Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware/Trojan file that might be called smp2.exe


  • This topic is locked This topic is locked
8 replies to this topic

#1 lgoudie

lgoudie

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 16 October 2017 - 03:11 PM

Attempted to download a file that must have had a virus, stooped the download halfway, but PC has still been compromised. 

 

Upon restarting/restoring my computer a black command prompt box opens with a title that includes "smp2.exe", after which begins all the problems I mention below: 

 

Many ads open up in my browser and my Google Chrome search engine has been redirected to: http://www-searching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58.

 

The virus is preventing me from running MalwareBytes or ESETPoweliksCleaner, saying an "administrator is preventing access". I am however able to activate Rkill, to stop what seems like most of the Adware, but the core problem still seems to exist. I have attached the Rkill file after the FRST and Addition files

 

Currently this is all that I am aware of what the virus is doing, but I am sure much more is going on. I have copied below the FRST file: 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2017
Ran by lukeg (administrator) on LAPTOP-8VD73NK9 (16-10-2017 13:52:17)
Running from C:\Users\lukeg\Downloads
Loaded Profiles: lukeg (Available Profiles: lukeg & Admin)
Platform: Windows 10 Home Version 1607 170917-1700 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Windows ® Win 7 DDK provider) C:\WINDOWS\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Seiko Epson Corporation) C:\WINDOWS\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(SweetLabs, Inc) C:\Users\lukeg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
() C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(int ltd) C:\Program Files (x86)\LI9lcRvANzho\zhhxjonydx1i.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\CompatTelRunner.exe
(Runtime Software) C:\Program Files (x86)\Runtime Software\DriveImage XML\dixml.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-06] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [gplyra] => C:\Users\lukeg\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] () <==== ATTENTION
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2016-08-15] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3481912 2017-10-03] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM\...\RunOnce: [LAPTOP-8VD73NK9] => C:\WINDOWS\Temp\gB163.tmp.exe [212992 2017-10-16] () <==== ATTENTION
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3101984 2017-10-13] (Valve Corporation)
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [HP OfficeJet 4650 series (NET)] => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (HP Inc.)
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [ENFQJWKVAE.exe] => C:\Program Files\Factorio\LLVHQZWNRA\ENFQJWKVAE.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [ZBIJJZQLEN.exe] => C:\Program Files\Factorio\EWUMDCNZHA\ZBIJJZQLEN.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [NAPQPGVFRN.exe] => C:\Program Files\Factorio\FNGOHYCETK\NAPQPGVFRN.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [4wxqCqFO7MqnY.exe] => C:\Users\lukeg\AppData\Local\9712a8d3ae6346c59e45738b0cead4a8\4wxqCqFO7MqnY.exe [184320 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [N8NuJ3ZKw6WkW.exe] => C:\Users\lukeg\AppData\Local\9f109db3fce54301bed57dd514c3b546\N8NuJ3ZKw6WkW.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [fwkVQhmUm6.exe] => C:\ProgramData\9ad2cac23b464aab8098b46052f41cf2\fwkVQhmUm6.exe [184320 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [3CAXh50.exe] => C:\Users\lukeg\AppData\Local\a022a0a374314a34adb4a8dc7091d2e4\3CAXh50.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [HiddenBush] => C:\WINDOWS\rss\csrss.exe [2558976 2017-10-15] () <==== ATTENTION
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\MountPoints2: {c67b9378-ca12-11e5-9bd6-2c600cde60a4} - "D:\setup.exe" 
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\MountPoints2: {d9fab65a-f475-11e6-9c04-2c600cde60a4} - "F:\setup.exe" 
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\MountPoints2: {f0b7506e-90dc-11e6-9bf6-2c600cde60a4} - "E:\setup.exe" 
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 136.159.1.21 136.159.34.201
Tcpip\..\Interfaces\{87217844-16da-4140-9f8f-8bbddeafe66c}: [NameServer] 82.163.143.12,82.163.142.22
Tcpip\..\Interfaces\{87217844-16da-4140-9f8f-8bbddeafe66c}: [DhcpNameServer] 136.159.1.21 136.159.34.201
Tcpip\..\Interfaces\{d6d95a5f-2dd4-4a92-9902-e45c2e651e56}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811013
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2554303399-3207203618-2176961843-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=B78706B7-7A93-49FE-8472-A920F1E5D71B&SearchSource=58&CUI=&UM=8&UP=SP7B4EB22D-7118-43C1-849F-F66B3683E808&D=122915&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2554303399-3207203618-2176961843-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2554303399-3207203618-2176961843-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BD849F4AD-9029-4F19-8072-A7DAC3C78B05%7D&gp=811014
BHO: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-24] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: The Amazon 1Button App for Internet Explorer -> {BAC72C85-CEC6-4B86-AF06-FA20C259FAB8} -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonBrowserHelper64.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-24] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-29] (Oracle Corporation)
BHO-x32: Search@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\lukeg\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2017-10-15] (Mail.Ru)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-29] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 9m56i2ec.default
FF ProfilePath: C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default [2017-10-15]
FF NewTab: Mozilla\Firefox\Profiles\9m56i2ec.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9m56i2ec.default -> Поиск@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9m56i2ec.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\9m56i2ec.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
FF Keyword.URL: Mozilla\Firefox\Profiles\9m56i2ec.default -> hxxp://go.mail.ru/distib/ep/?fr=ntg&product_id=%7B8D1566C7-0C5E-48B5-90DA-47591E37FD6D%7D&gp=811014
FF Extension: (Amazon Assistant for Firefox) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\abb@amazon.com.xpi [2017-07-01]
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\homepage@mail.ru [2017-10-15]
FF Extension: (Dashlane) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\jetpack-extension@dashlane.com.xpi [2017-06-07]
FF Extension: (English (US) Language Pack) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-06-23]
FF Extension: (Поиск@Mail.Ru) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\search@mail.ru [2017-10-15]
FF Extension: (Пульт) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-10-15]
FF Extension: (Adblock Plus) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF SearchPlugin: C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\searchplugins\mailru.xml [2017-10-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-01-20] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_159.dll [2017-10-11] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Users\lukeg\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-09-06] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR HomePage: Default -> inline.go.mail.ru
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default [2017-10-16]
CHR Extension: (Slides) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-04]
CHR Extension: (Mail.Ru) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2017-10-15]
CHR Extension: (YouTube) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-04]
CHR Extension: (Google Cast) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-09-05]
CHR Extension: (Adblock Plus) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27]
CHR Extension: (Mendeley Importer) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dagcmkpagjlhakfdhnbomgmjdpkdklff [2017-09-19]
CHR Extension: (Adobe Acrobat) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\enafhpjmlnpmbdnbpjkihmadnkfnpiim [2017-10-15]
CHR Extension: (Sheets) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-04]
CHR Extension: (Chrome Media Router) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [enafhpjmlnpmbdnbpjkihmadnkfnpiim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761608 2017-09-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-10] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-10-03] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [395616 2015-07-17] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [450400 2015-07-17] (Acer Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-03] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-01-03] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [46392 2016-01-03] (Disc Soft Ltd)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-07-17] (Acer Incorporated)
R1 MpKsl46fd0f0b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{098A1203-6199-4A05-9750-240A7CC70836}\MpKsl46fd0f0b.sys [58120 2017-10-16] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-07-17] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
S3 ser2at; C:\WINDOWS\system32\DRIVERS\ser2at64.sys [96256 2009-10-15] (ATEN)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [47784 2015-07-28] (Synaptics Incorporated)
S3 USA19H; C:\WINDOWS\system32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)
S3 USA19HP; C:\WINDOWS\system32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-16 13:51 - 2017-10-16 13:51 - 000000000 ____D C:\Users\lukeg\Desktop\FarBar
2017-10-16 13:48 - 2017-10-16 13:48 - 000001188 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2017-10-16 13:48 - 2017-10-16 13:48 - 000000000 ____D C:\Program Files (x86)\Runtime Software
2017-10-16 13:45 - 2017-10-16 13:46 - 002023440 _____ C:\Users\lukeg\Downloads\dixmlsetup.exe
2017-10-16 13:36 - 2017-10-16 13:52 - 000000000 ____D C:\FRST
2017-10-16 13:35 - 2017-10-16 13:36 - 002401792 _____ (Farbar) C:\Users\lukeg\Downloads\FRST64.exe
2017-10-16 08:49 - 2017-10-16 08:49 - 000000000 ____D C:\ProgramData\BlueStacks
2017-10-16 08:48 - 2017-10-16 08:48 - 000000000 ____D C:\Users\lukeg\AppData\Roaming\WildTangent
2017-10-16 06:57 - 2017-10-16 06:58 - 071535032 _____ (Malwarebytes ) C:\Users\lukeg\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951 (1).exe
2017-10-16 06:55 - 2017-10-16 08:56 - 000004042 _____ C:\Users\lukeg\Desktop\Rkill.txt
2017-10-16 06:54 - 2017-10-16 06:55 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\lukeg\Downloads\rkill.exe
2017-10-16 06:50 - 2017-10-16 08:49 - 000549504 _____ (ESET) C:\Users\lukeg\Downloads\ESETPoweliksCleaner.exe
2017-10-16 01:43 - 2017-10-16 08:08 - 107741184 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-10-16 01:23 - 2017-10-16 01:43 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-10-16 00:34 - 2017-10-16 13:53 - 000033585 _____ C:\Users\lukeg\Downloads\FRST.txt
2017-10-16 00:33 - 2017-10-16 00:33 - 000009794 _____ C:\Users\lukeg\Downloads\fixlist.txt
2017-10-15 23:56 - 2017-10-16 08:53 - 071535032 _____ (Malwarebytes ) C:\Users\lukeg\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-15 23:51 - 2017-10-16 08:50 - 000003106 _____ C:\WINDOWS\System32\Tasks\RunAtStartup
2017-10-15 20:10 - 2017-10-15 20:10 - 000003598 _____ C:\WINDOWS\System32\Tasks\IBUpd
2017-10-15 20:10 - 2017-10-15 20:10 - 000000000 ____D C:\Users\lukeg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2017-10-15 19:55 - 2017-10-15 20:03 - 000000000 ____D C:\Users\lukeg\Desktop\Euro Trip 2017
2017-10-15 19:53 - 2017-10-15 20:05 - 000000000 ____D C:\Users\lukeg\Desktop\City of Calgary Timesheets
2017-10-15 18:28 - 2017-10-15 20:10 - 000003344 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2017-10-15 18:25 - 2017-10-15 18:25 - 000000000 ____D C:\Program Files\Common Files\Noobzo
2017-10-15 15:08 - 2017-10-15 15:08 - 000000337 _____ C:\UBT_UninstallLog.txt
2017-10-15 14:27 - 2017-10-16 08:46 - 000000000 ____D C:\ProgramData\598e9470-7ff7-0
2017-10-15 14:27 - 2017-10-16 08:46 - 000000000 ____D C:\ProgramData\598e9470-0a03-1
2017-10-15 14:27 - 2017-10-15 14:32 - 000000000 ____D C:\Program Files (x86)\FastDataX
2017-10-15 14:27 - 2017-10-15 14:27 - 000021602 _____ C:\WINDOWS\System32\Tasks\zhHXJoNYdx1i
2017-10-15 14:27 - 2017-10-15 14:27 - 000000000 ___HD C:\WINDOWS\rss
2017-10-15 14:26 - 2017-10-16 08:46 - 000000000 ____D C:\ProgramData\e7974eb4-24a7-0
2017-10-15 14:26 - 2017-10-16 08:46 - 000000000 ____D C:\ProgramData\e7974eb4-1503-1
2017-10-15 14:26 - 2017-10-15 14:26 - 000016818 _____ C:\WINDOWS\System32\Tasks\Audio Gateway
2017-10-15 14:25 - 2017-10-15 14:25 - 000000000 ____D C:\Users\lukeg\AppData\Local\a022a0a374314a34adb4a8dc7091d2e4
2017-10-15 14:25 - 2017-10-15 14:25 - 000000000 ____D C:\ProgramData\aed7c4b2bb344c128608273781b197b7
2017-10-15 14:25 - 2017-10-15 14:25 - 000000000 ____D C:\ProgramData\9ad2cac23b464aab8098b46052f41cf2
2017-10-15 14:04 - 2017-10-16 00:24 - 000000000 ____D C:\Users\lukeg\AppData\Roaming\Event Monitor
2017-10-15 14:04 - 2017-10-15 18:24 - 000301568 _____ C:\ProgramData\smp2.exe
2017-10-15 14:04 - 2017-10-15 18:24 - 000187904 _____ C:\WINDOWS\rsrcs.dll
2017-10-15 14:04 - 2017-10-15 18:24 - 000004252 _____ C:\WINDOWS\System32\Tasks\SMW_P
2017-10-15 14:04 - 2017-10-15 14:28 - 000000000 ____D C:\Users\lukeg\AppData\Roaming\gplyra
2017-10-15 14:04 - 2017-10-15 14:04 - 000021602 _____ C:\WINDOWS\System32\Tasks\LI9lcRvANzho
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 ____D C:\Users\lukeg\AppData\Local\Поиcк в Интeрнете
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 ____D C:\Users\lukeg\AppData\Local\AdService
2017-10-15 14:03 - 2017-10-15 14:26 - 000000000 ____D C:\Program Files (x86)\LI9lcRvANzho
2017-10-15 14:03 - 2017-10-15 14:03 - 000140800 _____ C:\Users\lukeg\AppData\Local\installer.dat
2017-10-15 14:03 - 2017-10-15 14:03 - 000016888 _____ C:\WINDOWS\System32\Tasks\NovaScript Refresher Lite
2017-10-15 14:03 - 2017-10-15 14:03 - 000011568 _____ C:\Users\lukeg\AppData\Local\InstallationConfiguration.xml
2017-10-15 14:03 - 2017-10-15 14:03 - 000000000 ____D C:\Users\lukeg\AppData\Local\9f109db3fce54301bed57dd514c3b546
2017-10-15 14:03 - 2017-10-15 14:03 - 000000000 ____D C:\Users\lukeg\AppData\Local\9712a8d3ae6346c59e45738b0cead4a8
2017-10-15 14:03 - 2017-10-15 14:03 - 000000000 ____D C:\Users\lukeg\AppData\Local\788fb47a31bf4b83bf5fc8fcd5b29c1f
2017-10-15 14:03 - 2017-10-15 14:03 - 000000000 ____D C:\Program Files (x86)\pccleanplus
2017-10-15 14:01 - 2017-10-15 14:33 - 000000000 ____D C:\Users\lukeg\AppData\Local\Mail.Ru
2017-10-15 14:01 - 2017-10-15 14:33 - 000000000 ____D C:\Program Files (x86)\Mail.Ru
2017-10-15 14:01 - 2017-10-15 14:01 - 000000000 ____D C:\ProgramData\Mail.Ru
2017-10-15 07:37 - 2017-10-15 07:37 - 000815104 _____ () C:\WINDOWS\system32\bi3.exe
2017-10-14 17:56 - 2017-10-14 17:58 - 000000000 ____D C:\Users\lukeg\Downloads\Parks and Recreation S01-S07 (2009-)
2017-10-12 14:05 - 2017-10-12 14:05 - 002311295 _____ C:\Users\lukeg\Downloads\20-Transferable-Skills-1.pdf
2017-10-11 07:23 - 2017-10-11 07:23 - 000667036 _____ C:\Users\lukeg\Downloads\O'Brien_et_al-2000-European_Journal_of_Biochemistry.pdf
2017-10-10 23:26 - 2017-10-10 23:26 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-10 23:20 - 2017-09-17 21:27 - 000218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-10-10 23:20 - 2017-09-17 21:09 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-10 23:20 - 2017-09-17 21:09 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-10 23:20 - 2017-09-17 21:08 - 000998920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-10 23:20 - 2017-09-17 21:05 - 001177688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-10 23:20 - 2017-09-17 21:05 - 000497424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-10 23:20 - 2017-09-17 21:05 - 000172536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-10 23:20 - 2017-09-17 21:04 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-10 23:20 - 2017-09-17 21:04 - 000918304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-10 23:20 - 2017-09-17 21:03 - 000791272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-10 23:20 - 2017-09-17 21:02 - 007213464 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-10 23:20 - 2017-09-17 21:02 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-10-10 23:20 - 2017-09-17 21:00 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-10-10 23:20 - 2017-09-17 20:59 - 022220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-10 23:20 - 2017-09-17 20:59 - 008173672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-10 23:20 - 2017-09-17 20:59 - 004260072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-10-10 23:20 - 2017-09-17 20:59 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-10-10 23:20 - 2017-09-17 20:59 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-10-10 23:20 - 2017-09-17 20:59 - 000341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-10 23:20 - 2017-09-17 20:56 - 000057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-10 23:20 - 2017-09-17 20:55 - 005722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-10 23:20 - 2017-09-17 20:55 - 001431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-10-10 23:20 - 2017-09-17 20:54 - 001980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-10-10 23:20 - 2017-09-17 20:52 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-10 23:20 - 2017-09-17 20:52 - 006672680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-10 23:20 - 2017-09-17 20:52 - 004023560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-10-10 23:20 - 2017-09-17 20:52 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-10-10 23:20 - 2017-09-17 20:52 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-10-10 23:20 - 2017-09-17 20:52 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-10-10 23:20 - 2017-09-17 20:52 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-10-10 23:20 - 2017-09-17 20:51 - 000178016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-10 23:20 - 2017-09-17 20:49 - 001435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-10 23:20 - 2017-09-17 20:49 - 001412128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-10 23:20 - 2017-09-17 20:49 - 001260784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-10 23:20 - 2017-09-17 20:48 - 000117792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-10 23:20 - 2017-09-17 20:35 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-10-10 23:20 - 2017-09-17 20:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-10-10 23:20 - 2017-09-17 20:33 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-10 23:20 - 2017-09-17 20:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-10-10 23:20 - 2017-09-17 20:32 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-10 23:20 - 2017-09-17 20:32 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-10 23:20 - 2017-09-17 20:31 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-10-10 23:20 - 2017-09-17 20:31 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-10-10 23:20 - 2017-09-17 20:31 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-10 23:20 - 2017-09-17 20:31 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-10-10 23:20 - 2017-09-17 20:31 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-10 23:20 - 2017-09-17 20:30 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-10 23:20 - 2017-09-17 20:30 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-10-10 23:20 - 2017-09-17 20:29 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-10 23:20 - 2017-09-17 20:29 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-10-10 23:20 - 2017-09-17 20:29 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-10-10 23:20 - 2017-09-17 20:28 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-10 23:20 - 2017-09-17 20:28 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-10-10 23:20 - 2017-09-17 20:28 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-10-10 23:20 - 2017-09-17 20:28 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2017-10-10 23:20 - 2017-09-17 20:28 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-10-10 23:20 - 2017-09-17 20:27 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-10-10 23:20 - 2017-09-17 20:27 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-10-10 23:20 - 2017-09-17 20:27 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-10-10 23:20 - 2017-09-17 20:27 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-10-10 23:20 - 2017-09-17 20:27 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-10 23:20 - 2017-09-17 20:27 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-10-10 23:20 - 2017-09-17 20:27 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-10 23:20 - 2017-09-17 20:26 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-10-10 23:20 - 2017-09-17 20:26 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-10-10 23:20 - 2017-09-17 20:26 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-10 23:20 - 2017-09-17 20:26 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-10 23:20 - 2017-09-17 20:26 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-10-10 23:20 - 2017-09-17 20:26 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-10-10 23:20 - 2017-09-17 20:26 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-10 23:20 - 2017-09-17 20:26 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-10-10 23:20 - 2017-09-17 20:25 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-10-10 23:20 - 2017-09-17 20:25 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-10 23:20 - 2017-09-17 20:24 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-10 23:20 - 2017-09-17 20:24 - 000819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-10-10 23:20 - 2017-09-17 20:24 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-10-10 23:20 - 2017-09-17 20:24 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-10 23:20 - 2017-09-17 20:24 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-10 23:20 - 2017-09-17 20:23 - 000857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-10-10 23:20 - 2017-09-17 20:23 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-10-10 23:20 - 2017-09-17 20:23 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-10-10 23:20 - 2017-09-17 20:23 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-10-10 23:20 - 2017-09-17 20:23 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-10 23:20 - 2017-09-17 20:23 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-10-10 23:20 - 2017-09-17 20:22 - 001323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-10 23:20 - 2017-09-17 20:22 - 001137664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-10 23:20 - 2017-09-17 20:21 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-10 23:20 - 2017-09-17 20:20 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-10 23:20 - 2017-09-17 20:20 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-10-10 23:20 - 2017-09-17 20:20 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-10-10 23:20 - 2017-09-17 20:19 - 002750976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-10-10 23:20 - 2017-09-17 20:19 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-10 23:20 - 2017-09-17 20:19 - 000303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-10 23:20 - 2017-09-17 20:19 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-10 23:20 - 2017-09-17 20:18 - 008077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-10 23:20 - 2017-09-17 20:18 - 007470592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-10 23:20 - 2017-09-17 20:18 - 001145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-10-10 23:20 - 2017-09-17 20:18 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-10-10 23:20 - 2017-09-17 20:17 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-10 23:20 - 2017-09-17 20:17 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-10-10 23:20 - 2017-09-17 20:16 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-10-10 23:20 - 2017-09-17 20:16 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-10-10 23:20 - 2017-09-17 20:15 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-10-10 23:20 - 2017-09-17 20:15 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-10-10 23:20 - 2017-09-17 20:14 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-10 23:20 - 2017-09-17 20:14 - 002740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 002483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 001599488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 000983552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-10-10 23:20 - 2017-09-17 20:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-10 23:20 - 2017-09-17 20:13 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-10-10 23:20 - 2017-09-17 20:13 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-10-10 23:20 - 2017-09-17 20:13 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-10-10 23:20 - 2017-09-17 20:13 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-10-10 23:20 - 2017-09-17 20:13 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-10-10 23:20 - 2017-09-17 20:13 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-10-10 23:20 - 2017-09-17 20:13 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2017-10-10 23:20 - 2017-09-17 20:12 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-10-10 23:20 - 2017-09-17 20:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-10 23:20 - 2017-09-17 20:12 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2017-10-10 23:20 - 2017-09-17 20:11 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-10-10 23:20 - 2017-09-17 20:11 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-10 23:20 - 2017-09-14 17:05 - 001302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-10-10 23:20 - 2017-09-14 16:59 - 000096064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-10-10 23:20 - 2017-09-14 16:52 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-10-10 23:20 - 2017-09-14 16:49 - 001202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-10-10 23:20 - 2017-09-14 16:34 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-10-10 23:20 - 2017-09-14 16:32 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2017-10-10 23:20 - 2017-09-14 16:32 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-10 23:20 - 2017-09-14 16:31 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-10 23:20 - 2017-09-14 16:30 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-10-10 23:20 - 2017-09-14 16:30 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2017-10-10 23:20 - 2017-09-14 16:30 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB7.dll
2017-10-10 23:20 - 2017-09-14 16:30 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-10-10 23:20 - 2017-09-14 16:30 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-10-10 23:20 - 2017-09-14 16:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-10 23:20 - 2017-09-14 16:28 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-10-10 23:20 - 2017-09-14 16:28 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-10-10 23:20 - 2017-09-14 16:27 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-10-10 23:20 - 2017-09-14 16:26 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-10-10 23:20 - 2017-09-14 16:26 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-10-10 23:20 - 2017-09-14 16:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2017-10-10 23:20 - 2017-09-14 16:25 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-10-10 23:20 - 2017-09-14 16:22 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-10-10 23:20 - 2017-09-14 16:18 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-10 23:20 - 2017-09-14 16:18 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2017-10-10 23:20 - 2017-09-14 16:16 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2017-10-10 23:20 - 2017-09-14 16:15 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-10 23:20 - 2017-09-13 20:04 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-10 23:20 - 2017-09-13 20:04 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-10 23:20 - 2017-09-13 20:04 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-10 23:20 - 2017-03-04 00:28 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-10-10 23:20 - 2017-03-04 00:25 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-10-10 23:20 - 2017-03-04 00:24 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-10-10 23:20 - 2017-03-04 00:23 - 001184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-10-10 23:20 - 2017-03-04 00:23 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-10-10 23:20 - 2017-03-04 00:18 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-10-10 23:20 - 2017-03-04 00:16 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-10-10 23:20 - 2017-03-04 00:00 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-10-10 23:20 - 2017-03-04 00:00 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-10-10 23:20 - 2016-08-26 23:12 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-10-10 23:19 - 2017-09-17 21:17 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-10-10 23:19 - 2017-09-17 21:17 - 000245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-10-10 23:19 - 2017-09-17 21:17 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-10-10 23:19 - 2017-09-17 21:09 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-10 23:19 - 2017-09-17 21:09 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-10 23:19 - 2017-09-17 21:08 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-10 23:19 - 2017-09-17 21:05 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-10-10 23:19 - 2017-09-17 21:04 - 000404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-10 23:19 - 2017-09-17 21:01 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-10-10 23:19 - 2017-09-17 21:01 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-10 23:19 - 2017-09-17 21:01 - 000431456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-10-10 23:19 - 2017-09-17 21:01 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-10 23:19 - 2017-09-17 20:59 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-10-10 23:19 - 2017-09-17 20:58 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-10-10 23:19 - 2017-09-17 20:58 - 000206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-10 23:19 - 2017-09-17 20:57 - 001566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-10 23:19 - 2017-09-17 20:57 - 001460696 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-10 23:19 - 2017-09-17 20:57 - 001415712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-10 23:19 - 2017-09-17 20:36 - 022570496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-10 23:19 - 2017-09-17 20:33 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransliterationRanker.dll
2017-10-10 23:19 - 2017-09-17 20:32 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpninputrouter.dll
2017-10-10 23:19 - 2017-09-17 20:32 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmojiDS.dll
2017-10-10 23:19 - 2017-09-17 20:31 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\RuleBasedDS.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpnranker.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000174592 _____ C:\WINDOWS\system32\IHDS.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\VocabRoamingHandler.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StaticDictDS.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxranker.dll
2017-10-10 23:19 - 2017-09-17 20:29 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-10 23:19 - 2017-09-17 20:29 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsStrokeDS.dll
2017-10-10 23:19 - 2017-09-17 20:29 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-10-10 23:19 - 2017-09-17 20:28 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtHkStrokeDS.dll
2017-10-10 23:19 - 2017-09-17 20:28 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsPinyinRanker.dll
2017-10-10 23:19 - 2017-09-17 20:28 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MtfDecoder.dll
2017-10-10 23:19 - 2017-09-17 20:28 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxAPDS.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimeChsPinyinMainDS.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxHAPDS.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtCangjieDS.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtQuickDS.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpndecoder.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxinputrouter.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-10 23:19 - 2017-09-17 20:26 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-10-10 23:19 - 2017-09-17 20:26 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-10-10 23:19 - 2017-09-17 20:26 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-10 23:19 - 2017-09-17 20:26 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-10-10 23:19 - 2017-09-17 20:26 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-10-10 23:19 - 2017-09-17 20:26 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-10-10 23:19 - 2017-09-17 20:26 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-10-10 23:19 - 2017-09-17 20:25 - 001914368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-10 23:19 - 2017-09-17 20:25 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-10 23:19 - 2017-09-17 20:24 - 013107712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-10 23:19 - 2017-09-17 20:24 - 002103808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-10-10 23:19 - 2017-09-17 20:24 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-10-10 23:19 - 2017-09-17 20:24 - 001584640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-10 23:19 - 2017-09-17 20:23 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-10-10 23:19 - 2017-09-17 20:22 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-10-10 23:19 - 2017-09-17 20:22 - 003291648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-10-10 23:19 - 2017-09-17 20:22 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-10-10 23:19 - 2017-09-17 20:22 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-10 23:19 - 2017-09-17 20:22 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-10 23:19 - 2017-09-17 20:20 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-10 23:19 - 2017-09-17 20:20 - 019414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-10 23:19 - 2017-09-17 20:20 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-10-10 23:19 - 2017-09-17 20:18 - 012204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-10 23:19 - 2017-09-17 20:18 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-10 23:19 - 2017-09-17 20:18 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-10 23:19 - 2017-09-17 20:18 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-10 23:19 - 2017-09-17 20:18 - 000932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-10-10 23:19 - 2017-09-17 20:17 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-10 23:19 - 2017-09-17 20:17 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-10 23:19 - 2017-09-17 20:16 - 004743168 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-10 23:19 - 2017-09-17 20:16 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 003202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-10 23:19 - 2017-09-17 20:14 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-10 23:19 - 2017-09-17 20:14 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 001040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 000650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-10 23:19 - 2017-09-17 20:13 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-10-10 23:19 - 2017-09-17 20:13 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-10-10 23:19 - 2017-09-17 20:13 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-10-10 23:19 - 2017-09-17 20:11 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\trie.dll
2017-10-10 23:19 - 2017-09-17 20:11 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFFuzzyDS.dll
2017-10-10 23:19 - 2017-09-17 20:11 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFSpellcheckDS.dll
2017-10-10 23:19 - 2017-09-14 17:14 - 000119328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-10-10 23:19 - 2017-09-14 16:32 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-10-10 23:19 - 2017-09-14 16:32 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-10-10 23:19 - 2017-09-14 16:31 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-10 23:19 - 2017-09-14 16:29 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-10-10 23:19 - 2017-09-14 16:25 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-10-10 23:19 - 2017-09-14 16:24 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-10-10 23:19 - 2017-09-14 16:23 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-10 23:19 - 2017-09-14 16:22 - 000634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-10-10 23:19 - 2017-09-14 16:20 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-10-10 23:19 - 2017-09-14 16:19 - 000928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-10-10 23:19 - 2017-03-04 01:10 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-10-10 23:19 - 2017-03-04 00:11 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-10-10 23:19 - 2017-03-04 00:07 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-10-10 23:19 - 2016-08-05 22:16 - 000026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-10-10 23:19 - 2016-08-02 02:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-10-10 23:18 - 2017-09-17 20:32 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-10 23:18 - 2017-09-17 20:28 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-10-10 23:18 - 2017-09-17 20:27 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-10 23:18 - 2017-09-17 20:26 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2017-10-10 23:18 - 2017-09-17 20:25 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-10 23:18 - 2017-09-17 20:25 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-10-10 23:18 - 2017-09-17 20:19 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-10-10 23:18 - 2017-09-17 20:19 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2017-10-10 23:18 - 2017-09-17 20:13 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2017-10-10 23:18 - 2017-09-14 16:32 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB7.dll
2017-10-10 23:18 - 2017-09-14 16:31 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-10-10 23:18 - 2017-09-14 16:24 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2017-10-10 23:18 - 2017-09-14 16:22 - 000820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-10-10 23:18 - 2017-09-14 16:19 - 001421824 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-10-09 21:39 - 2017-10-15 19:57 - 000000000 ____D C:\Users\lukeg\Desktop\HP Shortcuts
2017-10-09 21:33 - 2017-10-09 21:33 - 000128541 _____ C:\Users\lukeg\OneDrive\Documents\Luke_G_Alberta_Health_Care_Card.pdf
2017-10-09 21:33 - 2017-10-09 21:33 - 000117771 _____ C:\Users\lukeg\OneDrive\Documents\Luke_G_Drivers_License.pdf
2017-10-09 21:26 - 2017-10-09 21:26 - 000000000 ____D C:\Users\lukeg\OneDrive\Documents\HpReg_Backup
2017-10-09 21:20 - 2017-10-09 21:20 - 000000000 ____D C:\Users\lukeg\AppData\Roaming\HPPSDr
2017-10-08 22:52 - 2017-10-09 21:19 - 011097040 _____ C:\Users\lukeg\Downloads\HPPSdr.exe
2017-10-06 21:15 - 2017-10-06 21:15 - 000003738 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP OfficeJet 4650 series
2017-10-06 21:15 - 2017-10-06 21:15 - 000000000 ____D C:\ProgramData\Visan
2017-10-06 21:15 - 2017-10-06 21:15 - 000000000 ____D C:\ProgramData\HP Photo Creations
2017-10-06 21:15 - 2017-10-06 21:15 - 000000000 ____D C:\Program Files (x86)\HP Photo Creations
2017-10-06 21:14 - 2017-10-06 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-10-06 21:14 - 2017-10-06 21:14 - 000000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2017-10-06 21:13 - 2017-10-09 21:19 - 000000000 ____D C:\Users\lukeg\AppData\Local\HP
2017-10-06 21:13 - 2017-10-09 21:19 - 000000000 ____D C:\Program Files (x86)\HP
2017-10-06 21:13 - 2017-10-06 21:13 - 000000000 ____D C:\Program Files\HP
2017-10-06 20:37 - 2017-10-06 21:10 - 216648224 _____ C:\Users\lukeg\Downloads\OJ4650_Full_WebPack_1122.exe
2017-10-06 20:17 - 2017-10-06 20:17 - 000130171 _____ C:\Users\lukeg\Downloads\Luke_Goudie.pdf
2017-10-05 17:54 - 2017-10-05 17:54 - 000919322 _____ C:\Users\lukeg\Downloads\or_28_5_1597_PDF (1).pdf
2017-10-05 17:53 - 2017-10-05 17:53 - 000919322 _____ C:\Users\lukeg\Downloads\or_28_5_1597_PDF.pdf
2017-10-05 17:52 - 2017-10-05 17:52 - 000373269 _____ C:\Users\lukeg\Downloads\or_24_4_869_PDF.pdf
2017-10-05 15:17 - 2017-10-05 15:17 - 000133491 _____ C:\Users\lukeg\Downloads\or_16_6_1357_PDF.pdf
2017-10-05 12:19 - 2017-10-05 12:20 - 004549044 _____ C:\Users\lukeg\Downloads\USA-19HS-Driver-Windows-2000-XP-2003-Server-Vista (1).zip
2017-10-04 18:23 - 2017-10-04 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-04 10:55 - 2017-10-04 16:00 - 000000000 ___RD C:\Users\lukeg\OneDrive - University of Calgary
2017-10-03 13:37 - 2017-10-03 13:37 - 000342967 ____H C:\Users\lukeg\Downloads\~WRL0938.tmp
2017-10-03 10:39 - 2017-10-03 10:39 - 000000165 ____H C:\Users\lukeg\Desktop\~$Supervisory Committee Meeting Presentation.pptx
2017-10-03 04:21 - 2017-10-03 04:21 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-10-03 04:21 - 2017-10-03 04:21 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-10-03 04:21 - 2017-10-03 04:21 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-10-03 04:21 - 2017-10-03 04:21 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-29 15:46 - 2017-09-29 15:46 - 000605648 _____ C:\Users\lukeg\Downloads\1-s2.0-S1473309913702007-mmc1.pdf
2017-09-28 18:11 - 2017-10-12 18:30 - 000000000 ____D C:\Program Files\rempl
2017-09-28 12:22 - 2017-09-28 12:22 - 000002229 _____ C:\Users\Public\Desktop\Wave.lnk
2017-09-28 12:22 - 2017-09-28 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seahorse Bioscience
2017-09-28 12:22 - 2017-09-28 12:22 - 000000000 ____D C:\Program Files (x86)\Seahorse Bioscience
2017-09-25 21:08 - 2017-09-25 21:08 - 001560733 _____ C:\Users\lukeg\Downloads\level-up-events-students.pptx
2017-09-24 18:53 - 2017-09-24 18:53 - 001983384 _____ C:\Users\lukeg\Downloads\JDC-LG-28sep17-tissue-engineering.pptx
2017-09-22 14:44 - 2017-09-28 18:01 - 008645123 _____ C:\Users\lukeg\Desktop\Supervisory Committee Meeting Presentation.pptx
2017-09-19 21:28 - 2017-09-19 21:28 - 000451707 _____ C:\Users\lukeg\Downloads\jpc140005.pdf
2017-09-19 14:34 - 2017-09-19 14:34 - 000000000 ____D C:\ProgramData\dbg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-16 13:48 - 2015-07-15 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-10-16 13:29 - 2016-09-06 02:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-16 13:29 - 2016-09-04 20:51 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-16 13:29 - 2016-09-04 20:51 - 000002450 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-10-16 09:24 - 2015-12-27 04:28 - 000000000 ____D C:\Users\lukeg\AppData\Local\Packages
2017-10-16 08:48 - 2016-09-06 02:55 - 000000000 ____D C:\Users\lukeg
2017-10-16 08:48 - 2015-07-15 21:44 - 000000000 ____D C:\ProgramData\WildTangent
2017-10-16 08:47 - 2015-12-27 04:39 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-16 08:09 - 2016-09-06 03:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-16 08:08 - 2016-09-06 02:51 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-10-16 08:08 - 2016-07-16 00:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-10-16 07:45 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\registration
2017-10-16 06:48 - 2016-02-08 20:11 - 000000000 ____D C:\Users\lukeg\AppData\Local\CrashDumps
2017-10-15 23:50 - 2015-12-27 04:26 - 000000000 ____D C:\Users\lukeg\AppData\Local\Host App Service
2017-10-15 23:49 - 2015-07-15 21:43 - 001426626 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-15 20:13 - 2017-09-12 16:25 - 000002300 _____ C:\Users\lukeg\Desktop\DatLab7 - Shortcut.lnk
2017-10-15 20:13 - 2017-05-21 12:12 - 000000000 ____D C:\Users\lukeg\Desktop\Oxygraph-2k
2017-10-15 20:04 - 2016-08-26 10:40 - 000000000 ____D C:\Users\lukeg\Desktop\Graduate Student Information
2017-10-15 19:56 - 2015-12-26 16:46 - 000000000 ____D C:\Users\lukeg\Desktop\Resumes
2017-10-15 15:10 - 2015-07-15 21:43 - 000000000 ____D C:\Program Files (x86)\Acer
2017-10-15 15:08 - 2015-07-15 21:46 - 000000000 ____D C:\Program Files\Acer
2017-10-15 15:08 - 2015-07-15 21:44 - 000000000 ____D C:\ProgramData\OEM
2017-10-15 14:51 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-15 14:30 - 2016-07-16 05:45 - 000000000 ____D C:\WINDOWS\INF
2017-10-15 14:24 - 2015-07-15 21:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-15 14:19 - 2016-09-06 02:48 - 000339472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-15 14:18 - 2016-07-16 05:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-10-15 14:18 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-10-15 14:18 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-15 14:04 - 2015-12-29 22:15 - 000000000 ____D C:\Users\lukeg\AppData\Roaming\uTorrent
2017-10-15 14:03 - 2017-05-02 14:51 - 000000000 ____D C:\Program Files\UNP
2017-10-15 14:03 - 2016-09-06 04:34 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-10-15 14:02 - 2016-07-16 05:47 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-10-15 14:02 - 2016-03-06 13:20 - 000000000 ____D C:\Program Files\Factorio
2017-10-15 14:01 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-10-15 14:01 - 2015-07-10 05:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-10-15 12:12 - 2016-01-04 23:15 - 000000000 ____D C:\Users\lukeg\AppData\Local\ElevatedDiagnostics
2017-10-14 18:45 - 2017-07-12 16:57 - 000000000 ____D C:\Users\lukeg\AppData\LocalLow\uTorrent
2017-10-13 21:33 - 2017-04-11 16:43 - 000133581 _____ C:\Users\lukeg\OneDrive\Documents\Data and Graphs for Experiment #1.pzfx
2017-10-13 01:23 - 2016-02-29 18:18 - 000000000 ____D C:\Users\lukeg\OneDrive\Documents\Custom Office Templates
2017-10-12 18:31 - 2016-07-16 05:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-11 22:57 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-11 17:54 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-11 17:54 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-10 23:51 - 2016-07-16 05:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-10 23:36 - 2015-12-26 22:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-10 23:25 - 2015-12-26 22:13 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-09 21:21 - 2017-06-12 12:01 - 000000000 ____D C:\ProgramData\HP
2017-10-04 18:24 - 2017-01-10 17:22 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-28 12:18 - 2017-06-07 13:13 - 000000000 ____D C:\Users\lukeg\AppData\Local\Downloaded Installations
2017-09-24 13:07 - 2016-07-16 05:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-24 13:04 - 2015-09-13 07:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-20 14:42 - 2017-07-26 17:54 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2554303399-3207203618-2176961843-1001
2017-09-20 14:42 - 2015-12-27 04:33 - 000002371 _____ C:\Users\lukeg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-20 14:42 - 2015-12-27 04:33 - 000000000 ___RD C:\Users\lukeg\OneDrive
2017-09-19 18:17 - 2016-02-29 18:47 - 000000000 ____D C:\Program Files (x86)\Mendeley Desktop
2017-09-19 14:24 - 2016-04-25 18:35 - 000000000 ____D C:\Users\lukeg\AppData\Roaming\Skype
 
==================== Files in the root of some directories =======
 
2017-10-15 14:03 - 2017-10-15 14:03 - 000011568 _____ () C:\Users\lukeg\AppData\Local\InstallationConfiguration.xml
2017-10-15 14:03 - 2017-10-15 14:03 - 000140800 _____ () C:\Users\lukeg\AppData\Local\installer.dat
2015-12-26 14:19 - 2015-12-26 14:19 - 000007605 _____ () C:\Users\lukeg\AppData\Local\Resmon.ResmonCfg
2016-09-06 02:51 - 2016-09-06 02:51 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-06-13 10:34 - 2017-06-13 10:34 - 000002649 _____ () C:\ProgramData\regid.2004-08.seahorsebio.com_83000E27-FEA8-4AEF-968E-E487414DAB73.swidtag
2017-10-15 14:04 - 2017-10-15 18:24 - 000301568 _____ () C:\ProgramData\smp2.exe
 
Files to move or delete:
====================
C:\Users\lukeg\AppData\Roaming\gplyra\gplyra\start.cmd
C:\WINDOWS\Temp\gB163.tmp.exe
C:\WINDOWS\rss\csrss.exe
C:\ProgramData\smp2.exe
 
 
Some files in TEMP:
====================
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\08O8SxPia3d1.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\2UjyDfbWeJkX.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000051202 _____ () C:\Users\lukeg\AppData\Local\Temp\2ZqPiQsTkTLa.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000212992 _____ () C:\Users\lukeg\AppData\Local\Temp\362dBNSccuEz.exe
2017-10-15 14:01 - 2017-10-15 14:01 - 001586152 _____ () C:\Users\lukeg\AppData\Local\Temp\39jzL9hMS9cu.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000557056 _____ () C:\Users\lukeg\AppData\Local\Temp\3heMGsD6a7x0.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000191999 _____ () C:\Users\lukeg\AppData\Local\Temp\4LrghuDXwa4R.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000483328 _____ (OneSystemCare                                               ) C:\Users\lukeg\AppData\Local\Temp\5pyy4htMFpHr.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 002609336 _____ () C:\Users\lukeg\AppData\Local\Temp\5qDlcmCLeUka.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\62tuRae1Kyvg.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000395620 ____N (                                                            ) C:\Users\lukeg\AppData\Local\Temp\77K43oKG3pAQ.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\7Kiz523IgyUg.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000417792 _____ () C:\Users\lukeg\AppData\Local\Temp\7zP9qqCAxS7G.exe
2017-10-15 14:03 - 2017-10-15 14:03 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\80yhxbfzTmjo.exe
2017-10-15 14:02 - 2017-10-15 14:02 - 000395620 ____N (                                                            ) C:\Users\lukeg\AppData\Local\Temp\86Lk4WH0rwgx.exe
2017-10-15 14:01 - 2017-10-15 14:02 - 001586152 _____ () C:\Users\lukeg\AppData\Local\Temp\8BLoMxhwlhJK.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\A4y8DYJaIn35.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000270336 _____ () C:\Users\lukeg\AppData\Local\Temp\AZdhEF38Zzym.exe
2017-01-20 21:54 - 2017-01-20 21:54 - 000009728 _____ () C:\Users\lukeg\AppData\Local\Temp\bassmod.dll
2017-10-15 14:04 - 2017-10-15 14:04 - 000270336 _____ () C:\Users\lukeg\AppData\Local\Temp\bhem3nGuAO97.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000212992 _____ () C:\Users\lukeg\AppData\Local\Temp\BOaGGzDAn6Wv.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\C06xU3fCfGAv.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000942080 _____ () C:\Users\lukeg\AppData\Local\Temp\DbdNYrSPQvuy.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000344064 _____ () C:\Users\lukeg\AppData\Local\Temp\DQ1F2MsyAh0W.exe
2017-10-15 14:01 - 2017-10-15 14:01 - 001586152 _____ () C:\Users\lukeg\AppData\Local\Temp\DxthysopWOZd.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000184322 _____ () C:\Users\lukeg\AppData\Local\Temp\eTa2H0H526SA.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000191999 _____ () C:\Users\lukeg\AppData\Local\Temp\fAQNob6bWfvO.exe
2017-10-15 14:03 - 2017-10-15 14:03 - 001586152 _____ () C:\Users\lukeg\AppData\Local\Temp\ferugMmp2TY5.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000073728 _____ () C:\Users\lukeg\AppData\Local\Temp\fhA3gg34gi9M.exe
2017-10-15 14:03 - 2017-10-15 14:03 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\FwaY301H1im4.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000884736 _____ () C:\Users\lukeg\AppData\Local\Temp\fYSkf4oREUph.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000065536 _____ () C:\Users\lukeg\AppData\Local\Temp\gs3NF2kchf3T.exe
2017-10-15 14:03 - 2017-10-15 14:03 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\GTzPugKJlWni.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\gx9pQk9MoDFf.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\HGezVQkvBbCR.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\hgsnAOPHetwC.exe
2017-10-15 14:00 - 2017-10-15 14:01 - 002609336 ____N () C:\Users\lukeg\AppData\Local\Temp\HTH80BMa4kbD.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000016384 _____ () C:\Users\lukeg\AppData\Local\Temp\HtMddNrjZcrw.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\j188iRoCT2Ey.exe
2017-01-23 21:56 - 2017-01-23 21:56 - 000739904 _____ (Oracle Corporation) C:\Users\lukeg\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-07-26 13:46 - 2017-07-26 13:46 - 000740416 _____ (Oracle Corporation) C:\Users\lukeg\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\JXWBcfFcEkeC.exe
2017-10-15 14:02 - 2017-10-15 14:02 - 000395620 ____N (                                                            ) C:\Users\lukeg\AppData\Local\Temp\jZAuXlM28h0d.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\KiO65WCOUO7F.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000196608 _____ () C:\Users\lukeg\AppData\Local\Temp\L1QcasG1QLB3.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000737280 _____ (OneSystemCare                                               ) C:\Users\lukeg\AppData\Local\Temp\LoDR9RFayEeo.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\lQosQmVMUUvD.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000245760 _____ () C:\Users\lukeg\AppData\Local\Temp\m3VQjZyC5Rmb.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000191999 _____ () C:\Users\lukeg\AppData\Local\Temp\m4Z6gqz29p6k.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\m99E9vate6Fj.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000065536 _____ () C:\Users\lukeg\AppData\Local\Temp\mLiQXucZpXjf.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000065536 _____ () C:\Users\lukeg\AppData\Local\Temp\n4lNqV9CJmE1.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000589824 _____ () C:\Users\lukeg\AppData\Local\Temp\NlEWKe6RduST.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\o40yAlNsdJTI.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000262144 _____ () C:\Users\lukeg\AppData\Local\Temp\OAsnZdiyFLCO.exe
2016-09-14 10:21 - 2016-09-14 10:24 - 058412368 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct2D16.tmp.exe
2017-05-10 21:51 - 2017-05-10 21:52 - 039415032 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct2FC1.tmp.exe
2017-07-14 13:33 - 2017-07-14 13:34 - 039245368 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct384A.tmp.exe
2017-10-15 14:37 - 2017-10-15 14:40 - 039236800 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct39AD.tmp.exe
2016-09-20 11:44 - 2016-09-20 11:45 - 058523032 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct45B8.tmp.exe
2017-06-22 23:49 - 2017-06-22 23:50 - 039842360 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct60A8.tmp.exe
2017-04-15 15:28 - 2017-04-15 15:29 - 059080608 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct8CB1.tmp.exe
2017-04-15 15:38 - 2017-04-15 15:39 - 058523032 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct9E97.tmp.exe
2017-10-03 20:58 - 2017-10-03 20:59 - 039234048 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\octAB1A.tmp.exe
2017-03-13 19:12 - 2017-03-13 19:13 - 038421056 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\octF1AD.tmp.exe
2017-10-15 14:00 - 2017-10-15 14:01 - 002609336 ____N () C:\Users\lukeg\AppData\Local\Temp\P2eToUJvYjIJ.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000221184 _____ () C:\Users\lukeg\AppData\Local\Temp\pEQei3InpHWN.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000147456 _____ () C:\Users\lukeg\AppData\Local\Temp\pGMbY9a3DPhD.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000352256 _____ () C:\Users\lukeg\AppData\Local\Temp\PQv5sN0wYrow.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000729088 _____ () C:\Users\lukeg\AppData\Local\Temp\PSo3ukuO5lyv.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000065536 _____ () C:\Users\lukeg\AppData\Local\Temp\Q5uv8kvBBZQu.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000368640 _____ () C:\Users\lukeg\AppData\Local\Temp\q9PZvOcn5Is9.exe
2017-10-15 14:03 - 2017-10-15 14:03 - 001586152 _____ () C:\Users\lukeg\AppData\Local\Temp\QaBJBnLi3N1A.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000114688 _____ () C:\Users\lukeg\AppData\Local\Temp\QGqXjt7ERb93.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\r15GhuiitKvS.exe
2017-10-15 14:02 - 2017-10-15 14:02 - 000395620 ____N (                                                            ) C:\Users\lukeg\AppData\Local\Temp\Rjua0baxN11a.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000491520 _____ () C:\Users\lukeg\AppData\Local\Temp\S9ES1FeTn22L.exe
2017-07-10 10:36 - 2017-07-10 10:36 - 007737344 _____ () C:\Users\lukeg\AppData\Local\Temp\SkypeSetup.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000278528 _____ () C:\Users\lukeg\AppData\Local\Temp\SmpgRQrtUVUD.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000237568 _____ () C:\Users\lukeg\AppData\Local\Temp\sSl3dMUtyIRg.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000491520 _____ () C:\Users\lukeg\AppData\Local\Temp\u1P2zymr53CX.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000491520 _____ (OneSystemCare                                               ) C:\Users\lukeg\AppData\Local\Temp\u2I9SAO4lmwc.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000794624 _____ () C:\Users\lukeg\AppData\Local\Temp\u9XEZxiCuKV8.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000393216 _____ () C:\Users\lukeg\AppData\Local\Temp\UJZh8JKeTMmR.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000557056 _____ () C:\Users\lukeg\AppData\Local\Temp\UkmyMPe8YGso.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000688128 _____ () C:\Users\lukeg\AppData\Local\Temp\v6vmQ32DLXWU.exe
2017-07-10 09:27 - 2017-07-10 09:27 - 014456872 _____ (Microsoft Corporation) C:\Users\lukeg\AppData\Local\Temp\vc_redist.x86.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\wF18vh2QNxm9.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000147456 _____ () C:\Users\lukeg\AppData\Local\Temp\wltFYf4g3QAT.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000720896 _____ () C:\Users\lukeg\AppData\Local\Temp\wsclQrNTdIOa.exe
2017-10-15 14:00 - 2017-10-15 14:01 - 002609336 ____N () C:\Users\lukeg\AppData\Local\Temp\Wxd28Kws9Dcr.exe
2017-10-15 14:03 - 2017-10-15 14:03 - 001586152 _____ () C:\Users\lukeg\AppData\Local\Temp\xWU7AZdHYnSP.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000131072 _____ () C:\Users\lukeg\AppData\Local\Temp\y1XD5890mPca.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000753664 _____ () C:\Users\lukeg\AppData\Local\Temp\YpxM0mBuazoI.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000065536 _____ () C:\Users\lukeg\AppData\Local\Temp\ZA5GzkrtLZos.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000335872 _____ () C:\Users\lukeg\AppData\Local\Temp\ZQO8FM4MY9Rk.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000090112 _____ () C:\Users\lukeg\AppData\Local\Temp\zRyp6cVfmY7M.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-10-08 10:39
 
==================== End of FRST.txt ============================
 
Here is the "Addition file"
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2017
Ran by lukeg (16-10-2017 13:56:06)
Running from C:\Users\lukeg\Downloads
Windows 10 Home Version 1607 170917-1700 (X64) (2016-09-06 09:27:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-2554303399-3207203618-2176961843-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2554303399-3207203618-2176961843-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2554303399-3207203618-2176961843-503 - Limited - Disabled)
Guest (S-1-5-21-2554303399-3207203618-2176961843-501 - Limited - Disabled)
lukeg (S-1-5-21-2554303399-3207203618-2176961843-1001 - Administrator - Enabled) => C:\Users\lukeg
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-44b15a0c-012a-42cf-98f1-165fff52d3de) (Version: 3.0.2.118 - WildTangent) Hidden
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3027 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3006 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{566F2BB3-9031-D010-E31F-BE5D49984768}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
App Explorer (HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Host App Service) (Version: 0.273.2.371 - SweetLabs)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Banished version 1.0.0 (HKLM-x32\...\Banished_is1) (Version: 1.0.0 - Black Panther)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BrowserAir (HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\BrowserAir) (Version: 48.0.0.0 - BrowserAir) <==== ATTENTION
Cisco WebEx Meetings (HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0114 - Disc Soft Ltd)
Darkest Dungeon (HKLM-x32\...\1450711444_is1) (Version: 2.18.0.22 - GOG.com)
Dino Storm (HKLM-x32\...\WildTangentGDF-acer-dinostorm) (Version: 13.0.0.6 - WildTangent) Hidden
Divinity - Original Sin (HKLM-x32\...\Divinity - Original Sin_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.60.000 - Runtime Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 36.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Endless Legend Shifters (HKLM-x32\...\Endless Legend Shifters_is1) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Factorio version 0.11.20 (HKLM\...\Factorio_is1) (Version:  - )
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GraphPad Prism 6 (HKLM-x32\...\{606443B0-9831-11DC-5F90-015CFB7A6952}) (Version: 6.01 - GraphPad Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Home Makeover (HKLM-x32\...\WTA-3cf95c4f-180b-4280-8f16-c53e066361fb) (Version: 3.0.2.59 - WildTangent) Hidden
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{F68DF314-BD12-4549-941C-521CB8D16DDE}) (Version: 40.11.1122.1796 - HP Inc.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HuniePop (HKLM-x32\...\1443428641_is1) (Version: 2.0.0.1 - GOG.com)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-1230f393-e73b-4a65-b2df-1ad3a6b6744f) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match Snowscapes (HKLM-x32\...\WTA-d63130dc-efc8-4c06-a15e-a2edcf5b04f3) (Version: 3.0.2.118 - WildTangent) Hidden
KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)
Keyspan USB Serial Adapter (HKLM-x32\...\{2E97DE76-851A-48AA-A0D6-665860FAD9CA}) (Version: 3.7s - Keyspan)
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Magic Academy (HKLM-x32\...\WTA-c89a8073-438e-4611-9c1c-a1121411ab40) (Version: 2.2.0.97 - WildTangent) Hidden
Mendeley Desktop 1.17.10 (HKLM-x32\...\Mendeley Desktop) (Version: 1.17.10 - Mendeley Ltd.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8431.2079 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{60499BF0-C3D1-40CC-8600-8A7246534466}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Oroboros DatLab (HKLM-x32\...\Oroboros DatLab) (Version:  - )
Polar Bowler 1st Frame (HKLM-x32\...\WTA-134665ac-2bca-44cd-a74e-fb5c2e88e579) (Version: 3.0.2.59 - WildTangent) Hidden
Product Improvement Study for HP OfficeJet 4650 series (HKLM\...\{4C6A5272-AB0C-4913-8E66-C7B408C761A4}) (Version: 40.11.1122.1796 - HP Inc.)
Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.043 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Rise of Nations: Extended Edition (HKLM-x32\...\Rise of Nations: Extended Edition_is1) (Version:  - Microsoft Studios)
Rory's Restaurant (HKLM-x32\...\WTA-7aae79e6-c8f9-4751-bb78-5f3a73b0dc29) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-8f50145d-d9dd-494c-aee5-8647a1ff13c9) (Version: 3.0.2.126 - WildTangent) Hidden
Search module (HKLM-x32\...\Search module) (Version:  - Goobzo) <==== ATTENTION
Setli (HKLM-x32\...\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1) (Version: 1.4 - )
Sid Meier's Civilization V The Complete Edition repack Mr DJ version 1.0.3.279 (HKLM-x32\...\Sid Meier's Civilization V The Complete Edition ~01EC3566_is1) (Version: 1.0.3.279 - Mr DJ)
Sid Meiers Civilization VI Proper (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.6.0.8 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims 3 Complete Collection version 1.67.2 (HKLM-x32\...\The Sims 3 Complete Collection_is1) (Version: 1.67.2 - Mr DJ)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden
Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden
Wave Desktop (HKLM-x32\...\{4F2FDA4C-12B7-410A-8D9B-B7D8CFBF14A8}) (Version: 2.4.0.60 - Agilent Technologies, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.16 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-11-30] (Apple Inc.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013-10-23] (WinZip Computing, S.L.)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWOW64\WSCM64.dll -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013-10-23] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-07-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013-10-23] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15CFC3C1-3975-4CD0-B795-F87742B8AB40} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {21A13638-4C0B-41F6-94E6-C9801B465107} - System32\Tasks\App Explorer => C:\Users\lukeg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-10-07] (SweetLabs, Inc) <==== ATTENTION
Task: {23E3BAFF-FD03-4BE7-85F7-EB6FBEFACE6A} - System32\Tasks\IBUpd2 => C:\Users\lukeg\AppData\Local\BrowserAir\48.0.0.0\updater.exe <==== ATTENTION
Task: {31404AD6-85F4-44D4-817C-F3EDF6D853DA} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-11] (Adobe Systems Incorporated)
Task: {359AFBE3-36EB-43EC-951E-2355A0E6EB82} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-07-17] (Acer Incorporated)
Task: {4BD261DA-5BB0-4E7A-8B40-98398C4C2AAC} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-10-15] () <==== ATTENTION
Task: {5EBD45BE-BBE8-47FA-83D3-A53F31DEBEDD} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {60BD67F1-58B2-459D-AC00-10967D895910} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-10] (Microsoft Corporation)
Task: {66ADC14A-DFA6-4173-A737-7628E973FEA4} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2016-08-15] ()
Task: {6F4ABA55-6992-477D-97CF-2DB69ADF7CC8} - System32\Tasks\Audio Gateway => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Audio Gateway\Audio Gateway.dll",FsrgIyaVJAB <==== ATTENTION
Task: {792A2010-6DBA-4FE1-B63C-14500314F191} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {7BD16653-AC61-42D6-BAEF-681AB9DE89C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-04] (Google Inc.)
Task: {7CB41E86-911C-4C9C-948F-F2C754A8F864} - System32\Tasks\RunAtStartup => C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe [2017-09-20] () <==== ATTENTION
Task: {7D1EEB25-1CBA-4312-A6E1-A80E4E7EC4FE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-10] (Dropbox, Inc.)
Task: {8831D1F8-E6D0-4D0B-BCDA-19BAF52A02EB} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2015-11-25] ()
Task: {8C4E2F0A-83BF-48C7-8041-83EEF057E623} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-04] (Google Inc.)
Task: {8CA7B7B3-3F6A-46B2-BD1A-9AFDDF32DD12} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-11-25] ()
Task: {9AE5BC12-A075-4CDA-8F80-A548835F8237} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-24] (Microsoft Corporation)
Task: {A2A04E3F-DD2B-4C05-B257-EA113A3E6DE4} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-07-10] (Acer Incorporated)
Task: {A68B848B-7CC4-416B-9EE7-2B451E40CCF8} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated)
Task: {A6DA94B9-38D2-4A92-BDE2-AB8ED0AEFD29} - System32\Tasks\HPCustParticipation HP OfficeJet 4650 series => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPCustPartic.exe [2017-04-06] (HP Inc.)
Task: {AA744EF8-152A-4F24-82C5-306B032F9A9E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {BB648EB8-6B1D-4E51-8604-38132B539D23} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-10] (Dropbox, Inc.)
Task: {BF123B96-8CF4-4274-9013-CD7C9446CD77} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-24] ()
Task: {C2824150-7469-43A9-A0F6-8C8AF48E2A9F} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] ()
Task: {CB1CDB4B-1985-4C34-AD96-F62C1976CB44} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-24] ()
Task: {CE558490-767D-4D3F-B17A-A0C2E8C25D10} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\lukeg\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {D946B9CF-9678-4D9E-A902-AB7A5309F869} - System32\Tasks\NovaScript Refresher Lite => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\NovaScript Refresher Lite\NovaScript Refresher Lite.dll",UDhMbGhcty <==== ATTENTION
Task: {E3C9C250-F04A-4D99-A6C9-4650167A1AB8} - System32\Tasks\zhHXJoNYdx1i => zhhxjonydx1i.exe
Task: {E8691FBD-44E0-4150-A72F-4E93D93F54D8} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe [2015-05-14] (Acer Incorporated)
Task: {F0976B62-B130-434F-8C40-2FD746FCC2C8} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {F6C45684-381B-47C8-BC31-B4A1AD8BE7B2} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {F7CB9E5F-D50F-43CA-AC03-051DF18C7302} - System32\Tasks\LI9lcRvANzho => li9lcrvanzho.exe
Task: {FA922F0E-0881-42F4-A147-B0352E5C3894} - System32\Tasks\IBUpd => C:\Users\lukeg\AppData\Local\BrowserAir\48.0.0.0\updater.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 05:42 - 2016-07-16 05:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-12 20:24 - 2017-09-07 00:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-15 14:03 - 2015-06-01 18:58 - 002144768 _____ () C:\Program Files\NovaScript Refresher Lite\NovaScript Refresher Lite.dll
2016-02-15 22:01 - 2016-02-15 22:01 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll
2017-03-06 17:07 - 2015-03-11 20:43 - 000022528 _____ () C:\WINDOWS\System32\us00alm.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-15 21:54 - 2015-05-08 11:41 - 000111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-09-13 13:28 - 2016-09-06 22:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 17:48 - 2017-03-04 00:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-10-15 14:04 - 2017-09-20 20:35 - 003295168 _____ () C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe
2017-08-22 20:08 - 2017-08-22 20:08 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-22 20:08 - 2017-08-22 20:08 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-22 20:08 - 2017-08-22 20:08 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-22 20:08 - 2017-08-22 20:08 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2016-08-15 15:24 - 2016-08-15 15:24 - 001769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2017-03-14 17:49 - 2017-03-04 00:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 17:49 - 2017-03-04 00:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 17:49 - 2017-03-04 00:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-10-10 23:19 - 2017-09-17 20:13 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-10-10 23:19 - 2017-09-17 20:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-25 12:03 - 2015-11-25 12:03 - 004644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 001378816 _____ () C:\Program Files (x86)\Google\Chrome\Application\WINHTTP.dll
2017-01-14 15:13 - 2017-09-24 13:01 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-09-25 13:18 - 2017-09-21 01:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-25 13:18 - 2017-09-21 01:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-05-23 09:39 - 2017-05-23 09:39 - 003918848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-08-04 01:50 - 2017-08-04 01:51 - 000019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-08-04 01:50 - 2017-08-04 01:51 - 028986880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-04 01:50 - 2017-08-04 01:51 - 000428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-04 01:50 - 2017-08-04 01:51 - 020510208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-04 01:50 - 2017-08-04 01:51 - 002339328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-08-04 01:50 - 2017-08-04 01:51 - 003041792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-08 09:24 - 2017-06-08 09:24 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-15 10:33 - 2017-06-15 10:37 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-04 01:50 - 2017-08-04 01:51 - 001361920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-09-28 09:22 - 2017-09-28 09:22 - 026118656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-09-28 09:22 - 2017-09-28 09:22 - 009162240 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-28 09:22 - 2017-09-28 09:22 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-03-14 17:49 - 2017-03-04 00:04 - 000114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2015-12-30 11:08 - 2015-04-28 16:22 - 001498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-12-30 11:08 - 2014-05-19 18:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-10-04 18:22 - 2017-10-03 04:21 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-10-04 18:22 - 2017-10-03 04:21 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-10-04 18:23 - 2017-10-03 04:21 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-10-04 18:22 - 2017-10-03 04:21 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-10-04 18:22 - 2017-10-03 04:21 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-10-04 18:23 - 2017-10-03 04:21 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-10-04 18:22 - 2017-10-03 04:21 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-10-04 18:22 - 2017-10-03 04:21 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-10-04 18:23 - 2017-10-03 04:22 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-10-04 18:22 - 2017-10-03 04:21 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-10-04 18:22 - 2017-10-03 04:22 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-10-04 18:22 - 2017-10-03 04:21 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-10-04 18:22 - 2017-10-03 04:22 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-10-04 18:23 - 2017-10-03 04:22 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-10-04 18:22 - 2017-10-03 04:22 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-10-04 18:23 - 2017-10-03 04:22 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2016-09-09 10:51 - 2016-09-09 10:51 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 000641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 18:03 - 2016-08-15 18:03 - 000202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 000654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 18:04 - 2016-08-15 18:04 - 000119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2016-09-20 10:23 - 2016-09-20 10:23 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 15:09 - 2016-08-30 15:09 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 15:05 - 2016-08-30 15:05 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-11-04 18:36 - 2015-11-04 18:36 - 000149720 _____ () C:\Program Files (x86)\Acer\abDocs Office AddIn\AcerWordAddin.dll
2017-09-24 13:02 - 2017-09-24 13:02 - 000094920 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\officevoicemanager.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\amazon.ca -> hxxps://amazon.ca
IE trusted site: HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\amazon.com -> amazon.com
IE trusted site: HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\sharepoint.com -> hxxps://uofc-files.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 05:04 - 2017-10-16 08:46 - 000013499 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 id.avast.com
127.0.0.1 v4618535.iavs9x.u.avast.com
127.0.0.1 v4618535.ivps9x.u.avast.com
127.0.0.1 v4618535.ivps9tiny.u.avast.com
127.0.0.1 v4618535.vpsnitro.u.avast.com
127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
127.0.0.1 v4618535.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com
127.0.0.1 w9448963.iavs9x.u.avast.com
127.0.0.1 w9448963.ivps9x.u.avast.com
127.0.0.1 w9448963.ivps9tiny.u.avast.com
127.0.0.1 w9448963.vpsnitro.u.avast.com
127.0.0.1 w9448963.vpsnitrotiny.u.avast.com
127.0.0.1 w9448963.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com
 
There are 333 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
DNS Servers: 82.163.143.12 - 82.163.142.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D39AA813-4F90-41F5-B884-39F426CB728E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{F9BD3288-B48D-47E7-806C-D737D224810B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{22E5E853-AB83-414E-9E0C-1DD0F15A631C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{4DAB7718-BE02-4B7D-A961-CE554B6DD815}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{F29E342C-8E77-4637-9D98-817AED8920C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{9A1885B4-3578-4AEB-98AD-9DCAA3787AF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{EEEE062E-CAE1-409E-B894-45B5E84D5177}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{AF0DB969-EAF6-4EE0-BBE3-910856176582}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{8C1EAC1D-3002-43BD-83EE-D88DDD2E8AC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{3CA4F59A-FC0E-4A22-88AA-7D978B4DF62D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{12DA0AF7-E7DD-4CD8-A20B-3672F2C72727}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Adventure Game\TheWitcherAdventureGame.exe
FirewallRules: [{63450340-83F1-448B-AF6F-78B3897B9ED6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Adventure Game\TheWitcherAdventureGame.exe
FirewallRules: [UDP Query User{9857B7A8-D846-46E7-9812-CAD6821A9BF9}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [TCP Query User{B795DE6E-5621-4842-AB4D-D6BD10489797}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [UDP Query User{909B38D0-8B11-4CE5-9DCF-82ABE44178DF}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [TCP Query User{5285CA0E-903B-43B5-BE62-8BCECECA3824}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [{2997BD87-DE52-4456-9BE8-ECF0653EBDF8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{5536518C-A3DA-4135-A2D7-F2F486E46733}C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{8B723C25-55DB-40D8-AA3C-E53A1FB8D5D1}C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe
FirewallRules: [{CA82AEAB-F09F-4AA3-A364-71F489DF1D99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{169DF155-9E77-4590-AA9F-2E49A5EC5C2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{6DCCCADD-B817-48DB-AB61-619A4DDDDE7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{8B47706E-50DA-4F73-AE87-7D013DC2F672}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [UDP Query User{A85384EC-9E50-49B2-A226-CCD06C0E715C}C:\program files (x86)\r.g. mechanics\divinity - original sin\shipping\eocapp.exe] => (Block) C:\program files (x86)\r.g. mechanics\divinity - original sin\shipping\eocapp.exe
FirewallRules: [TCP Query User{D6CCF34A-7B48-4C9B-9A2F-EE2BD40311A9}C:\program files (x86)\r.g. mechanics\divinity - original sin\shipping\eocapp.exe] => (Block) C:\program files (x86)\r.g. mechanics\divinity - original sin\shipping\eocapp.exe
FirewallRules: [{C4C9DDF4-DDFD-4DD8-88DF-580582DEB18E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Folk Tale\Folk Tale.exe
FirewallRules: [{6588F613-9C1F-45CE-ADE6-A86E940C0312}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Folk Tale\Folk Tale.exe
FirewallRules: [{C1D42AEF-0C66-4D5E-A38D-ECC88B37582C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{D938BF08-E6F4-451E-AC3D-F0F36464B1B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{1A981401-C779-4796-BA8E-6B9F034CC553}] => (Allow) C:\Users\lukeg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D58E4683-ABC2-4E0F-AABA-DA2D1E7318A4}] => (Allow) C:\Users\lukeg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{13622AF7-3B58-4BBE-A4E0-300915C81D6C}] => (Allow) C:\Users\lukeg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6248686B-AC16-4540-A438-B879ECFFF8B6}] => (Allow) C:\Users\lukeg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6118646-24A5-4221-8ED8-2957D68B285C}] => (Allow) C:\Users\lukeg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9F3550E9-ABBE-4A27-9D61-ADCC04DE26D7}] => (Allow) C:\Users\lukeg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F3BB3140-F82D-4A59-B999-C9BB903092F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{249B7941-DD6B-4802-A656-1C3DDB436ED9}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{C0A52E9B-F9FF-4379-9110-831C67376EB2}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{8422A92D-A3BC-4FCC-917C-7111B3B4421F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{78E0BC95-8376-4CA1-BC3C-EA02052CAE85}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{17FCFDCD-31F7-4B6C-A4EE-66C2DC308EEE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{0BA0C669-46FB-4B17-9E32-97F780D14178}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{551B0EA3-BB76-4C53-A5E6-6F86B2394E71}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{16154149-238D-4E6F-BF14-F31D4B890B21}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DA037F76-18F0-43FA-99B9-5B5121A97772}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6A30B585-63FB-4820-866D-A40A72573120}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2C351CFF-CF4A-4F63-BD28-341AC4F691F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{42151D62-CEB4-4B55-8704-BBE5558583EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{D5A518EB-909D-4E9E-8C0C-E1EE3E00C690}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Gold\W40k.exe
FirewallRules: [{07AA5731-1CFF-4D67-BEF8-F558B9A6B90B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Gold\W40k.exe
FirewallRules: [{3A6F7F2A-D1F5-493A-9031-B97A05BA0A39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{09371AB7-EDCE-43ED-AD71-C9299EDB8248}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{65DCE61B-09E2-413A-A075-9CC8974CFB63}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C79B4037-3C67-4A41-B800-251779921C5B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{83344C30-5CA7-440A-97AB-77EF94F19966}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D1DFE9DF-9110-4A49-8AB7-81B209FECA90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Dark Crusade\darkcrusade.exe
FirewallRules: [{5B9C54A6-1FB6-4DC5-9DC7-DBB494C5533D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Dark Crusade\darkcrusade.exe
FirewallRules: [{312CD875-F457-49E8-A4D6-616BFA11D5A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{CCFC80FE-A667-45FD-8538-F448FA8D89EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{7442CC1A-85DB-403B-9066-CA9928FD9707}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Wonders Shadow Magic\Launcher.exe
FirewallRules: [{EBA55DE8-7259-4AA6-B108-90B83B596D2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Wonders Shadow Magic\Launcher.exe
FirewallRules: [{CB7F0CD5-42A4-45ED-B7BE-7BA330BA67D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Wonders Shadow Magic\AoWSMSetup.exe
FirewallRules: [{E3450230-DF03-4419-96BB-DF9B7BEFD9E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Wonders Shadow Magic\AoWSMSetup.exe
FirewallRules: [{B0595D25-4A65-4E50-80A4-80B77183B008}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Wonders Shadow Magic\AoWSMEd.exe
FirewallRules: [{FAE7F311-C7EF-4635-8891-CD88F461175E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Wonders Shadow Magic\AoWSMEd.exe
FirewallRules: [{1D97BBDA-9522-421F-AC84-C384DBB3D336}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{9CD83AEF-6C8F-4455-AA1C-827DF5F10317}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{E5C21BAC-7A32-4D40-952F-8FA761DDC9B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\towns\Towns.exe
FirewallRules: [{952CE71B-4764-48B3-8B1E-EF5DA1D6C622}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\towns\Towns.exe
FirewallRules: [{67510596-9E22-4D99-8706-F1E492C87D75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{5CF10FCC-562A-4CE2-9171-1305691644D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{2BE1E0EA-AF12-4807-9A2C-5EE416A9B9D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{7F4E4CEE-0AEE-481B-81F0-74D981E2AE3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{DED7E5D3-2FD2-40FC-A54D-7D6A9E55FB87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [{6442C941-C0B8-4253-8B9C-A584ACCCB01E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [{6242B2DD-830C-42E1-BECD-AF47FE0A59A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kohan II\k2.exe
FirewallRules: [{FE14D155-B99B-4D2A-9B4A-3B9E0068EA8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kohan II\k2.exe
FirewallRules: [{C8AD68D5-E983-409E-A156-4A59DCD93831}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{86398E11-0FC2-4429-BAEE-4FDA38776133}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{43A8432F-0320-4C40-A9B9-232BD871CF97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{F9F065D6-A670-449B-84EF-D5D6D209BD53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{E8B7125F-87D3-4AA7-8C7B-E484F2C58C0B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3BE5E315-88F4-4199-9132-4F22F850AAA0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{76ADD824-DE94-4A05-BFC8-F2553AAD4B65}] => (Allow) C:\Program Files (x86)\Mr DJ\Sid Meier's Civilization V The Complete Edition repack Mr DJ\Launcher.exe
FirewallRules: [{984FE48D-232C-4A7A-82B3-0D4CDE72635B}] => (Allow) C:\Program Files (x86)\Mr DJ\Sid Meier's Civilization V The Complete Edition repack Mr DJ\Launcher.exe
FirewallRules: [TCP Query User{E919F079-6FE4-4BBF-8012-29EFB773AFFC}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{BE0A66D8-AEF4-4F31-B8D1-671BFC6533D8}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{5F7CC23F-ECDA-406F-8517-4E86FE890DA4}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{AD4AA34B-1D5C-4F80-982C-2B7A5AE9C6AE}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{84CA2321-8A9F-4CB8-80D2-FE2A94A8D33C}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{89D3B320-B7CE-4A95-8845-B3D2EAFFFF7A}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{3C069151-5BEC-4E82-9CE3-30BE82F4F452}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{B4308496-0C04-446F-B5AD-542151A888BF}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [TCP Query User{33E16B2A-D59B-4901-AB98-CABB72FC6857}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{0A2BBF29-BDA6-46F4-A2C0-14305B0BC880}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{2CE90FBE-7672-4B4A-85EB-AEDCF232D23A}C:\users\lukeg\desktop\microscopy lab software\fiji.app\imagej-win64.exe] => (Allow) C:\users\lukeg\desktop\microscopy lab software\fiji.app\imagej-win64.exe
FirewallRules: [UDP Query User{613A09FB-5F8E-4002-9C6E-FDE175F5A6A6}C:\users\lukeg\desktop\microscopy lab software\fiji.app\imagej-win64.exe] => (Allow) C:\users\lukeg\desktop\microscopy lab software\fiji.app\imagej-win64.exe
FirewallRules: [{6656A06F-1F7C-4724-ABF1-8E162F537CF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deep Space Waifu\Deep Space Waifu.exe
FirewallRules: [{31620890-B0FA-4C8A-91FE-26473FC11984}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deep Space Waifu\Deep Space Waifu.exe
FirewallRules: [{5E0BBABC-3D1A-4819-8FB8-BE11B5E440C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Material Girl\Game.exe
FirewallRules: [{F1A54992-9D51-4AA7-935A-577027730720}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Material Girl\Game.exe
FirewallRules: [TCP Query User{1AC92B52-F7E7-469A-85A7-282D424B2AF0}C:\users\lukeg\desktop\games\force of nature\force.of.nature.v1.1.3h1\forceofnature.exe] => (Allow) C:\users\lukeg\desktop\games\force of nature\force.of.nature.v1.1.3h1\forceofnature.exe
FirewallRules: [UDP Query User{519EDD0C-F78F-4366-873B-8F753C3FA188}C:\users\lukeg\desktop\games\force of nature\force.of.nature.v1.1.3h1\forceofnature.exe] => (Allow) C:\users\lukeg\desktop\games\force of nature\force.of.nature.v1.1.3h1\forceofnature.exe
FirewallRules: [{15F9A90F-47DD-4C95-829E-0140F67F9777}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{52EBA613-E9EF-4945-B8AB-7198E87A81CC}C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe
FirewallRules: [UDP Query User{B64A879B-DF49-4397-8184-81449F432572}C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe
FirewallRules: [TCP Query User{A9A1F105-C65B-4E66-A476-9154E2CAB554}C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe
FirewallRules: [UDP Query User{F45DA15C-242D-4B79-8931-58347BBCD31D}C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe
FirewallRules: [{109C8198-6BF2-4D20-A840-AA2845CF4953}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5BABDC1D-8150-449E-B11F-F422682A5ECA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{333360FE-60EB-4446-88F9-F198A070F1EF}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe
FirewallRules: [{53322C52-2314-43A9-908C-E4FF01E39011}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe
FirewallRules: [{296606EC-AE77-4011-9453-0D38F02C1E9E}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe
FirewallRules: [{8B12118F-CD37-4D8B-975D-B7553AFC5642}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe
FirewallRules: [{62531460-A944-4D88-83FB-4BAD158010A6}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe
FirewallRules: [{C2E0F4F6-85D0-4D7B-AB15-211838BC1942}] => (Allow) LPort=5357
FirewallRules: [{5D2E28D8-7496-4DC7-A463-4A995988D57D}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8C5624DA-8EAE-4E2C-81DE-5C508AA76955}] => (Allow) C:\Users\lukeg\AppData\Local\Temp\7zS272E\HPDiagnosticCoreUI.exe
FirewallRules: [{981D5DEA-911F-429C-A52E-5CA34CE2F963}] => (Allow) C:\Users\lukeg\AppData\Local\Temp\7zS272E\HPDiagnosticCoreUI.exe
FirewallRules: [{8B4B9948-96FA-48E6-A88B-48065A353F6F}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{CE871015-16A8-4731-A77C-C9013C582E5D}] => (Allow) C:\WINDOWS\rss\csrss.exe
FirewallRules: [{0DE8C570-F466-4BB7-88B6-ADE30DD821F0}] => (Allow) C:\Users\lukeg\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
FirewallRules: [{254BEB68-14E5-4D94-9394-4B037FA33BCE}] => (Allow) C:\Program Files (x86)\Secure Driver Updater\SDU.exe
FirewallRules: [{E7B66B68-FC3E-4C93-B07A-7B951D94C1CB}] => (Allow) C:\Users\lukeg\AppData\Local\BrowserAir\Application\BrowserairExec.exe
FirewallRules: [{5AA854FF-6CEE-4BDE-93EA-12AC9C63C45E}] => (Allow) C:\WINDOWS\System32\rundll32.exe
FirewallRules: [{FDD4CD0B-3149-4A76-89B0-006850B2DAB1}] => (Allow) C:\WINDOWS\System32\rundll32.exe
FirewallRules: [{0F1A5EC6-8C8D-460E-AA9B-742B2411E94A}] => (Allow) C:\WINDOWS\System32\rundll32.exe
FirewallRules: [{C0AA72BA-3D8B-4E0D-BCC4-8CDED8234111}] => (Allow) C:\WINDOWS\System32\rundll32.exe
 
==================== Restore Points =========================
 
10-10-2017 23:24:14 Windows Update
15-10-2017 14:33:08 Removed Win Optimizer
16-10-2017 07:20:07 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/16/2017 01:50:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\microsoft office\root\office16\odbc drivers\salesforce\lib\libcurl32.dlla\libcurl.dll".
Dependent Assembly OpenSSL.DllA,processorArchitecture="&#x2a;",type="win32",version="1.0.0.4" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/16/2017 08:47:31 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070091.
 
Error: (10/16/2017 07:20:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/16/2017 07:18:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/16/2017 06:48:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: Flash.ocx_unloaded, version: 27.0.0.130, time stamp: 0x59a5bd4d
Exception code: 0xc0000005
Fault offset: 0x0000000000447680
Faulting process id: 0x22f8
Faulting application start time: 0x01d3465ceaaa0620
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: Flash.ocx
Report Id: a39a6f18-57c6-4676-a439-502d22b31efb
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (10/16/2017 12:21:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-8VD73NK9)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2017 12:21:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-8VD73NK9)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2017 12:21:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-8VD73NK9)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2017 12:21:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-8VD73NK9)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2017 12:21:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-8VD73NK9)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (10/16/2017 12:25:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/16/2017 08:46:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/16/2017 07:21:39 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8VD73NK9)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (10/16/2017 07:21:37 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8VD73NK9)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
 
Error: (10/16/2017 07:21:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/16/2017 12:23:09 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (10/16/2017 12:21:45 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8VD73NK9)
Description: The server MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca did not register with DCOM within the required timeout.
 
Error: (10/16/2017 12:21:32 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8VD73NK9)
Description: The server MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca did not register with DCOM within the required timeout.
 
Error: (10/16/2017 12:19:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/16/2017 12:17:41 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8VD73NK9)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-05-19 08:30:08.186
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-19 08:30:08.182
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:53:21.473
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:53:21.471
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:52:45.653
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:52:45.650
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:50:59.065
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:50:59.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:48:17.941
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:48:17.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 62%
Total physical RAM: 7126.37 MB
Available physical RAM: 2693.76 MB
Total Virtual: 10966.37 MB
Available Virtual: 4815.76 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:930.91 GB) (Free:488.14 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================

 

I have attached a Rkill file as well:

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/16/2017 08:50:44 AM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\WINDOWS\Temp\gDF1B.tmp.exe (PID: 4000) [WD-HEUR]
 * C:\Users\lukeg\AppData\Local\9f109db3fce54301bed57dd514c3b546\N8NuJ3ZKw6WkW.exe (PID: 6580) [UP-HEUR]
 * C:\Users\lukeg\AppData\Local\a022a0a374314a34adb4a8dc7091d2e4\3CAXh50.exe (PID: 4972) [UP-HEUR]
 
3 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 gf.tools.avast.com
  127.0.0.1 pair.ff.avast.com
  127.0.0.1 ipm-provider.ff.avast.com
  127.0.0.1 ipm-provider.ff.avast.com
  127.0.0.1 ipm-provider.ff.avast.com
  127.0.0.1 id.avast.com
  127.0.0.1 v4618535.iavs9x.u.avast.com
  127.0.0.1 v4618535.ivps9x.u.avast.com
  127.0.0.1 v4618535.ivps9tiny.u.avast.com
  127.0.0.1 v4618535.vpsnitro.u.avast.com
  127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
  127.0.0.1 v4618535.iavs5x.u.avast.com
  127.0.0.1 v7.stats.avast.com
  127.0.0.1 v7.stats.avast.com
  127.0.0.1 v7event.stats.avast.com
  127.0.0.1 sm00.avast.com
  127.0.0.1 submit5.avast.com
  127.0.0.1 geoip.avast.com
  127.0.0.1 w9448963.iavs9x.u.avast.com
  127.0.0.1 w9448963.ivps9x.u.avast.com
 
  20 out of 362 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 10/16/2017 08:56:02 AM
Execution time: 0 hours(s), 5 minute(s), and 17 seconds(s)
 


BC AdBot (Login to Remove)

 


#2 lgoudie

lgoudie
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 16 October 2017 - 03:13 PM

Attempted to download a file that must have had a virus, stooped the download halfway, but PC has still been compromised. 

 

Upon restarting/restoring my computer a black command prompt box opens with a title that includes "smp2.exe", after which begins all the problems I mention below: 

 

Many ads open up in my browser and my Google Chrome search engine has been redirected to: http://www-searching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58.

 

The virus is preventing me from running MalwareBytes or ESETPoweliksCleaner, saying an "administrator is preventing access". I am however able to activate Rkill, to stop what seems like most of the Adware, but the core problem still seems to exist. I have attached the Rkill file after the FRST and Addition files

 

Currently this is all that I am aware of what the virus is doing, but I am sure much more is going on. I have copied below the FRST file: 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2017
Ran by lukeg (administrator) on LAPTOP-8VD73NK9 (16-10-2017 13:52:17)
Running from C:\Users\lukeg\Downloads
Loaded Profiles: lukeg (Available Profiles: lukeg & Admin)
Platform: Windows 10 Home Version 1607 170917-1700 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Windows ® Win 7 DDK provider) C:\WINDOWS\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Seiko Epson Corporation) C:\WINDOWS\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(SweetLabs, Inc) C:\Users\lukeg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
() C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(int ltd) C:\Program Files (x86)\LI9lcRvANzho\zhhxjonydx1i.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\CompatTelRunner.exe
(Runtime Software) C:\Program Files (x86)\Runtime Software\DriveImage XML\dixml.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-06] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [gplyra] => C:\Users\lukeg\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] () <==== ATTENTION
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2016-08-15] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3481912 2017-10-03] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM\...\RunOnce: [LAPTOP-8VD73NK9] => C:\WINDOWS\Temp\gB163.tmp.exe [212992 2017-10-16] () <==== ATTENTION
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3101984 2017-10-13] (Valve Corporation)
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [HP OfficeJet 4650 series (NET)] => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (HP Inc.)
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [ENFQJWKVAE.exe] => C:\Program Files\Factorio\LLVHQZWNRA\ENFQJWKVAE.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [ZBIJJZQLEN.exe] => C:\Program Files\Factorio\EWUMDCNZHA\ZBIJJZQLEN.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [NAPQPGVFRN.exe] => C:\Program Files\Factorio\FNGOHYCETK\NAPQPGVFRN.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [4wxqCqFO7MqnY.exe] => C:\Users\lukeg\AppData\Local\9712a8d3ae6346c59e45738b0cead4a8\4wxqCqFO7MqnY.exe [184320 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [N8NuJ3ZKw6WkW.exe] => C:\Users\lukeg\AppData\Local\9f109db3fce54301bed57dd514c3b546\N8NuJ3ZKw6WkW.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [fwkVQhmUm6.exe] => C:\ProgramData\9ad2cac23b464aab8098b46052f41cf2\fwkVQhmUm6.exe [184320 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [3CAXh50.exe] => C:\Users\lukeg\AppData\Local\a022a0a374314a34adb4a8dc7091d2e4\3CAXh50.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [HiddenBush] => C:\WINDOWS\rss\csrss.exe [2558976 2017-10-15] () <==== ATTENTION
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\MountPoints2: {c67b9378-ca12-11e5-9bd6-2c600cde60a4} - "D:\setup.exe" 
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\MountPoints2: {d9fab65a-f475-11e6-9c04-2c600cde60a4} - "F:\setup.exe" 
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\MountPoints2: {f0b7506e-90dc-11e6-9bf6-2c600cde60a4} - "E:\setup.exe" 
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 136.159.1.21 136.159.34.201
Tcpip\..\Interfaces\{87217844-16da-4140-9f8f-8bbddeafe66c}: [NameServer] 82.163.143.12,82.163.142.22
Tcpip\..\Interfaces\{87217844-16da-4140-9f8f-8bbddeafe66c}: [DhcpNameServer] 136.159.1.21 136.159.34.201
Tcpip\..\Interfaces\{d6d95a5f-2dd4-4a92-9902-e45c2e651e56}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811013
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2554303399-3207203618-2176961843-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=B78706B7-7A93-49FE-8472-A920F1E5D71B&SearchSource=58&CUI=&UM=8&UP=SP7B4EB22D-7118-43C1-849F-F66B3683E808&D=122915&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2554303399-3207203618-2176961843-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2554303399-3207203618-2176961843-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BD849F4AD-9029-4F19-8072-A7DAC3C78B05%7D&gp=811014
BHO: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-24] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: The Amazon 1Button App for Internet Explorer -> {BAC72C85-CEC6-4B86-AF06-FA20C259FAB8} -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonBrowserHelper64.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-24] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-29] (Oracle Corporation)
BHO-x32: Search@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\lukeg\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2017-10-15] (Mail.Ru)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-29] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 9m56i2ec.default
FF ProfilePath: C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default [2017-10-15]
FF NewTab: Mozilla\Firefox\Profiles\9m56i2ec.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9m56i2ec.default -> Поиск@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9m56i2ec.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\9m56i2ec.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
FF Keyword.URL: Mozilla\Firefox\Profiles\9m56i2ec.default -> hxxp://go.mail.ru/distib/ep/?fr=ntg&product_id=%7B8D1566C7-0C5E-48B5-90DA-47591E37FD6D%7D&gp=811014
FF Extension: (Amazon Assistant for Firefox) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\abb@amazon.com.xpi [2017-07-01]
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\homepage@mail.ru [2017-10-15]
FF Extension: (Dashlane) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\jetpack-extension@dashlane.com.xpi [2017-06-07]
FF Extension: (English (US) Language Pack) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-06-23]
FF Extension: (Поиск@Mail.Ru) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\search@mail.ru [2017-10-15]
FF Extension: (Пульт) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-10-15]
FF Extension: (Adblock Plus) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF SearchPlugin: C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\searchplugins\mailru.xml [2017-10-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-01-20] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_159.dll [2017-10-11] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Users\lukeg\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-09-06] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR HomePage: Default -> inline.go.mail.ru
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default [2017-10-16]
CHR Extension: (Slides) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-04]
CHR Extension: (Mail.Ru) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2017-10-15]
CHR Extension: (YouTube) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-04]
CHR Extension: (Google Cast) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-09-05]
CHR Extension: (Adblock Plus) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27]
CHR Extension: (Mendeley Importer) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dagcmkpagjlhakfdhnbomgmjdpkdklff [2017-09-19]
CHR Extension: (Adobe Acrobat) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\enafhpjmlnpmbdnbpjkihmadnkfnpiim [2017-10-15]
CHR Extension: (Sheets) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-04]
CHR Extension: (Chrome Media Router) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [enafhpjmlnpmbdnbpjkihmadnkfnpiim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761608 2017-09-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-10] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-10-03] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [395616 2015-07-17] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [450400 2015-07-17] (Acer Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-03] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-01-03] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [46392 2016-01-03] (Disc Soft Ltd)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-07-17] (Acer Incorporated)
R1 MpKsl46fd0f0b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{098A1203-6199-4A05-9750-240A7CC70836}\MpKsl46fd0f0b.sys [58120 2017-10-16] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-07-17] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
S3 ser2at; C:\WINDOWS\system32\DRIVERS\ser2at64.sys [96256 2009-10-15] (ATEN)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [47784 2015-07-28] (Synaptics Incorporated)
S3 USA19H; C:\WINDOWS\system32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)
S3 USA19HP; C:\WINDOWS\system32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-16 13:51 - 2017-10-16 13:51 - 000000000 ____D C:\Users\lukeg\Desktop\FarBar
2017-10-16 13:48 - 2017-10-16 13:48 - 000001188 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2017-10-16 13:48 - 2017-10-16 13:48 - 000000000 ____D C:\Program Files (x86)\Runtime Software
2017-10-16 13:45 - 2017-10-16 13:46 - 002023440 _____ C:\Users\lukeg\Downloads\dixmlsetup.exe
2017-10-16 13:36 - 2017-10-16 13:52 - 000000000 ____D C:\FRST
2017-10-16 13:35 - 2017-10-16 13:36 - 002401792 _____ (Farbar) C:\Users\lukeg\Downloads\FRST64.exe
2017-10-16 08:49 - 2017-10-16 08:49 - 000000000 ____D C:\ProgramData\BlueStacks
2017-10-16 08:48 - 2017-10-16 08:48 - 000000000 ____D C:\Users\lukeg\AppData\Roaming\WildTangent
2017-10-16 06:57 - 2017-10-16 06:58 - 071535032 _____ (Malwarebytes ) C:\Users\lukeg\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951 (1).exe
2017-10-16 06:55 - 2017-10-16 08:56 - 000004042 _____ C:\Users\lukeg\Desktop\Rkill.txt
2017-10-16 06:54 - 2017-10-16 06:55 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\lukeg\Downloads\rkill.exe
2017-10-16 06:50 - 2017-10-16 08:49 - 000549504 _____ (ESET) C:\Users\lukeg\Downloads\ESETPoweliksCleaner.exe
2017-10-16 01:43 - 2017-10-16 08:08 - 107741184 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-10-16 01:23 - 2017-10-16 01:43 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-10-16 00:34 - 2017-10-16 13:53 - 000033585 _____ C:\Users\lukeg\Downloads\FRST.txt
2017-10-16 00:33 - 2017-10-16 00:33 - 000009794 _____ C:\Users\lukeg\Downloads\fixlist.txt
2017-10-15 23:56 - 2017-10-16 08:53 - 071535032 _____ (Malwarebytes ) C:\Users\lukeg\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-15 23:51 - 2017-10-16 08:50 - 000003106 _____ C:\WINDOWS\System32\Tasks\RunAtStartup
2017-10-15 20:10 - 2017-10-15 20:10 - 000003598 _____ C:\WINDOWS\System32\Tasks\IBUpd
2017-10-15 20:10 - 2017-10-15 20:10 - 000000000 ____D C:\Users\lukeg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2017-10-15 19:55 - 2017-10-15 20:03 - 000000000 ____D C:\Users\lukeg\Desktop\Euro Trip 2017
2017-10-15 19:53 - 2017-10-15 20:05 - 000000000 ____D C:\Users\lukeg\Desktop\City of Calgary Timesheets
2017-10-15 18:28 - 2017-10-15 20:10 - 000003344 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2017-10-15 18:25 - 2017-10-15 18:25 - 000000000 ____D C:\Program Files\Common Files\Noobzo
2017-10-15 15:08 - 2017-10-15 15:08 - 000000337 _____ C:\UBT_UninstallLog.txt
2017-10-15 14:27 - 2017-10-16 08:46 - 000000000 ____D C:\ProgramData\598e9470-7ff7-0
2017-10-15 14:27 - 2017-10-16 08:46 - 000000000 ____D C:\ProgramData\598e9470-0a03-1
2017-10-15 14:27 - 2017-10-15 14:32 - 000000000 ____D C:\Program Files (x86)\FastDataX
2017-10-15 14:27 - 2017-10-15 14:27 - 000021602 _____ C:\WINDOWS\System32\Tasks\zhHXJoNYdx1i
2017-10-15 14:27 - 2017-10-15 14:27 - 000000000 ___HD C:\WINDOWS\rss
2017-10-15 14:26 - 2017-10-16 08:46 - 000000000 ____D C:\ProgramData\e7974eb4-24a7-0
2017-10-15 14:26 - 2017-10-16 08:46 - 000000000 ____D C:\ProgramData\e7974eb4-1503-1
2017-10-15 14:26 - 2017-10-15 14:26 - 000016818 _____ C:\WINDOWS\System32\Tasks\Audio Gateway
2017-10-15 14:25 - 2017-10-15 14:25 - 000000000 ____D C:\Users\lukeg\AppData\Local\a022a0a374314a34adb4a8dc7091d2e4
2017-10-15 14:25 - 2017-10-15 14:25 - 000000000 ____D C:\ProgramData\aed7c4b2bb344c128608273781b197b7
2017-10-15 14:25 - 2017-10-15 14:25 - 000000000 ____D C:\ProgramData\9ad2cac23b464aab8098b46052f41cf2
2017-10-15 14:04 - 2017-10-16 00:24 - 000000000 ____D C:\Users\lukeg\AppData\Roaming\Event Monitor
2017-10-15 14:04 - 2017-10-15 18:24 - 000301568 _____ C:\ProgramData\smp2.exe
2017-10-15 14:04 - 2017-10-15 18:24 - 000187904 _____ C:\WINDOWS\rsrcs.dll
2017-10-15 14:04 - 2017-10-15 18:24 - 000004252 _____ C:\WINDOWS\System32\Tasks\SMW_P
2017-10-15 14:04 - 2017-10-15 14:28 - 000000000 ____D C:\Users\lukeg\AppData\Roaming\gplyra
2017-10-15 14:04 - 2017-10-15 14:04 - 000021602 _____ C:\WINDOWS\System32\Tasks\LI9lcRvANzho
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 ____D C:\Users\lukeg\AppData\Local\Поиcк в Интeрнете
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 ____D C:\Users\lukeg\AppData\Local\AdService
2017-10-15 14:03 - 2017-10-15 14:26 - 000000000 ____D C:\Program Files (x86)\LI9lcRvANzho
2017-10-15 14:03 - 2017-10-15 14:03 - 000140800 _____ C:\Users\lukeg\AppData\Local\installer.dat
2017-10-15 14:03 - 2017-10-15 14:03 - 000016888 _____ C:\WINDOWS\System32\Tasks\NovaScript Refresher Lite
2017-10-15 14:03 - 2017-10-15 14:03 - 000011568 _____ C:\Users\lukeg\AppData\Local\InstallationConfiguration.xml
2017-10-15 14:03 - 2017-10-15 14:03 - 000000000 ____D C:\Users\lukeg\AppData\Local\9f109db3fce54301bed57dd514c3b546
2017-10-15 14:03 - 2017-10-15 14:03 - 000000000 ____D C:\Users\lukeg\AppData\Local\9712a8d3ae6346c59e45738b0cead4a8
2017-10-15 14:03 - 2017-10-15 14:03 - 000000000 ____D C:\Users\lukeg\AppData\Local\788fb47a31bf4b83bf5fc8fcd5b29c1f
2017-10-15 14:03 - 2017-10-15 14:03 - 000000000 ____D C:\Program Files (x86)\pccleanplus
2017-10-15 14:01 - 2017-10-15 14:33 - 000000000 ____D C:\Users\lukeg\AppData\Local\Mail.Ru
2017-10-15 14:01 - 2017-10-15 14:33 - 000000000 ____D C:\Program Files (x86)\Mail.Ru
2017-10-15 14:01 - 2017-10-15 14:01 - 000000000 ____D C:\ProgramData\Mail.Ru
2017-10-15 07:37 - 2017-10-15 07:37 - 000815104 _____ () C:\WINDOWS\system32\bi3.exe
2017-10-14 17:56 - 2017-10-14 17:58 - 000000000 ____D C:\Users\lukeg\Downloads\Parks and Recreation S01-S07 (2009-)
2017-10-12 14:05 - 2017-10-12 14:05 - 002311295 _____ C:\Users\lukeg\Downloads\20-Transferable-Skills-1.pdf
2017-10-11 07:23 - 2017-10-11 07:23 - 000667036 _____ C:\Users\lukeg\Downloads\O'Brien_et_al-2000-European_Journal_of_Biochemistry.pdf
2017-10-10 23:26 - 2017-10-10 23:26 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-10 23:20 - 2017-09-17 21:27 - 000218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-10-10 23:20 - 2017-09-17 21:09 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-10 23:20 - 2017-09-17 21:09 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-10 23:20 - 2017-09-17 21:08 - 000998920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-10 23:20 - 2017-09-17 21:05 - 001177688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-10 23:20 - 2017-09-17 21:05 - 000497424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-10 23:20 - 2017-09-17 21:05 - 000172536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-10 23:20 - 2017-09-17 21:04 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-10 23:20 - 2017-09-17 21:04 - 000918304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-10 23:20 - 2017-09-17 21:03 - 000791272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-10 23:20 - 2017-09-17 21:02 - 007213464 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-10 23:20 - 2017-09-17 21:02 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-10-10 23:20 - 2017-09-17 21:00 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-10-10 23:20 - 2017-09-17 20:59 - 022220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-10 23:20 - 2017-09-17 20:59 - 008173672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-10 23:20 - 2017-09-17 20:59 - 004260072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-10-10 23:20 - 2017-09-17 20:59 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-10-10 23:20 - 2017-09-17 20:59 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-10-10 23:20 - 2017-09-17 20:59 - 000341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-10 23:20 - 2017-09-17 20:56 - 000057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-10 23:20 - 2017-09-17 20:55 - 005722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-10 23:20 - 2017-09-17 20:55 - 001431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-10-10 23:20 - 2017-09-17 20:54 - 001980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-10-10 23:20 - 2017-09-17 20:52 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-10 23:20 - 2017-09-17 20:52 - 006672680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-10 23:20 - 2017-09-17 20:52 - 004023560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-10-10 23:20 - 2017-09-17 20:52 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-10-10 23:20 - 2017-09-17 20:52 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-10-10 23:20 - 2017-09-17 20:52 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-10-10 23:20 - 2017-09-17 20:52 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-10-10 23:20 - 2017-09-17 20:51 - 000178016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-10 23:20 - 2017-09-17 20:49 - 001435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-10 23:20 - 2017-09-17 20:49 - 001412128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-10 23:20 - 2017-09-17 20:49 - 001260784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-10 23:20 - 2017-09-17 20:48 - 000117792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-10 23:20 - 2017-09-17 20:35 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-10-10 23:20 - 2017-09-17 20:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-10-10 23:20 - 2017-09-17 20:33 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-10 23:20 - 2017-09-17 20:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-10-10 23:20 - 2017-09-17 20:32 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-10 23:20 - 2017-09-17 20:32 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-10 23:20 - 2017-09-17 20:31 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-10-10 23:20 - 2017-09-17 20:31 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-10-10 23:20 - 2017-09-17 20:31 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-10 23:20 - 2017-09-17 20:31 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-10-10 23:20 - 2017-09-17 20:31 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-10 23:20 - 2017-09-17 20:30 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-10 23:20 - 2017-09-17 20:30 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-10-10 23:20 - 2017-09-17 20:29 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-10 23:20 - 2017-09-17 20:29 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-10-10 23:20 - 2017-09-17 20:29 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-10-10 23:20 - 2017-09-17 20:28 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-10 23:20 - 2017-09-17 20:28 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-10-10 23:20 - 2017-09-17 20:28 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-10-10 23:20 - 2017-09-17 20:28 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2017-10-10 23:20 - 2017-09-17 20:28 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-10-10 23:20 - 2017-09-17 20:27 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-10-10 23:20 - 2017-09-17 20:27 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-10-10 23:20 - 2017-09-17 20:27 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-10-10 23:20 - 2017-09-17 20:27 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-10-10 23:20 - 2017-09-17 20:27 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-10 23:20 - 2017-09-17 20:27 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-10-10 23:20 - 2017-09-17 20:27 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-10 23:20 - 2017-09-17 20:26 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-10-10 23:20 - 2017-09-17 20:26 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-10-10 23:20 - 2017-09-17 20:26 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-10 23:20 - 2017-09-17 20:26 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-10 23:20 - 2017-09-17 20:26 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-10-10 23:20 - 2017-09-17 20:26 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-10-10 23:20 - 2017-09-17 20:26 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-10 23:20 - 2017-09-17 20:26 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-10-10 23:20 - 2017-09-17 20:25 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-10-10 23:20 - 2017-09-17 20:25 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-10 23:20 - 2017-09-17 20:24 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-10 23:20 - 2017-09-17 20:24 - 000819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-10-10 23:20 - 2017-09-17 20:24 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-10-10 23:20 - 2017-09-17 20:24 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-10 23:20 - 2017-09-17 20:24 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-10 23:20 - 2017-09-17 20:23 - 000857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-10-10 23:20 - 2017-09-17 20:23 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-10-10 23:20 - 2017-09-17 20:23 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-10-10 23:20 - 2017-09-17 20:23 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-10-10 23:20 - 2017-09-17 20:23 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-10 23:20 - 2017-09-17 20:23 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-10-10 23:20 - 2017-09-17 20:22 - 001323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-10 23:20 - 2017-09-17 20:22 - 001137664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-10 23:20 - 2017-09-17 20:21 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-10 23:20 - 2017-09-17 20:20 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-10 23:20 - 2017-09-17 20:20 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-10-10 23:20 - 2017-09-17 20:20 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-10-10 23:20 - 2017-09-17 20:19 - 002750976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-10-10 23:20 - 2017-09-17 20:19 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-10 23:20 - 2017-09-17 20:19 - 000303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-10 23:20 - 2017-09-17 20:19 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-10 23:20 - 2017-09-17 20:18 - 008077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-10 23:20 - 2017-09-17 20:18 - 007470592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-10 23:20 - 2017-09-17 20:18 - 001145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-10-10 23:20 - 2017-09-17 20:18 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-10-10 23:20 - 2017-09-17 20:17 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-10 23:20 - 2017-09-17 20:17 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-10-10 23:20 - 2017-09-17 20:16 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-10-10 23:20 - 2017-09-17 20:16 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-10-10 23:20 - 2017-09-17 20:15 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-10-10 23:20 - 2017-09-17 20:15 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-10-10 23:20 - 2017-09-17 20:14 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-10 23:20 - 2017-09-17 20:14 - 002740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 002483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 001599488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 000983552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-10-10 23:20 - 2017-09-17 20:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-10-10 23:20 - 2017-09-17 20:14 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-10 23:20 - 2017-09-17 20:13 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-10-10 23:20 - 2017-09-17 20:13 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-10-10 23:20 - 2017-09-17 20:13 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-10-10 23:20 - 2017-09-17 20:13 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-10-10 23:20 - 2017-09-17 20:13 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-10-10 23:20 - 2017-09-17 20:13 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-10-10 23:20 - 2017-09-17 20:13 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2017-10-10 23:20 - 2017-09-17 20:12 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-10-10 23:20 - 2017-09-17 20:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-10 23:20 - 2017-09-17 20:12 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2017-10-10 23:20 - 2017-09-17 20:11 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-10-10 23:20 - 2017-09-17 20:11 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-10 23:20 - 2017-09-14 17:05 - 001302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-10-10 23:20 - 2017-09-14 16:59 - 000096064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-10-10 23:20 - 2017-09-14 16:52 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-10-10 23:20 - 2017-09-14 16:49 - 001202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-10-10 23:20 - 2017-09-14 16:34 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-10-10 23:20 - 2017-09-14 16:32 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2017-10-10 23:20 - 2017-09-14 16:32 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-10 23:20 - 2017-09-14 16:31 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-10 23:20 - 2017-09-14 16:30 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-10-10 23:20 - 2017-09-14 16:30 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2017-10-10 23:20 - 2017-09-14 16:30 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB7.dll
2017-10-10 23:20 - 2017-09-14 16:30 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-10-10 23:20 - 2017-09-14 16:30 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-10-10 23:20 - 2017-09-14 16:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-10 23:20 - 2017-09-14 16:28 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-10-10 23:20 - 2017-09-14 16:28 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-10-10 23:20 - 2017-09-14 16:27 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-10-10 23:20 - 2017-09-14 16:26 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-10-10 23:20 - 2017-09-14 16:26 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-10-10 23:20 - 2017-09-14 16:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2017-10-10 23:20 - 2017-09-14 16:25 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-10-10 23:20 - 2017-09-14 16:22 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-10-10 23:20 - 2017-09-14 16:18 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-10 23:20 - 2017-09-14 16:18 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2017-10-10 23:20 - 2017-09-14 16:16 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2017-10-10 23:20 - 2017-09-14 16:15 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-10 23:20 - 2017-09-13 20:04 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-10 23:20 - 2017-09-13 20:04 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-10 23:20 - 2017-09-13 20:04 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-10 23:20 - 2017-03-04 00:28 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-10-10 23:20 - 2017-03-04 00:25 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-10-10 23:20 - 2017-03-04 00:24 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-10-10 23:20 - 2017-03-04 00:23 - 001184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-10-10 23:20 - 2017-03-04 00:23 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-10-10 23:20 - 2017-03-04 00:18 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-10-10 23:20 - 2017-03-04 00:16 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-10-10 23:20 - 2017-03-04 00:00 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-10-10 23:20 - 2017-03-04 00:00 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-10-10 23:20 - 2016-08-26 23:12 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-10-10 23:19 - 2017-09-17 21:17 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-10-10 23:19 - 2017-09-17 21:17 - 000245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-10-10 23:19 - 2017-09-17 21:17 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-10-10 23:19 - 2017-09-17 21:09 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-10 23:19 - 2017-09-17 21:09 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-10 23:19 - 2017-09-17 21:08 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-10 23:19 - 2017-09-17 21:05 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-10-10 23:19 - 2017-09-17 21:04 - 000404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-10 23:19 - 2017-09-17 21:01 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-10-10 23:19 - 2017-09-17 21:01 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-10 23:19 - 2017-09-17 21:01 - 000431456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-10-10 23:19 - 2017-09-17 21:01 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-10 23:19 - 2017-09-17 20:59 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-10-10 23:19 - 2017-09-17 20:58 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-10-10 23:19 - 2017-09-17 20:58 - 000206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-10 23:19 - 2017-09-17 20:57 - 001566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-10 23:19 - 2017-09-17 20:57 - 001460696 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-10 23:19 - 2017-09-17 20:57 - 001415712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-10 23:19 - 2017-09-17 20:36 - 022570496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-10 23:19 - 2017-09-17 20:33 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransliterationRanker.dll
2017-10-10 23:19 - 2017-09-17 20:32 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpninputrouter.dll
2017-10-10 23:19 - 2017-09-17 20:32 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmojiDS.dll
2017-10-10 23:19 - 2017-09-17 20:31 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\RuleBasedDS.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpnranker.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000174592 _____ C:\WINDOWS\system32\IHDS.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\VocabRoamingHandler.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StaticDictDS.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-10-10 23:19 - 2017-09-17 20:30 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxranker.dll
2017-10-10 23:19 - 2017-09-17 20:29 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-10 23:19 - 2017-09-17 20:29 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsStrokeDS.dll
2017-10-10 23:19 - 2017-09-17 20:29 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-10-10 23:19 - 2017-09-17 20:28 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtHkStrokeDS.dll
2017-10-10 23:19 - 2017-09-17 20:28 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsPinyinRanker.dll
2017-10-10 23:19 - 2017-09-17 20:28 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MtfDecoder.dll
2017-10-10 23:19 - 2017-09-17 20:28 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxAPDS.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimeChsPinyinMainDS.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxHAPDS.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtCangjieDS.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtQuickDS.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpndecoder.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxinputrouter.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-10-10 23:19 - 2017-09-17 20:27 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-10 23:19 - 2017-09-17 20:26 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-10-10 23:19 - 2017-09-17 20:26 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-10-10 23:19 - 2017-09-17 20:26 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-10 23:19 - 2017-09-17 20:26 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-10-10 23:19 - 2017-09-17 20:26 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-10-10 23:19 - 2017-09-17 20:26 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-10-10 23:19 - 2017-09-17 20:26 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-10-10 23:19 - 2017-09-17 20:25 - 001914368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-10 23:19 - 2017-09-17 20:25 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-10 23:19 - 2017-09-17 20:24 - 013107712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-10 23:19 - 2017-09-17 20:24 - 002103808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-10-10 23:19 - 2017-09-17 20:24 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-10-10 23:19 - 2017-09-17 20:24 - 001584640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-10 23:19 - 2017-09-17 20:23 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-10-10 23:19 - 2017-09-17 20:22 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-10-10 23:19 - 2017-09-17 20:22 - 003291648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-10-10 23:19 - 2017-09-17 20:22 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-10-10 23:19 - 2017-09-17 20:22 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-10 23:19 - 2017-09-17 20:22 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-10 23:19 - 2017-09-17 20:20 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-10 23:19 - 2017-09-17 20:20 - 019414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-10 23:19 - 2017-09-17 20:20 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-10-10 23:19 - 2017-09-17 20:18 - 012204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-10 23:19 - 2017-09-17 20:18 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-10 23:19 - 2017-09-17 20:18 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-10 23:19 - 2017-09-17 20:18 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-10 23:19 - 2017-09-17 20:18 - 000932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-10-10 23:19 - 2017-09-17 20:17 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-10 23:19 - 2017-09-17 20:17 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-10 23:19 - 2017-09-17 20:16 - 004743168 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-10 23:19 - 2017-09-17 20:16 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 003202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-10 23:19 - 2017-09-17 20:15 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-10 23:19 - 2017-09-17 20:14 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-10 23:19 - 2017-09-17 20:14 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 001040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 000650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-10 23:19 - 2017-09-17 20:13 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-10-10 23:19 - 2017-09-17 20:13 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-10-10 23:19 - 2017-09-17 20:13 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-10-10 23:19 - 2017-09-17 20:11 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\trie.dll
2017-10-10 23:19 - 2017-09-17 20:11 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFFuzzyDS.dll
2017-10-10 23:19 - 2017-09-17 20:11 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFSpellcheckDS.dll
2017-10-10 23:19 - 2017-09-14 17:14 - 000119328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-10-10 23:19 - 2017-09-14 16:32 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-10-10 23:19 - 2017-09-14 16:32 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-10-10 23:19 - 2017-09-14 16:31 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-10 23:19 - 2017-09-14 16:29 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-10-10 23:19 - 2017-09-14 16:25 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-10-10 23:19 - 2017-09-14 16:24 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-10-10 23:19 - 2017-09-14 16:23 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-10 23:19 - 2017-09-14 16:22 - 000634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-10-10 23:19 - 2017-09-14 16:20 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-10-10 23:19 - 2017-09-14 16:19 - 000928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-10-10 23:19 - 2017-03-04 01:10 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-10-10 23:19 - 2017-03-04 00:11 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-10-10 23:19 - 2017-03-04 00:07 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-10-10 23:19 - 2016-08-05 22:16 - 000026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-10-10 23:19 - 2016-08-02 02:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-10-10 23:18 - 2017-09-17 20:32 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-10 23:18 - 2017-09-17 20:28 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-10-10 23:18 - 2017-09-17 20:27 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-10 23:18 - 2017-09-17 20:26 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2017-10-10 23:18 - 2017-09-17 20:25 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-10 23:18 - 2017-09-17 20:25 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-10-10 23:18 - 2017-09-17 20:19 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-10-10 23:18 - 2017-09-17 20:19 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2017-10-10 23:18 - 2017-09-17 20:13 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2017-10-10 23:18 - 2017-09-14 16:32 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB7.dll
2017-10-10 23:18 - 2017-09-14 16:31 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-10-10 23:18 - 2017-09-14 16:24 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2017-10-10 23:18 - 2017-09-14 16:22 - 000820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-10-10 23:18 - 2017-09-14 16:19 - 001421824 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-10-09 21:39 - 2017-10-15 19:57 - 000000000 ____D C:\Users\lukeg\Desktop\HP Shortcuts
2017-10-09 21:33 - 2017-10-09 21:33 - 000128541 _____ C:\Users\lukeg\OneDrive\Documents\Luke_G_Alberta_Health_Care_Card.pdf
2017-10-09 21:33 - 2017-10-09 21:33 - 000117771 _____ C:\Users\lukeg\OneDrive\Documents\Luke_G_Drivers_License.pdf
2017-10-09 21:26 - 2017-10-09 21:26 - 000000000 ____D C:\Users\lukeg\OneDrive\Documents\HpReg_Backup
2017-10-09 21:20 - 2017-10-09 21:20 - 000000000 ____D C:\Users\lukeg\AppData\Roaming\HPPSDr
2017-10-08 22:52 - 2017-10-09 21:19 - 011097040 _____ C:\Users\lukeg\Downloads\HPPSdr.exe
2017-10-06 21:15 - 2017-10-06 21:15 - 000003738 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP OfficeJet 4650 series
2017-10-06 21:15 - 2017-10-06 21:15 - 000000000 ____D C:\ProgramData\Visan
2017-10-06 21:15 - 2017-10-06 21:15 - 000000000 ____D C:\ProgramData\HP Photo Creations
2017-10-06 21:15 - 2017-10-06 21:15 - 000000000 ____D C:\Program Files (x86)\HP Photo Creations
2017-10-06 21:14 - 2017-10-06 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-10-06 21:14 - 2017-10-06 21:14 - 000000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2017-10-06 21:13 - 2017-10-09 21:19 - 000000000 ____D C:\Users\lukeg\AppData\Local\HP
2017-10-06 21:13 - 2017-10-09 21:19 - 000000000 ____D C:\Program Files (x86)\HP
2017-10-06 21:13 - 2017-10-06 21:13 - 000000000 ____D C:\Program Files\HP
2017-10-06 20:37 - 2017-10-06 21:10 - 216648224 _____ C:\Users\lukeg\Downloads\OJ4650_Full_WebPack_1122.exe
2017-10-06 20:17 - 2017-10-06 20:17 - 000130171 _____ C:\Users\lukeg\Downloads\Luke_Goudie.pdf
2017-10-05 17:54 - 2017-10-05 17:54 - 000919322 _____ C:\Users\lukeg\Downloads\or_28_5_1597_PDF (1).pdf
2017-10-05 17:53 - 2017-10-05 17:53 - 000919322 _____ C:\Users\lukeg\Downloads\or_28_5_1597_PDF.pdf
2017-10-05 17:52 - 2017-10-05 17:52 - 000373269 _____ C:\Users\lukeg\Downloads\or_24_4_869_PDF.pdf
2017-10-05 15:17 - 2017-10-05 15:17 - 000133491 _____ C:\Users\lukeg\Downloads\or_16_6_1357_PDF.pdf
2017-10-05 12:19 - 2017-10-05 12:20 - 004549044 _____ C:\Users\lukeg\Downloads\USA-19HS-Driver-Windows-2000-XP-2003-Server-Vista (1).zip
2017-10-04 18:23 - 2017-10-04 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-04 10:55 - 2017-10-04 16:00 - 000000000 ___RD C:\Users\lukeg\OneDrive - University of Calgary
2017-10-03 13:37 - 2017-10-03 13:37 - 000342967 ____H C:\Users\lukeg\Downloads\~WRL0938.tmp
2017-10-03 10:39 - 2017-10-03 10:39 - 000000165 ____H C:\Users\lukeg\Desktop\~$Supervisory Committee Meeting Presentation.pptx
2017-10-03 04:21 - 2017-10-03 04:21 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-10-03 04:21 - 2017-10-03 04:21 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-10-03 04:21 - 2017-10-03 04:21 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-10-03 04:21 - 2017-10-03 04:21 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-29 15:46 - 2017-09-29 15:46 - 000605648 _____ C:\Users\lukeg\Downloads\1-s2.0-S1473309913702007-mmc1.pdf
2017-09-28 18:11 - 2017-10-12 18:30 - 000000000 ____D C:\Program Files\rempl
2017-09-28 12:22 - 2017-09-28 12:22 - 000002229 _____ C:\Users\Public\Desktop\Wave.lnk
2017-09-28 12:22 - 2017-09-28 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seahorse Bioscience
2017-09-28 12:22 - 2017-09-28 12:22 - 000000000 ____D C:\Program Files (x86)\Seahorse Bioscience
2017-09-25 21:08 - 2017-09-25 21:08 - 001560733 _____ C:\Users\lukeg\Downloads\level-up-events-students.pptx
2017-09-24 18:53 - 2017-09-24 18:53 - 001983384 _____ C:\Users\lukeg\Downloads\JDC-LG-28sep17-tissue-engineering.pptx
2017-09-22 14:44 - 2017-09-28 18:01 - 008645123 _____ C:\Users\lukeg\Desktop\Supervisory Committee Meeting Presentation.pptx
2017-09-19 21:28 - 2017-09-19 21:28 - 000451707 _____ C:\Users\lukeg\Downloads\jpc140005.pdf
2017-09-19 14:34 - 2017-09-19 14:34 - 000000000 ____D C:\ProgramData\dbg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-16 13:48 - 2015-07-15 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-10-16 13:29 - 2016-09-06 02:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-16 13:29 - 2016-09-04 20:51 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-16 13:29 - 2016-09-04 20:51 - 000002450 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-10-16 09:24 - 2015-12-27 04:28 - 000000000 ____D C:\Users\lukeg\AppData\Local\Packages
2017-10-16 08:48 - 2016-09-06 02:55 - 000000000 ____D C:\Users\lukeg
2017-10-16 08:48 - 2015-07-15 21:44 - 000000000 ____D C:\ProgramData\WildTangent
2017-10-16 08:47 - 2015-12-27 04:39 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-16 08:09 - 2016-09-06 03:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-16 08:08 - 2016-09-06 02:51 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-10-16 08:08 - 2016-07-16 00:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-10-16 07:45 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\registration
2017-10-16 06:48 - 2016-02-08 20:11 - 000000000 ____D C:\Users\lukeg\AppData\Local\CrashDumps
2017-10-15 23:50 - 2015-12-27 04:26 - 000000000 ____D C:\Users\lukeg\AppData\Local\Host App Service
2017-10-15 23:49 - 2015-07-15 21:43 - 001426626 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-15 20:13 - 2017-09-12 16:25 - 000002300 _____ C:\Users\lukeg\Desktop\DatLab7 - Shortcut.lnk
2017-10-15 20:13 - 2017-05-21 12:12 - 000000000 ____D C:\Users\lukeg\Desktop\Oxygraph-2k
2017-10-15 20:04 - 2016-08-26 10:40 - 000000000 ____D C:\Users\lukeg\Desktop\Graduate Student Information
2017-10-15 19:56 - 2015-12-26 16:46 - 000000000 ____D C:\Users\lukeg\Desktop\Resumes
2017-10-15 15:10 - 2015-07-15 21:43 - 000000000 ____D C:\Program Files (x86)\Acer
2017-10-15 15:08 - 2015-07-15 21:46 - 000000000 ____D C:\Program Files\Acer
2017-10-15 15:08 - 2015-07-15 21:44 - 000000000 ____D C:\ProgramData\OEM
2017-10-15 14:51 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-15 14:30 - 2016-07-16 05:45 - 000000000 ____D C:\WINDOWS\INF
2017-10-15 14:24 - 2015-07-15 21:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-15 14:19 - 2016-09-06 02:48 - 000339472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-15 14:18 - 2016-07-16 05:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-10-15 14:18 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-10-15 14:18 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-15 14:04 - 2015-12-29 22:15 - 000000000 ____D C:\Users\lukeg\AppData\Roaming\uTorrent
2017-10-15 14:03 - 2017-05-02 14:51 - 000000000 ____D C:\Program Files\UNP
2017-10-15 14:03 - 2016-09-06 04:34 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-10-15 14:02 - 2016-07-16 05:47 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-10-15 14:02 - 2016-03-06 13:20 - 000000000 ____D C:\Program Files\Factorio
2017-10-15 14:01 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-10-15 14:01 - 2015-07-10 05:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-10-15 12:12 - 2016-01-04 23:15 - 000000000 ____D C:\Users\lukeg\AppData\Local\ElevatedDiagnostics
2017-10-14 18:45 - 2017-07-12 16:57 - 000000000 ____D C:\Users\lukeg\AppData\LocalLow\uTorrent
2017-10-13 21:33 - 2017-04-11 16:43 - 000133581 _____ C:\Users\lukeg\OneDrive\Documents\Data and Graphs for Experiment #1.pzfx
2017-10-13 01:23 - 2016-02-29 18:18 - 000000000 ____D C:\Users\lukeg\OneDrive\Documents\Custom Office Templates
2017-10-12 18:31 - 2016-07-16 05:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-11 22:57 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-11 17:54 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-11 17:54 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-10 23:51 - 2016-07-16 05:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-10 23:36 - 2015-12-26 22:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-10 23:25 - 2015-12-26 22:13 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-09 21:21 - 2017-06-12 12:01 - 000000000 ____D C:\ProgramData\HP
2017-10-04 18:24 - 2017-01-10 17:22 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-28 12:18 - 2017-06-07 13:13 - 000000000 ____D C:\Users\lukeg\AppData\Local\Downloaded Installations
2017-09-24 13:07 - 2016-07-16 05:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-24 13:04 - 2015-09-13 07:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-20 14:42 - 2017-07-26 17:54 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2554303399-3207203618-2176961843-1001
2017-09-20 14:42 - 2015-12-27 04:33 - 000002371 _____ C:\Users\lukeg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-20 14:42 - 2015-12-27 04:33 - 000000000 ___RD C:\Users\lukeg\OneDrive
2017-09-19 18:17 - 2016-02-29 18:47 - 000000000 ____D C:\Program Files (x86)\Mendeley Desktop
2017-09-19 14:24 - 2016-04-25 18:35 - 000000000 ____D C:\Users\lukeg\AppData\Roaming\Skype
 
==================== Files in the root of some directories =======
 
2017-10-15 14:03 - 2017-10-15 14:03 - 000011568 _____ () C:\Users\lukeg\AppData\Local\InstallationConfiguration.xml
2017-10-15 14:03 - 2017-10-15 14:03 - 000140800 _____ () C:\Users\lukeg\AppData\Local\installer.dat
2015-12-26 14:19 - 2015-12-26 14:19 - 000007605 _____ () C:\Users\lukeg\AppData\Local\Resmon.ResmonCfg
2016-09-06 02:51 - 2016-09-06 02:51 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-06-13 10:34 - 2017-06-13 10:34 - 000002649 _____ () C:\ProgramData\regid.2004-08.seahorsebio.com_83000E27-FEA8-4AEF-968E-E487414DAB73.swidtag
2017-10-15 14:04 - 2017-10-15 18:24 - 000301568 _____ () C:\ProgramData\smp2.exe
 
Files to move or delete:
====================
C:\Users\lukeg\AppData\Roaming\gplyra\gplyra\start.cmd
C:\WINDOWS\Temp\gB163.tmp.exe
C:\WINDOWS\rss\csrss.exe
C:\ProgramData\smp2.exe
 
 
Some files in TEMP:
====================
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\08O8SxPia3d1.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\2UjyDfbWeJkX.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000051202 _____ () C:\Users\lukeg\AppData\Local\Temp\2ZqPiQsTkTLa.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000212992 _____ () C:\Users\lukeg\AppData\Local\Temp\362dBNSccuEz.exe
2017-10-15 14:01 - 2017-10-15 14:01 - 001586152 _____ () C:\Users\lukeg\AppData\Local\Temp\39jzL9hMS9cu.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000557056 _____ () C:\Users\lukeg\AppData\Local\Temp\3heMGsD6a7x0.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000191999 _____ () C:\Users\lukeg\AppData\Local\Temp\4LrghuDXwa4R.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000483328 _____ (OneSystemCare                                               ) C:\Users\lukeg\AppData\Local\Temp\5pyy4htMFpHr.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 002609336 _____ () C:\Users\lukeg\AppData\Local\Temp\5qDlcmCLeUka.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\62tuRae1Kyvg.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000395620 ____N (                                                            ) C:\Users\lukeg\AppData\Local\Temp\77K43oKG3pAQ.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\7Kiz523IgyUg.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000417792 _____ () C:\Users\lukeg\AppData\Local\Temp\7zP9qqCAxS7G.exe
2017-10-15 14:03 - 2017-10-15 14:03 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\80yhxbfzTmjo.exe
2017-10-15 14:02 - 2017-10-15 14:02 - 000395620 ____N (                                                            ) C:\Users\lukeg\AppData\Local\Temp\86Lk4WH0rwgx.exe
2017-10-15 14:01 - 2017-10-15 14:02 - 001586152 _____ () C:\Users\lukeg\AppData\Local\Temp\8BLoMxhwlhJK.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\A4y8DYJaIn35.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000270336 _____ () C:\Users\lukeg\AppData\Local\Temp\AZdhEF38Zzym.exe
2017-01-20 21:54 - 2017-01-20 21:54 - 000009728 _____ () C:\Users\lukeg\AppData\Local\Temp\bassmod.dll
2017-10-15 14:04 - 2017-10-15 14:04 - 000270336 _____ () C:\Users\lukeg\AppData\Local\Temp\bhem3nGuAO97.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000212992 _____ () C:\Users\lukeg\AppData\Local\Temp\BOaGGzDAn6Wv.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\C06xU3fCfGAv.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000942080 _____ () C:\Users\lukeg\AppData\Local\Temp\DbdNYrSPQvuy.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000344064 _____ () C:\Users\lukeg\AppData\Local\Temp\DQ1F2MsyAh0W.exe
2017-10-15 14:01 - 2017-10-15 14:01 - 001586152 _____ () C:\Users\lukeg\AppData\Local\Temp\DxthysopWOZd.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000184322 _____ () C:\Users\lukeg\AppData\Local\Temp\eTa2H0H526SA.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000191999 _____ () C:\Users\lukeg\AppData\Local\Temp\fAQNob6bWfvO.exe
2017-10-15 14:03 - 2017-10-15 14:03 - 001586152 _____ () C:\Users\lukeg\AppData\Local\Temp\ferugMmp2TY5.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000073728 _____ () C:\Users\lukeg\AppData\Local\Temp\fhA3gg34gi9M.exe
2017-10-15 14:03 - 2017-10-15 14:03 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\FwaY301H1im4.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000884736 _____ () C:\Users\lukeg\AppData\Local\Temp\fYSkf4oREUph.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000065536 _____ () C:\Users\lukeg\AppData\Local\Temp\gs3NF2kchf3T.exe
2017-10-15 14:03 - 2017-10-15 14:03 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\GTzPugKJlWni.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\gx9pQk9MoDFf.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\HGezVQkvBbCR.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\hgsnAOPHetwC.exe
2017-10-15 14:00 - 2017-10-15 14:01 - 002609336 ____N () C:\Users\lukeg\AppData\Local\Temp\HTH80BMa4kbD.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000016384 _____ () C:\Users\lukeg\AppData\Local\Temp\HtMddNrjZcrw.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\j188iRoCT2Ey.exe
2017-01-23 21:56 - 2017-01-23 21:56 - 000739904 _____ (Oracle Corporation) C:\Users\lukeg\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-07-26 13:46 - 2017-07-26 13:46 - 000740416 _____ (Oracle Corporation) C:\Users\lukeg\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\JXWBcfFcEkeC.exe
2017-10-15 14:02 - 2017-10-15 14:02 - 000395620 ____N (                                                            ) C:\Users\lukeg\AppData\Local\Temp\jZAuXlM28h0d.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\KiO65WCOUO7F.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000196608 _____ () C:\Users\lukeg\AppData\Local\Temp\L1QcasG1QLB3.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000737280 _____ (OneSystemCare                                               ) C:\Users\lukeg\AppData\Local\Temp\LoDR9RFayEeo.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\lQosQmVMUUvD.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000245760 _____ () C:\Users\lukeg\AppData\Local\Temp\m3VQjZyC5Rmb.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000191999 _____ () C:\Users\lukeg\AppData\Local\Temp\m4Z6gqz29p6k.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\m99E9vate6Fj.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000065536 _____ () C:\Users\lukeg\AppData\Local\Temp\mLiQXucZpXjf.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000065536 _____ () C:\Users\lukeg\AppData\Local\Temp\n4lNqV9CJmE1.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000589824 _____ () C:\Users\lukeg\AppData\Local\Temp\NlEWKe6RduST.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000000000 _____ () C:\Users\lukeg\AppData\Local\Temp\o40yAlNsdJTI.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000262144 _____ () C:\Users\lukeg\AppData\Local\Temp\OAsnZdiyFLCO.exe
2016-09-14 10:21 - 2016-09-14 10:24 - 058412368 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct2D16.tmp.exe
2017-05-10 21:51 - 2017-05-10 21:52 - 039415032 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct2FC1.tmp.exe
2017-07-14 13:33 - 2017-07-14 13:34 - 039245368 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct384A.tmp.exe
2017-10-15 14:37 - 2017-10-15 14:40 - 039236800 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct39AD.tmp.exe
2016-09-20 11:44 - 2016-09-20 11:45 - 058523032 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct45B8.tmp.exe
2017-06-22 23:49 - 2017-06-22 23:50 - 039842360 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct60A8.tmp.exe
2017-04-15 15:28 - 2017-04-15 15:29 - 059080608 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct8CB1.tmp.exe
2017-04-15 15:38 - 2017-04-15 15:39 - 058523032 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\oct9E97.tmp.exe
2017-10-03 20:58 - 2017-10-03 20:59 - 039234048 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\octAB1A.tmp.exe
2017-03-13 19:12 - 2017-03-13 19:13 - 038421056 _____ (SweetLabs,Inc.) C:\Users\lukeg\AppData\Local\Temp\octF1AD.tmp.exe
2017-10-15 14:00 - 2017-10-15 14:01 - 002609336 ____N () C:\Users\lukeg\AppData\Local\Temp\P2eToUJvYjIJ.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000221184 _____ () C:\Users\lukeg\AppData\Local\Temp\pEQei3InpHWN.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000147456 _____ () C:\Users\lukeg\AppData\Local\Temp\pGMbY9a3DPhD.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000352256 _____ () C:\Users\lukeg\AppData\Local\Temp\PQv5sN0wYrow.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000729088 _____ () C:\Users\lukeg\AppData\Local\Temp\PSo3ukuO5lyv.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000065536 _____ () C:\Users\lukeg\AppData\Local\Temp\Q5uv8kvBBZQu.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000368640 _____ () C:\Users\lukeg\AppData\Local\Temp\q9PZvOcn5Is9.exe
2017-10-15 14:03 - 2017-10-15 14:03 - 001586152 _____ () C:\Users\lukeg\AppData\Local\Temp\QaBJBnLi3N1A.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000114688 _____ () C:\Users\lukeg\AppData\Local\Temp\QGqXjt7ERb93.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\r15GhuiitKvS.exe
2017-10-15 14:02 - 2017-10-15 14:02 - 000395620 ____N (                                                            ) C:\Users\lukeg\AppData\Local\Temp\Rjua0baxN11a.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000491520 _____ () C:\Users\lukeg\AppData\Local\Temp\S9ES1FeTn22L.exe
2017-07-10 10:36 - 2017-07-10 10:36 - 007737344 _____ () C:\Users\lukeg\AppData\Local\Temp\SkypeSetup.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000278528 _____ () C:\Users\lukeg\AppData\Local\Temp\SmpgRQrtUVUD.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000237568 _____ () C:\Users\lukeg\AppData\Local\Temp\sSl3dMUtyIRg.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000491520 _____ () C:\Users\lukeg\AppData\Local\Temp\u1P2zymr53CX.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000491520 _____ (OneSystemCare                                               ) C:\Users\lukeg\AppData\Local\Temp\u2I9SAO4lmwc.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000794624 _____ () C:\Users\lukeg\AppData\Local\Temp\u9XEZxiCuKV8.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000393216 _____ () C:\Users\lukeg\AppData\Local\Temp\UJZh8JKeTMmR.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000557056 _____ () C:\Users\lukeg\AppData\Local\Temp\UkmyMPe8YGso.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000688128 _____ () C:\Users\lukeg\AppData\Local\Temp\v6vmQ32DLXWU.exe
2017-07-10 09:27 - 2017-07-10 09:27 - 014456872 _____ (Microsoft Corporation) C:\Users\lukeg\AppData\Local\Temp\vc_redist.x86.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 001586152 ____N () C:\Users\lukeg\AppData\Local\Temp\wF18vh2QNxm9.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000147456 _____ () C:\Users\lukeg\AppData\Local\Temp\wltFYf4g3QAT.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000720896 _____ () C:\Users\lukeg\AppData\Local\Temp\wsclQrNTdIOa.exe
2017-10-15 14:00 - 2017-10-15 14:01 - 002609336 ____N () C:\Users\lukeg\AppData\Local\Temp\Wxd28Kws9Dcr.exe
2017-10-15 14:03 - 2017-10-15 14:03 - 001586152 _____ () C:\Users\lukeg\AppData\Local\Temp\xWU7AZdHYnSP.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000131072 _____ () C:\Users\lukeg\AppData\Local\Temp\y1XD5890mPca.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000753664 _____ () C:\Users\lukeg\AppData\Local\Temp\YpxM0mBuazoI.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000065536 _____ () C:\Users\lukeg\AppData\Local\Temp\ZA5GzkrtLZos.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000335872 _____ () C:\Users\lukeg\AppData\Local\Temp\ZQO8FM4MY9Rk.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 000090112 _____ () C:\Users\lukeg\AppData\Local\Temp\zRyp6cVfmY7M.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-10-08 10:39
 
==================== End of FRST.txt ============================
 
Here is the "Addition file"
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2017
Ran by lukeg (16-10-2017 13:56:06)
Running from C:\Users\lukeg\Downloads
Windows 10 Home Version 1607 170917-1700 (X64) (2016-09-06 09:27:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-2554303399-3207203618-2176961843-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2554303399-3207203618-2176961843-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2554303399-3207203618-2176961843-503 - Limited - Disabled)
Guest (S-1-5-21-2554303399-3207203618-2176961843-501 - Limited - Disabled)
lukeg (S-1-5-21-2554303399-3207203618-2176961843-1001 - Administrator - Enabled) => C:\Users\lukeg
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-44b15a0c-012a-42cf-98f1-165fff52d3de) (Version: 3.0.2.118 - WildTangent) Hidden
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3027 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3006 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{566F2BB3-9031-D010-E31F-BE5D49984768}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
App Explorer (HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Host App Service) (Version: 0.273.2.371 - SweetLabs)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Banished version 1.0.0 (HKLM-x32\...\Banished_is1) (Version: 1.0.0 - Black Panther)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BrowserAir (HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\BrowserAir) (Version: 48.0.0.0 - BrowserAir) <==== ATTENTION
Cisco WebEx Meetings (HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0114 - Disc Soft Ltd)
Darkest Dungeon (HKLM-x32\...\1450711444_is1) (Version: 2.18.0.22 - GOG.com)
Dino Storm (HKLM-x32\...\WildTangentGDF-acer-dinostorm) (Version: 13.0.0.6 - WildTangent) Hidden
Divinity - Original Sin (HKLM-x32\...\Divinity - Original Sin_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.60.000 - Runtime Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 36.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Endless Legend Shifters (HKLM-x32\...\Endless Legend Shifters_is1) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Factorio version 0.11.20 (HKLM\...\Factorio_is1) (Version:  - )
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GraphPad Prism 6 (HKLM-x32\...\{606443B0-9831-11DC-5F90-015CFB7A6952}) (Version: 6.01 - GraphPad Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Home Makeover (HKLM-x32\...\WTA-3cf95c4f-180b-4280-8f16-c53e066361fb) (Version: 3.0.2.59 - WildTangent) Hidden
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{F68DF314-BD12-4549-941C-521CB8D16DDE}) (Version: 40.11.1122.1796 - HP Inc.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HuniePop (HKLM-x32\...\1443428641_is1) (Version: 2.0.0.1 - GOG.com)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-1230f393-e73b-4a65-b2df-1ad3a6b6744f) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match Snowscapes (HKLM-x32\...\WTA-d63130dc-efc8-4c06-a15e-a2edcf5b04f3) (Version: 3.0.2.118 - WildTangent) Hidden
KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)
Keyspan USB Serial Adapter (HKLM-x32\...\{2E97DE76-851A-48AA-A0D6-665860FAD9CA}) (Version: 3.7s - Keyspan)
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Magic Academy (HKLM-x32\...\WTA-c89a8073-438e-4611-9c1c-a1121411ab40) (Version: 2.2.0.97 - WildTangent) Hidden
Mendeley Desktop 1.17.10 (HKLM-x32\...\Mendeley Desktop) (Version: 1.17.10 - Mendeley Ltd.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8431.2079 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{60499BF0-C3D1-40CC-8600-8A7246534466}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Oroboros DatLab (HKLM-x32\...\Oroboros DatLab) (Version:  - )
Polar Bowler 1st Frame (HKLM-x32\...\WTA-134665ac-2bca-44cd-a74e-fb5c2e88e579) (Version: 3.0.2.59 - WildTangent) Hidden
Product Improvement Study for HP OfficeJet 4650 series (HKLM\...\{4C6A5272-AB0C-4913-8E66-C7B408C761A4}) (Version: 40.11.1122.1796 - HP Inc.)
Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.043 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Rise of Nations: Extended Edition (HKLM-x32\...\Rise of Nations: Extended Edition_is1) (Version:  - Microsoft Studios)
Rory's Restaurant (HKLM-x32\...\WTA-7aae79e6-c8f9-4751-bb78-5f3a73b0dc29) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-8f50145d-d9dd-494c-aee5-8647a1ff13c9) (Version: 3.0.2.126 - WildTangent) Hidden
Search module (HKLM-x32\...\Search module) (Version:  - Goobzo) <==== ATTENTION
Setli (HKLM-x32\...\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1) (Version: 1.4 - )
Sid Meier's Civilization V The Complete Edition repack Mr DJ version 1.0.3.279 (HKLM-x32\...\Sid Meier's Civilization V The Complete Edition ~01EC3566_is1) (Version: 1.0.3.279 - Mr DJ)
Sid Meiers Civilization VI Proper (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.6.0.8 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims 3 Complete Collection version 1.67.2 (HKLM-x32\...\The Sims 3 Complete Collection_is1) (Version: 1.67.2 - Mr DJ)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden
Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden
Wave Desktop (HKLM-x32\...\{4F2FDA4C-12B7-410A-8D9B-B7D8CFBF14A8}) (Version: 2.4.0.60 - Agilent Technologies, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.16 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-11-30] (Apple Inc.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013-10-23] (WinZip Computing, S.L.)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWOW64\WSCM64.dll -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013-10-23] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-07-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013-10-23] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15CFC3C1-3975-4CD0-B795-F87742B8AB40} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {21A13638-4C0B-41F6-94E6-C9801B465107} - System32\Tasks\App Explorer => C:\Users\lukeg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-10-07] (SweetLabs, Inc) <==== ATTENTION
Task: {23E3BAFF-FD03-4BE7-85F7-EB6FBEFACE6A} - System32\Tasks\IBUpd2 => C:\Users\lukeg\AppData\Local\BrowserAir\48.0.0.0\updater.exe <==== ATTENTION
Task: {31404AD6-85F4-44D4-817C-F3EDF6D853DA} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-11] (Adobe Systems Incorporated)
Task: {359AFBE3-36EB-43EC-951E-2355A0E6EB82} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-07-17] (Acer Incorporated)
Task: {4BD261DA-5BB0-4E7A-8B40-98398C4C2AAC} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-10-15] () <==== ATTENTION
Task: {5EBD45BE-BBE8-47FA-83D3-A53F31DEBEDD} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {60BD67F1-58B2-459D-AC00-10967D895910} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-10] (Microsoft Corporation)
Task: {66ADC14A-DFA6-4173-A737-7628E973FEA4} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2016-08-15] ()
Task: {6F4ABA55-6992-477D-97CF-2DB69ADF7CC8} - System32\Tasks\Audio Gateway => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Audio Gateway\Audio Gateway.dll",FsrgIyaVJAB <==== ATTENTION
Task: {792A2010-6DBA-4FE1-B63C-14500314F191} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {7BD16653-AC61-42D6-BAEF-681AB9DE89C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-04] (Google Inc.)
Task: {7CB41E86-911C-4C9C-948F-F2C754A8F864} - System32\Tasks\RunAtStartup => C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe [2017-09-20] () <==== ATTENTION
Task: {7D1EEB25-1CBA-4312-A6E1-A80E4E7EC4FE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-10] (Dropbox, Inc.)
Task: {8831D1F8-E6D0-4D0B-BCDA-19BAF52A02EB} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2015-11-25] ()
Task: {8C4E2F0A-83BF-48C7-8041-83EEF057E623} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-04] (Google Inc.)
Task: {8CA7B7B3-3F6A-46B2-BD1A-9AFDDF32DD12} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-11-25] ()
Task: {9AE5BC12-A075-4CDA-8F80-A548835F8237} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-24] (Microsoft Corporation)
Task: {A2A04E3F-DD2B-4C05-B257-EA113A3E6DE4} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-07-10] (Acer Incorporated)
Task: {A68B848B-7CC4-416B-9EE7-2B451E40CCF8} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated)
Task: {A6DA94B9-38D2-4A92-BDE2-AB8ED0AEFD29} - System32\Tasks\HPCustParticipation HP OfficeJet 4650 series => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPCustPartic.exe [2017-04-06] (HP Inc.)
Task: {AA744EF8-152A-4F24-82C5-306B032F9A9E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {BB648EB8-6B1D-4E51-8604-38132B539D23} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-10] (Dropbox, Inc.)
Task: {BF123B96-8CF4-4274-9013-CD7C9446CD77} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-24] ()
Task: {C2824150-7469-43A9-A0F6-8C8AF48E2A9F} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] ()
Task: {CB1CDB4B-1985-4C34-AD96-F62C1976CB44} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-24] ()
Task: {CE558490-767D-4D3F-B17A-A0C2E8C25D10} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\lukeg\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {D946B9CF-9678-4D9E-A902-AB7A5309F869} - System32\Tasks\NovaScript Refresher Lite => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\NovaScript Refresher Lite\NovaScript Refresher Lite.dll",UDhMbGhcty <==== ATTENTION
Task: {E3C9C250-F04A-4D99-A6C9-4650167A1AB8} - System32\Tasks\zhHXJoNYdx1i => zhhxjonydx1i.exe
Task: {E8691FBD-44E0-4150-A72F-4E93D93F54D8} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe [2015-05-14] (Acer Incorporated)
Task: {F0976B62-B130-434F-8C40-2FD746FCC2C8} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {F6C45684-381B-47C8-BC31-B4A1AD8BE7B2} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {F7CB9E5F-D50F-43CA-AC03-051DF18C7302} - System32\Tasks\LI9lcRvANzho => li9lcrvanzho.exe
Task: {FA922F0E-0881-42F4-A147-B0352E5C3894} - System32\Tasks\IBUpd => C:\Users\lukeg\AppData\Local\BrowserAir\48.0.0.0\updater.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 05:42 - 2016-07-16 05:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-12 20:24 - 2017-09-07 00:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-15 14:03 - 2015-06-01 18:58 - 002144768 _____ () C:\Program Files\NovaScript Refresher Lite\NovaScript Refresher Lite.dll
2016-02-15 22:01 - 2016-02-15 22:01 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll
2017-03-06 17:07 - 2015-03-11 20:43 - 000022528 _____ () C:\WINDOWS\System32\us00alm.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-15 21:54 - 2015-05-08 11:41 - 000111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-09-13 13:28 - 2016-09-06 22:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 17:48 - 2017-03-04 00:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-10-15 14:04 - 2017-09-20 20:35 - 003295168 _____ () C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe
2017-08-22 20:08 - 2017-08-22 20:08 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-22 20:08 - 2017-08-22 20:08 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-22 20:08 - 2017-08-22 20:08 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-22 20:08 - 2017-08-22 20:08 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2016-08-15 15:24 - 2016-08-15 15:24 - 001769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2017-03-14 17:49 - 2017-03-04 00:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 17:49 - 2017-03-04 00:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 17:49 - 2017-03-04 00:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-10-10 23:19 - 2017-09-17 20:13 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-10-10 23:19 - 2017-09-17 20:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-10-10 23:19 - 2017-09-17 20:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-25 12:03 - 2015-11-25 12:03 - 004644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-10-15 14:04 - 2017-10-15 14:04 - 001378816 _____ () C:\Program Files (x86)\Google\Chrome\Application\WINHTTP.dll
2017-01-14 15:13 - 2017-09-24 13:01 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-09-25 13:18 - 2017-09-21 01:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-25 13:18 - 2017-09-21 01:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-05-23 09:39 - 2017-05-23 09:39 - 003918848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-08-04 01:50 - 2017-08-04 01:51 - 000019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-08-04 01:50 - 2017-08-04 01:51 - 028986880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-04 01:50 - 2017-08-04 01:51 - 000428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-04 01:50 - 2017-08-04 01:51 - 020510208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-04 01:50 - 2017-08-04 01:51 - 002339328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-08-04 01:50 - 2017-08-04 01:51 - 003041792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-08 09:24 - 2017-06-08 09:24 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-15 10:33 - 2017-06-15 10:37 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-04 01:50 - 2017-08-04 01:51 - 001361920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-09-28 09:22 - 2017-09-28 09:22 - 026118656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-09-28 09:22 - 2017-09-28 09:22 - 009162240 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-28 09:22 - 2017-09-28 09:22 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-03-14 17:49 - 2017-03-04 00:04 - 000114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2015-12-30 11:08 - 2015-04-28 16:22 - 001498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-12-30 11:08 - 2014-05-19 18:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-10-04 18:22 - 2017-10-03 04:21 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-10-04 18:22 - 2017-10-03 04:21 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-10-04 18:23 - 2017-10-03 04:21 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-10-04 18:22 - 2017-10-03 04:21 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-10-04 18:22 - 2017-10-03 04:21 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-10-04 18:23 - 2017-10-03 04:21 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-10-04 18:22 - 2017-10-03 04:21 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-10-04 18:22 - 2017-10-03 04:21 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-10-04 18:23 - 2017-10-03 04:22 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-10-04 18:23 - 2017-10-03 04:21 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-10-04 18:23 - 2017-10-03 04:22 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-10-04 18:22 - 2017-10-03 04:21 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-10-04 18:22 - 2017-10-03 04:22 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-10-04 18:22 - 2017-10-03 04:21 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-10-04 18:22 - 2017-10-03 04:22 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-10-04 18:23 - 2017-10-03 04:22 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-10-04 18:22 - 2017-10-03 04:22 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-10-04 18:23 - 2017-10-03 04:22 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-10-04 18:22 - 2017-10-03 04:22 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2016-09-09 10:51 - 2016-09-09 10:51 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 000641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 18:03 - 2016-08-15 18:03 - 000202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 000654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 18:04 - 2016-08-15 18:04 - 000119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2016-09-20 10:23 - 2016-09-20 10:23 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 15:09 - 2016-08-30 15:09 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 15:05 - 2016-08-30 15:05 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-11-04 18:36 - 2015-11-04 18:36 - 000149720 _____ () C:\Program Files (x86)\Acer\abDocs Office AddIn\AcerWordAddin.dll
2017-09-24 13:02 - 2017-09-24 13:02 - 000094920 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\officevoicemanager.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\amazon.ca -> hxxps://amazon.ca
IE trusted site: HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\amazon.com -> amazon.com
IE trusted site: HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\sharepoint.com -> hxxps://uofc-files.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 05:04 - 2017-10-16 08:46 - 000013499 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 id.avast.com
127.0.0.1 v4618535.iavs9x.u.avast.com
127.0.0.1 v4618535.ivps9x.u.avast.com
127.0.0.1 v4618535.ivps9tiny.u.avast.com
127.0.0.1 v4618535.vpsnitro.u.avast.com
127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
127.0.0.1 v4618535.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com
127.0.0.1 w9448963.iavs9x.u.avast.com
127.0.0.1 w9448963.ivps9x.u.avast.com
127.0.0.1 w9448963.ivps9tiny.u.avast.com
127.0.0.1 w9448963.vpsnitro.u.avast.com
127.0.0.1 w9448963.vpsnitrotiny.u.avast.com
127.0.0.1 w9448963.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com
 
There are 333 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
DNS Servers: 82.163.143.12 - 82.163.142.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D39AA813-4F90-41F5-B884-39F426CB728E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{F9BD3288-B48D-47E7-806C-D737D224810B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{22E5E853-AB83-414E-9E0C-1DD0F15A631C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{4DAB7718-BE02-4B7D-A961-CE554B6DD815}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{F29E342C-8E77-4637-9D98-817AED8920C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{9A1885B4-3578-4AEB-98AD-9DCAA3787AF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{EEEE062E-CAE1-409E-B894-45B5E84D5177}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{AF0DB969-EAF6-4EE0-BBE3-910856176582}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{8C1EAC1D-3002-43BD-83EE-D88DDD2E8AC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{3CA4F59A-FC0E-4A22-88AA-7D978B4DF62D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{12DA0AF7-E7DD-4CD8-A20B-3672F2C72727}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Adventure Game\TheWitcherAdventureGame.exe
FirewallRules: [{63450340-83F1-448B-AF6F-78B3897B9ED6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Adventure Game\TheWitcherAdventureGame.exe
FirewallRules: [UDP Query User{9857B7A8-D846-46E7-9812-CAD6821A9BF9}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [TCP Query User{B795DE6E-5621-4842-AB4D-D6BD10489797}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [UDP Query User{909B38D0-8B11-4CE5-9DCF-82ABE44178DF}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [TCP Query User{5285CA0E-903B-43B5-BE62-8BCECECA3824}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [{2997BD87-DE52-4456-9BE8-ECF0653EBDF8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{5536518C-A3DA-4135-A2D7-F2F486E46733}C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{8B723C25-55DB-40D8-AA3C-E53A1FB8D5D1}C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe
FirewallRules: [{CA82AEAB-F09F-4AA3-A364-71F489DF1D99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{169DF155-9E77-4590-AA9F-2E49A5EC5C2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{6DCCCADD-B817-48DB-AB61-619A4DDDDE7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{8B47706E-50DA-4F73-AE87-7D013DC2F672}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [UDP Query User{A85384EC-9E50-49B2-A226-CCD06C0E715C}C:\program files (x86)\r.g. mechanics\divinity - original sin\shipping\eocapp.exe] => (Block) C:\program files (x86)\r.g. mechanics\divinity - original sin\shipping\eocapp.exe
FirewallRules: [TCP Query User{D6CCF34A-7B48-4C9B-9A2F-EE2BD40311A9}C:\program files (x86)\r.g. mechanics\divinity - original sin\shipping\eocapp.exe] => (Block) C:\program files (x86)\r.g. mechanics\divinity - original sin\shipping\eocapp.exe
FirewallRules: [{C4C9DDF4-DDFD-4DD8-88DF-580582DEB18E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Folk Tale\Folk Tale.exe
FirewallRules: [{6588F613-9C1F-45CE-ADE6-A86E940C0312}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Folk Tale\Folk Tale.exe
FirewallRules: [{C1D42AEF-0C66-4D5E-A38D-ECC88B37582C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{D938BF08-E6F4-451E-AC3D-F0F36464B1B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{1A981401-C779-4796-BA8E-6B9F034CC553}] => (Allow) C:\Users\lukeg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D58E4683-ABC2-4E0F-AABA-DA2D1E7318A4}] => (Allow) C:\Users\lukeg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{13622AF7-3B58-4BBE-A4E0-300915C81D6C}] => (Allow) C:\Users\lukeg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6248686B-AC16-4540-A438-B879ECFFF8B6}] => (Allow) C:\Users\lukeg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6118646-24A5-4221-8ED8-2957D68B285C}] => (Allow) C:\Users\lukeg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9F3550E9-ABBE-4A27-9D61-ADCC04DE26D7}] => (Allow) C:\Users\lukeg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F3BB3140-F82D-4A59-B999-C9BB903092F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{249B7941-DD6B-4802-A656-1C3DDB436ED9}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{C0A52E9B-F9FF-4379-9110-831C67376EB2}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{8422A92D-A3BC-4FCC-917C-7111B3B4421F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{78E0BC95-8376-4CA1-BC3C-EA02052CAE85}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{17FCFDCD-31F7-4B6C-A4EE-66C2DC308EEE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{0BA0C669-46FB-4B17-9E32-97F780D14178}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{551B0EA3-BB76-4C53-A5E6-6F86B2394E71}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{16154149-238D-4E6F-BF14-F31D4B890B21}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DA037F76-18F0-43FA-99B9-5B5121A97772}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6A30B585-63FB-4820-866D-A40A72573120}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2C351CFF-CF4A-4F63-BD28-341AC4F691F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{42151D62-CEB4-4B55-8704-BBE5558583EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{D5A518EB-909D-4E9E-8C0C-E1EE3E00C690}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Gold\W40k.exe
FirewallRules: [{07AA5731-1CFF-4D67-BEF8-F558B9A6B90B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Gold\W40k.exe
FirewallRules: [{3A6F7F2A-D1F5-493A-9031-B97A05BA0A39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{09371AB7-EDCE-43ED-AD71-C9299EDB8248}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{65DCE61B-09E2-413A-A075-9CC8974CFB63}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C79B4037-3C67-4A41-B800-251779921C5B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{83344C30-5CA7-440A-97AB-77EF94F19966}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D1DFE9DF-9110-4A49-8AB7-81B209FECA90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Dark Crusade\darkcrusade.exe
FirewallRules: [{5B9C54A6-1FB6-4DC5-9DC7-DBB494C5533D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Dark Crusade\darkcrusade.exe
FirewallRules: [{312CD875-F457-49E8-A4D6-616BFA11D5A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{CCFC80FE-A667-45FD-8538-F448FA8D89EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe
FirewallRules: [{7442CC1A-85DB-403B-9066-CA9928FD9707}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Wonders Shadow Magic\Launcher.exe
FirewallRules: [{EBA55DE8-7259-4AA6-B108-90B83B596D2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Wonders Shadow Magic\Launcher.exe
FirewallRules: [{CB7F0CD5-42A4-45ED-B7BE-7BA330BA67D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Wonders Shadow Magic\AoWSMSetup.exe
FirewallRules: [{E3450230-DF03-4419-96BB-DF9B7BEFD9E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Wonders Shadow Magic\AoWSMSetup.exe
FirewallRules: [{B0595D25-4A65-4E50-80A4-80B77183B008}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Wonders Shadow Magic\AoWSMEd.exe
FirewallRules: [{FAE7F311-C7EF-4635-8891-CD88F461175E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Wonders Shadow Magic\AoWSMEd.exe
FirewallRules: [{1D97BBDA-9522-421F-AC84-C384DBB3D336}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{9CD83AEF-6C8F-4455-AA1C-827DF5F10317}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{E5C21BAC-7A32-4D40-952F-8FA761DDC9B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\towns\Towns.exe
FirewallRules: [{952CE71B-4764-48B3-8B1E-EF5DA1D6C622}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\towns\Towns.exe
FirewallRules: [{67510596-9E22-4D99-8706-F1E492C87D75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{5CF10FCC-562A-4CE2-9171-1305691644D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{2BE1E0EA-AF12-4807-9A2C-5EE416A9B9D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{7F4E4CEE-0AEE-481B-81F0-74D981E2AE3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{DED7E5D3-2FD2-40FC-A54D-7D6A9E55FB87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [{6442C941-C0B8-4253-8B9C-A584ACCCB01E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [{6242B2DD-830C-42E1-BECD-AF47FE0A59A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kohan II\k2.exe
FirewallRules: [{FE14D155-B99B-4D2A-9B4A-3B9E0068EA8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kohan II\k2.exe
FirewallRules: [{C8AD68D5-E983-409E-A156-4A59DCD93831}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{86398E11-0FC2-4429-BAEE-4FDA38776133}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{43A8432F-0320-4C40-A9B9-232BD871CF97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{F9F065D6-A670-449B-84EF-D5D6D209BD53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{E8B7125F-87D3-4AA7-8C7B-E484F2C58C0B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3BE5E315-88F4-4199-9132-4F22F850AAA0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{76ADD824-DE94-4A05-BFC8-F2553AAD4B65}] => (Allow) C:\Program Files (x86)\Mr DJ\Sid Meier's Civilization V The Complete Edition repack Mr DJ\Launcher.exe
FirewallRules: [{984FE48D-232C-4A7A-82B3-0D4CDE72635B}] => (Allow) C:\Program Files (x86)\Mr DJ\Sid Meier's Civilization V The Complete Edition repack Mr DJ\Launcher.exe
FirewallRules: [TCP Query User{E919F079-6FE4-4BBF-8012-29EFB773AFFC}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{BE0A66D8-AEF4-4F31-B8D1-671BFC6533D8}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{5F7CC23F-ECDA-406F-8517-4E86FE890DA4}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{AD4AA34B-1D5C-4F80-982C-2B7A5AE9C6AE}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{84CA2321-8A9F-4CB8-80D2-FE2A94A8D33C}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{89D3B320-B7CE-4A95-8845-B3D2EAFFFF7A}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{3C069151-5BEC-4E82-9CE3-30BE82F4F452}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{B4308496-0C04-446F-B5AD-542151A888BF}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [TCP Query User{33E16B2A-D59B-4901-AB98-CABB72FC6857}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{0A2BBF29-BDA6-46F4-A2C0-14305B0BC880}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{2CE90FBE-7672-4B4A-85EB-AEDCF232D23A}C:\users\lukeg\desktop\microscopy lab software\fiji.app\imagej-win64.exe] => (Allow) C:\users\lukeg\desktop\microscopy lab software\fiji.app\imagej-win64.exe
FirewallRules: [UDP Query User{613A09FB-5F8E-4002-9C6E-FDE175F5A6A6}C:\users\lukeg\desktop\microscopy lab software\fiji.app\imagej-win64.exe] => (Allow) C:\users\lukeg\desktop\microscopy lab software\fiji.app\imagej-win64.exe
FirewallRules: [{6656A06F-1F7C-4724-ABF1-8E162F537CF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deep Space Waifu\Deep Space Waifu.exe
FirewallRules: [{31620890-B0FA-4C8A-91FE-26473FC11984}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deep Space Waifu\Deep Space Waifu.exe
FirewallRules: [{5E0BBABC-3D1A-4819-8FB8-BE11B5E440C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Material Girl\Game.exe
FirewallRules: [{F1A54992-9D51-4AA7-935A-577027730720}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Material Girl\Game.exe
FirewallRules: [TCP Query User{1AC92B52-F7E7-469A-85A7-282D424B2AF0}C:\users\lukeg\desktop\games\force of nature\force.of.nature.v1.1.3h1\forceofnature.exe] => (Allow) C:\users\lukeg\desktop\games\force of nature\force.of.nature.v1.1.3h1\forceofnature.exe
FirewallRules: [UDP Query User{519EDD0C-F78F-4366-873B-8F753C3FA188}C:\users\lukeg\desktop\games\force of nature\force.of.nature.v1.1.3h1\forceofnature.exe] => (Allow) C:\users\lukeg\desktop\games\force of nature\force.of.nature.v1.1.3h1\forceofnature.exe
FirewallRules: [{15F9A90F-47DD-4C95-829E-0140F67F9777}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{52EBA613-E9EF-4945-B8AB-7198E87A81CC}C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe
FirewallRules: [UDP Query User{B64A879B-DF49-4397-8184-81449F432572}C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe
FirewallRules: [TCP Query User{A9A1F105-C65B-4E66-A476-9154E2CAB554}C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe
FirewallRules: [UDP Query User{F45DA15C-242D-4B79-8931-58347BBCD31D}C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe
FirewallRules: [{109C8198-6BF2-4D20-A840-AA2845CF4953}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5BABDC1D-8150-449E-B11F-F422682A5ECA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{333360FE-60EB-4446-88F9-F198A070F1EF}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe
FirewallRules: [{53322C52-2314-43A9-908C-E4FF01E39011}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe
FirewallRules: [{296606EC-AE77-4011-9453-0D38F02C1E9E}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe
FirewallRules: [{8B12118F-CD37-4D8B-975D-B7553AFC5642}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe
FirewallRules: [{62531460-A944-4D88-83FB-4BAD158010A6}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe
FirewallRules: [{C2E0F4F6-85D0-4D7B-AB15-211838BC1942}] => (Allow) LPort=5357
FirewallRules: [{5D2E28D8-7496-4DC7-A463-4A995988D57D}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8C5624DA-8EAE-4E2C-81DE-5C508AA76955}] => (Allow) C:\Users\lukeg\AppData\Local\Temp\7zS272E\HPDiagnosticCoreUI.exe
FirewallRules: [{981D5DEA-911F-429C-A52E-5CA34CE2F963}] => (Allow) C:\Users\lukeg\AppData\Local\Temp\7zS272E\HPDiagnosticCoreUI.exe
FirewallRules: [{8B4B9948-96FA-48E6-A88B-48065A353F6F}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{CE871015-16A8-4731-A77C-C9013C582E5D}] => (Allow) C:\WINDOWS\rss\csrss.exe
FirewallRules: [{0DE8C570-F466-4BB7-88B6-ADE30DD821F0}] => (Allow) C:\Users\lukeg\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
FirewallRules: [{254BEB68-14E5-4D94-9394-4B037FA33BCE}] => (Allow) C:\Program Files (x86)\Secure Driver Updater\SDU.exe
FirewallRules: [{E7B66B68-FC3E-4C93-B07A-7B951D94C1CB}] => (Allow) C:\Users\lukeg\AppData\Local\BrowserAir\Application\BrowserairExec.exe
FirewallRules: [{5AA854FF-6CEE-4BDE-93EA-12AC9C63C45E}] => (Allow) C:\WINDOWS\System32\rundll32.exe
FirewallRules: [{FDD4CD0B-3149-4A76-89B0-006850B2DAB1}] => (Allow) C:\WINDOWS\System32\rundll32.exe
FirewallRules: [{0F1A5EC6-8C8D-460E-AA9B-742B2411E94A}] => (Allow) C:\WINDOWS\System32\rundll32.exe
FirewallRules: [{C0AA72BA-3D8B-4E0D-BCC4-8CDED8234111}] => (Allow) C:\WINDOWS\System32\rundll32.exe
 
==================== Restore Points =========================
 
10-10-2017 23:24:14 Windows Update
15-10-2017 14:33:08 Removed Win Optimizer
16-10-2017 07:20:07 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/16/2017 01:50:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\microsoft office\root\office16\odbc drivers\salesforce\lib\libcurl32.dlla\libcurl.dll".
Dependent Assembly OpenSSL.DllA,processorArchitecture="&#x2a;",type="win32",version="1.0.0.4" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/16/2017 08:47:31 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070091.
 
Error: (10/16/2017 07:20:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/16/2017 07:18:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/16/2017 06:48:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.953, time stamp: 0x58ba5911
Faulting module name: Flash.ocx_unloaded, version: 27.0.0.130, time stamp: 0x59a5bd4d
Exception code: 0xc0000005
Fault offset: 0x0000000000447680
Faulting process id: 0x22f8
Faulting application start time: 0x01d3465ceaaa0620
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: Flash.ocx
Report Id: a39a6f18-57c6-4676-a439-502d22b31efb
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (10/16/2017 12:21:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-8VD73NK9)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2017 12:21:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-8VD73NK9)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2017 12:21:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-8VD73NK9)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2017 12:21:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-8VD73NK9)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2017 12:21:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-8VD73NK9)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (10/16/2017 12:25:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/16/2017 08:46:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/16/2017 07:21:39 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8VD73NK9)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (10/16/2017 07:21:37 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8VD73NK9)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
 
Error: (10/16/2017 07:21:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/16/2017 12:23:09 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (10/16/2017 12:21:45 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8VD73NK9)
Description: The server MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca did not register with DCOM within the required timeout.
 
Error: (10/16/2017 12:21:32 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8VD73NK9)
Description: The server MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca did not register with DCOM within the required timeout.
 
Error: (10/16/2017 12:19:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/16/2017 12:17:41 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8VD73NK9)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-05-19 08:30:08.186
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-19 08:30:08.182
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:53:21.473
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:53:21.471
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:52:45.653
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:52:45.650
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:50:59.065
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:50:59.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:48:17.941
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 11:48:17.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 62%
Total physical RAM: 7126.37 MB
Available physical RAM: 2693.76 MB
Total Virtual: 10966.37 MB
Available Virtual: 4815.76 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:930.91 GB) (Free:488.14 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================

 

I have attached a Rkill file as well:

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/16/2017 08:50:44 AM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\WINDOWS\Temp\gDF1B.tmp.exe (PID: 4000) [WD-HEUR]
 * C:\Users\lukeg\AppData\Local\9f109db3fce54301bed57dd514c3b546\N8NuJ3ZKw6WkW.exe (PID: 6580) [UP-HEUR]
 * C:\Users\lukeg\AppData\Local\a022a0a374314a34adb4a8dc7091d2e4\3CAXh50.exe (PID: 4972) [UP-HEUR]
 
3 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 gf.tools.avast.com
  127.0.0.1 pair.ff.avast.com
  127.0.0.1 ipm-provider.ff.avast.com
  127.0.0.1 ipm-provider.ff.avast.com
  127.0.0.1 ipm-provider.ff.avast.com
  127.0.0.1 id.avast.com
  127.0.0.1 v4618535.iavs9x.u.avast.com
  127.0.0.1 v4618535.ivps9x.u.avast.com
  127.0.0.1 v4618535.ivps9tiny.u.avast.com
  127.0.0.1 v4618535.vpsnitro.u.avast.com
  127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
  127.0.0.1 v4618535.iavs5x.u.avast.com
  127.0.0.1 v7.stats.avast.com
  127.0.0.1 v7.stats.avast.com
  127.0.0.1 v7event.stats.avast.com
  127.0.0.1 sm00.avast.com
  127.0.0.1 submit5.avast.com
  127.0.0.1 geoip.avast.com
  127.0.0.1 w9448963.iavs9x.u.avast.com
  127.0.0.1 w9448963.ivps9x.u.avast.com
 
  20 out of 362 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 10/16/2017 08:56:02 AM
Execution time: 0 hours(s), 5 minute(s), and 17 seconds(s)
 


#3 lgoudie

lgoudie
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 16 October 2017 - 03:18 PM

Apologies to moderators for loading this twice, computer was really slow and thought I only added it once, feel free to delete if it is bothersome!

 

Luke



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:55 AM

Posted 17 October 2017 - 09:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
App Explorer (HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Host App Service) (Version: 0.273.2.371 - SweetLabs)
BrowserAir (HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\BrowserAir) (Version: 48.0.0.0 - BrowserAir) <==== ATTENTION
Search module (HKLM-x32\...\Search module) (Version: - Goobzo) <==== ATTENTION
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(SweetLabs, Inc) C:\Users\lukeg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
() C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe
(int ltd) C:\Program Files (x86)\LI9lcRvANzho\zhhxjonydx1i.exe
HKLM\...\Run: [gplyra] => C:\Users\lukeg\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] () <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [LAPTOP-8VD73NK9] => C:\WINDOWS\Temp\gB163.tmp.exe [212992 2017-10-16] () <==== ATTENTION
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [ENFQJWKVAE.exe] => C:\Program Files\Factorio\LLVHQZWNRA\ENFQJWKVAE.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [ZBIJJZQLEN.exe] => C:\Program Files\Factorio\EWUMDCNZHA\ZBIJJZQLEN.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [NAPQPGVFRN.exe] => C:\Program Files\Factorio\FNGOHYCETK\NAPQPGVFRN.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [4wxqCqFO7MqnY.exe] => C:\Users\lukeg\AppData\Local\9712a8d3ae6346c59e45738b0cead4a8\4wxqCqFO7MqnY.exe [184320 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [N8NuJ3ZKw6WkW.exe] => C:\Users\lukeg\AppData\Local\9f109db3fce54301bed57dd514c3b546\N8NuJ3ZKw6WkW.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [fwkVQhmUm6.exe] => C:\ProgramData\9ad2cac23b464aab8098b46052f41cf2\fwkVQhmUm6.exe [184320 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [3CAXh50.exe] => C:\Users\lukeg\AppData\Local\a022a0a374314a34adb4a8dc7091d2e4\3CAXh50.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [HiddenBush] => C:\WINDOWS\rss\csrss.exe [2558976 2017-10-15] () <==== ATTENTION
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\MountPoints2: {c67b9378-ca12-11e5-9bd6-2c600cde60a4} - "D:\setup.exe"
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\MountPoints2: {d9fab65a-f475-11e6-9c04-2c600cde60a4} - "F:\setup.exe"
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\MountPoints2: {f0b7506e-90dc-11e6-9bf6-2c600cde60a4} - "E:\setup.exe"
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
Tcpip\..\Interfaces\{87217844-16da-4140-9f8f-8bbddeafe66c}: [NameServer] 82.163.143.12,82.163.142.22
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811013
SearchScopes: HKU\S-1-5-21-2554303399-3207203618-2176961843-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=B78706B7-7A93-49FE-8472-A920F1E5D71B&SearchSource=58&CUI=&UM=8&UP=SP7B4EB22D-7118-43C1-849F-F66B3683E808&D=122915&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2554303399-3207203618-2176961843-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BD849F4AD-9029-4F19-8072-A7DAC3C78B05%7D&gp=811014
BHO: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
BHO: The Amazon 1Button App for Internet Explorer -> {BAC72C85-CEC6-4B86-AF06-FA20C259FAB8} -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonBrowserHelper64.dll => No File
BHO-x32: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
BHO-x32: Search@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\lukeg\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2017-10-15] (Mail.Ru)
FF NewTab: Mozilla\Firefox\Profiles\9m56i2ec.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9m56i2ec.default -> ?????@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9m56i2ec.default -> ?????@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\9m56i2ec.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
FF Keyword.URL: Mozilla\Firefox\Profiles\9m56i2ec.default -> hxxp://go.mail.ru/distib/ep/?fr=ntg&product_id=%7B8D1566C7-0C5E-48B5-90DA-47591E37FD6D%7D&gp=811014
FF Extension: (???????? ???????? Mail.Ru) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\homepage@mail.ru [2017-10-15]
FF Extension: (?????@Mail.Ru) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\search@mail.ru [2017-10-15]
FF Extension: (?????) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-10-15]
FF SearchPlugin: C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\searchplugins\mailru.xml [2017-10-15]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
CHR HomePage: Default -> inline.go.mail.ru
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Extension: (Mail.Ru) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2017-10-15]
CHR Extension: (?????????? ???????? Mail.Ru) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\enafhpjmlnpmbdnbpjkihmadnkfnpiim [2017-10-15]
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [enafhpjmlnpmbdnbpjkihmadnkfnpiim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd] - hxxps://clients2.google.com/service/update2/crx
S3 dbx; system32\DRIVERS\dbx.sys [X]



ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWOW64\WSCM64.dll -> No File
Task: {21A13638-4C0B-41F6-94E6-C9801B465107} - System32\Tasks\App Explorer => C:\Users\lukeg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-10-07] (SweetLabs, Inc) <==== ATTENTION
Task: {23E3BAFF-FD03-4BE7-85F7-EB6FBEFACE6A} - System32\Tasks\IBUpd2 => C:\Users\lukeg\AppData\Local\BrowserAir\48.0.0.0\updater.exe <==== ATTENTION
Task: {4BD261DA-5BB0-4E7A-8B40-98398C4C2AAC} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-10-15] () <==== ATTENTION
Task: {6F4ABA55-6992-477D-97CF-2DB69ADF7CC8} - System32\Tasks\Audio Gateway => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Audio Gateway\Audio Gateway.dll",FsrgIyaVJAB <==== ATTENTION
Task: {7CB41E86-911C-4C9C-948F-F2C754A8F864} - System32\Tasks\RunAtStartup => C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe [2017-09-20] () <==== ATTENTION
Task: {D946B9CF-9678-4D9E-A902-AB7A5309F869} - System32\Tasks\NovaScript Refresher Lite => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\NovaScript Refresher Lite\NovaScript Refresher Lite.dll",UDhMbGhcty <==== ATTENTION
Task: {E3C9C250-F04A-4D99-A6C9-4650167A1AB8} - System32\Tasks\zhHXJoNYdx1i => zhhxjonydx1i.exe
Task: {F7CB9E5F-D50F-43CA-AC03-051DF18C7302} - System32\Tasks\LI9lcRvANzho => li9lcrvanzho.exe
Task: {FA922F0E-0881-42F4-A147-B0352E5C3894} - System32\Tasks\IBUpd => C:\Users\lukeg\AppData\Local\BrowserAir\48.0.0.0\updater.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
2017-10-15 14:04 - 2017-09-20 20:35 - 003295168 _____ () C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe
FirewallRules: [{CE871015-16A8-4731-A77C-C9013C582E5D}] => (Allow) C:\WINDOWS\rss\csrss.exe
FirewallRules: [{E7B66B68-FC3E-4C93-B07A-7B951D94C1CB}] => (Allow) C:\Users\lukeg\AppData\Local\BrowserAir\Application\BrowserairExec.exe

C:\Users\lukeg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
C:\Windows\System32\Tasks\App Explorer
C:\Windows\System32\Tasks\IBUpd2
C:\Windows\System32\Tasks\IBUpd
C:\Users\lukeg\AppData\Local\BrowserAir
C:\Wndows\System32\Tasks\SMW_P
C:\ProgramData\smp2.exe
C:\Windows\System32\Tasks\Audio Gateway
C:\Windows\System32\Tasks\RunAtStartup
C:\Users\lukeg\AppData\Roaming\Event Monitor
C:\Windows\System32\Tasks\NovaScript Refresher Lite
C:\Windows\System32\Tasks\zhHXJoNYdx1i
C:\Program Files (x86)\LI9lcRvANzho
C:\Users\lukeg\AppData\Roaming\gplyra
C:\WINDOWS\Temp\gB163.tmp.exe
C:\Windows\System32\Tasks\LI9lcRvANzho
C:\Program Files\Factorio\LLVHQZWNRA
C:\Program Files\Factorio\EWUMDCNZHA
C:\Program Files\Factorio\FNGOHYCETK
C:\Users\lukeg\AppData\Local\9712a8d3ae6346c59e45738b0cead4a8
C:\Users\lukeg\AppData\Local\9f109db3fce54301bed57dd514c3b546
C:\ProgramData\9ad2cac23b464aab8098b46052f41cf2
C:\Users\lukeg\AppData\Local\a022a0a374314a34adb4a8dc7091d2e4
C:\WINDOWS\rss\csrss.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Try to Update and run the Malwarebytes program.
Remove everything that will be flagged.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)

===

Please post the Filog.txt and let me know what problem persists.



p.s.
Your topics were merged.

#5 lgoudie

lgoudie
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 17 October 2017 - 01:23 PM

Hello Nasdaq,

 

Greatly appreciate the help! Currently my search engine still remains as  http://www-searching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58. I also am still unable to startup MalwareBytes, Junkware Removal and ESETPoweliksCleaner, due to adminstrator priviledges preventing me.

 

My computer does not have anymore of the pop-ups and runs much faster, but I still am nervous that there may be potential Malware, just because I cannot download my anti-Malware software. 

 

I have below the fixlog.txt file:

 

4) Version: 16-10-2017
Ran by lukeg (17-10-2017 10:10:53) Run:1
Running from C:\Users\lukeg\Desktop\FarBar
Loaded Profiles: lukeg (Available Profiles: lukeg & Admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(SweetLabs, Inc) C:\Users\lukeg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
() C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe
(int ltd) C:\Program Files (x86)\LI9lcRvANzho\zhhxjonydx1i.exe
HKLM\...\Run: [gplyra] =>
C:\Users\lukeg\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] () <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [LAPTOP-8VD73NK9] => C:\WINDOWS\Temp\gB163.tmp.exe [212992 2017-10-16] () <==== ATTENTION
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates:
31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates:
4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates:
982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\
DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <====
ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [ENFQJWKVAE.exe] => C:\Program Files\Factorio\LLVHQZWNRA\ENFQJWKVAE.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [ZBIJJZQLEN.exe] => C:\Program Files\Factorio\EWUMDCNZHA\ZBIJJZQLEN.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [NAPQPGVFRN.exe] => C:\Program Files\Factorio\FNGOHYCETK\NAPQPGVFRN.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [4wxqCqFO7MqnY.exe] => C:\Users\lukeg\AppData\Local\9712a8d3ae6346c59e45738b0cead4a8\4wxqCqFO7MqnY.exe [184320 2017-10-15]
()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [N8NuJ3ZKw6WkW.exe] => C:\Users\lukeg\AppData\Local\9f109db3fce54301bed57dd514c3b546\N8NuJ3ZKw6WkW.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [fwkVQhmUm6.exe] => C:\ProgramData\9ad2cac23b464aab8098b46052f41cf2\fwkVQhmUm6.exe [184320 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [3CAXh50.exe] => C:\Users\lukeg\AppData\Local\a022a0a374314a34adb4a8dc7091d2e4\3CAXh50.exe [449536 2017-10-15] ()
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\Run: [HiddenBush] => C:\WINDOWS\rss\csrss.exe [2558976 2017-10-15] () <==== ATTENTION
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\MountPoints2: {c67b9378-ca12-11e5-9bd6-2c600cde60a4} - "D:\setup.exe"
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\MountPoints2: {d9fab65a-f475-11e6-9c04-2c600cde60a4} -
"F:\setup.exe"
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\...\MountPoints2: {f0b7506e-90dc-11e6-9bf6-2c600cde60a4} - "E:\setup.exe"
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
Tcpip\..\Interfaces\{87217844-16da-4140-9f8f-8bbddeafe66c}: [NameServer] 82.163.143.12,82.163.142.22
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811013
SearchScopes: HKU\S-1-5-21-2554303399-3207203618-2176961843-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=B78706B7-7A93-49FE-8472-A920F1E5D71B&SearchSource=58&CUI=&UM=8&UP=SP7B4EB22D-7118-43C1-849F-F66B3683E808&D=122915&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2554303399-3207203618-2176961843-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BD849F4AD-9029-4F19-8072-A7DAC3C78B05%7D&gp=811014
BHO: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
BHO: The Amazon 1Button App for Internet Explorer -> {BAC72C85-CEC6-4B86-AF06-FA20C259FAB8} -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonBrowserHelper64.dll => No File
BHO-x32: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
BHO-x32: Search@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\lukeg\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2017-10-15] (Mail.Ru)
FF NewTab: Mozilla\Firefox\Profiles\9m56i2ec.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9m56i2ec.default -> ?????@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9m56i2ec.default -> ?????@Mail.Ru
FF
Homepage: Mozilla\Firefox\Profiles\9m56i2ec.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
FF Keyword.URL: Mozilla\Firefox\Profiles\9m56i2ec.default -> hxxp://go.mail.ru/distib/ep/?fr=ntg&product_id=%7B8D1566C7-0C5E-48B5-90DA-47591E37FD6D%7D&gp=811014
FF Extension: (???????? ???????? Mail.Ru) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\homepage@mail.ru [2017-10-15]
FF Extension: (?????@Mail.Ru) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\search@mail.ru [2017-10-15]
FF Extension: (?????) - C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-10-15]
FF SearchPlugin: C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\searchplugins\mailru.xml [2017-10-15]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF
Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
CHR HomePage: Default -> inline.go.mail.ru
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Extension: (Mail.Ru) - C:\Users\lukeg\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2017-10-15]
CHR Extension: (?????????? ???????? Mail.Ru) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\enafhpjmlnpmbdnbpjkihmadnkfnpiim [2017-10-15]
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [enafhpjmlnpmbdnbpjkihmadnkfnpiim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd] -
hxxps://clients2.google.com/service/update2/crx
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
 
 
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWOW64\WSCM64.dll -> No File
Task: {21A13638-4C0B-41F6-94E6-C9801B465107} - System32\Tasks\App Explorer => C:\Users\lukeg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-10-07] (SweetLabs, Inc) <==== ATTENTION
Task: {23E3BAFF-FD03-4BE7-85F7-EB6FBEFACE6A} - System32\Tasks\IBUpd2 => C:\Users\lukeg\AppData\Local\BrowserAir\48.0.0.0\updater.exe <==== ATTENTION
Task: {4BD261DA-5BB0-4E7A-8B40-98398C4C2AAC} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-10-15] () <==== ATTENTION
Task: {6F4ABA55-6992-477D-97CF-2DB69ADF7CC8} - System32\Tasks\Audio Gateway => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Audio Gateway\Audio Gateway.dll",FsrgIyaVJAB <==== ATTENTION
Task: {7CB41E86-911C-4C9C-948F-F2C754A8F864} -
System32\Tasks\RunAtStartup => C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe [2017-09-20] () <==== ATTENTION
Task: {D946B9CF-9678-4D9E-A902-AB7A5309F869} - System32\Tasks\NovaScript Refresher Lite => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\NovaScript Refresher Lite\NovaScript Refresher Lite.dll",UDhMbGhcty <==== ATTENTION
Task: {E3C9C250-F04A-4D99-A6C9-4650167A1AB8} - System32\Tasks\zhHXJoNYdx1i => zhhxjonydx1i.exe
Task: {F7CB9E5F-D50F-43CA-AC03-051DF18C7302} - System32\Tasks\LI9lcRvANzho => li9lcrvanzho.exe
Task: {FA922F0E-0881-42F4-A147-B0352E5C3894} - System32\Tasks\IBUpd => C:\Users\lukeg\AppData\Local\BrowserAir\48.0.0.0\updater.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->
hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
ShortcutWithArgument: C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,"
ShortcutWithArgument:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58,
2017-10-15 14:04 - 2017-09-20 20:35 - 003295168 _____ () C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe
FirewallRules: [{CE871015-16A8-4731-A77C-C9013C582E5D}] => (Allow) C:\WINDOWS\rss\csrss.exe
FirewallRules: [{E7B66B68-FC3E-4C93-B07A-7B951D94C1CB}] => (Allow) C:\Users\lukeg\AppData\Local\BrowserAir\Application\BrowserairExec.exe
 
C:\Users\lukeg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
C:\Windows\System32\Tasks\App
Explorer
C:\Windows\System32\Tasks\IBUpd2
C:\Windows\System32\Tasks\IBUpd
C:\Users\lukeg\AppData\Local\BrowserAir
C:\Wndows\System32\Tasks\SMW_P
C:\ProgramData\smp2.exe
C:\Windows\System32\Tasks\Audio Gateway
C:\Windows\System32\Tasks\RunAtStartup
C:\Users\lukeg\AppData\Roaming\Event Monitor
C:\Windows\System32\Tasks\NovaScript Refresher Lite
C:\Windows\System32\Tasks\zhHXJoNYdx1i
C:\Program Files (x86)\LI9lcRvANzho
C:\Users\lukeg\AppData\Roaming\gplyra
C:\WINDOWS\Temp\gB163.tmp.exe
C:\Windows\System32\Tasks\LI9lcRvANzho
C:\Program Files\Factorio\LLVHQZWNRA
C:\Program Files\Factorio\EWUMDCNZHA
C:\Program Files\Factorio\FNGOHYCETK
C:\Users\lukeg\AppData\Local\9712a8d3ae6346c59e45738b0cead4a8
C:\Users\lukeg\AppData\Local\9f109db3fce54301bed57dd514c3b546
C:\ProgramData\9ad2cac23b464aab8098b46052f41cf2
C:\Users\lukeg\AppData\Local\a022a0a374314a34adb4a8dc7091d2e4
C:\WINDOWS\rss\csrss.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\lukeg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe => No running process found
C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe => No running process found
C:\Program Files (x86)\LI9lcRvANzho\zhhxjonydx1i.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gplyra => value removed successfully
"C:\Users\lukeg\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] () <==== ATTENTION" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\LAPTOP-8VD73NK9 => value removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\HKLM\ DisallowedCertificates: => key not found. 
31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\HKLM\ DisallowedCertificates: => key not found. 
4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\HKLM\ DisallowedCertificates: => key not found. 
982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F => key removed successfully
HKLM\ => Error: No automatic fix found for this entry.
HKU\DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 => key not found. 
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 => key removed successfully
ATTENTION => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 => key removed successfully
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ENFQJWKVAE.exe => value removed successfully
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ZBIJJZQLEN.exe => value removed successfully
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Windows\CurrentVersion\Run\\NAPQPGVFRN.exe => value removed successfully
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Windows\CurrentVersion\Run\\4wxqCqFO7MqnY.exe => value removed successfully
() => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Windows\CurrentVersion\Run\\N8NuJ3ZKw6WkW.exe => value removed successfully
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Windows\CurrentVersion\Run\\fwkVQhmUm6.exe => value removed successfully
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Windows\CurrentVersion\Run\\3CAXh50.exe => value removed successfully
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HiddenBush => value removed successfully
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c67b9378-ca12-11e5-9bd6-2c600cde60a4} => key removed successfully
HKLM\Software\Classes\CLSID\{c67b9378-ca12-11e5-9bd6-2c600cde60a4} => key not found. 
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9fab65a-f475-11e6-9c04-2c600cde60a4} => key removed successfully
HKLM\Software\Classes\CLSID\{d9fab65a-f475-11e6-9c04-2c600cde60a4} => key not found. 
"F:\setup.exe" => not found.
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0b7506e-90dc-11e6-9bf6-2c600cde60a4} => key removed successfully
HKLM\Software\Classes\CLSID\{f0b7506e-90dc-11e6-9bf6-2c600cde60a4} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{87217844-16da-4140-9f8f-8bbddeafe66c}\\NameServer => value removed successfully
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key removed successfully
HKLM\Software\Classes\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key removed successfully
HKLM\Software\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found. 
hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BD849F4AD-9029-4F19-8072-A7DAC3C78B05%7D&gp=811014 => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} => key removed successfully
HKLM\Software\Classes\CLSID\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8} => key removed successfully
HKLM\Software\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099} => key removed successfully
Firefox "newtab" removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
FF => Error: No automatic fix found for this entry.
Homepage: Mozilla\Firefox\Profiles\9m56i2ec.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58, => Error: No automatic fix found for this entry.
Firefox "Keyword.URL" removed successfully
C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\homepage@mail.ru => moved successfully
C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\search@mail.ru => moved successfully
C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} => moved successfully
C:\Users\lukeg\AppData\Roaming\Mozilla\Firefox\Profiles\9m56i2ec.default\searchplugins\mailru.xml => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF => key not found. 
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF => not found.
Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File] => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
CHR Extension: (Mail.Ru) - C:\Users\lukeg\AppData\Local\Google\Chrome\User => Error: No automatic fix found for this entry.
Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2017-10-15] => Error: No automatic fix found for this entry.
CHR Extension: (?????????? ???????? Mail.Ru) - C:\Users\lukeg\AppData\Local\Google\Chrome\User Data\Default\Extensions\enafhpjmlnpmbdnbpjkihmadnkfnpiim [2017-10-15] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci => key removed successfully
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\enafhpjmlnpmbdnbpjkihmadnkfnpiim => key removed successfully
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif => key removed successfully
HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\CHR HKU\S-1-5-21-2554303399-3207203618-2176961843-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd] - => key not found. 
hxxps://clients2.google.com/service/update2/crx => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WondershareVideoConverterFileOpreation => key removed successfully
HKLM\Software\Classes\CLSID\{FEB746CA-95C2-485F-B386-C30D4E56D22E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21A13638-4C0B-41F6-94E6-C9801B465107} => key not found. 
C:\WINDOWS\System32\Tasks\App Explorer => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23E3BAFF-FD03-4BE7-85F7-EB6FBEFACE6A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23E3BAFF-FD03-4BE7-85F7-EB6FBEFACE6A} => key removed successfully
C:\WINDOWS\System32\Tasks\IBUpd2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4BD261DA-5BB0-4E7A-8B40-98398C4C2AAC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BD261DA-5BB0-4E7A-8B40-98398C4C2AAC} => key removed successfully
C:\WINDOWS\System32\Tasks\SMW_P => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_P => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6F4ABA55-6992-477D-97CF-2DB69ADF7CC8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F4ABA55-6992-477D-97CF-2DB69ADF7CC8} => key removed successfully
C:\WINDOWS\System32\Tasks\Audio Gateway => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Audio Gateway => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {7CB41E86-911C-4C9C-948F-F2C754A8F864} - => key not found. 
System32\Tasks\RunAtStartup => C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe [2017-09-20] () <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D946B9CF-9678-4D9E-A902-AB7A5309F869} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D946B9CF-9678-4D9E-A902-AB7A5309F869} => key not found. 
C:\WINDOWS\System32\Tasks\NovaScript Refresher Lite => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NovaScript Refresher Lite => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3C9C250-F04A-4D99-A6C9-4650167A1AB8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3C9C250-F04A-4D99-A6C9-4650167A1AB8} => key removed successfully
C:\WINDOWS\System32\Tasks\zhHXJoNYdx1i => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zhHXJoNYdx1i => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7CB9E5F-D50F-43CA-AC03-051DF18C7302} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7CB9E5F-D50F-43CA-AC03-051DF18C7302} => key removed successfully
C:\WINDOWS\System32\Tasks\LI9lcRvANzho => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LI9lcRvANzho => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA922F0E-0881-42F4-A147-B0352E5C3894} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA922F0E-0881-42F4-A147-B0352E5C3894} => key removed successfully
C:\WINDOWS\System32\Tasks\IBUpd => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key removed successfully
C:\Users\lukeg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Shortcut argument removed successfully.
hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58, => Error: No automatic fix found for this entry.
C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk => Shortcut argument removed successfully.
C:\Users\lukeg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk => Shortcut argument removed successfully.
ShortcutWithArgument: => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=hafzbcnbl1au,293a9177-542c-4a14-a611-a3435e8bad58," => not found.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\lukeg\AppData\Roaming\Event Monitor\em.exe => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE871015-16A8-4731-A77C-C9013C582E5D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7B66B68-FC3E-4C93-B07A-7B951D94C1CB} => value removed successfully
"C:\Users\lukeg\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe" => not found.
"C:\Windows\System32\Tasks\App" => not found.
Explorer => Error: No automatic fix found for this entry.
"C:\Windows\System32\Tasks\IBUpd2" => not found.
"C:\Windows\System32\Tasks\IBUpd" => not found.
"C:\Users\lukeg\AppData\Local\BrowserAir" => not found.
"C:\Wndows\System32\Tasks\SMW_P" => not found.
C:\ProgramData\smp2.exe => moved successfully
"C:\Windows\System32\Tasks\Audio Gateway" => not found.
C:\Windows\System32\Tasks\RunAtStartup => moved successfully
C:\Users\lukeg\AppData\Roaming\Event Monitor => moved successfully
"C:\Windows\System32\Tasks\NovaScript Refresher Lite" => not found.
"C:\Windows\System32\Tasks\zhHXJoNYdx1i" => not found.
C:\Program Files (x86)\LI9lcRvANzho => moved successfully
C:\Users\lukeg\AppData\Roaming\gplyra => moved successfully
C:\WINDOWS\Temp\gB163.tmp.exe => moved successfully
"C:\Windows\System32\Tasks\LI9lcRvANzho" => not found.
C:\Program Files\Factorio\LLVHQZWNRA => moved successfully
C:\Program Files\Factorio\EWUMDCNZHA => moved successfully
C:\Program Files\Factorio\FNGOHYCETK => moved successfully
C:\Users\lukeg\AppData\Local\9712a8d3ae6346c59e45738b0cead4a8 => moved successfully
C:\Users\lukeg\AppData\Local\9f109db3fce54301bed57dd514c3b546 => moved successfully
C:\ProgramData\9ad2cac23b464aab8098b46052f41cf2 => moved successfully
C:\Users\lukeg\AppData\Local\a022a0a374314a34adb4a8dc7091d2e4 => moved successfully
C:\WINDOWS\rss\csrss.exe => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 131565492 B
Java, Flash, Steam htmlcache => 508068168 B
Windows/system/drivers => 1492423421 B
Edge => 83551610 B
Chrome => 648745495 B
Firefox => 159234335 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 232482316 B
systemprofile32 => 128 B
LocalService => 5606 B
NetworkService => 1181982 B
lukeg => 4700579531 B
Admin => 15657 B
 
RecycleBin => 94355 B
EmptyTemp: => 7.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:58:06 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:55 AM

Posted 18 October 2017 - 07:33 AM

Hi,

Run this Malwarebytes Anti-Rootkit.

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Before you run the program make sure you follow the instructions under Section 5.
5. Unselect sectors and system below. Hit the scan button.

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
<<<>>>

Let me know if you have any remaining issues.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:55 AM

Posted 24 October 2017 - 06:37 AM

Are you still with me?

#8 lgoudie

lgoudie
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 24 October 2017 - 10:58 AM

Hello nasdaq,

 

Apologies for not replying back! The Rootkit removed what was blocking the MalwareBytes download, and once I downloaded it I was able to scan and remove what seemed like to be most if not all of the viral files. Thank you very much for your help!

 

Luke



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:55 AM

Posted 24 October 2017 - 01:21 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users