Corporation)
Viscosity 1.7.4 (1526) (HKLM\...\{CC85567E-DC83-4BB5-AD77-D84514C0D059}_is1) (Version: 1.7.4.1526 - SparkLabs)
VSClassic64 (HKLM\...\{C8686FE2-D759-4304-9791-66ED3C1A7789}) (Version: 18.0.0.181 - Corel Corporation) Hidden
VSUltimate64 (HKLM\...\{4BBC9291-7961-42EE-9CDA-6EC4BD6EB782}) (Version: 18.0.0.181 - Corel Corporation) Hidden
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.7.0.0 - Winaero)
WinDirStat 1.1.2 (HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\WinDirStat) (Version: - )
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WordWeb (HKLM-x32\...\WordWeb) (Version: 8 - WordWeb Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-188082552-3623890906-2265681388-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Percy\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-188082552-3623890906-2265681388-1001_Classes\CLSID\{16b54495-f767-473c-b6bf-6a9d9dc1a720}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-188082552-3623890906-2265681388-1001_Classes\CLSID\{52fa6f67-8551-40d2-afb1-8c54ee22355c}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-188082552-3623890906-2265681388-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Percy\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-188082552-3623890906-2265681388-1001_Classes\CLSID\{ac719395-81c5-4d82-a257-aa52667aee77}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-188082552-3623890906-2265681388-1001_Classes\CLSID\{ad535ea6-c0fb-4d65-b953-23ec899d0d00}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-188082552-3623890906-2265681388-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Percy\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-188082552-3623890906-2265681388-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Percy\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2015-06-14] (Igor Pavlov)
ContextMenuHandlers1: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2017\bdfvsctx.dll [2017-07-26] (Bitdefender)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => D:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-06-25] (Florian Heidenreich)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-06-25] (Florian Heidenreich)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => D:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2015-06-14] (Igor Pavlov)
ContextMenuHandlers4: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2017\bdfvsctx.dll [2017-07-26] (Bitdefender)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-06-25] (Florian Heidenreich)
ContextMenuHandlers5: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2017\bdfvsctx.dll [2017-07-26] (Bitdefender)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2015-06-14] (Igor Pavlov)
ContextMenuHandlers6: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2017\bdfvsctx.dll [2017-07-26] (Bitdefender)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => D:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => D:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03F08172-80B8-45CD-98D2-7C2BEC663EC1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-188082552-3623890906-2265681388-1001UA => C:\Users\Percy\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-25] (Google Inc.)
Task: {04E85E9B-6DF5-406D-8AEB-9028CF37903B} - \2BrightSparks\SyncBackFree\PERCYPC-Percy\SyncBackFree F Movie Backup To E Movie -> No File <==== ATTENTION
Task: {0AC08D12-2015-4DF7-BFA0-1F01305B6629} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {0AFA8A50-7837-452C-AA6C-07072C6B6714} - System32\Tasks\Dexpot\3 => C:\Program Files (x86)\Dexpot\autodex.exe [2016-07-19] (Dexpot GbR) <==== ATTENTION
Task: {10B0F346-F8DC-4E8F-BEC1-7D53501E42EE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {11AE8917-8675-4B21-91C0-E937D3EC5052} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {11FBF7B7-9CEA-406E-9713-A6BCA913B3D2} - System32\Tasks\2BrightSparks\SyncBackFree\TAMLYNPC-Percy\SyncBackFree Dropbox Sales To TAMLYN Google Drive Sales => D:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2017-07-11] (2BrightSparks Pte. Ltd.) <==== ATTENTION
Task: {188716A6-C9F0-405E-BEBA-371DD8BCEF41} - \2BrightSparks\SyncBackFree\PERCYPC-Percy\SyncBackFree D Music Lib Backup To E Music Lib -> No File <==== ATTENTION
Task: {1BDAA669-3A4E-4B7B-924B-7B2BA049BFFD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {2F9965A0-153E-4FCC-A882-8ED30B619CE0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-02] (Dropbox, Inc.)
Task: {3090D1CA-CB93-4F7A-87C1-07E98D37D0CC} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2017-07-26] (Bitdefender)
Task: {30CE196F-A50A-4C1B-B6CF-960EB959F46F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {32D7AEB0-1562-4934-BDBD-2660A25B2247} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37404D89-DA32-448A-825F-CB1F0DA4BA78} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {3C72A9D0-9CEB-4A60-A32D-58CAFE3DA81B} - System32\Tasks\{4EE2B939-80AE-45AF-8F4E-B2A40D828977} => C:\WINDOWS\system32\pcalua.exe -a "D:\Program Files (x86)\Foxit Software\Foxit Phantom\InstallPDFReaderPlugin.exe" -d C:\WINDOWS\system32 -c -p D:\Program Files (x86)\Foxit Software\Foxit Phantom\plugins\
Task: {44ADABAA-76FE-4B1A-8732-428176C767C7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-08-09] (Microsoft Corporation)
Task: {4577101A-1330-4D08-869A-BF74BC8EB321} - System32\Tasks\IPVanish => C:\Program Files (x86)\IPVanish\ElevateClient.exe [2016-05-19] ()
Task: {4593DAD9-4D37-42C5-9F74-0A6BCAE554C6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-27] (NVIDIA Corporation)
Task: {4A3742C4-1206-46AA-8494-66C7A806367C} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {505EB4F7-823F-411D-9445-B4D4B22DB976} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
Task: {55787A77-D30C-4E3B-B061-3FCDA37A27EC} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {62E3C33B-7AB9-4A7C-B1BA-B26DF70DC749} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {633E3482-3815-411A-B85E-35405C418D01} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {6621432A-2826-4767-94BD-16F2FEFEF681} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6799CB72-0D67-4B4C-AC67-66B3BFE2E057} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6FA7FE45-4BD6-4BF9-A290-349AF9309962} - System32\Tasks\2BrightSparks\SyncBackFree\TAMLYNPC-Percy\SyncBackFree F Magick to E Magick => D:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2017-07-11] (2BrightSparks Pte. Ltd.)
Task: {74F4AB8C-F9B4-43AB-93BF-044FCAF96545} - \2BrightSparks\SyncBackFree\TAMLYNPC-Percy\SyncBackFree D Music Lib Backup To F Music Lib -> No File <==== ATTENTION
Task: {7B10635D-764B-4D66-8586-B4F81C98AEDD} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {7DD4309D-C3C2-4DD0-86B3-FA67B087082A} - System32\Tasks\Shutdown 4^40 => C:\Windows\System32\shutdown.exe [2017-03-18] (Microsoft Corporation)
Task: {817E96F2-09A2-42BA-AAE8-7DB10DE81DE7} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {88D2E57B-5C8A-4EC2-ABEE-5241EF2F0700} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-27] (NVIDIA Corporation)
Task: {8D1ED3B5-0B75-4F6C-BD80-054607701BB9} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {8E8B964F-6229-4D0A-A1A8-BD829EE5697B} - System32\Tasks\Dexpot\Dexpot Percy => C:\Program Files (x86)\Dexpot\dexpot.exe [2016-07-19] (Dexpot GbR)
Task: {8F3A4AD1-9148-46C7-B449-EDF8B56E8FB9} - \2BrightSparks\SyncBackFree\TAMLYNPC-Percy\SyncBackFree F Movie Backup To E Movie -> No File <==== ATTENTION
Task: {96AE39C0-A320-4A2B-BE37-D9F25AD18E38} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-27] (NVIDIA Corporation)
Task: {96E2FABF-D4D3-48C6-8E96-B2A3434392B0} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {988DDBFB-3A36-47E8-83F2-47BC5DADC19D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-188082552-3623890906-2265681388-1001Core => C:\Users\Percy\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-25] (Google Inc.)
Task: {993845D9-FD1D-4A49-9C49-00C9655F2095} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9E7A03C6-9481-4C50-B7F5-D74C6332E583} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {9F8EB643-89B9-4881-9CE4-87ECE4FD2D7A} - \2BrightSparks\SyncBackFree\PERCYPC-Percy\SyncBackFree -> No File <==== ATTENTION
Task: {A1042A2D-0E95-4C66-A669-7D7EDFCDA0EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {A133ED6B-2FF6-43F9-BA5F-F72E75C0C58C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A45B8B2F-260E-4F10-9668-0C54BA72026D} - \2BrightSparks\SyncBackFree\TAMLYNPC-Percy\SyncBackFree -> No File <==== ATTENTION
Task: {A47ED54C-17D0-4C0F-BBD2-7B8A279D74EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {B25D2AD5-80A8-40A6-98F7-99ECEE231001} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B2635295-4371-4152-BEBA-76FA087B8281} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-27] (NVIDIA Corporation)
Task: {B516051C-7FE6-41CB-92FC-30A2D67B5AC2} - System32\Tasks\Dexpot\4 => C:\Program Files (x86)\Dexpot\autodex.exe [2016-07-19] (Dexpot GbR) <==== ATTENTION
Task: {B801BC59-6BAD-4ED4-B773-61EFA91CA04B} - System32\Tasks\Opera scheduled Autoupdate 1439008087 => C:\Program Files (x86)\Opera\launcher.exe [2017-08-25] (Opera Software)
Task: {BE610822-0485-4655-A64C-12BE5C7970E9} - System32\Tasks\2BrightSparks\SyncBackFree\TAMLYNPC-Percy\SyncBackFree Dropbox Runes To TAMLYN Google Drive Runes => D:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2017-07-11] (2BrightSparks Pte. Ltd.) <==== ATTENTION
Task: {C06D2642-821A-4AFD-A5C1-F2E15DF621A4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-02] (Dropbox, Inc.)
Task: {D043A224-8A62-443C-8E21-C6246A0A0CCA} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {D2A0955C-8A61-48B7-8E0F-C7F7D684DAD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D2BFB9A0-066E-4141-A0B5-DD77DF6C3685} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {D64145D4-FB84-407D-9995-E814864FFB78} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D811E6A0-7D5D-489C-9EFB-D2051F9F7B68} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {DA85F353-3506-4E14-8BCF-C86143B50CC3} - System32\Tasks\2BrightSparks\SyncBackFree\TAMLYNPC-Percy\SyncBackFree Dropbox Tarot To TAMLYN Google Drive Tarot => D:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2017-07-11] (2BrightSparks Pte. Ltd.) <==== ATTENTION
Task: {DD7335D8-CA7C-48CC-8B04-6D364A956F12} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E7D6EC50-1F98-4309-B719-F44DD0A8CFF1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E8450AB1-3FE7-4642-94B6-DF105AFAD73F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EEDBE62B-EE73-462D-9BFD-188E56D2F427} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {F0D3BAAF-F8A7-4D41-88F9-471F11FA1BE1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F892AD2F-C0E9-4D1B-BA9B-C418E68B7752} - System32\Tasks\Dexpot\2 => C:\Program Files (x86)\Dexpot\autodex.exe [2016-07-19] (Dexpot GbR) <==== ATTENTION
Task: {FCD5E79D-56DB-4F80-A4CA-A35E1783BED7} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-03-27] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Percy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eBook Converter\Website.lnk -> hxxp://www.ebook-converter.com

==================== Loaded Modules (Whitelisted) ==============

2017-07-26 16:22 - 2017-07-26 16:22 - 000111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
2017-07-13 15:02 - 2013-08-26 07:12 - 000087040 _____ () C:\WINDOWS\System32\redmonnt.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 000117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2017-06-08 15:14 - 2017-07-08 16:10 - 002260432 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-12 00:55 - 2010-09-28 19:52 - 000099840 _____ () D:\Documents\Utilities\! Tweaks\ShellFolderFix\ShellFolderFix.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-23 14:39 - 2017-08-23 14:39 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-23 14:39 - 2017-08-23 14:39 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-23 14:39 - 2017-08-23 14:39 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-23 14:39 - 2017-08-23 14:39 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-08-25 19:11 - 2017-08-25 19:11 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-01-22 21:47 - 2016-07-08 06:04 - 006779392 _____ () C:\Program Files\Audient\USBAudioDriver\iD.exe
2014-12-12 00:55 - 2014-12-12 00:55 - 002625024 _____ () D:\Documents\Utilities\! Tweaks\ShellFolderFix\ShellFolderFixUI.exe
2017-07-14 08:26 - 2017-07-14 08:26 - 000638592 _____ () D:\Program Files\OpenVPN\bin\openvpn-gui.exe
2017-07-26 16:22 - 2017-07-26 16:22 - 000023328 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-us\bdsystray.txtui
2016-11-23 14:46 - 2017-02-23 13:35 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-23 14:46 - 2017-02-23 13:35 - 004489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-09-07 16:46 - 2017-09-07 16:46 - 000098816 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\win32api.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000110080 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\pywintypes27.dll
2017-09-07 16:46 - 2017-09-07 16:46 - 000364544 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\pythoncom27.dll
2017-09-07 16:46 - 2017-09-07 16:46 - 000320512 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\win32com.shell.shell.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000914432 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\_hashlib.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 001176576 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\wx._core_.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000806400 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\wx._gdi_.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000816128 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\wx._windows_.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 001067008 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\wx._controls_.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000733184 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\wx._misc_.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000682496 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\pysqlite2._sqlite.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000088064 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\_ctypes.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000686080 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\unicodedata.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000119808 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\win32file.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000108544 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\win32security.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000007168 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\hashobjs_ext.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000017920 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\thumbnails_ext.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000088064 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\usb_ext.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000012800 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\common.time34.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000018432 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\win32event.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000167936 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\win32gui.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000046080 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\_socket.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 001303552 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\_ssl.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000128512 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\_elementtree.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000127488 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\pyexpat.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000038912 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\win32inet.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000036864 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\_psutil_windows.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000524248 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\windows._lib_cacheinvalidation.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000011264 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\win32crypt.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000123392 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\wx._wizard.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000077312 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\wx._html2.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000027648 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\_multiprocessing.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000020480 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\_yappi.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000035840 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\win32process.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000078848 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\wx._animate.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000024064 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\win32pipe.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000010240 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\select.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000025600 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\win32pdh.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000017408 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\win32profile.pyd
2017-09-07 16:46 - 2017-09-07 16:46 - 000022528 ____R () C:\Users\Percy\AppData\Local\Temp\_MEI125682\win32ts.pyd
2016-04-08 17:35 - 2016-04-08 17:35 - 003481600 _____ () C:\Users\Percy\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2017-01-22 21:47 - 2015-12-08 10:20 - 000228352 _____ () C:\Program Files\Audient\USBAudioDriver\audientusbaudioapi.dll
2017-08-23 14:38 - 2017-08-22 11:55 - 000757568 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-08-23 14:38 - 2017-08-22 11:55 - 001787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-04-04 13:14 - 2017-08-22 11:53 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-04-04 13:14 - 2017-08-22 11:57 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-08-23 14:38 - 2017-08-22 11:56 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-08-23 14:38 - 2017-08-22 11:56 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-08-23 14:38 - 2017-08-22 11:56 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-08-23 14:38 - 2017-08-22 11:53 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-08-23 14:38 - 2017-08-22 11:55 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-04-04 13:14 - 2017-08-22 11:53 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-04-04 13:14 - 2017-08-22 11:57 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-08-23 14:38 - 2017-08-22 11:53 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-08-23 14:38 - 2017-08-22 11:55 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-04-04 13:14 - 2017-08-22 11:57 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-04-04 13:14 - 2017-08-22 11:57 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-08-23 14:38 - 2017-08-22 11:56 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-17 14:23 - 2017-08-22 11:57 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-04-04 13:14 - 2017-08-22 11:57 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-04-04 13:14 - 2017-08-22 11:57 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-04-04 13:14 - 2017-08-22 11:57 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-04-04 13:14 - 2017-08-22 11:57 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-04-04 13:14 - 2017-08-22 11:57 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-04-04 13:14 - 2017-08-22 11:57 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-04-04 13:14 - 2017-08-22 11:57 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-08-23 14:38 - 2017-08-22 11:56 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-04-04 13:14 - 2017-08-22 11:53 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 000103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-04-04 13:14 - 2017-08-22 11:58 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-08-23 14:38 - 2017-08-22 11:55 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-08-23 14:38 - 2017-08-22 11:57 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-08-23 14:38 - 2017-08-22 11:55 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-08-23 14:38 - 2017-08-22 11:56 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-04-04 13:14 - 2017-08-22 11:57 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-08-23 14:38 - 2017-08-22 11:57 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-04-04 13:14 - 2017-08-22 11:57 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-04 13:14 - 2017-08-22 11:57 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-08-23 14:38 - 2017-08-22 11:57 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-03-20 11:57 - 2017-03-20 11:57 - 000321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2017-03-20 11:57 - 2017-03-20 11:57 - 000148664 _____ () C:\Program Files (x86)\Evernote\Evernote\zlibwapi.dll
2017-03-20 11:57 - 2017-03-20 11:57 - 026137272 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2017-03-20 11:57 - 2017-03-20 11:57 - 000212664 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll
2017-03-20 11:10 - 2017-03-20 11:10 - 000740352 _____ () C:\Program Files (x86)\Evernote\Evernote\libglesv2.dll
2017-03-20 11:10 - 2017-03-20 11:10 - 000130048 _____ () C:\Program Files (x86)\Evernote\Evernote\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\FRST64.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2017-09-07 16:46 - 000000016 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-188082552-3623890906-2265681388-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Percy\AppData\Roaming\Dexpot\Hintergrund Tamlyn Default 1.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Mediatek Wireless Utility.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Zboard"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKLM\...\StartupApproved\Run32: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\StartupApproved\StartupFolder: => "Percy.lnk"
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\StartupApproved\Run: => "PeerBlock"
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-188082552-3623890906-2265681388-1001\...\StartupApproved\Run: => "TpScrex"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{56805EF0-D858-4555-B13D-ADE3ACB60DAA}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AF48A0AF-1A89-49B4-B89D-C0B32F900FFB}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{EC39F694-6A47-4270-A65A-53DE184CA079}D:\program files (x86)\deluge\deluge.exe] => (Allow) D:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{C3AC3BDA-3A42-4A0A-B655-155A65776694}D:\program files (x86)\deluge\deluge.exe] => (Allow) D:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{36D4EA75-83CB-4248-B62E-F5993FCC86ED}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{3DBA74FB-7B46-4535-8EDA-2FE13D27360C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{7F50F1B4-F242-423A-BF6D-33F84113B283}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{678422AA-4244-4D2B-9CE8-CFFEE1C442B6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{001C33D9-2134-4B1A-8F23-F544131B8076}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{BF84B1E7-AECA-4F3D-B32C-3B8349030C47}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{1EA6DD8A-54EA-45EC-818F-930AEC6EE882}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{2A32BB9F-A56E-462B-967E-03425EAF659E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{42A21D65-C617-4048-9CFA-1BA6F80D9AF7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{E5B794F2-A078-4F1B-978D-92932FBDC090}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{2C605723-0B4E-4E5C-AD1A-D73A0531E480}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{A06A5144-C363-499C-883E-7094D73DD91A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{2552C6E1-7FB2-4B47-98E7-ADC0D97D96E3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [UDP Query User{A24FB407-AB3D-47BD-9B04-E469DC6737E8}G:\dishonored\binaries\win32\dishonored.exe] => (Allow) G:\dishonored\binaries\win32\dishonored.exe
FirewallRules: [TCP Query User{EDB43F41-3392-4369-8EA7-94988A5B0AE8}G:\dishonored\binaries\win32\dishonored.exe] => (Allow) G:\dishonored\binaries\win32\dishonored.exe
FirewallRules: [{848C52A2-81F4-4A1F-88EB-4359894ECBD5}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{317892B8-EB4D-42FF-A7EC-6DC4F4A1BA92}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{A94B4081-E00C-4456-8E2E-13C1136CC058}D:\program files (x86)\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\program files (x86)\dishonored\binaries\win32\dishonored.exe
FirewallRules: [TCP Query User{0757AFBC-D46D-48BC-8226-26B2022D8E86}D:\program files (x86)\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\program files (x86)\dishonored\binaries\win32\dishonored.exe
FirewallRules: [{24D8057B-52A4-463A-B5C9-513BDC4A5A82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D918EF7C-37B2-45ED-B7B0-741A24447F92}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F1B3CA60-3349-4A5C-806A-C09EFCA451EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3B918514-8EB3-40CF-9FDD-02FD0BC75BA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{53BECDEF-79A4-4DD3-9C53-642E9F07F44B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{33F3D850-0738-4014-8CF6-CEE3B0B92ADF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{C4D42A96-A9A1-4E52-B73C-E86699D39D94}] => (Allow) D:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{170D8EAD-9C2C-4097-9751-16DD96DA6A64}] => (Allow) D:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{B5CDCA2C-E834-4808-9142-412BB06EF22D}] => (Allow) D:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4716EC81-00B1-4FF5-B630-933B91825D3E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0F002AF2-451C-48B3-B394-47A54A8BE9FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{66A083E9-F95E-4006-9DBE-882D064E841A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A6C47B55-18FC-4C11-BA35-44A384F21DA4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D4C026FE-15F3-4D31-AF7F-634C27C569B1}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.55\opera.exe
FirewallRules: [{5754DF94-2C5B-4873-BD2C-5186563D588E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{4E83A918-84FA-428D-93D2-132766E387DC}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe
FirewallRules: [{9E24D0A9-56DD-4E58-BFDC-4EB996DCDB16}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E990240C-C08C-4CA6-8A53-3ADC9451F1BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0B24CAE7-008E-46B4-9534-4C1876AF468E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CDC2826D-825A-4D1F-AD0C-83DB32AFB56C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{77AF9374-D789-4591-8109-D1B9A086FB2D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F63C608C-151F-462D-8A7F-4867D720FF37}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2DBE5F28-39DA-4AB7-98ED-AB34FD6CBAFC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{ACC28983-5F94-4FD0-8247-63AE689E206A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{308D8C19-F183-46FE-9E52-8C47ABA87EFE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

==================== Restore Points =========================

04-09-2017 15:53:40 Revo Uninstaller Pro's restore point - ExpressVPN
04-09-2017 15:53:52 ExpressVPN
06-09-2017 15:44:14 Windows Modules Installer
06-09-2017 19:56:02 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs Pty Ltd
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Viscosity Virtual Adapter V9.1 #2
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs Pty Ltd
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Ethernet Connection (2) I218-V
Description: Intel® Ethernet Connection (2) I218-V
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: e1iexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2017 04:48:06 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (09/07/2017 04:45:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vsserv.exe, version: 21.2.25.30, time stamp: 0x596dc30d
Faulting module name: ntdll.dll, version: 10.0.15063.447, time stamp: 0xa329d3a8
Exception code: 0xc000000d
Fault offset: 0x0000000000105a50
Faulting process id: 0x654
Faulting application start time: 0x01d327de4274c9e5
Faulting application path: C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 7f544ef2-42ca-48d8-b914-acb2b1f50a1f
Faulting package full name:
Faulting package-relative application ID:

Error: (09/07/2017 04:33:42 PM) (Source: MsiInstaller) (EventID: 11706) (User: TAMLYNPC)
Description: Product: ICA -- Error 1706.No valid source could be found for product ICA. The Windows Installer cannot continue.

Error: (09/07/2017 04:33:41 PM) (Source: MsiInstaller) (EventID: 11706) (User: TAMLYNPC)
Description: Product: Contents64 -- Error 1706.No valid source could be found for product Contents64. The Windows Installer cannot continue.

Error: (09/07/2017 04:33:40 PM) (Source: MsiInstaller) (EventID: 11706) (User: TAMLYNPC)
Description: Product: IPM_VS_Pro64 -- Error 1706.No valid source could be found for product IPM_VS_Pro64. The Windows Installer cannot continue.

Error: (09/07/2017 04:33:40 PM) (Source: MsiInstaller) (EventID: 11706) (User: TAMLYNPC)
Description: Product: Share64 -- Error 1706.No valid source could be found for product Share64. The Windows Installer cannot continue.

Error: (09/07/2017 04:33:40 PM) (Source: MsiInstaller) (EventID: 11706) (User: TAMLYNPC)
Description: Product: VSUltimate64 -- Error 1706.No valid source could be found for product VSUltimate64. The Windows Installer cannot continue.

Error: (09/07/2017 04:33:39 PM) (Source: MsiInstaller) (EventID: 11706) (User: TAMLYNPC)
Description: Product: VSClassic64 -- Error 1706.No valid source could be found for product VSClassic64. The Windows Installer cannot continue.

Error: (09/07/2017 04:33:39 PM) (Source: MsiInstaller) (EventID: 11706) (User: TAMLYNPC)
Description: Product: Setup -- Error 1706.No valid source could be found for product Setup. The Windows Installer cannot continue.

Error: (09/07/2017 04:33:39 PM) (Source: MsiInstaller) (EventID: 11706) (User: TAMLYNPC)
Description: Product: Setup -- Error 1706.No valid source could be found for product Setup. The Windows Installer cannot continue.


System errors:
=============
Error: (09/07/2017 04:45:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Fitbit Connect service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/07/2017 04:45:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (09/07/2017 04:45:18 PM) (Source: DCOM) (EventID: 10010) (User: TAMLYNPC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (09/07/2017 04:45:18 PM) (Source: DCOM) (EventID: 10010) (User: TAMLYNPC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (09/07/2017 04:45:17 PM) (Source: DCOM) (EventID: 10010) (User: TAMLYNPC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (09/07/2017 08:36:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Fitbit Connect service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/07/2017 08:36:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Fitbit Connect service to connect.

Error: (09/07/2017 08:36:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (09/07/2017 08:35:22 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800} did not register with DCOM within the required timeout.

Error: (09/07/2017 08:35:22 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
Date: 2017-09-07 16:45:59.244
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-07 08:36:12.689
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-06 23:31:08.149
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-06 19:52:04.761
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-06 18:35:01.030
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-06 16:24:13.940
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-06 16:10:37.025
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-06 16:05:05.201
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-06 15:46:18.954
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-04 22:57:22.118
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 22%
Total physical RAM: 16334.72 MB
Available physical RAM: 12670.55 MB
Total Virtual: 18766.72 MB
Available Virtual: 14869.5 MB

==================== Drives ================================

Drive c: (Tamlyn Prime) (Fixed) (Total:110.83 GB) (Free:27.35 GB) NTFS
Drive d: (Tamlyn One) (Fixed) (Total:931.51 GB) (Free:147.13 GB) NTFS
Drive e: (Tamlyn Two) (Fixed) (Total:1862.89 GB) (Free:320.07 GB) NTFS
Drive f: (Tamlyn Three) (Fixed) (Total:2794.39 GB) (Free:326.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: DBE32795)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 822F860A)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 10 September 2017 - 09:16 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:10 AM

Posted 10 September 2017 - 09:14 PM

Greetings Oblianthe and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office Professional Plus 2013 and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Edited by Oh My!, 10 September 2017 - 10:05 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:10 AM

Posted 13 September 2017 - 02:09 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:10 AM

Posted 15 September 2017 - 09:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users