Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

netgear support said i have prefetch trojans


  • This topic is locked This topic is locked
6 replies to this topic

#1 jrichland06

jrichland06

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 02 October 2017 - 08:47 PM

And they would help me get rid of them for the low low cost of $149.99!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2017 01
Ran by vootower (administrator) on VOOTOWER-PC (02-10-2017 21:37:41)
Running from C:\Users\vootower\Desktop
Loaded Profiles: vootower (Available Profiles: vootower & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Spotify Ltd) C:\Users\vootower\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files (x86)\Belkin\F9L1101\V1\PBN.exe
(Simutronics Corporation) C:\Program Files\SIMU\SGE\SGETask.Exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8568.57561.0_x64__8wekyb3d8bbwe\onenoteim.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17072.16431.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.17.8162.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(XBMC-Foundation) C:\Program Files (x86)\Kodi\Kodi.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_27_0_0_130.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_27_0_0_130.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3481912 2017-09-20] (Dropbox, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-08-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-07-06] (Glarysoft Ltd)
HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\Run: [AIM for Windows] => C:\Users\vootower\AppData\Local\AOL\AIM\aim.exe [1075608 2016-10-03] (AOL Inc.)
HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-08-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\Run: [Spotify Web Helper] => C:\Users\vootower\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-25] (Spotify Ltd)
HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\RunOnce: [Uninstall 17.3.6966.0824] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\vootower\AppData\Local\Microsoft\OneDrive\17.3.6966.0824"
HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\MountPoints2: {05ce52bd-2388-11e5-8614-806e6f6e6963} - "D:\start.exe"
HKU\S-1-5-21-3933229292-1645347275-125418585-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [148992 2017-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belkin USB Wireless Adaptor Utility.lnk [2015-07-05]
ShortcutTarget: Belkin USB Wireless Adaptor Utility.lnk -> C:\Program Files (x86)\Belkin\F9L1101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-12-09]
ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe (Andy OS, inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SGETask.lnk [2016-11-20]
ShortcutTarget: SGETask.lnk -> C:\Program Files\SIMU\SGE\SGETask.Exe (Simutronics Corporation)
Startup: C:\Users\vootower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-07-28] ()
Startup: C:\Users\vootower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-05-15]
ShortcutTarget: Twitch.lnk -> C:\Users\vootower\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{0ba94148-6665-4811-ab15-a1bdd66fb8b3}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{c9c9282f-1db5-47bf-968e-f7b379c565b0}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-26] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-26] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23] (Adobe Systems Incorporated)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: rnfk8uko.default
FF ProfilePath: C:\Users\vootower\AppData\Roaming\Mozilla\Firefox\Profiles\rnfk8uko.default [2017-10-02]
FF user.js: detected! => C:\Users\vootower\AppData\Roaming\Mozilla\Firefox\Profiles\rnfk8uko.default\user.js [2016-11-21]
FF Extension: (FT DeepDark) - C:\Users\vootower\AppData\Roaming\Mozilla\Firefox\Profiles\rnfk8uko.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-10-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-05-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2015-10-29] (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3933229292-1645347275-125418585-1000: @nsroblox.roblox.com/launcher -> C:\Users\vootower\AppData\Local\Roblox\Versions\version-8756646edb404aaf\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3933229292-1645347275-125418585-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\vootower\AppData\Local\Roblox\Versions\version-8756646edb404aaf\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\vootower\AppData\Local\Google\Chrome\User Data\Default [2017-10-02]
CHR Extension: (Google Slides) - C:\Users\vootower\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-30]
CHR Extension: (Google Docs) - C:\Users\vootower\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-30]
CHR Extension: (Google Drive) - C:\Users\vootower\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (YouTube) - C:\Users\vootower\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-30]
CHR Extension: (Google Search) - C:\Users\vootower\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-30]
CHR Extension: (Adobe Acrobat) - C:\Users\vootower\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-12]
CHR Extension: (Google Sheets) - C:\Users\vootower\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-30]
CHR Extension: (Google Docs Offline) - C:\Users\vootower\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-11]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\vootower\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2017-09-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\vootower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\vootower\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-30]
CHR Extension: (Chrome Media Router) - C:\Users\vootower\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-28] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2017-04-14] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761608 2017-09-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-21] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-21] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-09-20] (Dropbox, Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
S2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [8109672 2016-12-20] (MediaMall Technologies, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 PRTGCoreService; C:\Program Files (x86)\PRTG Network Monitor\64 bit\PRTG Server.exe [9961560 2016-05-12] (Paessler AG)
S2 PRTGProbeService; C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe [12637784 2016-05-12] (Paessler AG)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe [86016 2012-10-05] () [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2017-04-14] (BitRaider)
S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)
S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-07-07] (Glarysoft Ltd)
R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-04-15] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 MpKsl6ae99666; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3A69041E-5D77-41C9-ABB9-DD2CCAF01202}\MpKsl6ae99666.sys [58120 2017-10-02] (Microsoft Corporation)
R1 MpKsla32d30d0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71B64CCE-2B44-420C-85AF-DEACA43207EF}\MpKsla32d30d0.sys [44928 2017-09-06] (Microsoft Corporation)
R1 MpKslc50ac1d7; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71B64CCE-2B44-420C-85AF-DEACA43207EF}\MpKslc50ac1d7.sys [44928 2017-09-06] (Microsoft Corporation)
R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2016-09-06] (VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-02] (VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-03-07] (Wellbia.com Co., Ltd.)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-02 21:37 - 2017-10-02 21:38 - 000025382 _____ C:\Users\vootower\Desktop\FRST.txt
2017-10-02 21:37 - 2017-10-02 21:37 - 000000000 ____D C:\FRST
2017-10-02 21:36 - 2017-10-02 21:36 - 002399744 _____ (Farbar) C:\Users\vootower\Desktop\FRST64.exe
2017-10-02 20:41 - 2017-10-02 21:04 - 000000000 ____D C:\Program Files (x86)\Citrix
2017-10-02 20:41 - 2017-10-02 20:41 - 000000000 ____D C:\Users\vootower\AppData\Local\GoToAssist Remote Support Customer
2017-10-02 20:41 - 2017-10-02 20:41 - 000000000 ____D C:\Users\vootower\AppData\Local\GoTo Opener
2017-09-21 14:32 - 2017-09-21 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-20 12:48 - 2017-09-20 12:48 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-09-20 12:48 - 2017-09-20 12:48 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-09-20 12:48 - 2017-09-20 12:48 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-09-20 12:48 - 2017-09-20 12:48 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-19 19:14 - 2017-09-19 19:14 - 000000000 ___HD C:\OneDriveTemp
2017-09-10 09:21 - 2017-09-10 09:21 - 014784415 _____ C:\Users\vootower\Desktop\pexels-photo-172289.jpeg
2017-09-10 09:21 - 2017-09-10 09:21 - 010718251 _____ C:\Users\vootower\Desktop\pexels-photo-131637.jpeg
2017-09-07 19:13 - 2017-09-07 19:13 - 000000428 _____ C:\Users\vootower\Desktop\Peking & Tokyo Order Online Woodstock BeyondMenu.URL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-02 20:06 - 2017-06-09 03:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-02 19:22 - 2017-06-09 04:27 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9448C508-8FA9-483C-8765-CCA01A5741CE}
2017-10-02 03:28 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-02 03:28 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-01 22:20 - 2015-07-06 22:47 - 000000000 ____D C:\Users\vootower\AppData\Roaming\Kodi
2017-09-30 22:30 - 2016-11-20 19:35 - 000000000 ____D C:\Users\vootower\AppData\LocalLow\Mozilla
2017-09-26 17:41 - 2015-11-30 10:49 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-26 04:46 - 2017-03-18 17:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-26 04:44 - 2017-01-21 00:09 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-23 17:06 - 2016-02-26 00:00 - 000000000 ____D C:\Users\vootower\AppData\Roaming\discord
2017-09-22 02:31 - 2017-06-20 00:08 - 000000000 ____D C:\Users\vootower\AppData\Local\Deployment
2017-09-21 14:32 - 2017-01-21 01:00 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-19 19:14 - 2016-02-05 21:10 - 000000000 ___RD C:\Users\vootower\OneDrive
2017-09-19 19:13 - 2017-07-25 12:32 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3933229292-1645347275-125418585-1000
2017-09-19 19:13 - 2016-02-05 21:10 - 000002413 _____ C:\Users\vootower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-17 03:05 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-14 09:45 - 2015-07-09 23:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-14 09:42 - 2015-07-09 23:40 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-14 09:41 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-13 00:01 - 2017-06-09 04:26 - 000004550 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-09-13 00:01 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-13 00:01 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-10 09:18 - 2017-03-14 16:30 - 000000000 __SHD C:\Users\vootower\IntelGraphicsProfiles
2017-09-10 07:11 - 2016-12-09 11:56 - 000000000 ____D C:\ProgramData\VMware
2017-09-10 07:10 - 2017-06-09 04:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-10 07:10 - 2017-06-09 04:03 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-07 19:40 - 2017-06-09 04:05 - 000000000 ____D C:\Users\vootower
2017-09-07 18:52 - 2015-10-13 08:16 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-09-06 22:00 - 2016-02-10 22:28 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-06 22:00 - 2015-10-08 09:16 - 000000000 ____D C:\Users\vootower\AppData\Roaming\TeamViewer
2017-09-06 22:00 - 2015-08-26 21:48 - 000000000 ____D C:\Users\vootower\AppData\Roaming\TS3Client
2017-09-06 22:00 - 2015-07-27 20:35 - 000000000 ____D C:\Users\vootower\AppData\Roaming\Ventrilo
2017-09-06 21:42 - 2017-06-08 04:24 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-06 21:42 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-06 21:42 - 2016-02-07 04:36 - 000000000 ____D C:\Users\vootower\AppData\Local\CrashDumps
2017-09-06 21:06 - 2015-08-23 21:51 - 000000000 ____D C:\Users\vootower\AppData\Local\Spotify
2017-09-06 07:02 - 2015-08-23 21:51 - 000000000 ____D C:\Users\vootower\AppData\Roaming\Spotify
2017-09-05 20:32 - 2017-06-23 22:44 - 000000000 ____D C:\Users\vootower\Documents\Guild Wars 2
2017-09-05 20:32 - 2017-06-20 21:08 - 000000000 ____D C:\Program Files\Guild Wars 2
2017-09-05 18:54 - 2015-07-05 20:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-02 11:15 - 2017-03-18 17:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 11:15 - 2017-03-18 17:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-06-25 22:43 - 2017-06-25 22:43 - 000000218 _____ () C:\Users\vootower\AppData\Local\recently-used.xbel
2015-07-18 14:20 - 2015-07-18 14:25 - 000000815 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-23 18:15

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2017 01
Ran by vootower (02-10-2017 21:39:22)
Running from C:\Users\vootower\Desktop
Windows 10 Pro Version 1703 (X64) (2017-06-09 08:36:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3933229292-1645347275-125418585-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3933229292-1645347275-125418585-503 - Limited - Disabled)
Guest (S-1-5-21-3933229292-1645347275-125418585-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3933229292-1645347275-125418585-1002 - Limited - Enabled)
vootower (S-1-5-21-3933229292-1645347275-125418585-1000 - Administrator - Enabled) => C:\Users\vootower

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AIM for Windows (HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\AIM) (Version:  - AOL Inc.)
Andy OS (HKLM\...\Andy OS) (Version: 46.14 - Andy OS, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 368.81 - NVIDIA Corporation) Hidden
ASTRONEER (HKLM\...\Steam App 361420) (Version:  - System Era Softworks)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin USB Wireless Adaptor (HKLM-x32\...\{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.09 - Belkin) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.09 - Belkin)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Curse Client (HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
DJ_AIO_06_F4500_SW_MIN (HKLM-x32\...\{85498904-0748-45AA-9482-6DB8EA971B91}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
Dropbox (HKLM-x32\...\Dropbox) (Version: 35.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Glary Utilities 5.29 (HKLM-x32\...\Glary Utilities 5) (Version: 5.29.0.49 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
Intel® Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Kodi (HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\Kodi) (Version:  - XBMC-Foundation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version:  - )
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 8.83 (HKLM\...\Logitech Gaming Software) (Version: 8.83.85 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvel Heroes 2016 (HKLM\...\Steam App 226320) (Version:  - Gazillion Entertainment)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8431.2079 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.46 - mIRC Co. Ltd.)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (HKLM\...\{48C0866E-57EB-444C-8371-8E4321066BC3}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.3.0 - Nexon)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.5 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.12 - )
PlayOn (HKLM-x32\...\{833c364b-022f-41f1-a627-582a02832f27}) (Version: 4.2.71.17275 - MediaMall Technologies, Inc.)
PlayOn (HKLM-x32\...\{D570E639-2540-4F89-A21D-9F0ACA9A74CF}) (Version: 4.2.71 - MediaMall Technologies, Inc.) Hidden
PlayOn Dependencies (HKLM-x32\...\{0E100B2E-D56C-4BFB-9FD6-894FDEDC10E6}) (Version: 1.0.0.0 - MediaMall Technologies, Inc.) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{0A1F8721-8B7C-4100-9E9E-30A2CC597996}) (Version: 2.38.0 - The Pokémon Company International)
PRTG Network Monitor (HKLM-x32\...\{5EC294B8-98F8-4C20-BE73-F11A04295CA5}_is1) (Version: 16 - Paessler AG)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
ROBLOX Player for vootower (HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Ruby 2.0.0-p645 (HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\{ABAA9781-845A-43CC-BABA-76CB580FE35D}_is1) (Version: 2.0.0-p645 - RubyInstaller Team)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secret World Legends (HKLM-x32\...\Secret World Legends_is1) (Version: 1.0.0 - Funcom)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Simulationcraft(x64) version 6.2.3.02 (HKLM-x32\...\{AC025546-B7C5-45A7-B16A-80AE482CBB01}_is1) (Version: 6.2.3.02 - Simulationcraft)
Simutronics Game Entry (HKLM-x32\...\Simutronics Game Entry) (Version:  - Simutronics Corporation)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 12.0.0.10 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StormFront (HKLM-x32\...\StormFront) (Version:  - Simutronics Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM\...\{BC00AC33-2B00-443D-8FC2-3656D94AEA0A}) (Version: 12.5.0 - VMware, Inc.)
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.15.4.00000 - VMware, Inc.)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3933229292-1645347275-125418585-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3933229292-1645347275-125418585-1000_Classes\CLSID\{877e6ac6-7b24-429a-ae80-050d265fb611}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3933229292-1645347275-125418585-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\vootower\AppData\Local\Roblox\Versions\version-8756646edb404aaf\RobloxProxy64.dll (ROBLOX Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-03-30] (Glarysoft Ltd)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-03-30] (Glarysoft Ltd)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2016-09-06] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2016-09-06] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-03-30] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DDD3D8C-E241-4D9B-B542-7C463E4C3D1E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {14ADC154-129D-40A0-A751-827F7CF08884} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1AB58412-4E16-45E9-951A-0C2D39E544DE} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1C747D38-8C2F-4228-BE4C-1A722B3D07CC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2704D446-BC37-4162-9113-E230D0870BD3} - System32\Tasks\{FF30522B-C1E2-4B1C-A6A3-AAEBCAEA780E} => C:\Windows\system32\pcalua.exe -a "C:\Users\vootower\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FPC11A6\Setup[1].exe" -d C:\Users\vootower\Desktop
Task: {2833907D-A98A-4BE4-BD41-7F79566B75D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2A2F0E69-4B0F-4969-A3C1-97AF8F5B63C5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-26] ()
Task: {2C10CE9E-F462-460D-BE08-65DD53D4BBAA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-26] ()
Task: {2C9EEBB8-3AC9-46AC-93F7-CA03AD8F3D2D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3630D152-FBD4-4D66-A5F4-6084281D137C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {370A431B-F718-45D9-AD87-7CE31A04E60B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
Task: {3E1AB5B1-14FB-4CFB-A26E-0816E4AF9AAE} - System32\Tasks\{79919283-D6C0-4153-A1AE-29CD77509F73} => C:\Windows\system32\pcalua.exe -a C:\Users\vootower\Downloads\lnchInst.exe -d C:\Users\vootower\Downloads
Task: {44275BBB-0096-47D1-8EBE-0B45205292B8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {45E100DF-883D-488D-9F32-403FF4DB8A18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {49365FDF-BC7B-4E34-860C-6BF9CAEDE042} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D225F2E-4799-4EA1-A44D-3924971BBB99} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-07-06] (Glarysoft Ltd)
Task: {6F6D80AB-2E3F-4E0F-96FC-AC75B14F5B25} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {7D4F95CD-A39D-41A5-BE91-17094917D0F1} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83630DF5-51AB-4BC4-89E0-7CC024F137AA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [2017-09-13] (Adobe Systems Incorporated)
Task: {85BB3002-1A91-42F9-8C7B-2FCB47EBE2D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {951AAF58-01F5-4A7D-99FD-44ACCF093F00} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {9CE6E386-060E-44CD-A8AD-0CC0889B9E38} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {9D4ABD68-38CD-4539-9660-4B044700AFFB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-21] (Dropbox, Inc.)
Task: {A09AB683-760A-4A8A-A9F7-70248E12A24F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {A50B1B54-7AD3-4957-8BE6-E2F7A0619A3E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A9D3539F-BFB7-4B16-8BE8-068AD248CCFC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AC052234-AAE0-4BF8-A64F-00A3D39658AE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {AF1A39D4-D758-494B-B1B4-9D2C341AF21B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AF76E5C6-6F4C-4AD7-8736-357EF19D87BC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0FE4A98-D83F-4D6F-A892-272BEA6B869A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {B141BF2C-38BB-4EE1-BDAE-447B152F4ADA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B370239D-E7AD-4DBF-AEE2-63347FB575AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B3E0F670-1634-49F5-BFD2-537CD4C54131} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B3E4D6A6-D0CD-474C-B057-AC9EE9D245A7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {B3F1D3BE-17BE-42C1-8ACA-D6B66B373FF9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B406B316-3A4B-463F-AD4C-25127315FD92} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B5EA24C0-D98A-42AB-9032-76AC0478AD6D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BC154786-DAA2-404F-95B6-65B78DB229F8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C113E6FA-291D-440E-9C3F-D5D67661C491} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CA0F70EC-E605-42F4-A6CC-B3B90C1ACA46} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CBA59C34-B900-4AA0-A591-B96E2821AECC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D1AEDCBB-69B9-49F0-ADC3-6B40FD4AB319} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-21] (Dropbox, Inc.)
Task: {D4A38CEA-CD6C-4D5F-96A0-3A9DCEE17D7A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D58BCBA7-371E-4474-8D37-F2A47A67AFB7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {D84AF9C7-0FF2-4A8D-BB35-785832EB075D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {E0579F8F-B39B-41C7-859D-D0FDA10E1BB5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E3589FBB-2AC7-4DF4-A8A2-D74A951F4A05} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-26] (Microsoft Corporation)
Task: {E7466831-8597-4336-A589-D1075FED343C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-30] (Google Inc.)
Task: {F431A33B-97B9-42CB-B65F-CDD7B31B3FAF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F9461A68-3B68-4F81-89FE-ED86C94593D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-30] (Google Inc.)
Task: {FF58858B-EC99-4576-91D4-76542B59EACC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\vootower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.0.0-p645\Interactive Ruby.lnk -> C:\Ruby200\bin\irb.bat ()

ShortcutWithArgument: C:\Users\vootower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.0.0-p645\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby200\bin\setrbvars.bat
ShortcutWithArgument: C:\Users\vootower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chromebook Recovery Utility.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jndclpdbaamdhonoechobihbbiimdgai

==================== Loaded Modules (Whitelisted) ==============

2012-10-05 11:11 - 2012-10-05 11:11 - 000086016 ____N () C:\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2012-10-05 11:11 - 2012-10-05 11:11 - 000110592 ____N () C:\Program Files (x86)\Belkin\F9L1101\V1\PBN.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 000264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2017-08-15 12:56 - 2017-07-15 21:17 - 001181696 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2017-08-22 14:27 - 2017-08-22 14:27 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-22 14:27 - 2017-08-22 14:27 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-22 14:27 - 2017-08-22 14:27 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-22 14:27 - 2017-08-22 14:27 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-04-07 23:04 - 2017-04-07 23:04 - 001695440 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8568.57561.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-09-14 13:47 - 2017-09-14 13:47 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-24 12:50 - 2017-09-24 12:50 - 010634752 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-09-24 12:50 - 2017-09-24 12:50 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-09-26 11:40 - 2017-09-26 11:40 - 034451968 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17072.16431.0_x64__8wekyb3d8bbwe\Music.UI.exe
2017-09-26 11:40 - 2017-09-26 11:40 - 009145344 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17072.16431.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-08-23 11:47 - 2017-08-23 11:47 - 000957952 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17072.16431.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2017-09-26 11:40 - 2017-09-26 11:40 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17072.16431.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-26 11:40 - 2017-09-26 11:40 - 013224960 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17072.16431.0_x64__8wekyb3d8bbwe\Music.Visuals.dll
2017-09-26 11:40 - 2017-09-26 11:40 - 011159040 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17072.16431.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-06-01 09:24 - 2017-06-01 09:24 - 000117920 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17072.16431.0_x64__8wekyb3d8bbwe\GNSDK_FP.DLL
2017-09-26 17:41 - 2017-09-21 03:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 17:41 - 2017-09-21 03:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-09-24 12:50 - 2017-09-24 12:50 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2015-07-05 20:03 - 2013-09-16 12:17 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-07-08 23:08 - 2016-06-14 16:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2009-05-16 22:00 - 2009-05-16 22:00 - 000200704 ____N () C:\Program Files (x86)\Belkin\F9L1101\V1\BelkinwcuiDLL.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 002144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 007955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 000336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2017-09-21 14:32 - 2017-09-20 12:48 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-09-21 14:32 - 2017-09-20 12:48 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-21 14:32 - 2017-09-20 12:49 - 000023872 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_bootstrap.dll
2017-01-21 01:02 - 2017-09-20 12:48 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-01-21 01:01 - 2017-09-20 12:48 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-01-21 01:01 - 2017-09-20 12:50 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-21 14:32 - 2017-09-20 12:49 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-01-21 01:01 - 2017-09-20 12:48 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-09-21 14:32 - 2017-09-20 12:49 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-09-21 14:32 - 2017-09-20 12:49 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-09-21 14:32 - 2017-09-20 12:48 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-09-21 14:32 - 2017-09-20 12:48 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-01-21 01:02 - 2017-09-20 12:48 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-01-21 01:02 - 2017-09-20 12:50 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-09-21 14:32 - 2017-09-20 12:49 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-09-21 14:32 - 2017-09-20 12:49 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-09-21 14:32 - 2017-09-20 12:48 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-09-21 14:32 - 2017-09-20 12:48 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-01-21 01:02 - 2017-09-20 12:50 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-01-21 01:02 - 2017-09-20 12:50 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-21 14:32 - 2017-09-20 12:48 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-09-21 14:32 - 2017-09-20 12:49 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 16:52 - 2017-09-20 12:50 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-09-21 14:32 - 2017-09-20 12:49 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-05-15 13:46 - 2017-09-20 12:50 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-01-21 01:02 - 2017-09-20 12:50 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-21 14:32 - 2017-09-20 12:49 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-01-21 01:01 - 2017-09-20 12:48 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-09-21 14:32 - 2017-09-20 12:49 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-09-21 14:32 - 2017-09-20 12:50 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-09-21 14:32 - 2017-09-20 12:50 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-09-21 14:32 - 2017-09-20 12:49 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-09-21 14:32 - 2017-09-20 12:50 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-09-21 14:32 - 2017-09-20 12:50 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-09-21 14:32 - 2017-09-20 12:50 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-09-21 14:32 - 2017-09-20 12:50 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-09-21 14:32 - 2017-09-20 12:49 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-27 21:13 - 2017-09-20 12:50 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-01-21 01:02 - 2017-09-20 12:50 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-21 01:02 - 2017-09-20 12:50 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-21 01:02 - 2017-09-20 12:50 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-21 01:02 - 2017-09-20 12:50 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-21 01:02 - 2017-09-20 12:50 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-09-21 14:32 - 2017-09-20 12:49 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-01-21 01:02 - 2017-09-20 12:48 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-09-21 14:32 - 2017-09-20 12:50 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-01-21 01:02 - 2017-09-20 12:50 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-09-21 14:32 - 2017-09-20 12:49 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-09-21 14:32 - 2017-09-20 12:48 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-09-21 14:32 - 2017-09-20 12:49 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-09-21 14:32 - 2017-09-20 12:48 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-09-21 14:32 - 2017-09-20 12:49 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-01-21 01:02 - 2017-09-20 12:50 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-09-21 14:32 - 2017-09-20 12:49 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-09-21 14:32 - 2017-09-20 12:49 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-01-21 01:02 - 2017-09-20 12:50 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-09-21 14:32 - 2017-09-20 12:50 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-09-21 14:32 - 2017-09-20 12:50 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-09-21 14:32 - 2017-09-20 12:50 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2011-06-19 15:52 - 2011-06-19 15:52 - 000987136 _____ () C:\Program Files (x86)\Kodi\libxml2.dll
2010-10-02 07:21 - 2010-10-02 07:21 - 000077824 _____ () C:\Program Files (x86)\Kodi\zlib1.dll
2011-12-20 06:25 - 2011-12-20 06:25 - 000743157 _____ () C:\Program Files (x86)\Kodi\libcdio-13.dll
2013-08-03 03:07 - 2013-08-03 03:07 - 000723998 _____ () C:\Program Files (x86)\Kodi\system\players\dvdplayer\libgmp-10.dll
2013-08-03 03:49 - 2013-08-03 03:49 - 001600107 _____ () C:\Program Files (x86)\Kodi\system\players\dvdplayer\libgnutls-28.dll
2013-08-03 03:07 - 2013-08-03 03:07 - 000512332 _____ () C:\Program Files (x86)\Kodi\system\players\dvdplayer\libp11-kit-0.dll
2013-08-03 03:07 - 2013-08-03 03:07 - 003397336 _____ () C:\Program Files (x86)\Kodi\system\players\dvdplayer\libnettle-4-7.dll
2013-08-03 03:07 - 2013-08-03 03:07 - 004372384 _____ () C:\Program Files (x86)\Kodi\system\players\dvdplayer\libhogweed-2-5.dll
2014-08-19 10:04 - 2014-08-19 10:04 - 000708608 _____ () C:\Program Files (x86)\Kodi\system\sqlite3.dll
2015-10-19 02:57 - 2015-10-19 02:57 - 000066048 _____ () C:\Program Files (x86)\Kodi\system\cpluff.dll
2009-01-31 18:42 - 2009-01-31 18:42 - 000143096 _____ () C:\Program Files (x86)\Kodi\system\libexpat.dll
2014-06-30 12:03 - 2014-06-30 12:03 - 000046080 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\_socket.pyd
2014-06-30 12:04 - 2014-06-30 12:04 - 001160704 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\_ssl.pyd
2014-06-30 12:04 - 2014-06-30 12:04 - 000715264 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\_hashlib.pyd
2014-06-30 12:04 - 2014-06-30 12:04 - 000048128 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\_sqlite3.pyd
2014-06-30 12:04 - 2014-06-30 12:04 - 000010240 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\select.pyd
2014-06-30 12:04 - 2014-06-30 12:04 - 000087552 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\_ctypes.pyd
2014-06-30 12:04 - 2014-06-30 12:04 - 000686080 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\unicodedata.pyd
2014-06-30 12:04 - 2014-06-30 12:04 - 000127488 _____ () C:\Program Files (x86)\Kodi\system\python\DLLs\pyexpat.pyd
2015-10-19 02:58 - 2015-10-19 02:58 - 001136640 _____ () C:\Program Files (x86)\Kodi\system\ImageLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B [1008]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3933229292-1645347275-125418585-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\vootower\Desktop\pexels-photo-172289.jpeg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "HandyAndy.lnk"
HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3933229292-1645347275-125418585-1000\...\StartupApproved\Run: => "AIM for Windows"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{77C6447D-CBDB-44D0-A1B9-AF4323070CEA}C:\program files\andy\andyconsole.exe] => (Allow) C:\program files\andy\andyconsole.exe
FirewallRules: [TCP Query User{20D72557-333B-4B85-B299-ED22907AA89D}C:\program files\andy\andyconsole.exe] => (Allow) C:\program files\andy\andyconsole.exe
FirewallRules: [{5656BBE6-8637-4A43-BCF0-68E71E8F4EA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{74BD3E09-4D0C-4D24-A766-70F1391FA0C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{61323979-70D4-4E40-89B5-81AD6D07123A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{8146E4A6-8D33-4FF9-BF6A-6B6E78AC0008}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{1EE524A0-B7F3-4DBE-8BD0-DCA82AA289F7}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{FCED6FD8-54C5-4897-9DC8-25CDFB42B060}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [UDP Query User{F9312734-871E-44D7-8D31-0DDBDC0CD672}C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{577D099E-4F2C-4144-9F1C-1A5DF8C13181}C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [{8EEF281F-6E78-4FCA-AC75-D6666480CD87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{B91CDBBA-3189-4518-B4B1-9B21D0B3C034}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [UDP Query User{5AC9F9F9-03FD-46B2-9FCF-45E04A682E32}C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [TCP Query User{84C9CB42-844B-4C4E-A4D4-5510E80DC3AA}C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [UDP Query User{979D7EC6-95CB-4ABA-A37E-A77D5EABF9CA}C:\users\vootower\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vootower\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{42F6D06B-1C30-4298-9DE5-DA66F0821E43}C:\users\vootower\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vootower\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5F60572A-3ACA-42F4-B1F9-36D5A58DA221}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [TCP Query User{0B3FA437-BE71-4322-BC7D-85A2F0696500}C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8293\battle.net.exe
FirewallRules: [UDP Query User{2C110B7A-0EB9-447A-A0EC-93F7D60D4467}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{5BEA456F-440C-414F-A56A-8D65818148F3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{11004B70-E378-4931-864B-81D1461BAADB}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{51AAD13C-34BC-4B18-B1DA-DAA689F90BDE}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E202CF7B-B8AF-48CB-AFE5-0C5CFD7D8E52}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{4988BAD7-DFC6-46AE-9D4F-405F504035EB}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{1CE03D08-D312-44CF-8274-C087140CC8E4}C:\program files (x86)\battle.net\battle.net.8265\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8265\battle.net.exe
FirewallRules: [TCP Query User{8BE59B91-6C7E-4BA3-8C40-1EFD6E82DF36}C:\program files (x86)\battle.net\battle.net.8265\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8265\battle.net.exe
FirewallRules: [UDP Query User{20A44A90-C187-464F-A24D-A22AFDDA3C2D}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [TCP Query User{A0605643-9403-4105-85CD-307C9BAAC634}C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8180\battle.net.exe
FirewallRules: [UDP Query User{6F201435-57CA-4094-9D9B-09D8189EBAE0}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{B63153A0-C089-4DAC-A40D-74E94FC0AC46}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{D76E3F4C-E0B9-4617-925D-6A576CD067CB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{2164FFB3-5C04-4759-A349-4BD3BA83064D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{079A411A-E42A-4F0F-A2D5-BA51EF8A14BF}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{C24DC6BC-A078-4985-8185-D2CF0E980E16}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{627A84B8-B857-4752-9DB3-7A88800B4948}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe
FirewallRules: [{1B4C9A8C-5B07-40BF-ADA7-1C324E2EB6D5}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe
FirewallRules: [{916AE930-0762-4727-BC92-8B257521AC59}] => (Allow) C:\Program Files (x86)\MediaMall\PlayOn.exe
FirewallRules: [{19830E1C-7387-4BD2-8C9B-4009E93EF450}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe
FirewallRules: [{CC7FE42A-9AB0-43D7-B775-6BDD105F5BF5}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServerLauncher.exe
FirewallRules: [{A80111F4-6E04-4005-989E-BCCC975D65B8}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
FirewallRules: [UDP Query User{939B0537-BA6B-482A-822A-E84E682EE23B}C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [TCP Query User{D7522A0F-1270-415B-9540-2F5CAED87DE1}C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [{E48D7D30-E995-4714-A3DA-CF02CBBE43DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ASTRONEER Early Access\Astro.exe
FirewallRules: [{FA2EBD42-814C-4487-B6A6-6FF404A46A79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ASTRONEER Early Access\Astro.exe
FirewallRules: [{C0B076F0-9BE3-4158-8795-E688223FF7D5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B95D6D36-F2B5-4EA7-B1C4-1343AC59C939}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DE9CDA8E-F2B9-4149-9004-F05EA225C27E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe
FirewallRules: [{379B1AB9-99A1-472D-A153-10C1F9D5BAAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe
FirewallRules: [{F80072D2-C071-4E6A-952C-28D0CB00B05C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{2EF4263B-A966-4C34-9B60-4BC09176443D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{70FA8EB4-3A5E-461E-AA40-17117ACC23D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{6DADC721-6EB5-45BA-982B-FEA62257DC89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{3D717C6D-1B66-45E7-AB8A-5CC5CD646684}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{446D5E70-EF45-40FF-9A89-C29F93459680}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2D4700D8-515D-43D5-8C1A-D3C714451691}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1B1C63DA-2861-47CA-8FE5-35982844831A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{3B995AA4-32AB-49CF-8518-316186F03B70}C:\users\vootower\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vootower\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{CBE2AD15-839D-4AA4-9BB5-A18DB7D34BCD}C:\users\vootower\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vootower\appdata\roaming\spotify\spotify.exe
FirewallRules: [{47D1EC81-D16B-4109-AB26-973E5FBA1F20}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{11DFB592-06F7-4A81-A312-128682B2B74C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{F083D4A1-07B2-4F68-93CB-FDA9B68615AD}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{D02C9E7B-97DD-488F-BB20-CB674F34EF03}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{D433CD67-3253-427E-9412-6912014589C0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{9757711D-EFBA-4B71-98F7-18DA323C0441}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{F2DC966D-D33E-4548-95DC-A763C3161506}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{20F3798B-C61E-42AB-A857-5BD496C08133}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{47C698EA-CE53-459E-AB07-1300ED8EC3BB}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{FF07C5A6-75E8-48D0-B55E-94BE8FC4699F}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{BBEBC179-48BA-4465-871E-B61EF161AF2C}] => (Allow) C:\Program Files (x86)\Funcom\Secret World Legends\ClientPatcher.exe
FirewallRules: [{D85C7250-EE8A-443C-B93B-B2215FCF6D3C}] => (Allow) C:\Program Files (x86)\Funcom\Secret World Legends\ClientPatcher.exe
FirewallRules: [{0FD85670-0566-4C35-8CD1-717A67BE4530}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8D681224-527D-4589-9233-BD703E75216A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{19B5B83F-2283-4D33-99BE-5A99AFC8D755}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-09-2017 18:18:14 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Deskjet F4500
Description: HP Deskjet F4500
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2017 10:15:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 55.0.3.6445, time stamp: 0x599ed78a
Faulting module name: xul.dll, version: 55.0.3.6445, time stamp: 0x599edbdd
Exception code: 0x80000003
Fault offset: 0x0076a5cf
Faulting process id: 0x31fc
Faulting application start time: 0x01d33991e77368fb
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: 5bcb4e30-da87-4ccd-95d1-cf41677834fd
Faulting package full name:
Faulting package-relative application ID:

Error: (09/29/2017 10:15:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 55.0.3.6445, time stamp: 0x599ed78a
Faulting module name: xul.dll, version: 55.0.3.6445, time stamp: 0x599edbdd
Exception code: 0x80000003
Fault offset: 0x0076a5cf
Faulting process id: 0x2de0
Faulting application start time: 0x01d33991e7d5438d
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: b8cacc0a-07ac-481c-b64f-1be4ba241139
Faulting package full name:
Faulting package-relative application ID:

Error: (09/29/2017 07:57:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: ntdll.dll, version: 10.0.15063.447, time stamp: 0xa329d3a8
Exception code: 0xc0000409
Fault offset: 0x00000000000aa020
Faulting process id: 0x187c
Faulting application start time: 0x01d3391945bc9259
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f0bd0df2-881d-459e-89a0-9e99fd469938
Faulting package full name:
Faulting package-relative application ID:

Error: (09/28/2017 08:40:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ventrilo.exe, version: 3.0.8.0, time stamp: 0x4d67d1e4
Faulting module name: msvcrt.dll, version: 7.0.15063.0, time stamp: 0x3280d1b7
Exception code: 0xc0000005
Fault offset: 0x000000000002a734
Faulting process id: 0x20fc
Faulting application start time: 0x01d338bb69d082c4
Faulting application path: C:\Program Files\Ventrilo\Ventrilo.exe
Faulting module path: C:\WINDOWS\System32\msvcrt.dll
Report Id: 00cffce9-7fd5-4708-ae88-6a6c4a56b442
Faulting package full name:
Faulting package-relative application ID:

Error: (09/26/2017 04:44:17 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: VOOTOWER-PC)
Description: Application or service 'COM Surrogate' could not be shut down.

Error: (09/22/2017 08:25:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VOOTOWER-PC)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/22/2017 08:25:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VOOTOWER-PC)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/21/2017 08:23:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: ntdll.dll, version: 10.0.15063.447, time stamp: 0xa329d3a8
Exception code: 0xc0000374
Fault offset: 0x00000000000f775f
Faulting process id: 0x1fe0
Faulting application start time: 0x01d33338f29c4abd
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 657d8a12-a908-4a6b-aa4b-054de019fcc5
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (09/19/2017 06:53:11 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: VOOTOWER-PC)
Description: Application or service 'COM Surrogate' could not be shut down.

Error: (09/17/2017 03:04:47 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: VOOTOWER-PC)
Description: Application or service 'COM Surrogate' could not be shut down.


System errors:
=============
Error: (10/01/2017 08:26:21 PM) (Source: DCOM) (EventID: 10016) (User: VOOTOWER-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user vootower-PC\vootower SID (S-1-5-21-3933229292-1645347275-125418585-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/01/2017 08:26:20 PM) (Source: DCOM) (EventID: 10016) (User: VOOTOWER-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user vootower-PC\vootower SID (S-1-5-21-3933229292-1645347275-125418585-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/01/2017 08:26:19 PM) (Source: DCOM) (EventID: 10016) (User: VOOTOWER-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user vootower-PC\vootower SID (S-1-5-21-3933229292-1645347275-125418585-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/01/2017 08:26:19 PM) (Source: DCOM) (EventID: 10016) (User: VOOTOWER-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user vootower-PC\vootower SID (S-1-5-21-3933229292-1645347275-125418585-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/30/2017 08:22:08 PM) (Source: DCOM) (EventID: 10016) (User: VOOTOWER-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user vootower-PC\vootower SID (S-1-5-21-3933229292-1645347275-125418585-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/30/2017 08:22:07 PM) (Source: DCOM) (EventID: 10016) (User: VOOTOWER-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user vootower-PC\vootower SID (S-1-5-21-3933229292-1645347275-125418585-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/30/2017 08:22:05 PM) (Source: DCOM) (EventID: 10016) (User: VOOTOWER-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user vootower-PC\vootower SID (S-1-5-21-3933229292-1645347275-125418585-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/30/2017 08:22:05 PM) (Source: DCOM) (EventID: 10016) (User: VOOTOWER-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user vootower-PC\vootower SID (S-1-5-21-3933229292-1645347275-125418585-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/29/2017 07:57:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/28/2017 08:22:07 PM) (Source: DCOM) (EventID: 10016) (User: VOOTOWER-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user vootower-PC\vootower SID (S-1-5-21-3933229292-1645347275-125418585-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-10-02 21:37:11.552
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-02 21:37:11.550
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-02 20:23:04.333
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-02 20:23:04.331
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-02 07:22:24.674
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-02 07:22:24.672
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-02 04:04:54.779
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-02 04:04:54.422
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-01 08:46:11.255
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-01 08:46:11.254
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 52%
Total physical RAM: 8067.64 MB
Available physical RAM: 3863.09 MB
Total Virtual: 16259.64 MB
Available Virtual: 9918.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:85.36 GB) NTFS
Drive d: (CHARLOTTE_DISC1_4X3) (CDROM) (Total:7.7 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4F7AB9C9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 jrichland06

jrichland06
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 04 October 2017 - 07:32 PM

Sorry, new to this forum. Did i forget to put something in there?



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:03 AM

Posted 06 October 2017 - 07:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
FF user.js: detected! => C:\Users\vootower\AppData\Roaming\Mozilla\Firefox\Profiles\rnfk8uko.default\user.js [2016-11-21]
U3 idsvc; no ImagePath
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {14ADC154-129D-40A0-A751-827F7CF08884} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1C747D38-8C2F-4228-BE4C-1A722B3D07CC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2704D446-BC37-4162-9113-E230D0870BD3} - System32\Tasks\{FF30522B-C1E2-4B1C-A6A3-AAEBCAEA780E} => C:\Windows\system32\pcalua.exe -a "C:\Users\vootower\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FPC11A6\Setup[1].exe" -d C:\Users\vootower\Desktop
Task: {44275BBB-0096-47D1-8EBE-0B45205292B8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6F6D80AB-2E3F-4E0F-96FC-AC75B14F5B25} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {85BB3002-1A91-42F9-8C7B-2FCB47EBE2D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A9D3539F-BFB7-4B16-8BE8-068AD248CCFC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AC052234-AAE0-4BF8-A64F-00A3D39658AE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B370239D-E7AD-4DBF-AEE2-63347FB575AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B406B316-3A4B-463F-AD4C-25127315FD92} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BC154786-DAA2-404F-95B6-65B78DB229F8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CA0F70EC-E605-42F4-A6CC-B3B90C1ACA46} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CBA59C34-B900-4AA0-A591-B96E2821AECC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E0579F8F-B39B-41C7-859D-D0FDA10E1BB5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B [1008]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know what problem persists.

#4 jrichland06

jrichland06
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 06 October 2017 - 09:05 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2017
Ran by vootower (06-10-2017 21:45:59) Run:1
Running from C:\Users\vootower\Desktop
Loaded Profiles: vootower (Available Profiles: vootower & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
FF user.js: detected! => C:\Users\vootower\AppData\Roaming\Mozilla\Firefox\Profiles\rnfk8uko.default\user.js [2016-11-21]
U3 idsvc; no ImagePath
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {14ADC154-129D-40A0-A751-827F7CF08884} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1C747D38-8C2F-4228-BE4C-1A722B3D07CC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2704D446-BC37-4162-9113-E230D0870BD3} - System32\Tasks\{FF30522B-C1E2-4B1C-A6A3-AAEBCAEA780E} => C:\Windows\system32\pcalua.exe -a "C:\Users\vootower\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FPC11A6\Setup[1].exe" -d C:\Users\vootower\Desktop
Task: {44275BBB-0096-47D1-8EBE-0B45205292B8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6F6D80AB-2E3F-4E0F-96FC-AC75B14F5B25} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {85BB3002-1A91-42F9-8C7B-2FCB47EBE2D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A9D3539F-BFB7-4B16-8BE8-068AD248CCFC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AC052234-AAE0-4BF8-A64F-00A3D39658AE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B370239D-E7AD-4DBF-AEE2-63347FB575AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B406B316-3A4B-463F-AD4C-25127315FD92} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BC154786-DAA2-404F-95B6-65B78DB229F8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CA0F70EC-E605-42F4-A6CC-B3B90C1ACA46} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CBA59C34-B900-4AA0-A591-B96E2821AECC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E0579F8F-B39B-41C7-859D-D0FDA10E1BB5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B [1008]

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Users\vootower\AppData\Roaming\Mozilla\Firefox\Profiles\rnfk8uko.default\user.js => moved successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14ADC154-129D-40A0-A751-827F7CF08884} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14ADC154-129D-40A0-A751-827F7CF08884} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C747D38-8C2F-4228-BE4C-1A722B3D07CC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C747D38-8C2F-4228-BE4C-1A722B3D07CC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2704D446-BC37-4162-9113-E230D0870BD3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2704D446-BC37-4162-9113-E230D0870BD3} => key removed successfully
C:\WINDOWS\System32\Tasks\{FF30522B-C1E2-4B1C-A6A3-AAEBCAEA780E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FF30522B-C1E2-4B1C-A6A3-AAEBCAEA780E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44275BBB-0096-47D1-8EBE-0B45205292B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44275BBB-0096-47D1-8EBE-0B45205292B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F6D80AB-2E3F-4E0F-96FC-AC75B14F5B25} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F6D80AB-2E3F-4E0F-96FC-AC75B14F5B25} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-URT => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85BB3002-1A91-42F9-8C7B-2FCB47EBE2D3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85BB3002-1A91-42F9-8C7B-2FCB47EBE2D3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9D3539F-BFB7-4B16-8BE8-068AD248CCFC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9D3539F-BFB7-4B16-8BE8-068AD248CCFC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC052234-AAE0-4BF8-A64F-00A3D39658AE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC052234-AAE0-4BF8-A64F-00A3D39658AE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B370239D-E7AD-4DBF-AEE2-63347FB575AF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B370239D-E7AD-4DBF-AEE2-63347FB575AF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B406B316-3A4B-463F-AD4C-25127315FD92} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B406B316-3A4B-463F-AD4C-25127315FD92} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC154786-DAA2-404F-95B6-65B78DB229F8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC154786-DAA2-404F-95B6-65B78DB229F8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA0F70EC-E605-42F4-A6CC-B3B90C1ACA46} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA0F70EC-E605-42F4-A6CC-B3B90C1ACA46} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CBA59C34-B900-4AA0-A591-B96E2821AECC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBA59C34-B900-4AA0-A591-B96E2821AECC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0579F8F-B39B-41C7-859D-D0FDA10E1BB5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0579F8F-B39B-41C7-859D-D0FDA10E1BB5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
C:\ProgramData\TEMP => ":9A870F8B" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36291139 B
Java, Flash, Steam htmlcache => 367538154 B
Windows/system/drivers => 1230408058 B
Edge => 6325 B
Chrome => 468239009 B
Firefox => 385424859 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 5248 B
vootower => 726821319 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:53:10 ====



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:03 AM

Posted 07 October 2017 - 07:23 AM

How is the system running now?

#6 jrichland06

jrichland06
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 07 October 2017 - 02:50 PM

just fine. It was running well before, minus a router issue. Which is when i contacted netgear, which led to them telling me i have viruses in my prefetch folder. So, not seeing any issues?



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:03 AM

Posted 08 October 2017 - 07:28 AM

Hi,

Information on the Prefetch Folder.
https://answers.microsoft.com/en-us/windows/forum/windows_vista-update/can-i-delete-the-data-in-the-prefetch-folder/c54a8e56-c8cf-451d-a88f-07f06a2f2d54?auth=1

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users