Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with persistent backdoor.bot that shows back up after reboot.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Tweaked3131

Tweaked3131

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 28 October 2017 - 12:26 AM

I am currently using a trial version of Malwarebytes and I keep seeing that I am infected with a Backdoor.bot registry file.  I have quarantined and deleted the file, and then need to restart to complete the process...and when the computer does restart, it does show that it was successful, however when I run a scan again just to verify it is gone, it once again shows back up.   Also, I do check with regedit and verify that it is gone, and I can not seem to see it anymore.  
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
Ran by StephaniSSD (administrator) on STEPHANISSD-PC (28-10-2017 01:14:21)
Running from C:\Users\StephaniSSD\Downloads
Loaded Profiles: StephaniSSD (Available Profiles: StephaniSSD & digitalbil@gmail.com & Mcx1-STEPHANISSD-PC & Classic .NET AppPool & DefaultAppPool & WordpressDefault)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(TOSHIBA CORPORATION) C:\Windows\System32\mbhwlkdsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2016-06-02] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\MountPoints2: {5b6bcca6-a2bc-11e4-966f-806e6f6e6963} - E:\Run.exe
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\MountPoints2: {5b850cf6-06ab-11e5-9d7d-1c6f65d5f70b} - D:\MotoCastSetup.exe -a
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\MountPoints2: {7996d239-a299-11e6-9294-1c6f65d5f70b} - H:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\MountPoints2: {a31245da-a2a6-11e4-8645-806e6f6e6963} - E:\atisetup.exe
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\MountPoints2: {cba46ffb-d789-11e4-a3e9-1c6f65d5f70b} - E:\atisetup.exe
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35234792-6F03-4F63-B47C-A607DDD4914D}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-1de21753
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-1de21753
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131522612942691702&GUID=79EAA22B-7667-4762-AF4F-0A7BD2E60FDC
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131522612940961603&GUID=79EAA22B-7667-4762-AF4F-0A7BD2E60FDC
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131522612940961603&GUID=79EAA22B-7667-4762-AF4F-0A7BD2E60FDC
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1de21753&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1de21753&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000 -> DefaultScope {E3DCB0C2-2F74-4340-801F-704BF00A87C4} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = 
SearchScopes: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000 -> {E3DCB0C2-2F74-4340-801F-704BF00A87C4} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: No Name -> {15C9938F-CB96-496D-800A-B827F2E34EA1} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-04] (LastPass)
BHO: No Name -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-04] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-19] (Oracle Corporation)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-04] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-04] (LastPass)
DPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-29] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-03-29] (Microsoft Corporation)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
 
FireFox:
========
FF DefaultProfile: 5tu4nncc.default
FF DefaultProfile: 9uc09i1r.default-1453111173831
FF ProfilePath: C:\Users\StephaniSSD\AppData\Roaming\Mozilla\SeaMonkey\Profiles\5tu4nncc.default [2017-07-13]
FF Extension: (DOM Inspector) - C:\Users\StephaniSSD\AppData\Roaming\Mozilla\SeaMonkey\Profiles\5tu4nncc.default\Extensions\inspector@mozilla.org.xpi [2015-03-31] [not signed]
FF Extension: (ChatZilla) - C:\Users\StephaniSSD\AppData\Roaming\Mozilla\SeaMonkey\Profiles\5tu4nncc.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2015-03-31] [not signed]
FF ProfilePath: C:\Users\StephaniSSD\AppData\Roaming\Mozilla\Firefox\Profiles\9uc09i1r.default-1453111173831 [2017-10-24]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\9uc09i1r.default-1453111173831 -> Google
FF Homepage: Mozilla\Firefox\Profiles\9uc09i1r.default-1453111173831 -> www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\9uc09i1r.default-1453111173831 -> type", 0
FF Extension: (LastPass: Free Password Manager) - C:\Users\StephaniSSD\AppData\Roaming\Mozilla\Firefox\Profiles\9uc09i1r.default-1453111173831\Extensions\support@lastpass.com [2017-07-22]
FF Extension: (ColorZilla) - C:\Users\StephaniSSD\AppData\Roaming\Mozilla\Firefox\Profiles\9uc09i1r.default-1453111173831\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-05-17]
FF Extension: (Web Developer) - C:\Users\StephaniSSD\AppData\Roaming\Mozilla\Firefox\Profiles\9uc09i1r.default-1453111173831\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-06-27]
FF Extension: (Adblock Plus) - C:\Users\StephaniSSD\AppData\Roaming\Mozilla\Firefox\Profiles\9uc09i1r.default-1453111173831\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-27]
FF ProfilePath: C:\Users\StephaniSSD\AppData\Roaming\Mozilla\Firefox\Profiles\orvkmyis.dev-edition-default [2017-07-13]
FF Homepage: Mozilla\Firefox\Profiles\orvkmyis.dev-edition-default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-1de21753
FF NetworkProxy: Mozilla\Firefox\Profiles\orvkmyis.dev-edition-default -> type", 0
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\orvkmyis.dev-edition-default -> Search Provided by Bing
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\orvkmyis.dev-edition-default -> Search Provided by Bing
FF NewTab: Mozilla\Firefox\Profiles\orvkmyis.dev-edition-default -> about:newtab
FF Extension: (about:addons-memory 2016) - C:\Users\StephaniSSD\AppData\Roaming\Mozilla\Firefox\Profiles\orvkmyis.dev-edition-default\Extensions\about-addons-memory@sturdiguns.org.xpi [2016-05-09]
FF Extension: (LastPass) - C:\Users\StephaniSSD\AppData\Roaming\Mozilla\Firefox\Profiles\orvkmyis.dev-edition-default\Extensions\support@lastpass.com [2016-05-04]
FF Extension: (ColorZilla) - C:\Users\StephaniSSD\AppData\Roaming\Mozilla\Firefox\Profiles\orvkmyis.dev-edition-default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2016-05-09]
FF Extension: (WOT) - C:\Users\StephaniSSD\AppData\Roaming\Mozilla\Firefox\Profiles\orvkmyis.dev-edition-default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-05-04]
FF Extension: (Web Developer) - C:\Users\StephaniSSD\AppData\Roaming\Mozilla\Firefox\Profiles\orvkmyis.dev-edition-default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-05-04]
FF Extension: (Adblock Plus) - C:\Users\StephaniSSD\AppData\Roaming\Mozilla\Firefox\Profiles\orvkmyis.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-04]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn => not found
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-04] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-29] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-19] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-04] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp\npwachk.dll [2013-12-12] (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4121198748-4177608104-3762960389-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\StephaniSSD\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4121198748-4177608104-3762960389-1000: @talk.google.com/O1DPlugin -> C:\Users\StephaniSSD\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4121198748-4177608104-3762960389-1000: @tools.google.com/Google Update;version=3 -> C:\Users\StephaniSSD\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-4121198748-4177608104-3762960389-1000: @tools.google.com/Google Update;version=9 -> C:\Users\StephaniSSD\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-4121198748-4177608104-3762960389-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\StephaniSSD\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\StephaniSSD\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default [2017-10-28]
CHR Extension: (MyRW :: My text ReWriter) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajidbeahpmkfbjllenakjgjpoompbiii [2017-01-03]
CHR Extension: (Google Drive) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-03]
CHR Extension: (Web Developer) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2017-08-02]
CHR Extension: (ColorZilla) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2017-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-10-24]
CHR Extension: (YouTube) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-03]
CHR Extension: (GoalStacker) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpabnhoilmbhpljlbkkeodgadopgnnp [2016-10-15]
CHR Extension: (AdBlock) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-10-23]
CHR Extension: (Kindle Cloud Reader) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2017-07-10]
CHR Extension: (redditery) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\imooeldfapggncchoebfnidcgeiimojb [2016-10-15]
CHR Extension: (Currency Converter) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbhghjdcfghfhlogkgdklfgmpodeglno [2016-10-15]
CHR Extension: (Black carbon + silver metal) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2017-02-10]
CHR Extension: (LastPass Vault) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2016-10-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-29]
CHR Extension: (Mobialia Chess 3D) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfppohnieolpklikdmhbofoabooijm [2016-10-15]
CHR Extension: (Gmail) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-03]
CHR Extension: (Chrome Media Router) - C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-28]
CHR Profile: C:\Users\StephaniSSD\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-06-26] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-06-26] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [142816 2016-11-30] (Portrait Displays, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2017-08-29] (EasyAntiCheat Ltd)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
S4 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2010-09-07] ()
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-07-10] (Logitech Inc.)
S2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-10-27] (Malwarebytes)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
S4 PornTime Updater; C:\Users\StephaniSSD\AppData\Roaming\PT\updater.exe [165888 2015-06-11] (PornTime) [File not signed]
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
S4 AppleChargerSrv; system32\AppleChargerSrv.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [38400 2016-11-01] (CSR plc.) [File not signed]
S3 CSTDM; C:\Windows\System32\Drivers\CSTDM.sys [58736 2017-07-11] (Colasoft)
S3 danewFltr; C:\Windows\System32\drivers\danew.sys [12032 2010-03-23] (Razer (Asia-Pacific) Pte Ltd) [File not signed]
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-10-14] (Glarysoft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-11-19] ()
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-10-28] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-10-27] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-06-21] (NVIDIA Corporation)
R1 pefndis; C:\Windows\System32\DRIVERS\pefndis.sys [72408 2016-06-08] (Microsoft Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [6481392 2017-05-23] (Realtek Semiconductor Corporation )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [43256 2017-07-18] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137208 2017-07-16] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 VBoxNetAdp; C:\Windows\SysWOW64\DRIVERS\VBoxNetAdp.sys [141440 2015-03-16] (Oracle Corporation)
S3 VBoxNetFlt; C:\Windows\SysWOW64\DRIVERS\VBoxNetFlt.sys [156360 2015-03-16] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116232 2015-03-16] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\SysWOW64\Drivers\VBoxUSB.sys [116232 2015-03-16] (Oracle Corporation)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2010-12-13] (Windows ® Codename Longhorn DDK provider)
S3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [10752 2014-09-17] (Windows ® Win 7 DDK provider) [File not signed]
S3 wfpcapture; C:\Windows\System32\Drivers\wfpcapture.sys [64728 2016-06-08] (Microsoft Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-11-04] (wisecleaner.com) [File not signed]
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-10-13] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-10-13] (Zemana Ltd.)
U1 aswbdisk; no ImagePath
S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X]
S0 BZFwPiUM; System32\drivers\BZFwPiUM.sys [X]
S1 Capsax64Drv; System32\Drivers\Capsax64Drv.sys [X]
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]
S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
Error(1) reading file: "C:\Users\StephaniSSD\Downloads\Downloadsghbloasidchnv,m."
2017-10-28 00:57 - 2017-10-28 00:57 - 000067263 _____ C:\Users\StephaniSSD\Downloads\Addition.txt
2017-10-28 00:56 - 2017-10-28 01:14 - 000041029 _____ C:\Users\StephaniSSD\Downloads\FRST.txt
2017-10-28 00:55 - 2017-10-28 01:14 - 000000000 ____D C:\FRST
2017-10-28 00:55 - 2017-10-28 00:55 - 002403328 _____ (Farbar) C:\Users\StephaniSSD\Downloads\FRST64.exe
2017-10-28 00:36 - 2017-10-28 00:36 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-10-28 00:20 - 2017-10-28 00:20 - 000116560 ____N C:\Windows\system32\Drivers\csmqtxad.sys
2017-10-28 00:10 - 2017-10-28 00:11 - 036096368 _____ (Adlice Software ) C:\Users\StephaniSSD\Downloads\setup.exe
2017-10-27 22:31 - 2017-10-27 22:32 - 005660403 _____ (Swearware) C:\Users\StephaniSSD\Downloads\ComboFix.exe
2017-10-27 22:05 - 2017-10-27 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-27 22:05 - 2017-10-27 22:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-27 22:05 - 2017-10-27 09:36 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-10-27 19:44 - 2017-10-27 19:44 - 001235288 _____ (Opera Software) C:\Users\StephaniSSD\Downloads\OperaSetup (2).exe
2017-10-27 13:16 - 2017-10-27 13:16 - 008250832 _____ (Malwarebytes) C:\Users\StephaniSSD\Downloads\AdwCleaner.exe
2017-10-27 09:14 - 2017-10-27 09:14 - 001235288 _____ (Opera Software) C:\Users\StephaniSSD\Downloads\OperaSetup (1).exe
2017-10-27 03:43 - 2017-10-27 23:05 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-10-27 03:42 - 2017-10-27 03:42 - 071535032 _____ (Malwarebytes ) C:\Users\StephaniSSD\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951 (1).exe
2017-10-27 03:42 - 2017-10-27 03:42 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-27 03:39 - 2017-10-27 03:39 - 071535032 _____ (Malwarebytes ) C:\Users\StephaniSSD\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-27 03:21 - 2017-10-27 03:21 - 000143744 _____ (Webroot) C:\Windows\system32\Drivers\OyMGnfWT.sys
2017-10-27 02:33 - 2017-10-27 02:33 - 000110130 _____ C:\Users\StephaniSSD\Downloads\Executive-Function-Worksheet.pdf
2017-10-27 02:33 - 2017-10-27 02:33 - 000110130 _____ C:\Users\StephaniSSD\Downloads\Executive-Function-Worksheet (1).pdf
2017-10-27 01:17 - 2017-10-27 01:17 - 001906592 _____ C:\Users\StephaniSSD\Downloads\pisa-2015-results-in-focus.pdf
2017-10-26 12:26 - 2017-10-26 12:27 - 154796075 _____ C:\Users\StephaniSSD\Downloads\Debris.part7.rar
2017-10-24 23:54 - 2017-10-24 23:54 - 000296740 _____ C:\Users\StephaniSSD\Downloads\SOSunStarCourier31110_59c7.PDF
2017-10-24 16:35 - 2017-10-24 16:35 - 000877530 _____ C:\Users\StephaniSSD\Downloads\Chapter03D.pdf
2017-10-24 09:29 - 2017-10-24 09:29 - 000107592 _____ C:\Users\StephaniSSD\Downloads\2017-10-21.pdf
2017-10-23 12:38 - 2017-10-23 12:38 - 000035431 _____ C:\Users\StephaniSSD\Downloads\BARBERS (1).zip
2017-10-23 10:50 - 2017-10-23 10:50 - 000071149 _____ C:\Users\StephaniSSD\Downloads\110103939317-090854479694-.PDF
2017-10-23 09:59 - 2017-10-23 09:59 - 000035547 _____ C:\Users\StephaniSSD\Downloads\BARBERS.zip
2017-10-23 09:27 - 2017-10-23 09:27 - 000076054 _____ C:\Users\StephaniSSD\Downloads\tweaky.zip
2017-10-23 09:26 - 2017-10-23 09:26 - 000420786 _____ C:\Users\StephaniSSD\Downloads\neo_latina.zip
2017-10-23 09:24 - 2017-10-23 09:24 - 001632208 _____ (Skype Technologies S.A.) C:\Users\StephaniSSD\Downloads\SkypeSetup.exe
2017-10-23 09:24 - 2017-10-23 09:24 - 000003156 _____ C:\Windows\System32\Tasks\{AEF83438-A802-438E-9402-73B598472DE6}
2017-10-23 09:20 - 2017-10-23 09:20 - 000079648 _____ C:\Users\StephaniSSD\Downloads\northern_highway.zip
2017-10-20 22:44 - 2017-10-20 22:44 - 000000000 ____D C:\Users\StephaniSSD\Downloads\tools_icons_311023
2017-10-20 22:43 - 2017-10-20 22:43 - 001227498 _____ C:\Users\StephaniSSD\Downloads\tools_icons_311023.zip
2017-10-20 21:13 - 2017-10-20 21:13 - 000056880 _____ C:\Users\StephaniSSD\Downloads\method_adjustable_wrench_clip_art_26529.zip
2017-10-20 21:13 - 2017-10-20 21:13 - 000000000 ____D C:\Users\StephaniSSD\Downloads\method_adjustable_wrench_clip_art_26529
2017-10-20 21:12 - 2017-10-20 21:12 - 000000000 ____D C:\Users\StephaniSSD\Downloads\nuts_and_bolts_311867
2017-10-20 21:11 - 2017-10-20 21:11 - 002067910 _____ C:\Users\StephaniSSD\Downloads\nuts_and_bolts_311867.zip
2017-10-20 21:03 - 2017-10-20 21:03 - 001343046 _____ C:\Users\StephaniSSD\Downloads\wrench_Gkzd_8Lu.eps
2017-10-19 09:30 - 2017-10-19 09:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Evil Within 2
2017-10-18 12:14 - 2017-10-19 11:55 - 000000000 ____D C:\Users\StephaniSSD\AppData\LocalLow\uTorrent
2017-10-17 23:21 - 2017-10-10 21:05 - 000050624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-10-14 01:19 - 2017-10-27 07:13 - 000000000 ____D C:\Program Files\Webroot
2017-10-14 01:19 - 2017-10-27 04:35 - 000182192 ____N (Webroot) C:\Windows\SysWOW64\WRusr.dll
2017-10-14 01:19 - 2017-10-27 04:35 - 000114672 ____N (Webroot) C:\Windows\system32\WRusr.dll
2017-10-14 00:17 - 2017-10-14 00:17 - 000000000 _____ C:\Windows\SysWOW64\config.nt
2017-10-14 00:10 - 2017-10-14 00:10 - 000000000 ____D C:\32788R22FWJFW
2017-10-13 23:57 - 2017-10-13 23:57 - 000000000 ____D C:\Users\StephaniSSD\AppData\Roaming\VIPRE
2017-10-13 23:48 - 2017-10-13 23:49 - 000076078 _____ C:\Windows\ntbtlog.txt
2017-10-13 22:01 - 2017-10-13 22:01 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-10-13 18:44 - 2017-10-13 18:44 - 000000000 ____D C:\Users\StephaniSSD\AppData\Roaming\AVAST Software
2017-10-13 18:43 - 2017-10-13 18:43 - 000363440 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2a98f7f8c6bf916b.tmp
2017-10-13 18:43 - 2017-10-13 18:43 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw33fee6a2aaa8660a.tmp
2017-10-13 18:43 - 2017-10-13 18:43 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw2f36464cb1059b90.tmp
2017-10-13 18:43 - 2017-10-13 18:43 - 000201352 _____ (AVAST Software) C:\Windows\system32\Drivers\asw965967fc991d700c.tmp
2017-10-13 18:43 - 2017-10-13 18:43 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\asw680dd3d6357f1369.tmp
2017-10-13 18:43 - 2017-10-13 18:43 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\asw5beef9f93060e203.tmp
2017-10-13 18:43 - 2017-10-13 18:43 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswd7736571c858f1e0.tmp
2017-10-13 18:43 - 2017-10-13 18:43 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb87577af8ca480df.tmp
2017-10-13 18:42 - 2017-10-13 18:42 - 000000000 ____D C:\Program Files\AVAST Software
2017-10-13 18:41 - 2017-10-14 00:24 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-13 13:58 - 2017-10-13 13:58 - 000221652 _____ C:\Users\StephaniSSD\Downloads\Cue_QuickStart.pdf
2017-10-13 13:21 - 2017-10-13 13:21 - 008250832 _____ (Malwarebytes) C:\Users\digitalbil@gmail.com\Downloads\AdwCleaner.exe
2017-10-13 09:29 - 2017-10-27 07:13 - 000000000 ____D C:\Users\digitalbil@gmail.com
2017-10-13 09:29 - 2017-10-13 13:20 - 000002331 _____ C:\Users\digitalbil@gmail.com\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-13 09:29 - 2017-10-13 09:29 - 000001459 _____ C:\Users\digitalbil@gmail.com\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-13 09:29 - 2017-10-13 09:29 - 000000020 ___SH C:\Users\digitalbil@gmail.com\ntuser.ini
2017-10-13 09:29 - 2017-10-13 09:29 - 000000000 ____D C:\Users\digitalbil@gmail.com\AppData\Roaming\Adobe
2017-10-13 08:45 - 2017-10-28 01:14 - 000051648 _____ C:\Windows\ZAM.krnl.trace
2017-10-13 08:45 - 2017-10-28 01:14 - 000016283 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-10-13 08:45 - 2017-10-13 23:41 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-10-13 08:45 - 2017-10-13 08:45 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-10-13 08:45 - 2017-10-13 08:45 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-10-13 01:59 - 2017-10-13 01:59 - 000000000 ___DL C:\Users\Default User
2017-10-13 01:50 - 2017-10-13 01:50 - 000003678 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-10-13 01:50 - 2017-10-13 01:50 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2017-10-13 01:49 - 2017-10-13 01:50 - 000194533 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-10-12 23:51 - 2017-10-12 23:51 - 039029448 _____ (Microsoft Corporation) C:\Users\StephaniSSD\Downloads\Windows-KB890830-x64-V5.53.exe
2017-10-12 06:45 - 2017-10-12 06:45 - 001232216 _____ (Opera Software) C:\Users\StephaniSSD\Downloads\OperaSetup.exe
2017-10-12 01:54 - 2017-10-12 01:54 - 000001084 _____ C:\Users\stephi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-12 01:54 - 2017-10-12 01:54 - 000001084 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-12 01:54 - 2017-10-12 01:54 - 000001084 _____ C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-12 01:51 - 2017-10-12 01:57 - 000000000 ____D C:\Program Files (x86)\Opera
2017-10-11 17:14 - 2017-10-28 01:13 - 002843648 _____ (TOSHIBA CORPORATION) C:\Windows\system32\mbhwlkdsvc.exe
2017-10-11 17:13 - 2017-10-11 17:13 - 000000000 ____D C:\Windows\SysWOW64\auoxgbm
2017-10-11 17:13 - 2017-10-11 17:13 - 000000000 ____D C:\Windows\system32\auoxgbm
2017-10-11 17:13 - 2017-10-11 17:13 - 000000000 ____D C:\Users\StephaniSSD\AppData\Roaming\et
2017-10-11 03:03 - 2017-10-12 23:55 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-11 00:27 - 2017-10-11 01:38 - 000000000 ____D C:\Users\StephaniSSD\Downloads\Dragons.Dogma.Dark.Arisen-GOG
2017-10-10 19:37 - 2017-09-13 11:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-10-10 19:37 - 2017-09-13 11:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-10 19:37 - 2017-09-13 11:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-10-10 19:37 - 2017-09-13 11:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-10 19:37 - 2017-09-13 11:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-10 19:37 - 2017-09-13 11:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-10-10 19:37 - 2017-09-13 11:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-10-10 19:37 - 2017-09-13 11:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-10-10 19:37 - 2017-09-13 11:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-10-10 19:37 - 2017-09-13 11:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 11:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-10 19:37 - 2017-09-13 11:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-10-10 19:37 - 2017-09-13 11:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-10-10 19:37 - 2017-09-13 11:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-10-10 19:37 - 2017-09-13 11:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-10-10 19:37 - 2017-09-13 10:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-10-10 19:37 - 2017-09-13 10:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-10-10 19:37 - 2017-09-13 10:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-10 19:37 - 2017-09-13 10:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-10 19:37 - 2017-09-13 10:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-10 19:37 - 2017-09-13 10:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-10 19:37 - 2017-09-13 10:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-10 19:37 - 2017-09-13 10:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-10-10 19:37 - 2017-09-13 10:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-10-10 19:37 - 2017-09-13 10:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-10-10 19:37 - 2017-09-13 10:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-10-10 19:37 - 2017-09-13 10:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-10-10 19:37 - 2017-09-13 10:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 10:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 10:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 10:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-10-10 19:37 - 2017-09-13 10:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-10-10 19:37 - 2017-09-08 20:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-10-10 19:37 - 2017-09-08 19:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-10-10 19:37 - 2017-09-08 11:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-10 19:37 - 2017-09-08 11:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-10 19:37 - 2017-09-08 11:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-10 19:37 - 2017-09-08 11:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-10-10 19:37 - 2017-09-08 11:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-10-10 19:37 - 2017-09-08 11:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-10-10 19:37 - 2017-09-08 11:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-10 19:37 - 2017-09-08 11:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-10-10 19:37 - 2017-09-08 11:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-10 19:37 - 2017-09-08 11:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-10-10 19:37 - 2017-09-08 11:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-10 19:37 - 2017-09-08 11:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-10-10 19:37 - 2017-09-08 11:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-10-10 19:37 - 2017-09-08 11:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-10 19:37 - 2017-09-08 11:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-10 19:37 - 2017-09-08 11:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-10-10 19:37 - 2017-09-08 11:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-10-10 19:37 - 2017-09-08 11:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-10-10 19:37 - 2017-09-08 11:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-10-10 19:37 - 2017-09-08 11:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-10-10 19:37 - 2017-09-08 11:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-10-10 19:37 - 2017-09-08 11:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-10-10 19:37 - 2017-09-08 11:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-10-10 19:37 - 2017-09-08 11:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-10-10 19:37 - 2017-09-08 11:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-10-10 19:37 - 2017-09-08 11:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-10-10 19:37 - 2017-09-08 11:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-10-10 19:37 - 2017-09-08 11:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-10 19:37 - 2017-09-08 11:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-10-10 19:37 - 2017-09-08 11:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-10-10 19:37 - 2017-09-08 10:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-10-10 19:37 - 2017-09-08 10:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-10-10 19:37 - 2017-09-08 10:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-10-10 19:37 - 2017-09-08 10:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-10-10 19:37 - 2017-09-08 10:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-10-10 19:37 - 2017-09-07 17:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-10-10 19:37 - 2017-09-07 17:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-10-10 19:37 - 2017-09-07 17:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-10-10 19:37 - 2017-09-07 17:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-10-10 19:37 - 2017-09-07 17:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-10-10 19:37 - 2017-09-07 17:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-10 19:37 - 2017-09-07 17:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-10-10 19:37 - 2017-09-07 17:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-10 19:37 - 2017-09-07 17:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-10 19:37 - 2017-09-07 17:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-10-10 19:37 - 2017-09-07 17:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-10-10 19:37 - 2017-09-07 17:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-10-10 19:37 - 2017-09-07 17:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-10-10 19:37 - 2017-09-07 17:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-10-10 19:37 - 2017-09-07 17:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-10-10 19:37 - 2017-09-07 17:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-10 19:37 - 2017-09-07 16:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-10 19:37 - 2017-09-07 16:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-10-10 19:37 - 2017-09-07 16:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-10 19:37 - 2017-09-07 16:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-10 19:37 - 2017-09-07 16:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-10-10 19:37 - 2017-09-07 16:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-10-10 19:37 - 2017-09-07 16:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-10-10 19:37 - 2017-09-07 16:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-10 19:37 - 2017-09-07 16:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-10 19:37 - 2017-09-07 16:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-10-10 19:37 - 2017-09-07 16:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-10-10 19:37 - 2017-09-07 16:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-10 19:37 - 2017-09-07 16:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-10-10 19:37 - 2017-09-07 16:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-10 19:37 - 2017-09-07 16:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-10-10 19:37 - 2017-09-07 15:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-10 19:37 - 2017-09-07 15:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-10 19:37 - 2017-09-07 15:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-10-10 19:37 - 2017-09-07 15:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-10 19:37 - 2017-09-07 15:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-10-10 19:37 - 2017-09-07 15:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-10-10 19:37 - 2017-09-07 15:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-10-10 19:37 - 2017-09-07 15:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-10-10 19:37 - 2017-09-07 15:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-10-10 19:37 - 2017-09-07 15:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-10-10 19:37 - 2017-09-07 15:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-10-10 19:37 - 2017-09-07 15:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-10-10 19:37 - 2017-09-07 15:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-10-10 19:37 - 2017-09-07 15:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-10-10 19:37 - 2017-09-07 14:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-10-10 19:37 - 2017-09-07 14:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-10-10 19:37 - 2017-09-07 14:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-10-10 19:37 - 2017-09-07 14:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-10-10 19:37 - 2017-09-07 14:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-10-10 19:37 - 2017-09-07 14:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-10-10 19:37 - 2017-09-07 14:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-10-10 19:37 - 2017-09-07 14:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-10-10 19:37 - 2017-09-07 14:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-10-10 19:37 - 2017-09-07 14:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-10-10 19:37 - 2017-09-07 14:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-10-10 19:37 - 2017-09-07 14:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-10-10 19:37 - 2017-09-07 14:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-10-10 19:37 - 2017-09-07 14:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-10-10 19:37 - 2017-09-07 14:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-10-10 19:37 - 2017-09-07 14:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-10-10 19:37 - 2017-09-07 14:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-10-10 19:37 - 2017-09-07 14:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-10-10 19:37 - 2017-09-07 14:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-10-10 19:37 - 2017-09-07 13:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-10-10 19:37 - 2017-09-07 13:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-10-10 19:37 - 2017-09-07 11:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-10-10 19:37 - 2017-09-07 11:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2017-10-10 19:37 - 2017-09-07 10:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-10 19:37 - 2017-09-07 10:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-10 19:37 - 2017-09-07 10:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-10 14:40 - 2017-10-10 14:40 - 000051615 _____ C:\Windows\uninstaller.dat
2017-10-10 12:59 - 2017-10-10 12:59 - 000000000 ____D C:\Users\StephaniSSD\AppData\LocalLow\SmartHart Games
2017-10-10 11:30 - 2017-10-10 11:45 - 000000000 ____D C:\Users\StephaniSSD\Downloads\plaza-artania
2017-10-10 00:05 - 2017-10-27 03:22 - 000352336 ____N C:\Windows\Minidump\102717-15990-01.dmp
2017-10-09 21:51 - 2017-10-09 21:51 - 000490597 _____ C:\Users\StephaniSSD\Downloads\1620.pdf
2017-10-09 18:25 - 2017-10-09 18:26 - 000037050 _____ C:\Users\StephaniSSD\Downloads\2014 Tax Return (01104792xBFD02).pdf
2017-10-09 18:25 - 2017-10-09 18:25 - 014621872 _____ C:\Users\StephaniSSD\Downloads\Keith Checking, Savings, and  Credit Union Statements (01103733xBFD02).pdf
2017-10-09 18:25 - 2017-10-09 18:25 - 000038106 _____ C:\Users\StephaniSSD\Downloads\2016 Tax Returns (01104796xBFD02).pdf
2017-10-09 18:25 - 2017-10-09 18:25 - 000029975 _____ C:\Users\StephaniSSD\Downloads\2015 Tax Return (01104794xBFD02).pdf
2017-10-07 15:40 - 2017-10-07 15:40 - 000093730 _____ C:\Users\StephaniSSD\Downloads\1-AcYLHh0_ve4TNRi6HLFcPA.jpeg
2017-10-06 16:20 - 2017-10-06 16:20 - 000000000 ____D C:\Users\StephaniSSD\AppData\LocalLow\Cosmo D Studios LLC
2017-10-05 15:36 - 2017-10-05 15:36 - 001002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2017-10-05 15:36 - 2017-10-05 15:36 - 000000000 ____D C:\Users\StephaniSSD\AppData\Roaming\AdbDriverInstaller
2017-10-05 15:34 - 2017-10-05 15:35 - 000000000 ____D C:\Users\StephaniSSD\.android
2017-10-02 23:57 - 2017-10-02 23:57 - 000085939 _____ C:\Users\StephaniSSD\Downloads\Green-Home-Improvements-Scheduler.pdf
2017-10-02 02:02 - 2017-10-02 02:02 - 000138270 _____ C:\Users\StephaniSSD\Downloads\Newtown-FontZillion.zip
2017-10-01 10:09 - 2017-10-01 10:09 - 000142742 _____ C:\Users\StephaniSSD\Downloads\Excessive-Absences-and-Truancy_Fast-Facts.pdf
2017-09-30 20:57 - 2017-09-30 20:57 - 000431796 _____ C:\Users\StephaniSSD\Downloads\PastBills.pdf
2017-09-29 15:36 - 2017-09-29 15:36 - 000563929 _____ C:\Users\StephaniSSD\Downloads\Cosmetic_Reconstructive_Procedures.pdf
2017-09-29 10:49 - 2017-09-29 10:49 - 000459556 _____ C:\Users\StephaniSSD\Downloads\download (1).pdf
2017-09-29 10:47 - 2017-09-29 10:47 - 006843583 _____ C:\Users\StephaniSSD\Downloads\medicaid-mc-enrollment-report.pdf
2017-09-29 10:42 - 2017-09-29 10:42 - 000040075 _____ C:\Users\StephaniSSD\Downloads\download.pdf
2017-09-28 14:05 - 2017-09-28 14:05 - 014472609 _____ C:\Users\StephaniSSD\Downloads\10-Free-Retro-Text-Styles-for-Adobe-Illustrator.zip
2017-09-28 13:53 - 2017-09-28 13:53 - 002439357 _____ C:\Users\StephaniSSD\Downloads\DD_Comic_Style_Illustration_65650.zip
2017-09-28 13:12 - 2017-09-28 13:12 - 047179258 _____ C:\Users\StephaniSSD\Downloads\50_free_styles_for_adobe_illustrator_by_love_kay-d7r1xkj.eps
2017-09-28 13:11 - 2017-09-28 13:11 - 022341135 _____ C:\Users\StephaniSSD\Downloads\18_more_free_ai_cs6_graphic_styles_by_doghouse1953-d86luxo.ai
2017-09-28 12:55 - 2017-09-28 12:55 - 003155804 _____ C:\Users\StephaniSSD\Downloads\DD_Comic_Style_Alphabet_Set_78677.zip
2017-09-28 08:23 - 2017-09-28 08:23 - 000448840 _____ (Totusoft ) C:\Users\StephaniSSD\Downloads\LAN_SpeedTest_Setup.exe
2017-09-28 07:37 - 2017-09-28 07:37 - 000000000 ____D C:\ProgramData\LogMeIn
2017-09-28 07:35 - 2017-09-28 07:35 - 009781248 _____ C:\Users\StephaniSSD\Downloads\hamachi.msi
2017-09-28 02:48 - 2017-09-28 02:48 - 000000000 ____D C:\Users\StephaniSSD\AppData\LocalLow\Evallis Entertainment
2017-09-28 02:35 - 2017-09-28 02:35 - 000000000 ____D C:\Users\StephaniSSD\AppData\LocalLow\EQ Studios
2017-09-28 01:10 - 2017-09-28 01:11 - 000000000 ____D C:\Users\StephaniSSD\Downloads\plaza-the.painscreek.killings
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-28 01:14 - 2016-10-13 01:04 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-28 01:14 - 2009-07-13 22:34 - 034078720 _____ C:\Windows\system32\config\HARDWARE
2017-10-28 01:13 - 2015-01-23 00:14 - 000025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2017-10-28 01:13 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-28 00:47 - 2016-10-17 02:59 - 000875240 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-28 00:47 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-10-28 00:19 - 2016-08-18 20:02 - 000062260 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000006-00001102-00000005-10031102}.rfx
2017-10-28 00:19 - 2016-08-18 20:02 - 000062260 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000006-00001102-00000005-10031102}.rfx
2017-10-28 00:19 - 2016-08-18 20:02 - 000000788 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000006-00001102-00000005-10031102}.rfx
2017-10-28 00:19 - 2009-07-14 00:45 - 000022720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-28 00:19 - 2009-07-14 00:45 - 000022720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-27 22:02 - 2016-10-27 19:12 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-27 22:01 - 2016-08-15 21:02 - 000000000 ____D C:\Users\StephaniSSD\AppData\Roaming\Opera Software
2017-10-27 14:56 - 2015-01-26 20:00 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-27 14:56 - 2015-01-26 20:00 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-27 13:18 - 2017-05-16 22:14 - 000000000 ____D C:\AdwCleaner
2017-10-27 11:03 - 2015-02-09 06:28 - 000001945 _____ C:\Windows\epplauncher.mif
2017-10-27 07:13 - 2017-08-26 00:36 - 000000000 ____D C:\Users\Mcx1-STEPHANISSD-PC
2017-10-27 07:13 - 2017-03-08 00:02 - 000000000 ____D C:\Program Files (x86)\QuoteRush2
2017-10-27 07:13 - 2015-06-17 00:28 - 000000000 ____D C:\Users\DefaultAppPool
2017-10-27 07:13 - 2015-06-13 08:20 - 000000000 ____D C:\Users\Classic .NET AppPool
2017-10-27 07:13 - 2015-05-29 00:15 - 000000000 ____D C:\Users\stephi
2017-10-27 07:13 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration
2017-10-27 03:55 - 2015-12-05 01:46 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-27 03:55 - 2015-07-26 04:37 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-27 03:55 - 2015-07-26 04:37 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-27 03:22 - 2015-04-15 11:59 - 000000000 ____D C:\Windows\Minidump
2017-10-27 03:15 - 2015-01-22 22:06 - 000000000 ____D C:\Users\StephaniSSD
2017-10-27 03:14 - 2016-08-18 20:02 - 000737496 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-23 19:33 - 2016-12-14 16:57 - 000000028 _____ C:\Users\StephaniSSD\AppData\Roaming\kulerdata.json
2017-10-23 18:57 - 2015-02-11 07:14 - 000000033 _____ C:\Users\StephaniSSD\AppData\Roaming\AdobeWLCMCache.dat
2017-10-21 06:26 - 2015-12-06 07:05 - 000000000 ____D C:\Users\StephaniSSD\AppData\Roaming\vlc
2017-10-19 15:56 - 2017-07-13 10:48 - 000000000 ____D C:\ProgramData\Oracle
2017-10-19 15:56 - 2016-10-13 01:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-19 15:56 - 2016-10-13 01:01 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-19 15:54 - 2016-10-13 01:01 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-10-19 11:55 - 2015-12-31 06:18 - 000000000 ____D C:\Users\StephaniSSD\AppData\Roaming\uTorrent
2017-10-19 05:37 - 2017-04-06 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-10-17 23:22 - 2017-07-22 03:40 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-17 23:22 - 2016-10-15 03:40 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-17 23:22 - 2016-10-13 01:10 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-10-17 23:22 - 2016-10-13 01:07 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-10-17 23:22 - 2015-03-22 08:43 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-10-17 23:21 - 2017-01-03 16:11 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-17 23:21 - 2016-10-15 03:40 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-17 23:21 - 2016-10-15 03:40 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-17 23:21 - 2016-10-15 03:40 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-17 23:21 - 2016-10-15 03:40 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-17 23:21 - 2016-10-15 03:40 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-14 01:03 - 2009-07-14 01:08 - 000032542 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-10-14 00:55 - 2016-08-18 16:54 - 000000000 ____D C:\Windows\pss
2017-10-14 00:01 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2017-10-13 22:45 - 2015-01-23 00:57 - 000000000 ____D C:\ProgramData\Skype
2017-10-13 02:34 - 2016-01-16 08:27 - 000003160 _____ C:\Windows\System32\Tasks\SidebarExecute
2017-10-13 02:30 - 2015-01-22 22:13 - 000000000 ____D C:\Windows\RaidTool
2017-10-13 02:29 - 2009-07-13 22:34 - 000000423 _____ C:\Windows\win.ini
2017-10-13 02:26 - 2015-01-22 23:28 - 000878978 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-10-12 23:55 - 2016-08-18 20:25 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-12 17:02 - 2015-06-14 00:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-12 16:53 - 2016-11-27 10:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-12 02:22 - 2017-08-18 11:05 - 000270912 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2017-10-12 01:54 - 2015-01-22 22:07 - 000001084 _____ C:\Users\StephaniSSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-10-11 17:11 - 2016-02-26 08:52 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-11 04:42 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2017-10-11 03:07 - 2015-01-23 00:18 - 000000000 ____D C:\Windows\system32\MRT
2017-10-10 21:05 - 2017-07-22 03:40 - 000186304 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-10-10 21:05 - 2017-07-22 03:40 - 000152512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-10-10 21:05 - 2016-10-15 03:40 - 001796032 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-10-10 21:05 - 2016-10-15 03:40 - 001577920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-10-10 21:05 - 2016-10-15 03:40 - 000918976 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2017-10-10 19:26 - 2017-07-22 03:40 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-10-10 12:27 - 2009-07-14 01:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-10-09 22:47 - 2015-01-23 01:12 - 000000000 ____D C:\Users\StephaniSSD\AppData\Roaming\Skype
2017-10-07 18:08 - 2015-01-22 23:31 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-07 16:07 - 2015-01-23 13:30 - 000000000 ____D C:\ProgramData\Razer
2017-10-07 16:06 - 2015-01-22 22:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-29 01:26 - 2017-04-06 21:12 - 000000000 ____D C:\Users\StephaniSSD\AppData\LocalLow\Games Farm s_r_o_
2017-09-28 11:57 - 2015-01-23 00:14 - 000000000 ____D C:\Users\StephaniSSD\AppData\Roaming\Adobe
2017-09-28 01:05 - 2015-01-22 22:37 - 000000000 ____D C:\ProgramData\InstallShield
 
==================== Files in the root of some directories =======
 
2017-07-23 22:06 - 2017-07-23 22:06 - 000000048 ____H () C:\Program Files (x86)\ztafwn3hgz.dat
2017-08-04 19:39 - 2017-08-04 19:39 - 000232464 _____ () C:\Users\StephaniSSD\AppData\Roaming\3B285493FC213F2FDEECA1D18A42CD59
2017-08-04 19:40 - 2017-08-04 19:40 - 000245264 _____ () C:\Users\StephaniSSD\AppData\Roaming\6D4914AA675FF56CC7025C04F4B5C592
2017-08-04 19:41 - 2017-08-04 19:41 - 000253456 _____ () C:\Users\StephaniSSD\AppData\Roaming\6DA65ECEB8565FB8F8810C109276F3A6
2017-08-04 19:41 - 2017-08-04 19:41 - 000047120 _____ () C:\Users\StephaniSSD\AppData\Roaming\AB124FB355D0EE9430466A93E043FA6F
2015-02-11 07:14 - 2017-10-23 18:57 - 000000033 _____ () C:\Users\StephaniSSD\AppData\Roaming\AdobeWLCMCache.dat
2017-08-04 19:41 - 2017-08-04 19:41 - 000936976 _____ () C:\Users\StephaniSSD\AppData\Roaming\F04727E676B3C08E9B26F04DA2F30598
2016-12-14 16:38 - 2017-01-31 23:33 - 000000260 _____ () C:\Users\StephaniSSD\AppData\Roaming\Image Processor Pro.log
2015-05-18 17:44 - 2015-05-18 17:44 - 000000112 _____ () C:\Users\StephaniSSD\AppData\Roaming\JP2K CS6 Prefs
2016-12-14 16:57 - 2017-10-23 19:33 - 000000028 _____ () C:\Users\StephaniSSD\AppData\Roaming\kulerdata.json
2016-04-24 01:27 - 2016-04-24 01:27 - 240397312 _____ () C:\Users\StephaniSSD\AppData\Roaming\Launcher.dat
2016-04-24 01:27 - 2016-04-24 02:18 - 000000009 _____ () C:\Users\StephaniSSD\AppData\Roaming\update.dat
2016-07-05 23:06 - 2016-08-06 14:25 - 000000600 _____ () C:\Users\StephaniSSD\AppData\Roaming\winscp.rnd
2015-02-01 17:29 - 2017-02-01 07:23 - 000001456 _____ () C:\Users\StephaniSSD\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-08-07 17:30 - 2017-08-07 17:53 - 000284145 _____ () C:\Users\StephaniSSD\AppData\Local\ars.cache
2015-08-31 17:16 - 2015-08-31 17:16 - 000000010 _____ () C:\Users\StephaniSSD\AppData\Local\cdsys812.ini
2017-08-07 17:31 - 2017-08-07 17:53 - 000693135 _____ () C:\Users\StephaniSSD\AppData\Local\census.cache
2017-08-07 17:17 - 2017-08-07 17:17 - 000000036 _____ () C:\Users\StephaniSSD\AppData\Local\housecall.guid.cache
2015-04-09 20:33 - 2015-04-10 02:14 - 000000407 _____ () C:\Users\StephaniSSD\AppData\Local\install_log.txt
2015-02-15 15:10 - 2017-10-12 17:01 - 000007616 _____ () C:\Users\StephaniSSD\AppData\Local\Resmon.ResmonCfg
2017-08-07 17:34 - 2017-08-07 17:53 - 000000010 _____ () C:\Users\StephaniSSD\AppData\Local\sponge.last.runtime.cache
2017-01-03 16:11 - 2017-01-27 19:41 - 000005110 _____ () C:\ProgramData\NvTelemetryContainer.log
 
Files to move or delete:
====================
C:\Users\Public\teamviewerqs.exe
C:\Users\StephaniSSD\x.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\csmqtxad.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2017-10-27 10:47
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by StephaniSSD (28-10-2017 01:14:53)
Running from C:\Users\StephaniSSD\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-01-23 02:06:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4121198748-4177608104-3762960389-500 - Administrator - Disabled)
digitalbil@gmail.com (S-1-5-21-4121198748-4177608104-3762960389-1008 - Administrator - Enabled) => C:\Users\digitalbil@gmail.com
Guest (S-1-5-21-4121198748-4177608104-3762960389-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4121198748-4177608104-3762960389-1010 - Limited - Enabled)
Mcx1-STEPHANISSD-PC (S-1-5-21-4121198748-4177608104-3762960389-1013 - Limited - Enabled) => C:\Users\Mcx1-STEPHANISSD-PC
StephaniSSD (S-1-5-21-4121198748-4177608104-3762960389-1000 - Administrator - Enabled) => C:\Users\StephaniSSD
stephi (S-1-5-21-4121198748-4177608104-3762960389-1006 - Administrator - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
.NET Core SDK 1.0.0 (x64) Installer (x64) (HKLM\...\{3A36F010-62C4-4173-9F25-257F1B0899DD}) (Version: 4.0.4911 - Microsoft Corporation) Hidden
.NET Core SDK 1.0.0 (x64) Installer (x64) (HKLM-x32\...\{c7c7d963-f622-455d-879a-7ffa111d1322}) (Version: 1.0.0 - Microsoft Corporation)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.11 - GIGABYTE)
µTorrent (HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{44DC843A-C591-4064-BE1F-2BDC177AF50C}) (Version: 13.0.1100.286 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.2.0.211 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_1_0) (Version: 21.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alien Skin Blow Up 3 (HKLM\...\Alien Skin Blow Up 3) (Version:  - Alien Skin)
Alien Skin Eye Candy 7 (HKLM\...\Alien Skin Eye Candy 7) (Version:  - Alien Skin)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
AutoGreen B10.1021.1 (HKLM-x32\...\{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) Hidden
Canon LBP6000/LBP6018 (HKLM\...\Canon LBP6000/LBP6018) (Version:  - )
CPUID CPU-Z 1.80 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.45 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DMIView B8.0717.01 (HKLM-x32\...\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}) (Version: 1.4 - Gigabyte)
Dragons Dogma: Dark Arisen (HKLM-x32\...\1242384383_is1) (Version: 1.0.0.17 - GOG.com)
Easy Tune 6 B11.0120.1 (HKLM-x32\...\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Hidden
Easy Tune 6 B11.0120.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
EasySaver B9.1214.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
ELEX (HKLM-x32\...\1885888793_is1) (Version: 1.0 - GOG.com)
EmailFromCellPhone (HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\3c4001bab6f1b99d) (Version: 1.0.0.1 - EmailFromCellPhone)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.63.1 - GIGABYTE Technologies, Inc.)
Glary Utilities 5.66 (HKLM-x32\...\Glary Utilities 5) (Version: 5.66.0.87 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP My Display (HKLM-x32\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.22.002 - Portrait Displays, Inc.)
IIS 10.0 Express (HKLM\...\{0148E8AA-4A50-4673-B532-DB9F30F804BE}) (Version: 10.0.1737 - Microsoft Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{0C05DE52-2C77-D6FA-A561-D508CF5FC96E}) (Version: 10.1.15063.137 - Microsoft) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Logitech Gaming Software 8.94 (HKLM\...\Logitech Gaming Software) (Version: 8.94.108 - Logitech Inc.)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech)
Malwarebytes version 3.3.0.2173 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.0.2173 - Malwarebytes)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft LifeChat (HKLM\...\{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}) (Version: 1.40.224.0 - Microsoft)
Microsoft Message Analyzer (HKLM\...\{D018A073-6AEB-4F91-8408-38E14043ACB2}) (Version: 4.0.8108.0 - Microsoft Corporation)
Microsoft OneDrive for Business 2013 - en-us (HKLM\...\GrooveRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects RC0 (x64) (HKLM\...\{F6F8053F-D328-4ACA-93A1-A49E495899F2}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service RC0 (HKLM-x32\...\{1852BD30-570B-4E47-8752-461448E8E250}) (Version: 13.0.12000.52 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{5CB4DD27-6252-4C08-BFCF-22F6A110CBFA}) (Version: 10.0.1972 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.94 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0409-1000-0000000FF1CE}) (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PCMark 8 (HKLM\...\{1C105B2F-E38F-4CE4-97F7-D5F9381AC85F}) (Version: 2.7.613.0 - Futuremark) Hidden
Pivot Software (HKLM-x32\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT RC0 (HKLM-x32\...\{AB72EB1C-9CF4-4274-984D-5EDA8BF37A08}) (Version: 13.0.1100.286 - Microsoft Corporation)
QuoteRush2 Update 2.1.3.004 (HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\QuoteRush2 Update) (Version: 2.1.3.004 - QuoteRush.com, LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.112.811.2017 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.3.0 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6121 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Roslyn Language Services - x86 (HKLM-x32\...\{E6CAD8B3-5682-31CA-A05E-79F6DBF81066}) (Version: 14.0.25132 - Microsoft Corporation) Hidden
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 3.02.002 - Portrait Displays, Inc.) Hidden
SDK Debuggers (HKLM-x32\...\{940B2629-5671-B98E-C28F-6F5F9EABF1DE}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
SoundFont Bank Manager (HKLM-x32\...\SFBM) (Version: 3.21 - Creative Technology Limited)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Evil Within 2 (HKLM-x32\...\The Evil Within 2_is1) (Version:  - )
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{4AC64C61-A7EC-4E4E-8F28-F57EB3430334}) (Version: 1.8.31.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Winamp Detector Plug-in (HKU\.DEFAULT\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\WinDirStat) (Version:  - )
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice  (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Windows Driver Package - Silicon Laboratories Inc. (silabser) Ports  (09/19/2016 6.7.4.261) (HKLM\...\9E2C239D42290B984A9E2B350A67AF8BC8BD11B9) (Version: 09/19/2016 6.7.4.261 - Silicon Laboratories Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.137 (HKLM-x32\...\{a07b4a01-ca27-4e28-9353-f325a308f128}) (Version: 10.1.15063.137 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\StephaniSSD\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\StephaniSSD\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\StephaniSSD\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\StephaniSSD\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\StephaniSSD\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\StephaniSSD\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\StephaniSSD\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\StephaniSSD\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-03-28] ()
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-10-27] (Malwarebytes)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DreamScene] -> {BE800AEB-A440-4B63-94CD-AA6B43647DF9} => C:\Windows\System32\DreamScene.dll [2008-03-18] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-07-18] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-10-27] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-02-10] (Power Software Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {035307B3-DB40-4E6C-9CC1-9A33B7611AD1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {03BE1B94-700C-474E-8475-F752A01C8FF8} - System32\Tasks\{C5B65CAA-E085-481D-B173-83202FAA5C9A} => C:\Windows\system32\pcalua.exe -a "C:\Users\StephaniSSD\Downloads\Invig_PS_current_win\Zaxwerks 3D Invigorator PS 6.1.1 Windows\Install Zaxwerks 3D Invigorator PS.exe" -d "C:\Users\StephaniSSD\Downloads\Invig_PS_current_win\Zaxwerks 3D Invigorator PS 6.1.1 Windows"
Task: {0DEE9D05-B7DB-4ACF-8EF5-8853F43C9E38} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {1EC81887-EDD9-407B-8E57-F1B4841017F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4121198748-4177608104-3762960389-1000UA => C:\Users\StephaniSSD\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-10] (Google Inc.)
Task: {212CBA1C-C18D-4C63-AE25-6AB1A623D4FA} - System32\Tasks\{E52BAA7B-9453-4301-940A-BFD28A092094} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2017-07-13] (Adobe Systems Incorporated)
Task: {22030CDE-8B9D-41B4-8A22-858E172C15FD} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {22930451-B9D4-4007-BC42-58ACC15AAC9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {363E91BF-5764-4B17-9424-D0F81B022696} - System32\Tasks\{BD9A6FC5-DE96-4983-B0D6-E20FB1EB8B6D} => C:\Windows\system32\pcalua.exe -a C:\Users\StephaniSSD\Downloads\jxpiinstall.exe -d C:\Users\StephaniSSD\Downloads
Task: {37DF235A-0CE8-46A2-8C03-FDEFC061D0E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {3C9D196C-415C-4AE5-AEA0-15643F97D2AA} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-STEPHANISSD-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {478185BD-4A85-482B-9C98-113FFAE5F1D0} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {5EC97136-7FB0-4D5F-82BB-58AB174D0E90} - System32\Tasks\{635C97BD-0598-431B-B18D-87AB55C28ECF} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2017-07-13] (Adobe Systems Incorporated)
Task: {66302CAB-661E-49B0-AE8C-76173726BF66} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {67416005-D905-459B-B307-8F80234358B1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {6C19A643-1145-4D85-80D8-613BC006FE93} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-08-21] (Advanced Micro Devices, Inc.)
Task: {6CD9D5D7-3C37-4AA0-A3C7-F7CE3916FA07} - System32\Tasks\LifeChatTask => C:\Program Files\Microsoft LifeChat\LifeChat.exe [2009-09-24] (Microsoft Corporation)
Task: {76912554-24F5-4FB7-BC02-58DA90642D48} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => F:\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
Task: {7F7608B6-303C-4D93-86BF-CE7E24CDEBFA} - System32\Tasks\{9C709B78-AEE4-4F48-9DD1-553D67E42DB6} => C:\Windows\system32\pcalua.exe -a F:\HellbladeSenuasSacrifice\language_setup.exe -d f:\hellbladesenuassacrifice\
Task: {82CE402C-6A7E-4705-AF37-DB842B160E4E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe
Task: {860C4764-2F93-4813-B095-E841AD82205B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {89668512-2576-4576-A3E2-F23FC928122D} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {A2595074-151F-4728-89BB-E2DAEBFD1B53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4121198748-4177608104-3762960389-1000Core => C:\Users\StephaniSSD\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-10] (Google Inc.)
Task: {A6E5CFE2-3A23-4B05-B3B6-17F10B57C638} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-12-16] (Glarysoft Ltd)
Task: {AC28099A-0581-44A3-BB04-6C27405A0E6D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {ACA76068-51BD-47E6-8DC5-9532372D0A4B} - System32\Tasks\AdobeAAMUpdater-1.0-StephaniSSD-PC-StephaniSSD => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {AFF099C9-F059-40F9-B29D-E48F7C7A0282} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {B2933CBF-2EC5-4A05-9EC2-49FDD8756B34} - System32\Tasks\{F948E930-7613-4DFA-9BDF-79741D090E71} => C:\Windows\system32\pcalua.exe -a E:\atisetup.exe -d E:\
Task: {BF3F165D-274D-4E56-B9CC-A04119C42594} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {C492C02D-B175-4EAC-8571-AE0C35CCD0EA} - System32\Tasks\{45B6AA5A-4F89-452D-B295-7912BF5063B8} => C:\Windows\system32\pcalua.exe -a C:\Users\StephaniSSD\Desktop\stickies_setup_9.0b.exe -d C:\Users\StephaniSSD\Desktop
Task: {CF6EC2D9-274B-45EF-9816-6CF5A55DC4FC} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-12-16] (Glarysoft Ltd)
Task: {D076F5B0-FB95-4415-8CCB-5DCD96EBE3A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {E1FDB249-BD5E-4C27-81FC-A00FF6EE40D7} - System32\Tasks\{694AA150-6B50-48EB-9F2C-ACA07D2F2EF3} => C:\Windows\system32\pcalua.exe -a C:\Users\StephaniSSD\Downloads\chipset-win7\ASetup.exe -d C:\Users\StephaniSSD\Downloads\chipset-win7
Task: {E314CBC0-187A-42AB-8A78-0E10FBB55C20} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
Task: {EDF03078-819F-4B2A-977D-4319D57D7A8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F0F13411-6E96-46CC-BC19-B9B9EA82D388} - System32\Tasks\{AEF83438-A802-438E-9402-73B598472DE6} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.40.0.103/en/abandoninstall?source=lightinstaller&page=tsMain
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\StephaniSSD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\StephaniSSD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Stephani - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-06 12:24 - 2012-08-06 12:24 - 000212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 16:03 - 2012-03-05 16:03 - 000677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 14:53 - 2012-02-16 14:53 - 003642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-01-22 22:10 - 2009-08-24 15:38 - 000068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2016-10-15 03:40 - 2017-10-10 21:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-08-14 03:48 - 2017-08-14 03:48 - 000491600 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2015-03-29 00:55 - 2015-03-29 00:58 - 008898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2017-09-26 15:27 - 2017-09-21 03:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 15:27 - 2017-09-21 03:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2015-01-22 22:10 - 2009-03-13 12:30 - 000109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2016-10-15 03:40 - 2017-10-10 21:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-03-01 01:20 - 2014-03-01 01:20 - 000002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2016-06-26 02:46 - 2009-03-26 14:46 - 000148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2016-10-15 03:40 - 2017-10-10 21:05 - 070805952 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:238AA907 [171]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\co.palm-beach.fl.us -> hxxp://www.co.palm-beach.fl.us
IE trusted site: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\isg.cgipdc.com -> hxxps://uicprod.isg.cgipdc.com
IE trusted site: HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\...\peoplestrust.live.ptsapp.com -> hxxp://www.peoplestrust.live.ptsapp.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-01-16 07:51 - 2017-10-13 02:29 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4121198748-4177608104-3762960389-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\StephaniSSD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: aswbIDSAgent => 3
MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Stickies.lnk => C:\Windows\pss\Stickies.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^StephaniSSD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stickies.lnk => C:\Windows\pss\Stickies.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\StephaniSSD\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
MSCONFIG\startupreg: CNAP2 Launcher => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
MSCONFIG\startupreg: DT HPC => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC
MSCONFIG\startupreg: Google Update => C:\Users\StephaniSSD\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: LifeChat => "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
MSCONFIG\startupreg: PivotSoftware => "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
MSCONFIG\startupreg: Plantronics MyHeadset Updater => C:\Program Files (x86)\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [TCP Query User{8ED11AEB-036F-4947-B583-F89B16BC4355}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{389E16DC-EB95-41E4-90B9-2B217BDBB35A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{D7AF52ED-A74C-4EBC-9B90-238E71BB27C0}C:\users\stephanissd\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\stephanissd\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{40F7D1FF-4FE3-43A7-9E22-3027463AE5C9}C:\users\stephanissd\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\stephanissd\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F508F671-E7EC-467F-85FA-B0AADD54D72C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{1DD25029-B5AB-45B6-879D-5C212EF498F6}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{66A0264D-2195-4DBF-9D18-733F28F9A7CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1CD6B9EA-E880-4D71-881D-878AEB4797EE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{14FE1F97-B90A-4E33-8B97-5991EA3A7E19}C:\users\stephanissd\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stephanissd\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{7AA42A64-C9DD-4366-9B26-D2A87566DC58}C:\users\stephanissd\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\stephanissd\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{B6D1BF11-05FC-4F98-8F8F-7CFE862E4847}C:\program files (x86)\bootstrap studio\bootstrap studio.exe] => (Block) C:\program files (x86)\bootstrap studio\bootstrap studio.exe
FirewallRules: [UDP Query User{AB93C4C1-8E16-4996-9986-0C87EF43F0E8}C:\program files (x86)\bootstrap studio\bootstrap studio.exe] => (Block) C:\program files (x86)\bootstrap studio\bootstrap studio.exe
FirewallRules: [{893DCA17-DAB3-456A-ADAD-C8EFFCA6DE34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1DCB3680-E56F-4F8D-A0D0-F71D07B12D19}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3E9C5707-F33A-4EF0-AE6E-9A376E37E67E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{5117CB8C-297B-4CD6-ADDC-F7FE1F65B188}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{8DBC5DC2-C0B0-4864-A7FC-315CD2C77EE0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{603238C7-A6B9-4A97-9854-27551B1006E4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{1F55323D-DB4D-417E-ACC1-07E807AA0AC4}C:\users\stephanissd\appdata\roaming\emby-server\system\mediabrowser.serverapplication.exe] => (Allow) C:\users\stephanissd\appdata\roaming\emby-server\system\mediabrowser.serverapplication.exe
FirewallRules: [UDP Query User{8653FFD5-CFEF-493E-B0DA-497EF426D78D}C:\users\stephanissd\appdata\roaming\emby-server\system\mediabrowser.serverapplication.exe] => (Allow) C:\users\stephanissd\appdata\roaming\emby-server\system\mediabrowser.serverapplication.exe
FirewallRules: [{CB0B7D21-BF2E-49BA-9A43-14B3F6298BCE}] => (Allow) LPort=8096
FirewallRules: [{E018A2B5-D4C5-4370-A78A-3257729ED636}] => (Allow) LPort=8096
FirewallRules: [{82203B30-04C6-48B1-B874-90FF513ED6BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{22D4DEAB-5CBF-4E2E-BEC0-D399701B1F42}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D48C3486-1190-418E-BA83-46BB439413E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{74E64410-95CA-42FE-8292-6D78927A404A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E2234CCA-3A4B-46CC-B460-B115E7610EFA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5BDBAB3B-1062-4EFD-AADE-1257F5772708}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0D8EDA68-7AC9-404C-B5A8-95A95B7B997E}C:\users\stephanissd\desktop\igg-quadrilateral.cowboy\igg-quadrilateral.cowboy\qc.exe] => (Allow) C:\users\stephanissd\desktop\igg-quadrilateral.cowboy\igg-quadrilateral.cowboy\qc.exe
FirewallRules: [UDP Query User{74AD563F-B6C7-4156-8004-938F0A14D3CD}C:\users\stephanissd\desktop\igg-quadrilateral.cowboy\igg-quadrilateral.cowboy\qc.exe] => (Allow) C:\users\stephanissd\desktop\igg-quadrilateral.cowboy\igg-quadrilateral.cowboy\qc.exe
FirewallRules: [TCP Query User{5515FA06-6D6B-47C8-ACEB-0DFF89A12DF3}C:\users\stephanissd\downloads\trespass.episode.2.vr\trespass.episode.2.vr\trespass_episode_02\binaries\win64\trespass_episode_02-win64-shipping.exe] => (Block) C:\users\stephanissd\downloads\trespass.episode.2.vr\trespass.episode.2.vr\trespass_episode_02\binaries\win64\trespass_episode_02-win64-shipping.exe
FirewallRules: [UDP Query User{43A40E3A-B827-4009-82CC-C87C17E45173}C:\users\stephanissd\downloads\trespass.episode.2.vr\trespass.episode.2.vr\trespass_episode_02\binaries\win64\trespass_episode_02-win64-shipping.exe] => (Block) C:\users\stephanissd\downloads\trespass.episode.2.vr\trespass.episode.2.vr\trespass_episode_02\binaries\win64\trespass_episode_02-win64-shipping.exe
FirewallRules: [TCP Query User{DCC38C50-B1C2-4B17-B665-68A6AE3000CA}C:\program files (x86)\java\jre1.8.0_121\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\jp2launcher.exe
FirewallRules: [UDP Query User{FCAEC26B-4363-4563-81E4-6D9142EB5F84}C:\program files (x86)\java\jre1.8.0_121\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\jp2launcher.exe
FirewallRules: [TCP Query User{8415B158-68C1-4983-8690-C39125D47CEF}C:\users\stephanissd\downloads\the.franz.kafka.videogame\the.franz.kafka.videogame\kafka.exe] => (Block) C:\users\stephanissd\downloads\the.franz.kafka.videogame\the.franz.kafka.videogame\kafka.exe
FirewallRules: [UDP Query User{E258BBF6-8A7D-4B46-A5FD-430BEB97AA15}C:\users\stephanissd\downloads\the.franz.kafka.videogame\the.franz.kafka.videogame\kafka.exe] => (Block) C:\users\stephanissd\downloads\the.franz.kafka.videogame\the.franz.kafka.videogame\kafka.exe
FirewallRules: [TCP Query User{930B68B9-2A4F-412F-8C81-7863B7257E89}C:\users\stephanissd\downloads\my.own.little.planet\my.own.little.planet\my own little planet.exe] => (Block) C:\users\stephanissd\downloads\my.own.little.planet\my.own.little.planet\my own little planet.exe
FirewallRules: [UDP Query User{CFB2738B-A21B-4762-B52D-69BEAAA9FEF6}C:\users\stephanissd\downloads\my.own.little.planet\my.own.little.planet\my own little planet.exe] => (Block) C:\users\stephanissd\downloads\my.own.little.planet\my.own.little.planet\my own little planet.exe
FirewallRules: [TCP Query User{7D142605-792B-418A-B2D8-5A791B677DAC}C:\users\stephanissd\downloads\earth\earthfall\earthfall\binaries\win64\earthfall.exe] => (Allow) C:\users\stephanissd\downloads\earth\earthfall\earthfall\binaries\win64\earthfall.exe
FirewallRules: [UDP Query User{1CE1E57C-09B8-4B1A-9666-6C22BD7C9A07}C:\users\stephanissd\downloads\earth\earthfall\earthfall\binaries\win64\earthfall.exe] => (Allow) C:\users\stephanissd\downloads\earth\earthfall\earthfall\binaries\win64\earthfall.exe
FirewallRules: [TCP Query User{441839E5-FEBA-4E51-BA85-E4DBE4EFFC51}C:\games\prey\binaries\danielle\x64\release\prey.exe] => (Allow) C:\games\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [UDP Query User{C9766D8C-C174-46AE-962B-C95A61975308}C:\games\prey\binaries\danielle\x64\release\prey.exe] => (Allow) C:\games\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [TCP Query User{393714CE-30B9-4D7B-A337-086F0F0CD9F9}F:\userstemp\rar$exa0.786\theworksofmercy.tech.story.demo\windowsnoeditor\theworksofmercy\binaries\win64\theworksofmercy-win64-shipping.exe] => (Allow) F:\userstemp\rar$exa0.786\theworksofmercy.tech.story.demo\windowsnoeditor\theworksofmercy\binaries\win64\theworksofmercy-win64-shipping.exe
FirewallRules: [UDP Query User{C9FE16D0-4D85-409A-8515-EEB5CBBF1E78}F:\userstemp\rar$exa0.786\theworksofmercy.tech.story.demo\windowsnoeditor\theworksofmercy\binaries\win64\theworksofmercy-win64-shipping.exe] => (Allow) F:\userstemp\rar$exa0.786\theworksofmercy.tech.story.demo\windowsnoeditor\theworksofmercy\binaries\win64\theworksofmercy-win64-shipping.exe
FirewallRules: [TCP Query User{6AA7FB39-E827-4C2A-B524-804C8E806A8D}F:\theworksofmercy.tech.story.demo\theworksofmercy.tech.story.demo\windowsnoeditor\theworksofmercy\binaries\win64\theworksofmercy-win64-shipping.exe] => (Allow) F:\theworksofmercy.tech.story.demo\theworksofmercy.tech.story.demo\windowsnoeditor\theworksofmercy\binaries\win64\theworksofmercy-win64-shipping.exe
FirewallRules: [UDP Query User{B13B371E-D86A-49AD-9E60-A09D00C76A6C}F:\theworksofmercy.tech.story.demo\theworksofmercy.tech.story.demo\windowsnoeditor\theworksofmercy\binaries\win64\theworksofmercy-win64-shipping.exe] => (Allow) F:\theworksofmercy.tech.story.demo\theworksofmercy.tech.story.demo\windowsnoeditor\theworksofmercy\binaries\win64\theworksofmercy-win64-shipping.exe
FirewallRules: [TCP Query User{78850ADE-B22B-4FC0-9488-054F42A9046D}C:\users\stephanissd\downloads\the.suffering.of.larina\the.suffering.of.larina\the suffering of larina\engine\binaries\win64\ue4game.exe] => (Allow) C:\users\stephanissd\downloads\the.suffering.of.larina\the.suffering.of.larina\the suffering of larina\engine\binaries\win64\ue4game.exe
FirewallRules: [UDP Query User{196767F8-2FC2-43C1-B9E3-2403457A9743}C:\users\stephanissd\downloads\the.suffering.of.larina\the.suffering.of.larina\the suffering of larina\engine\binaries\win64\ue4game.exe] => (Allow) C:\users\stephanissd\downloads\the.suffering.of.larina\the.suffering.of.larina\the suffering of larina\engine\binaries\win64\ue4game.exe
FirewallRules: [TCP Query User{94414EE1-FB3E-43D6-A0CE-8EF5E7FEE8AD}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{8145E008-0EBF-4502-A820-BE57E5738E52}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{4AC1D3EC-D890-4AD9-93B2-EBB0586FA55A}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [UDP Query User{0F62ADDA-8A49-4C4F-A2EC-4138B352D6DC}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [{8E69C96F-59ED-47DC-A222-0748C4F87967}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1ED24566-F15C-423E-9133-E7A0BD42DA81}] => (Allow) C:\Windows\system32\rundll32.exe
 
==================== Restore Points =========================
 
22-10-2017 19:00:09 Windows Backup
25-10-2017 02:02:35 Windows Update
27-10-2017 03:18:25 Windows Update
27-10-2017 09:06:30 Removed Document Translator
27-10-2017 14:54:31 Revo Uninstaller Pro's restore point - Opera Stable 48.0.2685.52
27-10-2017 14:55:23 Revo Uninstaller Pro's restore point - Adobe Flash Player 27 NPAPI
27-10-2017 22:01:11 Revo Uninstaller Pro's restore point - Opera Stable 48.0.2685.52
 
==================== Faulty Device Manager Devices =============
 
Name: Capsax64Drv NDIS Protocol Driver
Description: Capsax64Drv NDIS Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Capsax64Drv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/28/2017 12:19:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x754
Faulting application start time: 0x01d34fa365bc31ec
Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Report Id: 35c6c688-bb97-11e7-aa4f-1c6f65d5f70b
 
Error: (10/28/2017 12:14:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x74c
Faulting application start time: 0x01d34f991f42e389
Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Report Id: 790f15a4-bb96-11e7-8174-1c6f65d5f70b
 
Error: (10/27/2017 11:00:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x754
Faulting application start time: 0x01d34f90fb63d1c6
Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Report Id: 2cc0be89-bb8c-11e7-8ab2-1c6f65d5f70b
 
Error: (10/27/2017 10:02:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x7d8
Faulting application start time: 0x01d34f4804f84854
Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Report Id: 1114620a-bb84-11e7-8577-1c6f65d5f70b
 
Error: (10/27/2017 10:01:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MBAMWebProtection.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/27/2017 10:01:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MBAMSwissArmy.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/27/2017 10:01:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MBAMChameleon.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/27/2017 10:01:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-4121198748-4177608104-3762960389-1006.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {9b8d635d-f1bf-45a8-a427-71470dc984ce}
 
Error: (10/27/2017 02:55:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-4121198748-4177608104-3762960389-1006.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e4c531b0-4b0b-4078-a200-eb431a7e1f7b}
 
Error: (10/27/2017 02:54:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-4121198748-4177608104-3762960389-1006.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e4c531b0-4b0b-4078-a200-eb431a7e1f7b}
 
 
System errors:
=============
Error: (10/28/2017 01:14:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SSDP Discovery service depends on the HTTP service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (10/28/2017 01:14:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Function Discovery Provider Host service depends on the HTTP service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (10/28/2017 01:14:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Function Discovery Provider Host service depends on the HTTP service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (10/28/2017 01:14:03 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{D3DCB472-7261-43CE-924B-0704BD730D5F}
 
Error: (10/28/2017 01:14:03 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (10/28/2017 01:13:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/28/2017 01:13:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Function Discovery Resource Publication service depends on the HTTP service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (10/28/2017 01:13:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Function Discovery Provider Host service depends on the HTTP service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (10/28/2017 01:13:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (10/28/2017 01:13:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-15 00:16:25.272
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-15 00:15:29.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-04 09:50:21.313
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-04 09:49:22.928
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 08:40:26.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 08:40:26.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 01:23:36.425
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 01:23:36.345
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 00:54:02.379
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 00:54:02.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 16%
Total physical RAM: 16384 MB
Available physical RAM: 13608.06 MB
Total Virtual: 17982.18 MB
Available Virtual: 15092.57 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.37 GB) (Free:116.96 GB) NTFS
Drive d: (GSP1RMCHPXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
Drive f: (programs to run and extra bleep) (Fixed) (Total:931.51 GB) (Free:275.26 GB) NTFS
Drive g: (Use this drive before other) (Fixed) (Total:931.51 GB) (Free:0.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 070807DF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7A88E412)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7A3B2A8C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:13 AM

Posted 29 October 2017 - 08:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Run this Malwarebytes Anti-Rootkit.

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Before you run the program make sure you follow the instructions under Section 5.
5. Unselect sectors and system below. Hit the scan button.

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
<<<>>>

After a restart of the computer please run the Farbar program normally.

Post a fresh FRST log for my review.

Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:13 AM

Posted 04 November 2017 - 07:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users