Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer seems full of Adware/malware that just isn't getting removed


  • Please log in to reply
5 replies to this topic

#1 MrMysterious

MrMysterious

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 14 September 2017 - 06:40 PM

Here are the scans. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2017 01

Ran by Darren (administrator) on ISADORA-PC (14-09-2017 19:27:21)
Running from C:\Users\Darren\Downloads
Loaded Profiles: Darren (Available Profiles: Darren & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\WINDOWS\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
() C:\WINDOWS\System32\igfxTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\WINDOWS\System32\InstallAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Darren\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\drivers\x64\3\E_YATIKEE.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\drivers\x64\3\E_YATIKEE.EXE
(Valve Corporation) C:\Users\Darren\Desktop\STEAM2\Steam.exe
(Mega Limited) C:\Users\Darren\AppData\Local\MEGAsync\MEGAsync.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Valve Corporation) C:\Users\Darren\Desktop\STEAM2\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Users\Darren\Desktop\STEAM2\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [410616 2017-05-08] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650496 2016-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863488 2016-01-19] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-2774349606-4089644693-515735580-1003\...\Run: [Spotify Web Helper] => C:\Users\Darren\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-03-18] (Spotify Ltd)
HKU\S-1-5-21-2774349606-4089644693-515735580-1003\...\Run: [Spotify] => C:\Users\Darren\AppData\Roaming\Spotify\Spotify.exe [6805616 2016-03-18] (Spotify Ltd)
HKU\S-1-5-21-2774349606-4089644693-515735580-1003\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [953880 2016-04-12] (BlueStack Systems, Inc.)
HKU\S-1-5-21-2774349606-4089644693-515735580-1003\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKEE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2774349606-4089644693-515735580-1003\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKEE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2774349606-4089644693-515735580-1003\...\Run: [Steam] => C:\Users\Darren\Desktop\STEAM2\steam.exe [3071776 2017-09-07] (Valve Corporation)
HKU\S-1-5-21-2774349606-4089644693-515735580-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9855192 2017-09-07] (Piriform Ltd)
HKU\S-1-5-21-2774349606-4089644693-515735580-1003\...\MountPoints2: {cebda088-0529-11e5-85a8-90489aabe69e} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2774349606-4089644693-515735580-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-07-09] (Microsoft Corporation)
Startup: C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-06-19]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Darren\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{33c2fa82-d4ad-4fd6-914c-ad53ceefc6f8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d8f12814-4316-47a9-a8cc-dc84dea70678}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2774349606-4089644693-515735580-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
HKU\S-1-5-21-2774349606-4089644693-515735580-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-2774349606-4089644693-515735580-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-19] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-21] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-03] (Qualcomm®Atheros®)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-21] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-12-19] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-21] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-21] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-19] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-12-19] (AO Kaspersky Lab)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\4ic3b0px.default [2017-09-14]
FF ProfilePath: c:\programdata\kaspersky lab\safebrowser\pure\s-1-5-21-2774349606-4089644693-515735580-1003\firefox [2017-09-08]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-08-29]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-08-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2774349606-4089644693-515735580-1003: @citrixonline.com/appdetectorplugin -> C:\Users\Darren\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-03-08] (Citrix Online)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default [2017-09-14]
CHR Extension: (BetterTTV) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-06-09]
CHR Extension: (Google Drive) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-05]
CHR Extension: (YouTube) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-05]
CHR Extension: (Adblock Plus) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-21]
CHR Extension: (Google Search) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-05]
CHR Extension: (Kaspersky Protection) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-02-07]
CHR Extension: (Kaspersky Password Manager) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebpdbfmpedcnopofelmhndhincfkhki [2016-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28]
CHR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2017-08-07]
CHR Extension: (Gmail) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-05]
CHR Extension: (Chrome Media Router) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-07]
CHR Profile: C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-09-14]
CHR Profile: C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-09-14]
CHR Extension: (Google Slides) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-03]
CHR Extension: (Google Docs) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-03]
CHR Extension: (Google Drive) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-03]
CHR Extension: (YouTube) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-03]
CHR Extension: (Bing) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-07-03]
CHR Extension: (Google Sheets) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-03]
CHR Extension: (Kaspersky Password Manager) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gebpdbfmpedcnopofelmhndhincfkhki [2016-07-03]
CHR Extension: (Google Docs Offline) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-03]
CHR Extension: (Kaspersky Protection) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-03]
CHR Extension: (Gmail) - C:\Users\Darren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-03]
CHR Profile: C:\Users\Darren\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-14]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-2774349606-4089644693-515735580-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2774349606-4089644693-515735580-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gebpdbfmpedcnopofelmhndhincfkhki] - hxxps://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-12] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-12] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [433688 2016-04-12] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-12] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-08-30] (EasyAntiCheat Ltd)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-09-09] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-05-08] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-03] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros Communications, Inc.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-04-12] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack System Inc. )
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-03-25] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197312 2017-08-29] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [520152 2017-08-29] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [186696 2017-09-14] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1021624 2017-08-29] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-19] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-04-27] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-03-14] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-04-27] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-04-27] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-04-27] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-03-15] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199640 2017-08-29] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-10] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-14] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-14] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-14] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-14] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2016-12-20] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-03-25] (Samsung Electronics Co., Ltd.)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-14 19:27 - 2017-09-14 19:28 - 000029846 _____ C:\Users\Darren\Downloads\FRST.txt
2017-09-14 19:27 - 2017-09-14 19:27 - 000000000 ____D C:\FRST
2017-09-14 19:26 - 2017-09-14 19:26 - 002398208 _____ (Farbar) C:\Users\Darren\Downloads\FRST64.exe
2017-09-14 19:24 - 2017-09-14 19:24 - 000016148 _____ C:\WINDOWS\system32\ISADORA-PC_Darren_HistoryPrediction.bin
2017-09-14 16:01 - 2017-09-14 16:01 - 000002862 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-09-14 16:01 - 2017-09-14 16:01 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-14 16:01 - 2017-09-14 16:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-14 16:01 - 2017-09-14 16:01 - 000000000 ____D C:\Program Files\CCleaner
2017-09-14 16:00 - 2017-09-14 16:00 - 009827184 _____ (Piriform Ltd) C:\Users\Darren\Downloads\ccsetup534pro.exe
2017-09-14 16:00 - 2017-09-14 16:00 - 009827184 _____ (Piriform Ltd) C:\Users\Darren\Downloads\ccsetup534pro (1).exe
2017-09-14 07:20 - 2017-09-14 15:39 - 000000000 ____D C:\Users\Darren\Desktop\mbar
2017-09-14 07:20 - 2017-09-14 15:39 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-14 07:20 - 2017-09-14 07:20 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4242D19B.sys
2017-09-14 07:19 - 2017-09-14 07:19 - 013290179 _____ C:\Users\Darren\Downloads\mbar-1.10.1.1002-nr (2).exe
2017-09-14 07:19 - 2017-09-14 07:19 - 013290179 _____ C:\Users\Darren\Downloads\mbar-1.10.1.1002-nr (1).exe
2017-09-14 07:18 - 2017-09-14 07:18 - 013290179 _____ C:\Users\Darren\Downloads\mbar-1.10.1.1002-nr.exe
2017-09-12 19:55 - 2017-09-14 01:24 - 000000000 ____D C:\Users\Darren\AppData\Local\ESET
2017-09-12 19:55 - 2017-09-12 19:55 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Darren\Downloads\esetonlinescanner_enu.exe
2017-09-12 19:45 - 2017-09-12 19:45 - 008182736 _____ (Malwarebytes) C:\Users\Darren\Downloads\AdwCleaner.exe
2017-09-12 17:16 - 2017-09-12 17:16 - 000000085 _____ C:\WINDOWS\wininit.ini
2017-09-12 17:16 - 2017-09-12 17:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-09-12 17:14 - 2017-09-12 17:14 - 048750920 _____ C:\Users\Darren\Downloads\BDPUARLauncher.exe
2017-09-12 16:42 - 2017-09-12 17:16 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-09-12 16:40 - 2017-09-12 16:41 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Darren\Downloads\spybotsd-2.6.46.exe
2017-09-12 16:29 - 2017-09-12 16:29 - 000000705 _____ C:\Users\Darren\Desktop\JRT.txt
2017-09-12 16:24 - 2017-09-12 16:25 - 001790024 _____ (Malwarebytes) C:\Users\Darren\Downloads\JRT.exe
2017-09-12 15:55 - 2017-09-13 07:14 - 000000000 ____D C:\AdwCleaner
2017-09-12 15:54 - 2017-09-12 15:54 - 008182736 _____ (Malwarebytes) C:\Users\Darren\Downloads\adwcleaner_7.0.2.1.exe
2017-09-10 08:56 - 2017-09-14 17:01 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-10 08:56 - 2017-09-14 15:50 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-10 08:56 - 2017-09-14 15:50 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-10 08:56 - 2017-09-14 15:50 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-10 08:56 - 2017-09-14 07:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-10 08:56 - 2017-09-10 08:56 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-10 08:56 - 2017-09-10 08:56 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-10 08:56 - 2017-09-10 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-10 08:56 - 2017-09-10 08:56 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-10 08:56 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-10 08:55 - 2017-09-10 08:56 - 066347240 _____ (Malwarebytes ) C:\Users\Darren\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-09-10 02:44 - 2017-09-10 15:22 - 000000000 ___HD C:\$WINDOWS.~BT
2017-09-10 02:17 - 2017-09-10 02:17 - 000000811 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-09-10 02:17 - 2017-09-10 02:17 - 000000799 _____ C:\Users\Darren\Desktop\Windows 10 Update Assistant.lnk
2017-09-10 00:08 - 2017-07-06 04:58 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-10 00:08 - 2017-07-06 04:57 - 002244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-10 00:08 - 2017-06-17 03:13 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-10 00:03 - 2017-09-12 19:56 - 000000000 ____D C:\Program Files\rempl
2017-09-10 00:03 - 2017-09-10 00:03 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2017-09-09 23:47 - 2017-06-03 09:03 - 022327272 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-09 23:47 - 2017-06-03 08:15 - 020862488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-09 23:47 - 2017-06-03 07:15 - 003793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-09-09 23:47 - 2017-06-03 06:56 - 024588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-09 23:47 - 2017-06-03 06:47 - 006791680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-09 23:47 - 2017-06-03 06:41 - 002839040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2017-09-09 23:47 - 2017-06-03 06:33 - 019331072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-09 23:47 - 2017-06-03 06:27 - 005163520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-09 23:47 - 2017-06-03 06:05 - 003523072 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-09-09 23:47 - 2017-06-03 06:04 - 002402816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-09-09 23:47 - 2017-06-03 06:04 - 001671680 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-09-09 23:47 - 2017-06-03 06:02 - 002559488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-09-09 23:47 - 2017-06-03 05:57 - 002746368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-09-09 23:47 - 2017-06-03 05:56 - 001981952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-09-09 23:47 - 2017-06-03 05:54 - 001964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-09-09 23:47 - 2017-06-03 05:51 - 021857792 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-09 23:47 - 2017-06-03 05:42 - 007509504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-09 23:47 - 2017-06-03 05:40 - 007502848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-09 23:47 - 2017-06-03 05:40 - 005456384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-09 23:47 - 2017-06-03 05:38 - 018798592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-09 23:47 - 2017-06-03 05:37 - 006713856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-09 23:46 - 2017-06-03 09:44 - 002463704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-09 23:46 - 2017-06-03 09:44 - 000605472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-09-09 23:46 - 2017-06-03 09:44 - 000123744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-09-09 23:46 - 2017-06-03 09:43 - 003467784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-09-09 23:46 - 2017-06-03 09:43 - 000652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-09-09 23:46 - 2017-06-03 09:42 - 001538176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-09 23:46 - 2017-06-03 09:41 - 008011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-09 23:46 - 2017-06-03 09:41 - 000552288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-09-09 23:46 - 2017-06-03 09:40 - 002816024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2017-09-09 23:46 - 2017-06-03 09:39 - 002495776 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-09 23:46 - 2017-06-03 09:37 - 000335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-09-09 23:46 - 2017-06-03 09:36 - 002156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-09-09 23:46 - 2017-06-03 09:35 - 000388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-09 23:46 - 2017-06-03 09:34 - 001979744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-09 23:46 - 2017-06-03 09:33 - 000807832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-09 23:46 - 2017-06-03 09:32 - 001584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-09-09 23:46 - 2017-06-03 09:29 - 000243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-09 23:46 - 2017-06-03 09:04 - 000801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-09 23:46 - 2017-06-03 09:03 - 000252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-09-09 23:46 - 2017-06-03 09:02 - 000724168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-09 23:46 - 2017-06-03 09:01 - 006525424 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-09-09 23:46 - 2017-06-03 09:00 - 001134800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-09-09 23:46 - 2017-06-03 09:00 - 000658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-09 23:46 - 2017-06-03 08:58 - 001361448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-09-09 23:46 - 2017-06-03 08:57 - 002153296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-09 23:46 - 2017-06-03 08:54 - 000439648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-09-09 23:46 - 2017-06-03 08:52 - 001766488 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-09 23:46 - 2017-06-03 08:51 - 000264968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2017-09-09 23:46 - 2017-06-03 08:50 - 001895576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2017-09-09 23:46 - 2017-06-03 08:43 - 001813408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-09 23:46 - 2017-06-03 08:37 - 000224712 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-09-09 23:46 - 2017-06-03 08:35 - 000613120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-09 23:46 - 2017-06-03 08:35 - 000379224 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-09-09 23:46 - 2017-06-03 08:21 - 000116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-09-09 23:46 - 2017-06-03 08:19 - 000984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-09-09 23:46 - 2017-06-03 08:16 - 000700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-09 23:46 - 2017-06-03 08:14 - 000565656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-09 23:46 - 2017-06-03 07:53 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-09-09 23:46 - 2017-06-03 07:52 - 000316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-09-09 23:46 - 2017-06-03 07:51 - 000545400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-09 23:46 - 2017-06-03 07:47 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-09-09 23:46 - 2017-06-03 07:44 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-09-09 23:46 - 2017-06-03 07:36 - 000901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-09-09 23:46 - 2017-06-03 07:31 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-09-09 23:46 - 2017-06-03 07:28 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2017-09-09 23:46 - 2017-06-03 07:24 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-09-09 23:46 - 2017-06-03 07:23 - 002446336 _____ C:\WINDOWS\system32\InputService.dll
2017-09-09 23:46 - 2017-06-03 07:23 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2017-09-09 23:46 - 2017-06-03 07:23 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-09 23:46 - 2017-06-03 07:22 - 000995840 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-09-09 23:46 - 2017-06-03 07:21 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-09-09 23:46 - 2017-06-03 07:18 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-09 23:46 - 2017-06-03 07:17 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-09-09 23:46 - 2017-06-03 07:17 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-09-09 23:46 - 2017-06-03 07:16 - 001123840 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-09-09 23:46 - 2017-06-03 07:16 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-09-09 23:46 - 2017-06-03 07:12 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-09-09 23:46 - 2017-06-03 07:11 - 004847616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-09 23:46 - 2017-06-03 07:09 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-09-09 23:46 - 2017-06-03 07:07 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-09-09 23:46 - 2017-06-03 07:07 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\provcore.dll
2017-09-09 23:46 - 2017-06-03 07:03 - 002418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-09-09 23:46 - 2017-06-03 07:03 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2017-09-09 23:46 - 2017-06-03 07:03 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2017-09-09 23:46 - 2017-06-03 07:03 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2017-09-09 23:46 - 2017-06-03 07:03 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2017-09-09 23:46 - 2017-06-03 07:02 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-09-09 23:46 - 2017-06-03 07:02 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassvcs.dll
2017-09-09 23:46 - 2017-06-03 07:00 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-09-09 23:46 - 2017-06-03 06:55 - 002599424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-09-09 23:46 - 2017-06-03 06:55 - 001823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2017-09-09 23:46 - 2017-06-03 06:55 - 000420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-09-09 23:46 - 2017-06-03 06:54 - 000451584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2017-09-09 23:46 - 2017-06-03 06:53 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-09-09 23:46 - 2017-06-03 06:50 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-09 23:46 - 2017-06-03 06:49 - 000846848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-09-09 23:46 - 2017-06-03 06:49 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-09-09 23:46 - 2017-06-03 06:49 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-09-09 23:46 - 2017-06-03 06:48 - 000806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-09-09 23:46 - 2017-06-03 06:47 - 012519424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-09 23:46 - 2017-06-03 06:44 - 003873280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-09 23:46 - 2017-06-03 06:44 - 001686528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-09 23:46 - 2017-06-03 06:43 - 001602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-09 23:46 - 2017-06-03 06:43 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-09-09 23:46 - 2017-06-03 06:42 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-09 23:46 - 2017-06-03 06:41 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-09-09 23:46 - 2017-06-03 06:41 - 000584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\provcore.dll
2017-09-09 23:46 - 2017-06-03 06:40 - 002253824 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2017-09-09 23:46 - 2017-06-03 06:39 - 000799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2017-09-09 23:46 - 2017-06-03 06:39 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2017-09-09 23:46 - 2017-06-03 06:39 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2017-09-09 23:46 - 2017-06-03 06:38 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-09-09 23:46 - 2017-06-03 06:38 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2017-09-09 23:46 - 2017-06-03 06:38 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2017-09-09 23:46 - 2017-06-03 06:36 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-09-09 23:46 - 2017-06-03 06:33 - 016708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-09 23:46 - 2017-06-03 06:33 - 005448704 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-09-09 23:46 - 2017-06-03 06:28 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-09-09 23:46 - 2017-06-03 06:24 - 007569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-09-09 23:46 - 2017-06-03 06:24 - 004398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-09-09 23:46 - 2017-06-03 06:24 - 001492992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-09 23:46 - 2017-06-03 06:23 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-09 23:46 - 2017-06-03 06:23 - 000501760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-09-09 23:46 - 2017-06-03 06:23 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-09 23:46 - 2017-06-03 06:22 - 002198016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2017-09-09 23:46 - 2017-06-03 06:22 - 000819712 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-09-09 23:46 - 2017-06-03 06:22 - 000679936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-09 23:46 - 2017-06-03 06:21 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-09-09 23:46 - 2017-06-03 06:20 - 001385472 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-09-09 23:46 - 2017-06-03 06:20 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-09-09 23:46 - 2017-06-03 06:18 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\certenc.dll
2017-09-09 23:46 - 2017-06-03 06:16 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-09 23:46 - 2017-06-03 06:15 - 001119744 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-09 23:46 - 2017-06-03 06:14 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-09-09 23:46 - 2017-06-03 06:14 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-09-09 23:46 - 2017-06-03 06:13 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2017-09-09 23:46 - 2017-06-03 06:11 - 007055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-09-09 23:46 - 2017-06-03 06:09 - 006101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-09-09 23:46 - 2017-06-03 06:09 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-09-09 23:46 - 2017-06-03 06:09 - 000617472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-09-09 23:46 - 2017-06-03 06:09 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-09-09 23:46 - 2017-06-03 06:08 - 004453888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-09 23:46 - 2017-06-03 06:08 - 001140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-09-09 23:46 - 2017-06-03 06:08 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-09-09 23:46 - 2017-06-03 06:06 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certenc.dll
2017-09-09 23:46 - 2017-06-03 06:05 - 000045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-09-09 23:46 - 2017-06-03 06:04 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-09-09 23:46 - 2017-06-03 06:04 - 000832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-09-09 23:46 - 2017-06-03 06:04 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-09-09 23:46 - 2017-06-03 06:03 - 003581952 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-09 23:46 - 2017-06-03 06:03 - 001382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-09 23:46 - 2017-06-03 06:03 - 000584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-09 23:46 - 2017-06-03 06:02 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-09 23:46 - 2017-06-03 06:01 - 000902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-09-09 23:46 - 2017-06-03 06:00 - 005079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-09-09 23:46 - 2017-06-03 05:59 - 003692032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-09 23:46 - 2017-06-03 05:56 - 003443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-09-09 23:46 - 2017-06-03 05:56 - 000037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-09-09 23:46 - 2017-06-03 05:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-09 23:46 - 2017-06-03 05:55 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-09-09 23:46 - 2017-06-03 05:54 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmiEngine.dll
2017-09-09 23:46 - 2017-06-03 05:54 - 000584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-09 23:46 - 2017-06-03 05:54 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-09 23:46 - 2017-06-03 05:53 - 000712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-09-09 23:46 - 2017-06-03 05:51 - 001844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-09-09 23:46 - 2017-06-03 05:51 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll
2017-09-09 23:46 - 2017-06-03 05:51 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2017-09-09 23:46 - 2017-06-03 05:50 - 001061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-09-09 23:46 - 2017-06-03 05:49 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-09 23:46 - 2017-06-03 05:49 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-09-09 23:46 - 2017-06-03 05:46 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsku.dll
2017-09-09 23:46 - 2017-06-03 05:42 - 003581440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-09 23:46 - 2017-06-03 05:41 - 004785152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-09 23:46 - 2017-06-03 05:41 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-09-09 23:46 - 2017-06-03 05:41 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-09-09 23:46 - 2017-06-03 05:40 - 011277312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-09 23:46 - 2017-06-03 05:38 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2017-09-09 23:46 - 2017-06-03 05:35 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2017-09-09 23:46 - 2017-06-03 05:31 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgcore.dll
2017-09-09 23:46 - 2017-06-03 05:29 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgcore.dll
2017-09-09 23:46 - 2017-06-03 05:17 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-09 23:46 - 2017-06-03 02:49 - 000448576 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-09-09 23:45 - 2017-06-30 05:45 - 001571520 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-09-09 23:45 - 2017-06-30 05:45 - 001221824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-09-09 23:45 - 2017-06-30 05:45 - 000636096 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-09-09 23:45 - 2017-06-30 05:45 - 000551104 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-09-09 23:45 - 2017-06-30 05:45 - 000341184 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-09-09 23:45 - 2017-06-30 05:45 - 000143040 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-09-09 23:45 - 2017-06-30 05:45 - 000103616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-09-09 23:45 - 2017-06-30 05:45 - 000041664 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-09-09 23:45 - 2017-06-30 03:34 - 000335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-09-09 23:45 - 2017-06-30 03:34 - 000225632 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-09-09 23:25 - 2017-09-09 23:25 - 000001964 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-09-09 23:25 - 2017-09-09 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-09-09 23:25 - 2017-09-09 23:25 - 000000000 ____D C:\Program Files\HitmanPro
2017-09-09 23:24 - 2017-09-09 23:24 - 010177968 _____ (SurfRight B.V.) C:\Users\Darren\Downloads\Unconfirmed 72408.crdownload
2017-09-09 23:13 - 2017-09-09 23:13 - 000000324 _____ C:\WINDOWS\system32\.crusader
2017-09-09 22:56 - 2017-09-09 23:17 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-09 22:55 - 2017-09-09 22:56 - 011584088 _____ (SurfRight B.V.) C:\Users\Darren\Downloads\hitmanpro_x64.exe
2017-09-03 13:02 - 2017-09-12 20:11 - 000000000 ____D C:\Users\Darren\Documents\My Kindle Content
2017-09-03 13:02 - 2017-09-03 13:02 - 054303648 _____ (Amazon.com) C:\Users\Darren\Downloads\KindleForPC-installer-1.20.47037.exe
2017-09-03 13:02 - 2017-09-03 13:02 - 000002341 _____ C:\Users\Darren\Desktop\Kindle.lnk
2017-09-03 13:02 - 2017-09-03 13:02 - 000000000 ____D C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2017-09-03 13:02 - 2017-09-03 13:02 - 000000000 ____D C:\Users\Darren\AppData\Local\Amazon
2017-08-31 14:57 - 2017-08-31 14:57 - 000811576 _____ (Roblox Corporation) C:\Users\Darren\Downloads\RobloxPlayerLauncher (9).exe
2017-08-30 10:49 - 2017-08-30 10:49 - 000001852 _____ C:\Users\Darren\Desktop\EXCEL.EXE - Shortcut.lnk
2017-08-29 22:50 - 2017-09-14 16:07 - 000003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-08-29 22:37 - 2017-08-29 22:37 - 000000000 ____D C:\Users\Darren\AppData\Roaming\Python
2017-08-25 13:48 - 2017-08-25 13:48 - 000026330 _____ C:\Users\Darren\Desktop\New Coop Policy.pdf
2017-08-20 21:45 - 2017-08-20 21:45 - 000001526 _____ C:\Users\Darren\Downloads\original_msg.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-14 19:25 - 2015-01-25 08:24 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-09-14 19:16 - 2016-06-01 19:16 - 000000941 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {0F153DAF-F7F3-4F0A-8456-BC9C96D8F70F}.job
2017-09-14 19:16 - 2016-06-01 19:16 - 000000755 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {0F153DAF-F7F3-4F0A-8456-BC9C96D8F70F}.job
2017-09-14 19:10 - 2015-12-04 14:10 - 000000941 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Update {11EE6634-4614-41DC-8BE4-F969FAF816A8}.job
2017-09-14 19:10 - 2015-12-04 14:10 - 000000755 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {11EE6634-4614-41DC-8BE4-F969FAF816A8}.job
2017-09-14 18:49 - 2016-09-18 15:49 - 000000941 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {A8FD919E-569E-4F3C-9078-EE33A08CF325}.job
2017-09-14 18:49 - 2016-09-18 15:49 - 000000755 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {A8FD919E-569E-4F3C-9078-EE33A08CF325}.job
2017-09-14 16:39 - 2015-11-20 00:50 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-14 16:39 - 2015-07-30 18:40 - 000000000 ____D C:\WINDOWS\INF
2017-09-14 16:32 - 2015-07-30 18:42 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-14 16:31 - 2015-07-30 18:42 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-14 16:14 - 2015-07-30 18:42 - 000000000 ____D C:\WINDOWS\ModemLogs
2017-09-14 16:00 - 2016-03-10 21:25 - 000000000 ____D C:\Users\Darren\AppData\Roaming\Spotify
2017-09-14 15:57 - 2015-12-07 19:25 - 000000000 ____D C:\Users\Darren\AppData\Local\Adobe
2017-09-14 15:56 - 2017-06-23 16:11 - 000000000 ____D C:\Users\Darren\Desktop\STEAM2
2017-09-14 15:55 - 2016-03-10 21:26 - 000000000 ____D C:\Users\Darren\AppData\Local\Spotify
2017-09-14 15:54 - 2015-12-04 23:08 - 000000000 __SHD C:\Users\Darren\IntelGraphicsProfiles
2017-09-14 15:54 - 2015-11-19 21:56 - 001007478 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-14 15:53 - 2015-11-19 21:54 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-14 15:49 - 2015-07-30 17:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-14 15:49 - 2015-07-10 05:05 - 001310720 ___SH C:\WINDOWS\system32\config\BBI
2017-09-13 01:09 - 2015-07-30 18:42 - 000000000 ____D C:\WINDOWS\rescache
2017-09-13 00:53 - 2015-12-04 23:08 - 000000000 ____D C:\Users\Darren
2017-09-12 16:34 - 2016-11-22 11:43 - 000000000 ____D C:\Users\Darren\AppData\Local\Citrix
2017-09-12 16:28 - 2015-02-01 16:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 16:24 - 2015-02-01 16:31 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-12 15:55 - 2016-11-20 11:29 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-09-12 15:55 - 2016-11-20 11:29 - 000001218 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-09-12 15:55 - 2016-11-20 11:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-12 15:55 - 2016-11-20 11:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-12 15:54 - 2015-12-04 23:08 - 000000000 ____D C:\Users\Darren\AppData\Roaming\Adobe
2017-09-10 18:44 - 2015-07-30 18:25 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-10 10:59 - 2016-05-13 21:54 - 000000000 ____D C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2017-09-10 10:59 - 2016-05-13 21:54 - 000000000 ____D C:\Program Files (x86)\Nexon
2017-09-10 10:58 - 2015-12-04 23:08 - 000000000 ____D C:\Users\Darren\AppData\Local\Google
2017-09-10 10:03 - 2015-12-04 23:08 - 000000000 ____D C:\Users\Darren\AppData\Local\Packages
2017-09-10 08:40 - 2015-09-10 01:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-10 04:53 - 2015-07-30 18:42 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-09-10 04:53 - 2015-07-30 18:42 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-09-10 04:53 - 2015-07-30 18:42 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-09-10 04:53 - 2015-07-30 18:42 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-09-10 04:53 - 2015-07-30 18:42 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-10 04:53 - 2015-07-30 18:42 - 000000000 ____D C:\Program Files\Windows Defender
2017-09-10 04:53 - 2015-07-30 18:42 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-10 04:53 - 2015-07-30 18:42 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-10 04:53 - 2015-07-10 05:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-09-10 04:53 - 2015-07-10 05:47 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-09-10 04:20 - 2015-11-19 21:30 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-09-10 04:20 - 2015-11-19 21:30 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-09-10 04:18 - 2015-07-10 05:05 - 000032768 ___SH C:\WINDOWS\system32\config\ELAM
2017-09-10 04:14 - 2015-07-30 18:42 - 000000000 ____D C:\WINDOWS\Registration
2017-09-10 02:41 - 2016-06-30 22:30 - 000000036 _____ C:\WINDOWS\progress.ini
2017-09-10 02:37 - 2016-06-30 22:18 - 000000000 ___HD C:\$GetCurrent
2017-09-10 02:36 - 2016-06-30 22:17 - 000000000 ____D C:\Windows10Upgrade
2017-09-09 23:13 - 2016-04-23 13:19 - 000000000 ____D C:\Users\Darren\AppData\Local\Battle.net
2017-09-05 20:09 - 2017-07-24 20:09 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2774349606-4089644693-515735580-1003
2017-09-05 20:09 - 2015-12-04 23:09 - 000002410 _____ C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-05 20:09 - 2015-12-04 23:09 - 000000000 ___RD C:\Users\Darren\OneDrive
2017-09-05 10:51 - 2016-04-23 13:18 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-09-04 11:54 - 2017-02-12 13:25 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-09-04 11:30 - 2016-04-23 13:22 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-08-31 14:58 - 2016-05-08 16:13 - 000000000 ____D C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-08-31 11:27 - 2015-11-30 18:44 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 22:50 - 2016-12-19 23:00 - 000000000 ____D C:\Program Files\Common Files\AV
2017-08-29 22:46 - 2016-05-13 17:38 - 001021624 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2017-08-29 22:46 - 2016-05-13 17:38 - 000197312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2017-08-29 22:46 - 2015-06-23 18:30 - 000199640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kneps.sys
2017-08-29 22:41 - 2016-05-13 17:38 - 000520152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
 
==================== Files in the root of some directories =======
 
2016-12-19 22:57 - 2016-12-19 22:57 - 000000036 _____ () C:\Users\Darren\AppData\Local\housecall.guid.cache
2015-11-19 21:54 - 2015-11-19 21:54 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-10 01:42
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-09-2017 01
Ran by Darren (14-09-2017 19:29:39)
Running from C:\Users\Darren\Downloads
Windows 10 Home (X64) (2015-11-20 02:08:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2774349606-4089644693-515735580-500 - Administrator - Disabled)
Darren (S-1-5-21-2774349606-4089644693-515735580-1003 - Administrator - Enabled) => C:\Users\Darren
DefaultAccount (S-1-5-21-2774349606-4089644693-515735580-503 - Limited - Disabled)
Guest (S-1-5-21-2774349606-4089644693-515735580-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2774349606-4089644693-515735580-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Animate CC 2017 (HKLM-x32\...\FLPR_16_0_1) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.1.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.1.1.202 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-2774349606-4089644693-515735580-1003\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Antares Auto-Tune 8.1 VST (32-bit) (HKLM-x32\...\{3018AF8B-91E5-409D-8305-6E1273761C8E}) (Version: 8.01.0006 - Antares Audio Technologies)
Antares Auto-Tune 8.1 VST (64+32-bit) (HKLM\...\{99D3B6D7-C338-4A7A-87D8-E6C0FFD7082E}) (Version: 8.01.0006 - Antares Audio Technologies)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\{2A19A03A-A339-4697-99A4-EBA3D035D41A}) (Version: 2.2.19.6015 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.34 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
EarthBound Patcher (HKU\S-1-5-21-2774349606-4089644693-515735580-1003\...\EarthBound Patcher) (Version: 01.00.00.00 - Lyros)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.63.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-3620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3620 User’s Guide_is1) (Version: 1.0 - )
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-410 User's Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-410 User's Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Password Manager (HKLM-x32\...\{F46A1003-7E9A-418C-8149-C6AF1EAF6B89}) (Version: 8.0.4.394 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{F46A1003-7E9A-418C-8149-C6AF1EAF6B89}) (Version: 8.0.4.394 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
KB4023057 (HKLM\...\{ED06689A-33B7-4D35-8F76-36A82CD03406}) (Version: 2.3.0.0 - Microsoft Corporation)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2774349606-4089644693-515735580-1003\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{2E49A8FE-A45E-480B-8B17-9FFE34064B18}) (Version: 2.35.0 - The Pokémon Company International)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Roblox Player for Darren (HKU\S-1-5-21-2774349606-4089644693-515735580-1003\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2774349606-4089644693-515735580-1003\...\Spotify) (Version: 1.0.25.127.g58007b4c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version:  - Nicalis, Inc.)
UpdateAssistant (HKLM-x32\...\{61B90E2F-2DD9-4581-8856-C2441B61571A}) (Version: 1.7.0.0 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Filmora(Build 8.2.3) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2774349606-4089644693-515735580-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0F952CA57E2B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2774349606-4089644693-515735580-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  -> No File
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Darren\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-03-15] (AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-03-15] (AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Darren\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-03-15] (AO Kaspersky Lab)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-05-08] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-03-15] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {05C70527-3695-4B06-8925-D42ACE9E283D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-08] (Microsoft Corporation)
Task: {0DF2BDCC-E099-4FD3-AED8-7DEED2826590} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {13DB2027-42C0-4B7F-8DA7-543F95154F81} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {200D1BFD-5FA4-4AEE-A920-9296AF7E06A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-08] (Microsoft Corporation)
Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {33EECEB9-ABCD-4320-922F-06C282F7DFC6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3FFA14F3-5C1D-42AE-BAB3-F1AE4141050A} - System32\Tasks\{54DE26B2-083C-489A-8965-E9FDFE0F2042} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsProgressBar
Task: {402C4CDE-B6FB-4F33-B8F6-CC98A229D324} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {41C440AE-BAD3-4025-A69D-8D7DCF0F7993} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {49691C2C-6912-45AC-94F4-92635E0EA681} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-07] (Piriform Ltd)
Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4DC439E5-D655-4EFC-998B-FCEB76A43010} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe [2017-08-17] (Microsoft Corporation)
Task: {52F0BFE4-083E-4A4D-96B2-BB7544AED3B1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5AD59281-9D7A-4F7A-9A07-91B11F6B348F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5D896BEE-C995-45D3-85B9-C6DD3BE0682F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-08] (Microsoft Corporation)
Task: {5DC43877-A516-478F-8394-E11EE9FC7169} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {71D36755-4806-4603-9430-2E0A4B37738D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {73E498D6-83C8-441C-8534-264AD50E2D45} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {80A4951F-39F2-45AB-A2D2-ABC5207C8B77} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {832ED044-2A39-496C-84BC-B4DF71CACFA8} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe [2017-08-17] (Microsoft Corporation)
Task: {85093F84-7267-4186-932F-3CA51FA417B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {85CB3EE7-533D-43D3-A75E-D119E33FDCF4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [2017-06-26] (Microsoft Corporation)
Task: {87A8EA43-58E9-4477-8DA7-FDF4887CD76D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8CDBEFCC-7820-4552-8E4B-CA6AB93B3040} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {8E2FA908-6EC3-4ADF-82B1-D7A9623E1B46} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-sheinbergjoseph3@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {8F73F81E-1C2F-4608-9A28-3BE532D32762} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9238FA43-3AD1-49FC-80C7-A05408AB6809} - System32\Tasks\EPSON XP-410 Series Invitation {11EE6634-4614-41DC-8BE4-F969FAF816A8} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {973B0CCC-3847-4769-A40A-328C2ADF9F6C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [2017-06-26] (Microsoft Corporation)
Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AA355779-9CBF-46FB-A770-CD7145EDF77F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {AFB5420C-3FF7-443C-AA68-FAA62D616FD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C32DD738-2E55-48CD-BFB6-07E752CCAB2C} - System32\Tasks\EPSON WF-3620 Series Invitation {A8FD919E-569E-4F3C-9078-EE33A08CF325} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CCE8C6AD-E875-409E-921E-169FB74215C3} - System32\Tasks\EPSON WF-3620 Series Update {A8FD919E-569E-4F3C-9078-EE33A08CF325} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {CDD4FD68-5F82-420A-A0BC-251783DF9232} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D9E98301-ECF3-4B71-A7F6-6B3CE7CFD642} - System32\Tasks\EPSON XP-410 Series Update {11EE6634-4614-41DC-8BE4-F969FAF816A8} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {DCEF25B1-0880-4F51-92DA-95876ABDC823} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E04B7CB1-9B39-495D-A441-2A5966217F94} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {E3A3A060-FD64-44E8-B122-93AEC3D4FDBB} - System32\Tasks\EPSON WF-3620 Series Invitation {0F153DAF-F7F3-4F0A-8456-BC9C96D8F70F} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ED8E6325-2FAB-49BC-809B-30E39C7E3AD3} - System32\Tasks\EPSON WF-3620 Series Update {0F153DAF-F7F3-4F0A-8456-BC9C96D8F70F} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FC33DBE7-C910-4F1C-B383-007FD7E6ABC7} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {0F153DAF-F7F3-4F0A-8456-BC9C96D8F70F}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {A8FD919E-569E-4F3C-9078-EE33A08CF325}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {0F153DAF-F7F3-4F0A-8456-BC9C96D8F70F}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{0F153DAF-F7F3-4F0A-8456-BC9C96D8F70F} /F:UpdateWORKGROUP\ISADORA-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {A8FD919E-569E-4F3C-9078-EE33A08CF325}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{A8FD919E-569E-4F3C-9078-EE33A08CF325} /F:UpdateWORKGROUP\ISADORA-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {11EE6634-4614-41DC-8BE4-F969FAF816A8}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-410 Series Update {11EE6634-4614-41DC-8BE4-F969FAF816A8}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE:/EXE:{11EE6634-4614-41DC-8BE4-F969FAF816A8} /F:UpdateWORKGROUP\ISADORA-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Darren\Downloads\Geometry Dash.lnk -> C:\Program Files (x86)\GeometryDash\GeometryDash\Resources\addons\startup.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-10 01:08 - 2015-09-10 01:08 - 000032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2014-07-02 14:39 - 2011-09-26 17:27 - 000034304 _____ () C:\WINDOWS\System32\sdb2mlm.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 001337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-16 11:19 - 2016-10-25 03:15 - 000404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2017-09-10 08:56 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-09 23:46 - 2017-06-03 09:39 - 002495776 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-26 03:18 - 2017-05-26 03:18 - 000492112 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-17 07:17 - 2017-01-29 09:55 - 008930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-07-18 01:35 - 2017-05-08 18:29 - 000410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-11-20 00:48 - 2015-11-20 00:48 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-09 23:13 - 2015-07-09 23:13 - 000143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2017-05-10 02:31 - 2017-04-27 19:44 - 006569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-12-13 21:44 - 2016-11-19 02:06 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-10 02:31 - 2017-04-27 19:42 - 001808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-11-20 00:48 - 2015-11-20 00:48 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 23:13 - 2015-09-10 01:08 - 000210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2017-05-15 02:38 - 2017-05-15 02:38 - 034957896 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-04-07 03:41 - 2017-04-07 03:41 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-08-28 17:40 - 2017-08-23 04:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-28 17:40 - 2017-08-23 04:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2016-06-28 01:19 - 2016-06-28 01:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll
2014-07-02 13:23 - 2013-12-09 18:27 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-06-23 16:13 - 2017-08-04 17:19 - 000678176 _____ () C:\Users\Darren\Desktop\STEAM2\SDL2.dll
2017-06-23 16:13 - 2016-08-31 21:02 - 004969248 _____ () C:\Users\Darren\Desktop\STEAM2\v8.dll
2017-06-23 16:13 - 2017-09-07 00:51 - 002505504 _____ () C:\Users\Darren\Desktop\STEAM2\video.dll
2017-06-23 16:13 - 2016-01-27 03:49 - 002549760 _____ () C:\Users\Darren\Desktop\STEAM2\libavcodec-56.dll
2017-06-23 16:13 - 2016-01-27 03:49 - 000491008 _____ () C:\Users\Darren\Desktop\STEAM2\libavformat-56.dll
2017-06-23 16:13 - 2016-01-27 03:49 - 000332800 _____ () C:\Users\Darren\Desktop\STEAM2\libavresample-2.dll
2017-06-23 16:13 - 2016-01-27 03:49 - 000442880 _____ () C:\Users\Darren\Desktop\STEAM2\libavutil-54.dll
2017-06-23 16:13 - 2016-01-27 03:49 - 000485888 _____ () C:\Users\Darren\Desktop\STEAM2\libswscale-3.dll
2017-06-23 16:13 - 2016-08-31 21:02 - 001563936 _____ () C:\Users\Darren\Desktop\STEAM2\icui18n.dll
2017-06-23 16:13 - 2016-08-31 21:02 - 001195296 _____ () C:\Users\Darren\Desktop\STEAM2\icuuc.dll
2017-06-23 16:13 - 2017-09-07 00:51 - 000885024 _____ () C:\Users\Darren\Desktop\STEAM2\bin\chromehtml.DLL
2017-06-23 16:13 - 2016-07-04 18:17 - 000266560 _____ () C:\Users\Darren\Desktop\STEAM2\openvr_api.dll
2016-07-20 22:59 - 2016-07-20 22:59 - 000482304 _____ () C:\Users\Darren\AppData\Local\MEGAsync\libsodium.dll
2017-06-04 07:19 - 2017-06-04 07:19 - 052051552 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-06-13 07:24 - 2016-10-08 16:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-06-13 07:24 - 2016-07-21 10:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-05-30 01:39 - 2017-05-30 01:39 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-30 01:39 - 2017-05-30 01:39 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-05-30 01:38 - 2017-05-30 01:38 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-05-30 01:39 - 2017-05-30 01:39 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-06-04 07:47 - 2017-06-04 07:47 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-30 01:39 - 2017-05-30 01:39 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-06-23 16:14 - 2017-07-17 18:50 - 073115424 _____ () C:\Users\Darren\Desktop\STEAM2\bin\cef\cef.win7\libcef.dll
2017-06-23 16:14 - 2017-05-16 21:54 - 000678176 _____ () C:\Users\Darren\Desktop\STEAM2\bin\cef\cef.win7\SDL2.dll
2017-06-23 16:13 - 2015-09-24 19:52 - 000119208 _____ () C:\Users\Darren\Desktop\STEAM2\winh264.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2774349606-4089644693-515735580-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Darren\Pictures\img026.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6D30384A-C1CE-4680-A020-DF779165CB80}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{B955D5AC-D4AE-4A4E-BF39-982C7F0AF1F9}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{CBF05050-FDC9-4E34-A04A-EBEF8CDE58AE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0FE2A7FD-560D-4837-B966-D4AF1C3883E9}] => (Allow) LPort=1900
FirewallRules: [{019B20B6-437E-4C69-9C8B-5F9A9E124775}] => (Allow) LPort=2869
FirewallRules: [{A55B3D99-F914-4D9D-BD9D-F1E10CB5E426}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{B68947F5-10D7-4237-A411-AF45A800057D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{4F085AAE-23AB-423C-B2F5-CCCA91FFF772}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{4DD193B3-0623-4537-A51D-4D335EB70321}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{A2DE4FDC-D371-447E-AAE8-7874A627F7EB}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{7BE6CF4E-4AEB-487A-9300-3A1E5AD247E9}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{3987CD6E-E0D4-4EF1-B5E3-2749ADE33B6D}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{0BAB0F50-0B77-4966-80C9-9501F61C0604}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E1EB2D2A-1D5C-452F-B6F9-DC709A474CE5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FC740D72-4405-4C9D-A074-ABE43E510840}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{9DE2AD37-7F2B-4B3D-8D98-2E835DE5AD9B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{63A17074-3933-4700-9601-C3ACDFA9D7FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BA10DBE9-6140-468C-B3A0-DEE8CDC487E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{28B9071D-8884-4AC3-BDE3-E0C11CA3B8AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C8A50557-F9B0-4A56-B460-6EFA13DD1105}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3971DEF1-421B-4B58-9991-05D26C75B139}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0823830B-80CA-4E6E-9D67-F4362C0AE5DA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F08D04E3-FF76-4905-9E0F-40FA58D71046}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B85ECEFA-1615-418C-A577-841713332AA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E06DAC29-2B05-49A7-938C-270BF6A709AC}] => (Allow) C:\Users\Darren\Desktop\Steam.exe
FirewallRules: [{B1E07813-D3E3-480B-98ED-F4E80E29CB34}] => (Allow) C:\Users\Darren\Desktop\Steam.exe
FirewallRules: [{E4CD35F4-F4F4-4357-BAA8-490B6CA2B18A}] => (Allow) C:\Users\Darren\Desktop\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{00242429-5835-43B6-BF1B-204C5CE48202}] => (Allow) C:\Users\Darren\Desktop\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F80F0D51-3A8F-4A83-8DCB-38F292C9A7B1}] => (Allow) C:\Users\Darren\Desktop\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{CD058B15-73CB-4AFE-9D08-EBE23779BE61}] => (Allow) C:\Users\Darren\Desktop\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{340B6833-3205-41BA-A37C-DEECAC2CC1B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D14233DD-CB42-4E4C-884F-098E11E1196C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6E84DB8C-4FFB-4F90-AA3A-C08C085876DA}] => (Allow) C:\Users\Darren\Desktop\STEAM2\Steam.exe
FirewallRules: [{780DF79D-EF03-4801-B399-91ED4943C129}] => (Allow) C:\Users\Darren\Desktop\STEAM2\Steam.exe
FirewallRules: [{A26B082D-9C86-4B38-AD77-9449F4F5DF00}] => (Allow) C:\Users\Darren\Desktop\STEAM2\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E2541306-07AC-4A3A-8FF9-BEE753892350}] => (Allow) C:\Users\Darren\Desktop\STEAM2\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{713200C9-2A9E-4318-A3E4-34EB042A5729}] => (Allow) C:\Users\Darren\Desktop\STEAM2\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{444581AD-9D1D-432D-A003-826B1A85EFFF}] => (Allow) C:\Users\Darren\Desktop\STEAM2\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FE7B68CB-B610-48AC-BAED-33D461F3E6FC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-09-2017 18:43:56 Windows Update
12-09-2017 16:31:40 Removed Antares Auto-Tune 8.1 VST (32-bit).
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/14/2017 07:24:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1219
 
Error: (09/14/2017 07:24:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1219
 
Error: (09/14/2017 07:24:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/14/2017 04:02:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/14/2017 03:50:18 PM) (Source: BstHdLogRotatorSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at BlueStacks.hyperDroid.LogRotatorService.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (09/14/2017 03:39:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ISADORA-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/14/2017 03:14:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2437
 
Error: (09/14/2017 03:14:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2437
 
Error: (09/14/2017 03:14:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/14/2017 03:14:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234
 
 
System errors:
=============
Error: (09/14/2017 04:29:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Camera.
 
Error: (09/14/2017 04:28:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Camera.
 
Error: (09/14/2017 04:28:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Camera.
 
Error: (09/14/2017 04:26:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: 9NBLGGGZM6WM-ROBLOXCorporation.ROBLOX.
 
Error: (09/14/2017 04:26:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: ROBLOX.
 
Error: (09/14/2017 04:19:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Instagram.
 
Error: (09/14/2017 04:19:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Instagram.
 
Error: (09/14/2017 03:53:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
 
Error: (09/14/2017 03:50:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Log Rotator Service service terminated with the following error: 
An exception occurred in the service when handling the control request.
 
Error: (09/14/2017 03:49:56 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
 
CodeIntegrity:
===================================
  Date: 2015-12-09 17:10:30.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-09 17:10:30.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-09 17:10:29.942
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-09 17:10:29.786
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-09 17:10:28.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-09 17:10:28.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-09 17:10:28.346
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-09 17:10:28.010
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-09 17:10:27.424
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-09 17:10:27.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4150 CPU @ 3.50GHz
Percentage of memory in use: 43%
Total physical RAM: 8108.95 MB
Available physical RAM: 4560.72 MB
Total Virtual: 16300.95 MB
Available Virtual: 12460.05 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:907.25 GB) (Free:689.09 GB) NTFS
Drive d: (Sep 05 2007) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 1DF23C70)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=24.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=907.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================ 
For context, I already had a forum in another topic, yet the malware just wasn't removed by anything. This is why I'm asking for your help here on the malware removal topic.
 


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:21 PM

Posted 16 September 2017 - 08:27 AM

hi,

 

Other than some cleanup, really dont see anything that looks like malware in the logs. You have several anti-malware/adware apps installed. Are they coming up clean after a scan? 

 

Malware usually produces some signs along the way. If your going to say "my computer is slow" thats not a indication of malware when you have clean looking logs.

Usually only online once or twice per day so you may not get a reply back from me until the following day.


How Can I Reduce My Risk to Malware?


#3 MrMysterious

MrMysterious
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 18 September 2017 - 04:30 PM

SO SO sorry. This one site I went on, Listverse it seems, has ads that go past adblock. I asked a friend if he had ads, and he said yes also. So sorry if I bothered you.


Edited by MrMysterious, 19 September 2017 - 05:57 AM.


#4 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:21 PM

Posted 18 September 2017 - 06:12 PM

No problem, glad to help. So the ads were originating from that web site. What browser do you typically use?


How Can I Reduce My Risk to Malware?


#5 MrMysterious

MrMysterious
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 19 September 2017 - 05:57 AM

Google Chrome, was there any adware remaining?



#6 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:21 PM

Posted 19 September 2017 - 04:43 PM

Logs look ok. Its possible for a ad on a website to slip past a ad blocker.  We can use FRST to clean up some files:

 

     Copy/Paste whats below in the code box into notepad. Save it has fixlist.txt in the same directory where FRST is located.

      Start FRST like before except this time press the Fix button just once and wait, the program will automatically launch fixlist.txt.

      Machine will reboot to finish the process. Upon reboot:

      The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
 

Task: {0DF2BDCC-E099-4FD3-AED8-7DEED2826590} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {13DB2027-42C0-4B7F-8DA7-543F95154F81} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {52F0BFE4-083E-4A4D-96B2-BB7544AED3B1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5AD59281-9D7A-4F7A-9A07-91B11F6B348F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {71D36755-4806-4603-9430-2E0A4B37738D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {73E498D6-83C8-441C-8534-264AD50E2D45} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {80A4951F-39F2-45AB-A2D2-ABC5207C8B77} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {87A8EA43-58E9-4477-8DA7-FDF4887CD76D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8F73F81E-1C2F-4608-9A28-3BE532D32762} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AA355779-9CBF-46FB-A770-CD7145EDF77F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CDD4FD68-5F82-420A-A0BC-251783DF9232} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
2016-12-19 22:57 - 2016-12-19 22:57 - 000000036 _____ () C:\Users\Darren\AppData\Local\housecall.guid.cache
2015-11-19 21:54 - 2015-11-19 21:54 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
Empty Temp:

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users