Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdwCleaner finds PUPs but can't remove them


  • This topic is locked This topic is locked
13 replies to this topic

#1 tonynace

tonynace

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 12 November 2017 - 11:48 AM

I ran AdwCleaner on my computer and it found 2 elements of a PUP, but when I tell it to clean and reboot my system, and run it again, they are still there. They are as follows: PUP.Optional.Legacy, and PUP.Optional.SlimCleaner Plus. I thought about trying to remove them manually, but the first one is supposed to be in the path C:\Windows\SysNative\drivers\swdumon.sys, but I can't even find that subfolder in my Windows directory, even though I have show hidden items checked. The second one is a registry entry, but when I try to find that in the Registry Editor, it doesn't appear there. The path is [HKLM] SOFTWARE\SlimWare Utilities Inc. I tried running Malwarebytes, but that program didn't find them at all. I see Malwarebytes now owns AdwCleaner, so why haven't they integrated its capabilities into Malwarebytes? What good is the latter if it isn't finding this stuff? I'm doing a full scan with my Avast AV to see if that picks it up, but if it doesn't and/or can't remove it, how do I get rid of these elements? I am running Windows 10 by the way.

 


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:50 AM

Posted 12 November 2017 - 12:27 PM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 tonynace

tonynace
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 12 November 2017 - 01:29 PM

Nothing found with Malwarebytes Anti-Rootkit
 
Result of Security Analysis by Rocket Grannie (x86) Updated: 12th Novemeber, 2017
Running from:G:\Downloads\Security Tools (12:49:51 - 11/12/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Avast Antivirus (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Avast Antivirus (Disabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (27.0.0.183)
CCleaner (5.36)
Google Chrome (62.0.3202.89)
HijackThis (1.0.0) ==> is out of Date
Malwarebytes (3.2.2.2029)
Microsoft Silverlight (5.1.50907.0)
Mozilla Thunderbird (52.4.0)
 
***----------------Analysis Complete-------------------------***
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by  (administrator) on MULTIMEDIA (12-11-2017 13:23:58)
Running from G:\Downloads\Security Tools
Loaded Profiles:  (Available Profiles:  & DefaultAppPool)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Tresorit) C:\Users\T\AppData\Local\Tresorit\v0.8\Tresorit.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Amazon Services LLC) C:\Users\T\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Tony Nacelewicz\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
(Facebook) C:\Users\Tony Nacelewicz\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\OmniPage18\omnipage.exe
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(The CefSharp Authors) C:\Users\Tony Nacelewicz\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Malwarebytes) G:\Downloads\Security Tools\adwcleaner_7.0.4.0.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Malwarebytes Corp.) G:\Downloads\Security Tools\mbar-1.10.3.1001.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes Corporation) G:\Desktop\mbar\mbar.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-22] (NVIDIA Corporation)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [383528 2014-05-30] (Acronis)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [VerizonCloud] => C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe [2136728 2015-12-03] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-10] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-06-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [PDF8 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe [178576 2012-10-23] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe [2013072 2012-10-23] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance PDF Converter Professional 8-reminder] => "C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"
HKLM-x32\...\Run: [OmniPage Preload] => C:\Program Files (x86)\Nuance\OmniPage18\OmniPage.exe [1467240 2011-08-15] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance OmniPage 18-reminder] => "C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini"
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3222448 2017-10-12] (Dominik Reichl)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-01] (Dropbox, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [Google Update] => C:\Users\Tony Nacelewicz\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [Tresorit] => C:\Users\Tony Nacelewicz\AppData\Local\Tresorit\v0.8\Tresorit.exe [16856416 2017-10-27] (Tresorit)
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [Amazon Music] => C:\Users\Tony Nacelewicz\AppData\Local\Amazon Music\Amazon Music Helper.exe [3700200 2017-07-18] (Amazon Services LLC)
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [BlueCoreInterfaceTrayApp] => C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe [853912 2016-12-11] ()
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [SynchronossPC] => C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe [2136728 2015-12-03] ()
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [HP] => C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44032 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [40417680 2017-11-01] ()
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [HP Photosmart 7510 series (NET)] => C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [EPSON Stylus Photo R1800] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [GoogleChromeAutoLaunch_F65B4EF5363F5BA394F0ECD9D2B234AC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-05] (Google Inc.)
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Run: [Spotify Web Helper] => C:\Users\Tony Nacelewicz\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-10-31] (Spotify Ltd)
HKU\S-1-5-21-3959300325-684031159-519766923-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [148992 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk [2016-03-25]
ShortcutTarget: Nuance Cloud Connector.lnk -> C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe ()
Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-06-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-10-27]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Tony Nacelewicz\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2015-04-02]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk [2015-10-28]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk [2014-05-21]
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Tony Nacelewicz\AppData\Local\Autobahn\nexdef.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8fc5de49-8e27-4f0d-a4f5-2b1d17c51628}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c3285d4b-e104-41c2-9746-d11c7e149a2e}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3959300325-684031159-519766923-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3959300325-684031159-519766923-1001 -> 554181F3D73248D8A2319F9895C467C7 URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3959300325-684031159-519766923-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
 
FireFox:
========
FF DefaultProfile: rvsrknqa.default
FF ProfilePath: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\rvsrknqa.default [2017-11-10]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\rvsrknqa.default -> Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3959300325-684031159-519766923-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tony Nacelewicz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3959300325-684031159-519766923-1001: @talk.google.com/O1DPlugin -> C:\Users\Tony Nacelewicz\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3959300325-684031159-519766923-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tony Nacelewicz\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3959300325-684031159-519766923-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tony Nacelewicz\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tony Nacelewicz\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tony Nacelewicz\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\T\AppData\Local\Google\Chrome\User Data\Default [2017-11-12]
CHR Extension: (Slides) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\TAppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-15]
CHR Extension: (DuckDuckGo Search) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-05-13]
CHR Extension: (YouTube) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-15]
CHR Extension: (Adblock Plus) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-13]
CHR Extension: (uBlock Origin) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-11]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Tony Nacelewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2017-11-06]
CHR Extension: (Adobe Acrobat) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Video Downloader professional) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-08-07]
CHR Extension: (+ Flip It) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmppankahdodchhioklnbcmohehhjoa [2017-07-10]
CHR Extension: (Sheets) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-10-10]
CHR Extension: (Unshorten.link) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbobdaaeaihkghbokihkofcbndhmbdpd [2017-02-16]
CHR Extension: (Google Docs Offline) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
CHR Extension: (Avast Online Security) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-13]
CHR Extension: (goo.gl URL Shortener (Unofficial)) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2017-07-05]
CHR Extension: (AutoPagerize) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp [2017-02-16]
CHR Extension: (Google Voice (by Google)) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2017-10-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Tony Nacelewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-06-13]
CHR Extension: (Google Hangouts) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-30]
CHR Extension: (Context Menu Search) - C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2016-04-15]
CHR Extension: (Speedtest by Ookla) - C:\Users\Tony Nacelewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2017-06-29]
CHR Extension: (Gmail) - C:\Users\Tony Nacelewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\Tony Nacelewicz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-07]
CHR Profile: C:\Users\Tony Nacelewicz\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-10]
CHR HKU\S-1-5-21-3959300325-684031159-519766923-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-04-02] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-10] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-10] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [332368 2017-11-10] (AVAST Software)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-22] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-11-01] (Dropbox, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1085968 2017-10-09] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-22] (NVIDIA Corporation)
R2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [29592 2012-09-24] (Gladinet, INC)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [83952 2014-03-27] (Micro-Star International)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-22] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-22] (NVIDIA Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 4326A671; C:\WINDOWS\system32\drivers\4326A671.sys [255928 2017-11-12] (Malwarebytes)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-10] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-10] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-10] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-10] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [570152 2017-11-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455384 2017-11-10] (AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-10] (AVAST Software)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8597208 2014-12-24] (Broadcom Corporation)
S3 CSRBC; C:\WINDOWS\System32\Drivers\rider64.sys [38400 2015-03-10] (CSR plc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-10-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-12] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-11-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-12] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-12] (Malwarebytes)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-22] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-10-20] (Realtek )
S3 RtNdPt640; C:\WINDOWS\system32\DRIVERS\RtNdPt640.sys [48192 2017-11-10] (Realtek Semiconductor Corp.)
S3 RTTEAMPT640; C:\WINDOWS\system32\DRIVERS\RtTeam640.sys [70696 2017-11-10] (Realtek Corporation)
S3 RTVLANPT640; C:\WINDOWS\system32\DRIVERS\RtVlan640.sys [46632 2017-11-10] (Realtek Corporation)
R2 SADP_NPF; C:\WINDOWS\SysWOW64\drivers\sadp_npf64.sys [35344 2012-07-02] (CACE Technologies, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2017-11-12] (SlimWare Utilities, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-12 12:53 - 2017-11-12 13:10 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-12 12:53 - 2017-11-12 12:53 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4326A671.sys
2017-11-12 09:34 - 2017-11-12 09:34 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-10 12:18 - 2017-11-10 12:18 - 000000000 ___HD C:\OneDriveTemp
2017-11-10 12:17 - 2017-11-12 09:33 - 000000022 _____ C:\WINDOWS\S.dirmngr
2017-11-10 12:16 - 2017-11-10 12:16 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-11-10 12:15 - 2017-11-10 12:15 - 000000000 ____D C:\WINDOWS\system32\DAX3
2017-11-10 12:15 - 2017-11-10 12:15 - 000000000 ____D C:\ProgramData\Audyssey Labs
2017-11-10 12:15 - 2017-11-10 12:15 - 000000000 ____D C:\Program Files\Realtek
2017-11-10 12:14 - 2017-06-29 18:55 - 015202032 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE3.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 013122576 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 012988336 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 006410088 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV3apo.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 005938904 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 005593608 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 003509256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 003507688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 003410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 003299816 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 003122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 003092336 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 002190976 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 001382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 001347136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 001016928 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000923736 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000877424 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000873456 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000868176 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000866640 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000737960 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000677664 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000604792 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000568256 _____ (Intel Corporation) C:\WINDOWS\system32\tbb_waves.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000525768 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000231912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000221960 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000209528 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000158696 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000134200 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000090912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000088312 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2017-11-10 12:14 - 2017-06-29 18:55 - 000075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 024608272 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioCapture64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 023863048 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRenderAVX64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 023764392 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRender64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 010536152 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 004059960 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 002291304 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 001780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 001591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 001422920 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 001334376 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 001213656 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 001166152 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000999848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000708312 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000680544 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000678176 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000618184 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000514520 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000500552 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000428224 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000406448 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000366120 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000360344 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000330552 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000203840 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000190928 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2017-11-10 12:14 - 2017-06-29 18:54 - 000179592 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 005346992 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 002444680 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 001959600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 001616680 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 001554600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 001529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 001508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 001326424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 001170872 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 000743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 000609392 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 000504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 000445392 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 000441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 000362048 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 000327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 000310416 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 000272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 000253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 000253864 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 000252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-11-10 12:14 - 2017-06-29 18:53 - 000115120 _____ (Conexant System, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-11-10 12:14 - 2017-06-29 18:52 - 005826560 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-11-10 12:14 - 2017-06-29 18:52 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-11-10 12:14 - 2017-06-29 18:52 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-11-10 12:14 - 2017-06-29 18:52 - 002993720 _____ (Audyssey Labs) C:\WINDOWS\system32\AudysseyEfx.dll
2017-11-10 12:14 - 2017-06-29 18:52 - 002110592 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2017-11-10 12:14 - 2017-06-29 18:52 - 000574752 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-11-10 12:14 - 2017-06-29 18:52 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-11-10 12:14 - 2017-06-29 18:52 - 000118592 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-11-10 12:14 - 2017-06-29 18:51 - 072520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-11-10 12:14 - 2017-06-29 18:51 - 014057248 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2017-11-10 12:14 - 2017-06-29 18:51 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-11-10 12:14 - 2017-06-29 18:51 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-11-10 12:14 - 2017-06-29 18:51 - 006264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2017-11-10 12:14 - 2017-06-29 18:51 - 002210304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-11-10 12:14 - 2017-06-29 18:51 - 002050176 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2017-11-10 12:14 - 2017-06-29 18:51 - 001186832 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2017-11-10 12:14 - 2017-06-29 18:51 - 001133064 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2017-11-10 12:14 - 2017-06-29 18:51 - 001003856 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2017-11-10 12:14 - 2017-06-29 18:51 - 000931616 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2017-11-10 12:14 - 2017-06-29 18:51 - 000416504 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2017-11-10 12:14 - 2017-06-29 18:51 - 000378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2017-11-10 12:14 - 2017-06-29 18:51 - 000154360 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2017-11-10 12:14 - 2017-06-29 18:51 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-11-10 12:14 - 2017-06-29 18:50 - 000122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-11-10 12:14 - 2017-06-29 18:50 - 000118584 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2017-11-10 12:14 - 2017-06-29 18:50 - 000105304 _____ C:\WINDOWS\system32\audioLibVc.dll
2017-11-10 12:14 - 2017-06-29 03:05 - 012334923 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-11-10 12:14 - 2017-06-29 03:05 - 005804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2017-11-10 12:14 - 2017-06-29 03:05 - 001920870 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat
2017-11-10 12:14 - 2017-06-29 03:05 - 000005604 _____ C:\WINDOWS\system32\cxapo.lncs
2017-11-10 12:14 - 2017-06-29 03:05 - 000000864 _____ C:\WINDOWS\system32\cxapo.prop
2017-11-10 12:14 - 2016-09-22 14:55 - 002839520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2017-11-10 11:12 - 2017-10-20 11:32 - 001010648 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-11-10 11:08 - 2017-11-10 11:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2017-11-10 11:08 - 2017-11-10 11:07 - 000070696 _____ (Realtek Corporation) C:\WINDOWS\system32\Drivers\RtTeam640.sys
2017-11-10 11:08 - 2017-11-10 11:07 - 000048192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtNdPt640.sys
2017-11-10 11:08 - 2017-11-10 11:07 - 000046632 _____ (Realtek Corporation) C:\WINDOWS\system32\Drivers\RtVlan640.sys
2017-11-10 11:01 - 2017-11-12 10:49 - 000000524 _____ C:\WINDOWS\Tasks\Avast Driver Updater Startup.job
2017-11-10 11:01 - 2017-11-12 10:48 - 000025608 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2017-11-10 11:01 - 2017-11-10 11:01 - 000003042 _____ C:\WINDOWS\System32\Tasks\Avast Driver Updater Startup
2017-11-10 11:01 - 2017-11-10 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater
2017-11-10 11:01 - 2017-11-10 11:01 - 000000000 ____D C:\Program Files (x86)\Avast Driver Updater
2017-11-10 10:58 - 2017-11-10 10:58 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-11-10 09:28 - 2017-11-10 09:27 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-11-10 09:27 - 2017-11-10 09:27 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-07 09:36 - 2017-11-10 10:59 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-03 08:41 - 2017-11-03 08:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-02 08:37 - 2017-11-02 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-02 08:37 - 2017-11-02 08:37 - 000000000 ____D C:\Program Files\iTunes
2017-11-02 08:37 - 2017-11-02 08:37 - 000000000 ____D C:\Program Files\iPod
2017-11-01 06:58 - 2017-11-01 06:58 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-11-01 06:58 - 2017-11-01 06:58 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-11-01 06:58 - 2017-11-01 06:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-11-01 06:58 - 2017-11-01 06:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-10-13 09:04 - 2017-11-12 12:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-10-13 09:04 - 2017-11-12 09:33 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-13 09:04 - 2017-11-12 09:33 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-10-13 09:04 - 2017-11-12 09:33 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-13 09:04 - 2017-10-13 09:04 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-10-13 09:04 - 2017-10-13 09:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-13 09:04 - 2017-10-13 09:04 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-13 09:04 - 2017-10-04 12:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-12 13:24 - 2014-05-22 11:43 - 000000000 ____D C:\ProgramData\TEMP
2017-11-12 13:23 - 2015-11-22 12:45 - 000000000 ____D C:\FRST
2017-11-12 13:22 - 2017-09-20 09:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-12 12:53 - 2014-05-21 14:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-12 11:10 - 2015-03-24 11:55 - 000000000 ____D C:\AdwCleaner
2017-11-12 11:08 - 2017-04-21 11:52 - 000000000 ____D C:\Users\Tony Nacelewicz\AppData\LocalLow\Mozilla
2017-11-12 10:56 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-12 10:52 - 2014-07-13 10:30 - 000000000 ____D C:\Users\Tony Nacelewicz\AppData\Local\gladinet
2017-11-12 10:50 - 2014-12-23 12:49 - 000008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-11-12 10:49 - 2016-06-13 08:01 - 000000000 ___RD C:\Users\Tony Nacelewicz\Google Drive
2017-11-12 10:49 - 2015-11-11 09:33 - 000000000 ___RD C:\Users\Tony Nacelewicz\OneDrive
2017-11-12 10:49 - 2014-05-21 14:07 - 000000000 ____D C:\ProgramData\MCShield
2017-11-12 09:40 - 2017-09-20 09:28 - 001344034 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-12 09:33 - 2017-09-20 09:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-12 09:33 - 2017-09-20 09:28 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-11 18:56 - 2017-03-18 06:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-11 14:48 - 2017-09-20 09:29 - 000000000 ____D C:\Users\Tony Nacelewicz
2017-11-11 14:25 - 2017-09-20 09:39 - 000004174 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23F7B28B-602D-42FE-AB69-005505046695}
2017-11-11 13:20 - 2014-06-02 21:44 - 000000000 ____D C:\Users\Tony Nacelewicz\AppData\Roaming\Spotify
2017-11-11 08:24 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-10 12:51 - 2014-06-02 21:44 - 000000000 ____D C:\Users\Tony Nacelewicz\AppData\Local\Spotify
2017-11-10 12:16 - 2017-09-20 09:27 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-11-10 12:16 - 2014-05-29 08:43 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-11-10 12:15 - 2017-09-20 09:28 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-11-10 12:15 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-10 11:12 - 2014-05-29 08:37 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-11-10 11:08 - 2014-05-22 11:46 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-11-10 11:01 - 2015-12-08 12:40 - 000000000 ____D C:\Users\Tony Nacelewicz\AppData\Local\AVAST Software
2017-11-10 10:59 - 2017-09-19 09:47 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-10 10:58 - 2014-08-05 19:27 - 000000000 ____D C:\Program Files\CCleaner
2017-11-10 09:28 - 2017-09-20 09:39 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-11-10 09:28 - 2017-06-09 18:45 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-10 09:27 - 2017-02-10 13:47 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-11-10 09:27 - 2017-02-10 13:47 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-11-10 09:27 - 2017-02-10 13:47 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-11-10 09:27 - 2017-02-10 13:47 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-11-10 09:27 - 2016-02-11 10:40 - 000570152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-11-10 09:27 - 2014-05-21 14:25 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-11-10 09:27 - 2014-05-21 14:25 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-11-10 09:27 - 2014-05-21 14:25 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-11-10 09:27 - 2014-05-21 14:25 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-11-10 09:27 - 2014-05-21 14:25 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-11-10 09:27 - 2014-05-21 14:25 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-11-10 09:27 - 2014-05-21 14:25 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-11-10 09:27 - 2014-05-21 14:25 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-11-07 09:36 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-06 14:55 - 2014-05-21 14:29 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-05 08:43 - 2017-09-22 09:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-11-03 08:42 - 2016-06-22 21:26 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-11-02 12:28 - 2014-06-05 10:45 - 000000000 ____D C:\Temp
2017-11-02 09:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-01 10:06 - 2017-09-20 09:39 - 000003384 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3959300325-684031159-519766923-1001
2017-11-01 10:06 - 2015-11-11 09:33 - 000002433 _____ C:\Users\Tony Nacelewicz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-30 09:29 - 2017-08-14 08:04 - 000000394 _____ C:\WINDOWS\Tasks\HPCeeScheduleForTony Nacelewicz.job
2017-10-30 09:29 - 2016-06-22 21:26 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-10-30 09:29 - 2016-06-22 21:26 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-10-30 09:29 - 2014-06-16 19:14 - 000000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3959300325-684031159-519766923-1001UA.job
2017-10-30 09:29 - 2014-06-16 19:14 - 000000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3959300325-684031159-519766923-1001Core.job
2017-10-30 08:21 - 2017-09-20 09:39 - 000003326 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForTony Nacelewicz
2017-10-27 09:57 - 2016-12-10 10:23 - 000000000 ____D C:\Users\Tony Nacelewicz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2017-10-27 09:56 - 2016-05-12 14:32 - 000000000 ____D C:\Users\Tony Nacelewicz\AppData\Local\Facebook
2017-10-27 08:35 - 2017-09-20 09:39 - 000003640 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3959300325-684031159-519766923-1001UA
2017-10-27 08:35 - 2017-09-20 09:39 - 000003580 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-27 08:35 - 2017-09-20 09:39 - 000003564 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3959300325-684031159-519766923-1001UA1d2587b41fe1ee6
2017-10-27 08:35 - 2017-09-20 09:39 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-10-27 08:35 - 2017-09-20 09:39 - 000003462 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-10-27 08:35 - 2017-09-20 09:39 - 000003372 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3959300325-684031159-519766923-1001Core
2017-10-27 08:35 - 2017-09-20 09:39 - 000003360 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1486652643
2017-10-27 08:35 - 2017-09-20 09:39 - 000003358 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1447692306
2017-10-27 08:35 - 2017-09-20 09:39 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-27 08:35 - 2017-09-20 09:39 - 000003322 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-27 08:35 - 2017-09-20 09:39 - 000003296 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3959300325-684031159-519766923-1001Core1d2587b41f41004
2017-10-27 08:35 - 2017-09-20 09:39 - 000003238 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-10-27 08:35 - 2017-09-20 09:39 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-10-27 08:35 - 2017-09-20 09:39 - 000002738 _____ C:\WINDOWS\System32\Tasks\PCEAC68WLANMGR
2017-10-27 08:35 - 2017-09-20 09:39 - 000002724 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Photosmart 7510 series
2017-10-27 08:35 - 2017-09-20 09:39 - 000002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2017-10-27 08:35 - 2017-09-20 09:39 - 000002382 _____ C:\WINDOWS\System32\Tasks\{47B8C2C6-478B-444C-BC97-D3113EA53716}
2017-10-27 08:35 - 2017-09-20 09:39 - 000002322 _____ C:\WINDOWS\System32\Tasks\{89F7B91F-8887-48FE-AEA0-B4461E389ADE}
2017-10-27 08:35 - 2017-09-20 09:39 - 000002316 _____ C:\WINDOWS\System32\Tasks\{3878F1D8-0444-49A5-9E65-9D473DA0BFCA}
2017-10-27 08:35 - 2017-09-20 09:39 - 000002232 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-10-27 08:35 - 2017-09-20 09:39 - 000002160 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2017-10-27 08:35 - 2017-09-20 09:39 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-10-27 07:29 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-27 07:29 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-24 13:22 - 2014-07-09 21:27 - 000000000 ____D C:\Users\Tony Nacelewicz\AppData\Local\ElevatedDiagnostics
2017-10-24 10:57 - 2017-04-11 11:24 - 000000000 ____D C:\Users\Tony Nacelewicz\AppData\Roaming\Garmin
2017-10-20 12:16 - 2017-04-11 11:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-10-20 11:34 - 2017-05-06 16:36 - 000000000 ____D C:\ProgramData\Garmin
2017-10-20 11:34 - 2017-04-11 11:24 - 000000000 ____D C:\Users\Tony Nacelewicz\AppData\Local\Garmin
2017-10-19 14:39 - 2016-11-23 13:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-10-19 14:39 - 2014-05-22 06:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-18 20:19 - 2014-12-23 00:08 - 000000000 ____D C:\Users\Tony Nacelewicz\AppData\Roaming\KeePass
2017-10-18 11:37 - 2017-05-07 11:55 - 000000000 ____D C:\Users\Tony Nacelewicz\AppData\Roaming\Tyre
2017-10-18 08:36 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-17 10:55 - 2017-05-07 11:55 - 000000000 ____D C:\ProgramData\Tyre
2017-10-17 10:55 - 2017-05-07 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tyre
2017-10-17 10:55 - 2017-05-07 11:55 - 000000000 ____D C:\Program Files (x86)\Tyre
2017-10-16 08:29 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 11:42 - 2015-01-08 11:20 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2017-10-13 11:42 - 2015-01-08 11:20 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2017-10-13 08:57 - 2015-11-11 09:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-13 08:17 - 2017-09-20 09:27 - 000334672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-13 08:16 - 2017-03-18 16:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-13 08:16 - 2017-03-18 16:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-13 08:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-13 08:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Provisioning
 
==================== Files in the root of some directories =======
 
2015-03-18 22:48 - 2015-03-18 22:48 - 000002025 _____ () C:\Users\Tony Nacelewicz\AppData\Local\recently-used.xbel
2014-11-19 15:21 - 2014-11-19 15:21 - 000007602 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Resmon.ResmonCfg
2014-05-22 06:56 - 2014-05-22 06:56 - 000000057 _____ () C:\ProgramData\Ament.ini
2017-09-20 09:28 - 2017-09-20 09:28 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-05 08:50
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by Tony Nacelewicz (12-11-2017 13:24:44)
Running from G:\Downloads\Security Tools
Windows 10 Home Version 1703 15063.674 (X64) (2017-09-20 14:44:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3959300325-684031159-519766923-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3959300325-684031159-519766923-503 - Limited - Disabled)
Guest (S-1-5-21-3959300325-684031159-519766923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3959300325-684031159-519766923-1002 - Limited - Enabled)
Tony Nacelewicz (S-1-5-21-3959300325-684031159-519766923-1001 - Administrator - Enabled) => C:\Users\Tony Nacelewicz
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Acronis Disk Director 12 (HKLM-x32\...\{AE372858-B1BD-49EF-8308-648322846008}) (Version: 12.0.3223 - Acronis)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Premiere Pro 2.0 (HKLM-x32\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
Amazon Music (HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Amazon Amazon Music) (Version: 5.6.1.1094 - Amazon Services LLC)
ANT Drivers Installer x64 (HKLM\...\{B9218A36-7AD3-4046-8D77-31F51DC0D795}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS PCE-AC68 WLAN Card Utilities/Driver (HKLM-x32\...\{39BD9681-D3B1-435C-A0C1-F87C68513401}) (Version: 2.1.0.6 - ASUS)
Avast Driver Updater (HKLM-x32\...\{06E0CADE-89B2-4EFD-B0AF-0DDCE4400E70}) (Version: 2.2.3 - AVAST Software) Hidden
Avast Driver Updater (HKLM-x32\...\Avast Driver Updater) (Version: 2.2.3 - AVAST Software)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 3.0.2) (Version: 3.0.2 - Avery Products Corporation)
Backup and Sync from Google (HKLM-x32\...\{604582EB-8259-4ED6-9B1B-6F2494D4B640}) (Version: 3.37.7411.4599 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM-x32\...\{79b22d0a-c7ba-4c33-9a03-f05ea1b48adb}) (Version: 4.0.4973.0 - Box Inc.) Hidden
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version:  - TGRMN Software)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Cardo Updater (HKLM-x32\...\Cardo Updater_is1) (Version:  - Cardo Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberPower PowerPanel Personal Edition 1.3 (HKLM-x32\...\{EDEC45BE-39B9-4C23-81AF-FD1B5CECEA2A}) (Version: 1.3 - Cyber Power Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 38.4.27 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Elevated Installer (HKLM-x32\...\{B85F70BE-A5A3-48A2-A790-AF6001F026E0}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
EULAlyzer 2.2 (HKLM-x32\...\EULAlyzer_is1) (Version: 2.2.0 - BrightFort LLC)
Evernote v. 6.5.4 (HKLM-x32\...\{D47E7D82-0D98-11E7-A6D6-005056951CAD}) (Version: 6.5.4.4720 - Evernote Corp.)
Facebook Gameroom 1.9.6443.18496 (HKLM-x32\...\{2BA6B7D9-1D15-44FE-BC95-94FA4DB19B75}) (Version: 1.9.6443.18496 - Facebook)
Family Tree Heritage (HKLM-x32\...\Family Tree Heritage) (Version:  - )
Family Tree Heritage Collaboration Support (HKLM-x32\...\{50BD0B15-5197-4EAF-8BCD-81117D1324B1}) (Version: 1.10.0010 - Individual Software) Hidden
Family Tree Heritage Collaboration Support (HKLM-x32\...\InstallShield_{50BD0B15-5197-4EAF-8BCD-81117D1324B1}) (Version: 1.10.0010 - Individual Software)
Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2018.30 (HKLM-x32\...\{152AD9F4-AFBF-417B-AC07-0C6A3EB6D304}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5b328687-2baf-4fb6-b6c7-c49fb4840cba}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5F4164CE-621E-4AFD-BBFE-1BBE2299710E}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{4E9533AB-7743-4B73-A5D2-42207E159E11}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.89 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Photos Backup (HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{24C7AD6B-F418-4D3B-B7F2-F3603FD720BF}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Product Improvement Study (HKLM\...\{566BB063-0E28-4273-A748-690BE86A7E26}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.8.37.11 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
KeePass Password Safe 2.37 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.37 - Dominik Reichl)
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.4.0.6486 - Mozilla)
Mozilla Thunderbird 52.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 en-US)) (Version: 52.4.0 - Mozilla)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.005 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
Nuance Cloud Connector (HKLM-x32\...\{33D3472C-CC4D-4FC5-95FB-2615C6B5E4F3}) (Version: 3.2.960 - Nuance Communications, Inc.)
Nuance OmniPage 18 (HKLM-x32\...\{90F50D38-23E4-42AA-8483-75C1D8C546AB}) (Version: 18.1.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 (HKLM\...\{4131723B-BF21-4372-AFFD-82F31C31E50A}) (Version: 8.10.6267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 (HKLM-x32\...\{4131723B-BF21-4372-AFFD-82F31C31E50A}) (Version: 8.10.6267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x64 (HKLM\...\{45AE5880-34A1-4575-92A6-11D0DC182F24}) (Version: 8.11.0000 - Nuance Communications, Inc.)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.35 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
Password Agent 2.6.3 (HKLM-x32\...\Password Agent 2) (Version: 2.6.3  - Moon Software)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 13.0 - PlotSoft LLC)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) Hidden
PreSonus Studio One 3 x64 (HKLM\...\PreSonus Studio One 3) (Version: 3.3.3.41198 - PreSonus Audio Electronics)
Quicken WillMaker Plus 2015 (HKLM-x32\...\{661DA1B8-368B-42D5-BC0C-03B8C901A8FB}) (Version: 1.0.0.0 - Nolo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.12 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
SafeZone Stable 1.51.2220.62 (HKLM-x32\...\SafeZone 1.51.2220.62) (Version: 1.51.2220.62 - Avast Software) Hidden
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
Sena Bluetooth Device Manager 2.4 (HKLM-x32\...\Sena Bluetooth Device Manager) (Version: 2.4 - Copyright © 2012 ~ 2015 Sena Technologies Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.9.1.35 - NVIDIA Corporation) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
SpaceEngine version 0.9.8.0 (HKLM-x32\...\{6E7A40FA-86CE-4844-A7DC-F8769F21A62F}_is1) (Version: 0.9.8.0 - SpaceEngine)
Spotify (HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\Spotify) (Version: 1.0.66.478.g1296534d - Spotify AB)
SwannView Plus (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 1.02.16.50 - company)
Tresorit (HKLM-x32\...\{8E5CDB31-BAED-48DE-96EA-BDB81F93E729}) (Version: 3.0.1190.696 - Tresorit)
Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.5.0.4 - 't Schrijverke)
Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 15.3.7.9 - Verizon)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{2F540611-6560-470F-924A-5F52EFA9156F}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\WinDirStat) (Version:  - )
WinDjView 2.1 (HKLM\...\WinDjView) (Version: 2.1 - Andrew Zhezherun)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (03/12/2015 2.5.1.8) (HKLM\...\B3AA6C9134D255D1F3923AA2D4B34C6FDEDB5C96) (Version: 03/12/2015 2.5.1.8 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3959300325-684031159-519766923-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Tony Nacelewicz\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3959300325-684031159-519766923-1001_Classes\CLSID\{822B4859-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\Tony Nacelewicz\AppData\Local\Tresorit\v0.8\TresoritExt64_2.dll ()
CustomCLSID: HKU\S-1-5-21-3959300325-684031159-519766923-1001_Classes\CLSID\{822B485A-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\Tony Nacelewicz\AppData\Local\Tresorit\v0.8\TresoritExt64_2.dll ()
CustomCLSID: HKU\S-1-5-21-3959300325-684031159-519766923-1001_Classes\CLSID\{822B485B-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\Tony Nacelewicz\AppData\Local\Tresorit\v0.8\TresoritExt64_2.dll ()
CustomCLSID: HKU\S-1-5-21-3959300325-684031159-519766923-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tony Nacelewicz\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-10] (AVAST Software)
ShellIconOverlayIdentifiers: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll [2012-09-24] (Gladinet, INC)
ShellIconOverlayIdentifiers: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll [2012-09-24] (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll [2012-09-24] (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll [2012-09-24] (Gladinet, INC)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-10] (AVAST Software)
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-01] (Google)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2013-10-07] (g10 Code GmbH)
ContextMenuHandlers1: [PDFC7.ShellExtension] -> {877327F4-8A93-4320-932C-338069C27BEA} => C:\Program Files (x86)\Nuance\PDF Professional 8\ShellExt70.dll [2012-10-23] (Nuance Communications, Inc.)
ContextMenuHandlers1: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers1: [Zeon.GMFCDirectShellExt] -> {C037D85B-2F6F-4B14-9E6D-26D504D9194B} => C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GDirectShellExt.dll [2013-04-15] (Zeon International Investment Corp. )
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-10] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers3: [Open With Gladinet] -> {81695C6B-C2CA-492F-951D-5469840B2098} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetShellProxy.dll [2012-09-24] (Gladinet, INC)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-01] (Google)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2013-10-07] (g10 Code GmbH)
ContextMenuHandlers4: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers5: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-10] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers1_S-1-5-21-3959300325-684031159-519766923-1001: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\Tony Nacelewicz\AppData\Local\Tresorit\v0.8\TresoritExt64_2.dll [2015-01-20] ()
ContextMenuHandlers4_S-1-5-21-3959300325-684031159-519766923-1001: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\Tony Nacelewicz\AppData\Local\Tresorit\v0.8\TresoritExt64_2.dll [2015-01-20] ()
ContextMenuHandlers5_S-1-5-21-3959300325-684031159-519766923-1001: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\Tony Nacelewicz\AppData\Local\Tresorit\v0.8\TresoritExt64_2.dll [2015-01-20] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02061C86-2808-4BE8-8D33-E23240A4B152} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {025E6D11-57F5-4B7D-A6E1-A2C0A08BCB64} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-27] (Adobe Systems Incorporated)
Task: {072E0C7B-5559-40C6-A8F2-7A7DFB55A805} - System32\Tasks\{47B8C2C6-478B-444C-BC97-D3113EA53716} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\MSI\Live Update\LU5\DL_FILE\Realtek_HD_Audio_Drivers_6.0.1.7069\Setup.exe" -d C:\Windows\system32
Task: {0BF6EEE2-ED59-4C42-89A0-B93FAF3FC588} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {0CB27B77-E513-40EA-9FA7-E9598C5156A0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0FFE4DD9-A733-4920-87A7-CB033A98D8C0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {10355E75-4B81-4277-A7A7-01DBC0BE3277} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {10AB9F90-8959-4A7E-A211-317A7B6E22D9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {156C4F25-BF52-4555-87A6-FE678EED0A38} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1C7C8319-D41F-47AB-B4AB-1F52B563AEC0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-22] (Dropbox, Inc.)
Task: {1FFA2A07-EBEB-4C62-8920-08C289E85A70} - System32\Tasks\SafeZone scheduled Autoupdate 1486652643 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {257E17D2-E629-439B-B789-5AC1FD86A927} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {2D02B4D4-DDDC-43E1-81A1-6A68DC893561} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {314C088F-496C-42C1-B4C3-3C0BC0C23372} - System32\Tasks\HPCeeScheduleForTony Nacelewicz => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {35E9347D-B465-45E2-ADCE-A41B2606625F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {3747CD43-9556-4C22-A1FC-92ADED4E1D78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-27] (Adobe Systems Incorporated)
Task: {3AF5C7DB-3812-4101-A599-79940A03D077} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {3B890968-F76A-42CB-ABEF-52CEFFB9C6EA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {47FE27FD-2C2F-4BC2-ADDF-FDBC4A284E98} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {49236E32-2895-4E03-B7A6-8FBB230BDA53} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {49512457-2A07-4013-870A-2A7007079B7A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {4FA4B3FA-CABE-4DB3-8CE5-53489F0CA3A7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {53490088-4317-494D-AC30-5A62A1F084AC} - System32\Tasks\{89F7B91F-8887-48FE-AEA0-B4461E389ADE} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tony Nacelewicz\Downloads\HijackThis.exe" -d "C:\Users\Tony Nacelewicz\Downloads"
Task: {5377ECFA-0320-4B72-831A-91E2ED682821} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5432F66A-FF91-4E1D-B9CE-F18A8C6893E1} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {5992514F-8257-44F9-B213-DEA4F4188C4F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {67D28ADE-30D6-45FA-8A1B-6F9A6115F5A3} - System32\Tasks\PCEAC68WLANMGR => C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe [2015-03-11] (ASUS)
Task: {68F408E4-9F72-494C-8774-DB8F2B6DB78F} - System32\Tasks\{3878F1D8-0444-49A5-9E65-9D473DA0BFCA} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tony Nacelewicz\Downloads\sp65822.exe" -d "C:\Users\Tony Nacelewicz\Downloads"
Task: {6E50CC2E-B265-4690-9334-5EC932E18685} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {7874EEE1-D079-4E58-9167-1B964DEC1D42} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {78F44D51-4250-4DFD-A787-8C858F768E29} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7927F8B5-FCCF-4FC7-889E-37AD3AE436DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {7C46B1E0-9C98-4711-8433-0F44A95BC15C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {80A668BC-8419-4785-9B97-C17CBE283DCA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {81305685-7ED7-4317-8372-A69F2409C73D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {852578AF-9AB5-46EC-9C91-15FCBC00E1EF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {856CE811-DAEC-413F-8748-116E342C87D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3959300325-684031159-519766923-1001UA1d2587b41fe1ee6 => C:\Users\Tony Nacelewicz\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {86422BB1-BA10-44F4-845F-397475E6FFD6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {88DA2A10-74DA-4FB6-8BEC-9D65DFFFF4F8} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {89C84575-3F19-4587-8E94-E6DAFBF39A62} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-10-09] ()
Task: {8E3D2F71-8D97-4D93-8BD1-48718A4C67AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {960E5479-C53F-4EED-BD1D-7634EA95E429} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {96883F2F-2517-4C9C-9C4A-6E31A011086B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {978F427E-E640-46F4-92D4-919EF0763961} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {A2CE51CA-7CFC-4DD6-84DE-0CA56AC3544A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-11] (Microsoft Corporation)
Task: {A471D528-CFAB-4212-8B80-7E33537A66E0} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A63CA582-4254-424F-BA23-2143631C3EDD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-22] (Dropbox, Inc.)
Task: {A88045F2-3C67-4764-A438-823C30AFBDA7} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A951BBA4-B134-4387-B2D0-39E2B13ADD19} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {AC1DD0D1-A552-4B6E-8C77-438561E6DA32} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {ACB06DF0-56C5-4527-9616-C31B53F7284B} - System32\Tasks\SafeZone scheduled Autoupdate 1447692306 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {AD023B34-34B6-453A-9FAF-D9B6157E917D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3959300325-684031159-519766923-1001Core => C:\Users\Tony Nacelewicz\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AF990703-B01C-4285-9EC2-B375E1FAC578} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {B485FEA4-1FE6-4B16-BC1C-C610F45BF3E4} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C301E7B1-0117-46F7-A576-78E82706BCC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C789D757-97B1-4D19-A701-20184C403DDC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D15B01C0-28A1-46B9-AFC9-B1B5B60F15C2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3959300325-684031159-519766923-1001UA => C:\Users\Tony Nacelewicz\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DDF014F4-9906-4A48-B038-993D981BA066} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E290E275-2C26-4D22-A14E-367771AC6A91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {EC1D4C15-79D5-48BE-ACB7-3F7C4D650E8A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F153DD20-91C7-4BE9-9E23-9DE5BEAB07E8} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F1DF564F-7512-4054-A712-BB118FECF056} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F4282194-924C-40F5-B6B3-41064C243B0E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F44B6FFA-5AC9-4AEF-AF64-7D1865BEC06C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F85D82F2-CC87-4277-8205-F563DAC3A5AE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-10] (AVAST Software)
Task: {F860648B-384F-4D53-93BD-CC4F62153DB2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FDF426D0-4E2E-4C3B-B74D-F6ADA4B429D5} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FE935586-A1BE-4D2E-A48C-6BC5F07E8755} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3959300325-684031159-519766923-1001Core1d2587b41f41004 => C:\Users\Tony Nacelewicz\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {FFDE4C06-5F92-4C8F-9BF9-2292D9FE9AB5} - System32\Tasks\Avast Driver Updater Startup => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe [2017-09-27] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Avast Driver Updater Startup.job => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3959300325-684031159-519766923-1001Core.job => C:\Users\Tony Nacelewicz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3959300325-684031159-519766923-1001UA.job => C:\Users\Tony Nacelewicz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForTony Nacelewicz.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Tony Nacelewicz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a41ce5b91aa3166e\MightyText - SMS Text Messaging from Computer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dkfhfaphfkopdgpbfkebjfcblcafcmpi
ShortcutWithArgument: C:\Users\Tony Nacelewicz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-20 09:28 - 2016-11-14 06:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 22:51 - 2017-10-18 22:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-07 09:54 - 2013-10-07 09:54 - 000218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2017-10-13 09:04 - 2017-10-04 12:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-13 09:04 - 2017-10-04 12:15 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-09-23 23:42 - 2012-09-23 23:42 - 000222104 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-01-20 13:49 - 2015-01-20 13:49 - 000787456 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Tresorit\v0.8\TresoritExt64_2.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2011-10-07 04:39 - 2011-10-07 04:39 - 001304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2017-10-20 14:22 - 2017-10-20 14:22 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-10-20 14:22 - 2017-10-20 14:22 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-11-10 09:27 - 2017-11-10 09:27 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-11-01 05:49 - 2017-11-01 05:49 - 040417680 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
2017-11-06 14:55 - 2017-11-05 04:12 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libglesv2.dll
2017-11-06 14:55 - 2017-11-05 04:12 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libegl.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2017-09-14 10:02 - 2017-09-14 10:02 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000325632 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-10-09 15:12 - 2017-10-09 15:12 - 000073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2013-10-07 09:49 - 2013-10-07 09:49 - 000069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 09:44 - 2013-10-07 09:44 - 000050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 09:49 - 2013-10-07 09:49 - 000628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2013-10-07 09:49 - 2013-10-07 09:49 - 000221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 09:47 - 2013-10-07 09:47 - 000037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2012-09-23 23:30 - 2012-09-23 23:30 - 000292760 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\sqlite3.dll
2012-09-23 23:30 - 2012-09-23 23:30 - 000079768 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\zlib125.dll
2012-09-23 23:30 - 2012-09-23 23:30 - 000016280 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui.dll
2016-02-04 14:55 - 2016-01-22 21:55 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-11-10 09:27 - 2017-11-10 09:27 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-10 09:27 - 2017-11-10 09:27 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-23 11:25 - 2017-07-23 11:25 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-10 09:27 - 2017-11-10 09:27 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-10 09:27 - 2017-11-10 09:27 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-10 09:27 - 2017-11-10 09:27 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-11-12 10:49 - 2017-11-12 10:49 - 000088064 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\_ctypes.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000918528 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\_hashlib.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000098816 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\win32api.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000110080 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\pywintypes27.dll
2017-11-12 10:49 - 2017-11-12 10:49 - 000364544 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\pythoncom27.dll
2017-11-12 10:49 - 2017-11-12 10:49 - 000686080 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\unicodedata.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000320512 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\win32com.shell.shell.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 001177088 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\wx._core_.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000806912 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\wx._gdi_.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000816640 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\wx._windows_.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 001067520 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\wx._controls_.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000733696 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\wx._misc_.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000736256 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\pysqlite2._sqlite.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000119808 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\win32file.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000108544 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\win32security.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000007168 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\hashobjs_ext.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000017920 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\thumbnails_ext.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000082432 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\usb_ext.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000013824 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\common.time34.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000018432 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\win32event.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000027648 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\windows.conditional.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000017408 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\windows.winwrap.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000089088 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\windows.volumes.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000167936 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\win32gui.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000046080 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\_socket.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 001309696 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\_ssl.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000129536 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\_elementtree.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000127488 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\pyexpat.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000038912 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\win32inet.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000077824 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\wx._html2.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000036864 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\_psutil_windows.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000524248 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\windows._lib_cacheinvalidation.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000011264 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\win32crypt.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000218624 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\PIL._imaging.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000027648 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\_multiprocessing.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000020480 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\_yappi.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000035840 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\win32process.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000024064 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\win32pipe.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000010240 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\select.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000025600 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\win32pdh.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000059392 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\windows.device_monitor.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000017408 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\win32profile.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000022528 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI137282\win32ts.pyd
2017-03-20 10:57 - 2017-03-20 10:57 - 000321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2017-08-21 13:25 - 2017-08-21 13:25 - 001157632 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Facebook\Games\CefSharp.Core.dll
2017-08-21 13:25 - 2017-08-21 13:25 - 068178432 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Facebook\Games\libcef.dll
2012-09-23 23:30 - 2012-09-23 23:30 - 000133016 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui_En.dll
2012-09-23 23:35 - 2012-09-23 23:35 - 000251800 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSBr_nuance.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 002144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 007955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 000336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2017-11-03 08:41 - 2017-11-01 06:58 - 000724288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-11-03 08:41 - 2017-11-01 06:58 - 002002752 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-10-05 08:31 - 2017-11-01 06:57 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-10-05 08:31 - 2017-11-01 07:01 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-11-03 08:41 - 2017-11-01 06:57 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-11-03 08:41 - 2017-11-01 06:58 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-10-05 08:31 - 2017-11-01 06:57 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-10-05 08:31 - 2017-11-01 07:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-11-03 08:41 - 2017-11-01 06:57 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-11-03 08:41 - 2017-11-01 06:58 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-10-05 08:31 - 2017-11-01 07:01 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-10-05 08:31 - 2017-11-01 07:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-10-05 08:31 - 2017-11-01 07:01 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-10-05 08:31 - 2017-11-01 07:01 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-10-05 08:31 - 2017-11-01 07:01 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-10-05 08:31 - 2017-11-01 07:01 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-10-05 08:31 - 2017-11-01 07:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-10-05 08:31 - 2017-11-01 07:01 - 000100688 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-10-05 08:31 - 2017-11-01 07:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-10-05 08:31 - 2017-11-01 07:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-10-05 08:31 - 2017-11-01 07:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-10-05 08:31 - 2017-11-01 06:57 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-10-05 08:31 - 2017-11-01 07:01 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-11-03 08:41 - 2017-11-01 06:58 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-11-03 08:41 - 2017-11-01 07:01 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-11-03 08:41 - 2017-11-01 06:58 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-11-03 08:41 - 2017-11-01 07:01 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-10-05 08:31 - 2017-11-01 07:01 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-11-03 08:41 - 2017-11-01 07:01 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-10-05 08:31 - 2017-11-01 07:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-11-03 08:41 - 2017-11-01 07:01 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000088064 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\_ctypes.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000918528 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\_hashlib.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000098816 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\win32api.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000110080 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\pywintypes27.dll
2017-11-12 10:49 - 2017-11-12 10:49 - 000364544 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\pythoncom27.dll
2017-11-12 10:49 - 2017-11-12 10:49 - 000686080 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\unicodedata.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000320512 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\win32com.shell.shell.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 001177088 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\wx._core_.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000806912 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\wx._gdi_.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000816640 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\wx._windows_.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 001067520 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\wx._controls_.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000733696 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\wx._misc_.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000736256 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\pysqlite2._sqlite.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000119808 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\win32file.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000108544 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\win32security.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000007168 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\hashobjs_ext.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000017920 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\thumbnails_ext.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000082432 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\usb_ext.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000013824 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\common.time34.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000018432 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\win32event.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000027648 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\windows.conditional.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000017408 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\windows.winwrap.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000089088 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\windows.volumes.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000167936 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\win32gui.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000046080 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\_socket.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 001309696 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\_ssl.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000129536 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\_elementtree.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000127488 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\pyexpat.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000038912 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\win32inet.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000077824 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\wx._html2.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000036864 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\_psutil_windows.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000524248 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\windows._lib_cacheinvalidation.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000011264 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\win32crypt.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000218624 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\PIL._imaging.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000027648 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\_multiprocessing.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000020480 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\_yappi.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000035840 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\win32process.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000024064 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\win32pipe.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000010240 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\select.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000025600 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\win32pdh.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000059392 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\windows.device_monitor.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000017408 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\win32profile.pyd
2017-11-12 10:49 - 2017-11-12 10:49 - 000022528 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Temp\_MEI98162\win32ts.pyd
2017-08-21 13:25 - 2017-08-21 13:25 - 000748032 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2017-08-21 13:25 - 2017-08-21 13:25 - 002246144 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Facebook\Games\libglesv2.dll
2017-08-21 13:25 - 2017-08-21 13:25 - 000079360 _____ () C:\Users\Tony Nacelewicz\AppData\Local\Facebook\Games\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:84098FD3 [133]
AlternateDataStreams: C:\ProgramData\TEMP:A303874F [233]
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81 [231]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3959300325-684031159-519766923-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "VerizonCloud"
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\StartupApproved\StartupFolder: => "NexDef Plug-in.lnk"
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\StartupApproved\Run: => "BlueCoreInterfaceTrayApp"
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\StartupApproved\Run: => "SynchronossPC"
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\StartupApproved\Run: => "WinPatrol"
HKU\S-1-5-21-3959300325-684031159-519766923-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F5F09C8D-EF3C-4795-8888-DCAB464C0124}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{A8CC6CC9-88E1-40CC-984C-97A67EF59E20}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{A30E9184-CCF3-4411-B60D-2A29E7329E6F}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe
FirewallRules: [{C061C84C-801B-491C-927F-A375DF408B80}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe
FirewallRules: [{6A3B1508-3335-4B02-9E96-F37E49997444}] => (Allow) C:\Program Files\PreSonus\Studio One 3\Studio One.exe
FirewallRules: [TCP Query User{6609D055-7164-41C9-A261-81DCEE5D1B95}C:\users\tony nacelewicz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tony nacelewicz\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{45547F92-1CCF-4DE8-8719-DAF1FBE7C7F9}C:\users\tony nacelewicz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tony nacelewicz\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{46A9EEEC-E41C-4379-9C84-2C5448956741}C:\program files\swannview plus\swannview plus storage\nvrstoragesever.exe] => (Allow) C:\program files\swannview plus\swannview plus storage\nvrstoragesever.exe
FirewallRules: [UDP Query User{7DC1AFCC-ECC4-4F54-8DDB-66D3D9E18739}C:\program files\swannview plus\swannview plus storage\nvrstoragesever.exe] => (Allow) C:\program files\swannview plus\swannview plus storage\nvrstoragesever.exe
FirewallRules: [{6C53A5C0-C27E-4F86-9976-4788419BE70F}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{88B8DB62-B29C-41FF-B0F8-45AE582DA9BA}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{BF674D79-30AA-4388-ACEF-98AFE43FA5F5}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{A9B772FA-84CF-4D8E-BAFC-75C72599B128}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{542B7391-ECDE-4397-ADFC-F95BAE837573}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{BF76D247-2F0C-48C4-992D-50D06C8859ED}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{AAFC501B-929C-40AA-9804-77941058620B}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{2383BF11-D226-4C07-9234-E970FECD4D25}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{4499C4A2-D849-4987-A7DA-7A1516E08BB1}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{D1795B36-8619-4681-80D5-34E365E2B2C9}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{5373A3CE-8078-4064-ABA0-2A946B111CBA}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{ACDDEC17-5A98-4771-86BA-65C57F52EFF7}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{23799101-50B1-460B-BA57-76C55C287C86}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{C55707DD-CE1A-4977-92B7-26A2BC7E2568}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{78CBD01B-AA8C-4E39-97AC-E61B1362D640}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [{C82F7FCA-81DC-45F2-AAE9-38D70977C46A}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [TCP Query User{F3D45C09-1D73-41E2-A04B-4F5AA1945FDA}C:\program files\swannview plus\swannview plus client\swannview plus.exe] => (Allow) C:\program files\swannview plus\swannview plus client\swannview plus.exe
FirewallRules: [UDP Query User{42DF7DF4-AD0E-400A-AE5E-5935A722ADF2}C:\program files\swannview plus\swannview plus client\swannview plus.exe] => (Allow) C:\program files\swannview plus\swannview plus client\swannview plus.exe
FirewallRules: [TCP Query User{A0BCF26A-FB32-4DEF-ABDF-3935EA5C8455}C:\program files\swannview plus\swannview plus client\swannview plus.exe] => (Allow) C:\program files\swannview plus\swannview plus client\swannview plus.exe
FirewallRules: [UDP Query User{E7D14B25-9FB2-46DD-A50A-C55DF4640E91}C:\program files\swannview plus\swannview plus client\swannview plus.exe] => (Allow) C:\program files\swannview plus\swannview plus client\swannview plus.exe
FirewallRules: [{B6522693-E933-4D9C-8DE0-3D253DFDA976}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe
FirewallRules: [{2BE37A14-7BB4-41E0-9877-1700168F3E9B}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe
FirewallRules: [{031A6F70-ED8B-401A-BC6F-41BCE9A2127F}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\PPMV.exe
FirewallRules: [{8C6B9582-4C0C-430A-ABBC-7330D8FB669A}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\PPMV.exe
FirewallRules: [{CBDC25F9-F0FC-48D5-8269-FA56D6CD97F1}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe
FirewallRules: [{30AA29EC-D0D6-4F4D-9B0D-2AE4CAE3058B}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe
FirewallRules: [TCP Query User{E8F84F48-B742-4DB7-B99B-5A292CC4402C}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [UDP Query User{245C2A7F-65DA-4E0E-B880-85425DAEEA52}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [{0A91FA7B-C20B-4975-A1C5-2CA9F7D47684}] => (Block) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [{852A765C-E601-4FFF-8931-A16AE9EA37C9}] => (Block) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [TCP Query User{5CA395EA-9ADB-444B-AF75-CFC5F3C3B448}C:\users\tony nacelewicz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tony nacelewicz\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3147539C-C8C4-4053-85F0-970F5C36AA87}C:\users\tony nacelewicz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tony nacelewicz\appdata\roaming\spotify\spotify.exe
FirewallRules: [{08B0F4BE-5FD5-4704-9388-D541771CC0F1}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe
FirewallRules: [{F6F73E0D-BF50-4990-B0D0-771729275286}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe
FirewallRules: [{B71F3163-368D-48B2-8922-3745B00AC131}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E0163DB3-7507-4BF6-AB61-0EF953F62327}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2A78A018-5FF4-4DD3-8023-CC01DA98EBCC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{77FD96F2-3583-4435-8597-7B9A74FE70DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69482548-0165-44A7-8438-1BD470BA685C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3F30DF02-A94F-4D68-AA55-0093EF9A7512}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{34320D02-9E51-43FF-99B1-C753D113A74C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6A4A78C4-003A-4EE1-B3D8-DAB426B7E08E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C6AA5E37-ABE5-40FC-9126-B8BAABB4F911}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FF631CCF-357E-4DF3-B0C8-D1AFAA6E0DC3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{39A45379-8C9C-4991-9557-476535A1E8F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8F75DEB4-FB32-4097-B6EF-A4866FFA492C}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{7F1B0846-C85C-40F9-8EFA-6499EEECE792}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{812400BA-A2FC-46B0-92A9-C810EA8B3B7C}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{D5B45967-6BF1-4FA5-A05B-04C0D104F8B6}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{0F906E2E-D3B1-426B-8341-09B0B770C147}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [{C98EB335-7AF2-4626-BC95-A03462D7BA3B}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [{D52A13AD-9879-419C-9D86-7206C49FDC0A}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\DeviceSetup.exe
FirewallRules: [{C9CED55D-29F0-436B-9EB8-D330DCAAB0AA}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E06704BF-7BFC-44C9-9113-8BE41104C7E1}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{CB6319BF-1DB6-4256-A5C8-32CE534140D5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C3B2A14F-AA5E-42B6-9A4A-217FBA7D65DB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{F6F5CCD4-7C89-4853-AB6C-4DDA77EB9DEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
05-11-2017 10:35:44 Scheduled Checkpoint
10-11-2017 11:08:09 Installed Realtek Ethernet Diagnostic Utility
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/12/2017 10:49:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MULTIMEDIA)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/11/2017 05:25:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MULTIMEDIA)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/11/2017 05:21:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MULTIMEDIA)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/11/2017 02:49:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MULTIMEDIA)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/11/2017 02:30:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MULTIMEDIA)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/11/2017 02:29:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (11/11/2017 02:29:03 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (11/11/2017 09:32:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MULTIMEDIA)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/11/2017 08:20:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 1.0.0.127.in-addr.arpa. PTR Multimedia-2.local.
 
Error: (11/11/2017 08:20:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353   18 1.0.0.127.in-addr.arpa. PTR Multimedia.local.
 
 
System errors:
=============
Error: (11/12/2017 01:24:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/12/2017 01:24:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/12/2017 01:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/12/2017 01:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/12/2017 01:24:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/12/2017 01:24:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/12/2017 01:24:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/12/2017 01:24:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/12/2017 01:24:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (11/12/2017 01:24:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error: 
The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
  Date: 2017-11-11 09:33:42.855
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-11-11 09:33:10.666
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-11-11 09:33:10.233
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-10-31 09:21:56.082
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-10-31 09:21:34.917
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-10-31 09:19:47.490
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-10-31 09:19:38.203
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-10-31 09:19:32.619
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-10-31 09:19:31.795
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-10-31 09:19:26.022
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 43%
Total physical RAM: 12279.11 MB
Available physical RAM: 6878.87 MB
Total Virtual: 26615.11 MB
Available Virtual: 19540.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:222.63 GB) (Free:114.91 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:223.47 GB) (Free:147.85 GB) NTFS
Drive g: () (Fixed) (Total:707.94 GB) (Free:669.96 GB) NTFS
Drive l: (NEW VOLUME) (Removable) (Total:1.95 GB) (Free:1.9 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: AB5871AC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=859 MB) - (Type=27)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F27F9657)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=707.9 GB) - (Type=OF Extended)
 
========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 0D0C0B0A)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)
 
==================== End of Addition.txt ============================

Edited by tonynace, 12 November 2017 - 01:35 PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:50 AM

Posted 12 November 2017 - 01:44 PM

Copy FRST / FSRT64.exe to your desktop!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt



Start::
CreateRestorePoint:
CloseProcesses:
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2017-11-12] (SlimWare Utilities, Inc.)
C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
U3 idsvc; no ImagePath
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
Task: {0FFE4DD9-A733-4920-87A7-CB033A98D8C0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2D02B4D4-DDDC-43E1-81A1-6A68DC893561} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4FA4B3FA-CABE-4DB3-8CE5-53489F0CA3A7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5992514F-8257-44F9-B213-DEA4F4188C4F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7874EEE1-D079-4E58-9167-1B964DEC1D42} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8E3D2F71-8D97-4D93-8BD1-48718A4C67AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {96883F2F-2517-4C9C-9C4A-6E31A011086B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AC1DD0D1-A552-4B6E-8C77-438561E6DA32} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C789D757-97B1-4D19-A701-20184C403DDC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EC1D4C15-79D5-48BE-ACB7-3F7C4D650E8A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F44B6FFA-5AC9-4AEF-AF64-7D1865BEC06C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.


How the computer is running now?

Scan with AdwCleaner again and post the content of the log here please.

Edited by Jo*, 12 November 2017 - 01:45 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 tonynace

tonynace
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 12 November 2017 - 11:21 PM

It's still there. Did I have to paste the script in FSRT, or was just putting it in the same location enough? Anyhow, here's the result I received:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by Tony Nacelewicz (12-11-2017 23:09:00) Run:1
Running from G:\Downloads\Security Tools
Loaded Profiles: Tony Nacelewicz (Available Profiles: Tony Nacelewicz & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2017-11-12] (SlimWare Utilities, Inc.)
C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
U3 idsvc; no ImagePath
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
Task: {0FFE4DD9-A733-4920-87A7-CB033A98D8C0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2D02B4D4-DDDC-43E1-81A1-6A68DC893561} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4FA4B3FA-CABE-4DB3-8CE5-53489F0CA3A7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5992514F-8257-44F9-B213-DEA4F4188C4F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7874EEE1-D079-4E58-9167-1B964DEC1D42} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8E3D2F71-8D97-4D93-8BD1-48718A4C67AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {96883F2F-2517-4C9C-9C4A-6E31A011086B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AC1DD0D1-A552-4B6E-8C77-438561E6DA32} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C789D757-97B1-4D19-A701-20184C403DDC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EC1D4C15-79D5-48BE-ACB7-3F7C4D650E8A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F44B6FFA-5AC9-4AEF-AF64-7D1865BEC06C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\SWDUMon => key removed successfully
SWDUMon => service removed successfully
C:\WINDOWS\system32\DRIVERS\SWDUMon.sys => moved successfully
HKLM\System\CurrentControlSet\Services\BCM42RLY => key removed successfully
BCM42RLY => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FFE4DD9-A733-4920-87A7-CB033A98D8C0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FFE4DD9-A733-4920-87A7-CB033A98D8C0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D02B4D4-DDDC-43E1-81A1-6A68DC893561} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D02B4D4-DDDC-43E1-81A1-6A68DC893561} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FA4B3FA-CABE-4DB3-8CE5-53489F0CA3A7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FA4B3FA-CABE-4DB3-8CE5-53489F0CA3A7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5992514F-8257-44F9-B213-DEA4F4188C4F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5992514F-8257-44F9-B213-DEA4F4188C4F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7874EEE1-D079-4E58-9167-1B964DEC1D42} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7874EEE1-D079-4E58-9167-1B964DEC1D42} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E3D2F71-8D97-4D93-8BD1-48718A4C67AF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E3D2F71-8D97-4D93-8BD1-48718A4C67AF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96883F2F-2517-4C9C-9C4A-6E31A011086B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96883F2F-2517-4C9C-9C4A-6E31A011086B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC1DD0D1-A552-4B6E-8C77-438561E6DA32} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC1DD0D1-A552-4B6E-8C77-438561E6DA32} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C789D757-97B1-4D19-A701-20184C403DDC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C789D757-97B1-4D19-A701-20184C403DDC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC1D4C15-79D5-48BE-ACB7-3F7C4D650E8A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC1D4C15-79D5-48BE-ACB7-3F7C4D650E8A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F44B6FFA-5AC9-4AEF-AF64-7D1865BEC06C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F44B6FFA-5AC9-4AEF-AF64-7D1865BEC06C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 23:09:24 ====


#6 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:50 AM

Posted 13 November 2017 - 04:34 AM

The script did run fine.

Scan with AdwCleaner again and post the content of the AdwCleaner log here please.


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 tonynace

tonynace
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 13 November 2017 - 09:47 AM

# AdwCleaner 7.0.4.0 - Logfile created on Mon Nov 13 14:45:27 2017
# Updated on 2017/27/10 by Malwarebytes 
# Database: 11-13-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
PUP.Optional.Legacy, C:\Windows\SysNative\drivers\swdumon.sys
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.SlimCleanerPlus, [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C10].txt - [1038 B] - [2015/11/22 18:51:23]
C:/AdwCleaner/AdwCleaner[C11].txt - [1816 B] - [2015/12/4 2:19:19]
C:/AdwCleaner/AdwCleaner[C12].txt - [908 B] - [2015/12/4 3:6:2]
C:/AdwCleaner/AdwCleaner[C13].txt - [1155 B] - [2015/12/4 3:34:31]
C:/AdwCleaner/AdwCleaner[C14].txt - [908 B] - [2015/12/4 4:31:50]
C:/AdwCleaner/AdwCleaner[C15].txt - [1487 B] - [2015/12/4 5:8:45]
C:/AdwCleaner/AdwCleaner[C16].txt - [1029 B] - [2015/12/16 21:0:49]
C:/AdwCleaner/AdwCleaner[C17].txt - [1044 B] - [2015/12/17 15:26:43]
C:/AdwCleaner/AdwCleaner[C18].txt - [1044 B] - [2015/12/17 15:34:46]
C:/AdwCleaner/AdwCleaner[C19].txt - [11191 B] - [2016/9/2 15:4:53]
C:/AdwCleaner/AdwCleaner[C1].txt - [8623 B] - [2016/4/15 16:47:30]
C:/AdwCleaner/AdwCleaner[C20].txt - [11143 B] - [2017/5/22 1:37:23]
C:/AdwCleaner/AdwCleaner[C21].txt - [9461 B] - [2017/6/13 20:4:10]
C:/AdwCleaner/AdwCleaner[C22].txt - [11996 B] - [2017/6/16 14:0:13]
C:/AdwCleaner/AdwCleaner[C2].txt - [9239 B] - [2016/4/28 17:7:11]
C:/AdwCleaner/AdwCleaner[C3].txt - [8649 B] - [2016/5/4 15:13:58]
C:/AdwCleaner/AdwCleaner[C4].txt - [9378 B] - [2016/6/22 22:51:31]
C:/AdwCleaner/AdwCleaner[C5].txt - [9519 B] - [2016/6/22 23:4:39]
C:/AdwCleaner/AdwCleaner[C6].txt - [9672 B] - [2016/6/22 23:23:24]
C:/AdwCleaner/AdwCleaner[C7].txt - [9685 B] - [2016/6/22 23:35:9]
C:/AdwCleaner/AdwCleaner[C9].txt - [1327 B] - [2015/11/22 15:7:45]
C:/AdwCleaner/AdwCleaner[S0].txt - [1282 B] - [2015/4/2 15:0:50]
C:/AdwCleaner/AdwCleaner[S100].txt - [11841 B] - [2017/6/13 20:20:59]
C:/AdwCleaner/AdwCleaner[S101].txt - [9380 B] - [2017/6/16 13:59:34]
C:/AdwCleaner/AdwCleaner[S102].txt - [12068 B] - [2017/6/16 14:27:5]
C:/AdwCleaner/AdwCleaner[S103].txt - [12145 B] - [2017/6/22 17:58:54]
C:/AdwCleaner/AdwCleaner[S10].txt - [8348 B] - [2016/4/28 17:11:58]
C:/AdwCleaner/AdwCleaner[S11].txt - [8482 B] - [2016/5/4 15:11:13]
C:/AdwCleaner/AdwCleaner[S12].txt - [8569 B] - [2016/5/5 22:11:13]
C:/AdwCleaner/AdwCleaner[S13].txt - [8643 B] - [2016/5/15 15:51:49]
C:/AdwCleaner/AdwCleaner[S14].txt - [8717 B] - [2016/5/25 18:3:17]
C:/AdwCleaner/AdwCleaner[S15].txt - [9199 B] - [2016/6/22 22:48:32]
C:/AdwCleaner/AdwCleaner[S16].txt - [9340 B] - [2016/6/22 22:59:41]
C:/AdwCleaner/AdwCleaner[S17].txt - [9493 B] - [2016/6/22 23:8:32]
C:/AdwCleaner/AdwCleaner[S18].txt - [9512 B] - [2016/6/22 23:28:15]
C:/AdwCleaner/AdwCleaner[S19].txt - [9382 B] - [2016/6/22 23:37:15]
C:/AdwCleaner/AdwCleaner[S1].txt - [17121 B] - [2015/4/2 15:21:55]
C:/AdwCleaner/AdwCleaner[S20].txt - [9456 B] - [2016/6/22 23:59:20]
C:/AdwCleaner/AdwCleaner[S21].txt - [9530 B] - [2016/6/23 2:44:43]
C:/AdwCleaner/AdwCleaner[S22].txt - [9604 B] - [2016/7/7 17:48:4]
C:/AdwCleaner/AdwCleaner[S23].txt - [9678 B] - [2016/7/10 23:25:9]
C:/AdwCleaner/AdwCleaner[S24].txt - [9752 B] - [2016/7/25 19:32:40]
C:/AdwCleaner/AdwCleaner[S25].txt - [9826 B] - [2016/7/31 16:7:10]
C:/AdwCleaner/AdwCleaner[S29].txt - [803 B] - [2015/11/16 14:31:46]
C:/AdwCleaner/AdwCleaner[S2].txt - [9889 B] - [2015/4/2 15:29:22]
C:/AdwCleaner/AdwCleaner[S30].txt - [657 B] - [2015/11/16 14:40:47]
C:/AdwCleaner/AdwCleaner[S31].txt - [657 B] - [2015/11/16 14:48:37]
C:/AdwCleaner/AdwCleaner[S32].txt - [1212 B] - [2015/11/22 15:5:33]
C:/AdwCleaner/AdwCleaner[S33].txt - [1212 B] - [2015/11/22 15:16:6]
C:/AdwCleaner/AdwCleaner[S34].txt - [657 B] - [2015/11/22 15:22:35]
C:/AdwCleaner/AdwCleaner[S35].txt - [949 B] - [2015/11/22 16:12:19]
C:/AdwCleaner/AdwCleaner[S36].txt - [657 B] - [2015/11/22 17:22:7]
C:/AdwCleaner/AdwCleaner[S37].txt - [934 B] - [2015/11/22 17:28:31]
C:/AdwCleaner/AdwCleaner[S38].txt - [934 B] - [2015/11/22 18:27:41]
C:/AdwCleaner/AdwCleaner[S39].txt - [934 B] - [2015/11/22 18:40:23]
C:/AdwCleaner/AdwCleaner[S3].txt - [10080 B] - [2015/4/16 14:27:35]
C:/AdwCleaner/AdwCleaner[S40].txt - [925 B] - [2015/11/22 20:15:34]
C:/AdwCleaner/AdwCleaner[S41].txt - [648 B] - [2015/11/22 20:53:9]
C:/AdwCleaner/AdwCleaner[S42].txt - [929 B] - [2015/11/22 21:14:47]
C:/AdwCleaner/AdwCleaner[S43].txt - [663 B] - [2015/11/23 15:26:23]
C:/AdwCleaner/AdwCleaner[S44].txt - [662 B] - [2015/11/23 15:39:58]
C:/AdwCleaner/AdwCleaner[S45].txt - [663 B] - [2015/11/23 15:45:10]
C:/AdwCleaner/AdwCleaner[S46].txt - [663 B] - [2015/11/23 16:14:25]
C:/AdwCleaner/AdwCleaner[S47].txt - [663 B] - [2015/11/23 16:21:25]
C:/AdwCleaner/AdwCleaner[S48].txt - [663 B] - [2015/11/23 16:59:13]
C:/AdwCleaner/AdwCleaner[S49].txt - [663 B] - [2015/11/23 17:43:30]
C:/AdwCleaner/AdwCleaner[S4].txt - [10147 B] - [2015/5/27 15:55:51]
C:/AdwCleaner/AdwCleaner[S50].txt - [663 B] - [2015/11/23 18:34:21]
C:/AdwCleaner/AdwCleaner[S51].txt - [663 B] - [2015/11/26 15:51:50]
C:/AdwCleaner/AdwCleaner[S52].txt - [1682 B] - [2015/12/4 2:17:3]
C:/AdwCleaner/AdwCleaner[S53].txt - [1365 B] - [2015/12/4 2:22:16]
C:/AdwCleaner/AdwCleaner[S54].txt - [810 B] - [2015/12/4 3:3:50]
C:/AdwCleaner/AdwCleaner[S55].txt - [810 B] - [2015/12/4 3:9:13]
C:/AdwCleaner/AdwCleaner[S56].txt - [1044 B] - [2015/12/4 3:33:16]
C:/AdwCleaner/AdwCleaner[S57].txt - [810 B] - [2015/12/4 4:29:18]
C:/AdwCleaner/AdwCleaner[S58].txt - [810 B] - [2015/12/4 4:30:54]
C:/AdwCleaner/AdwCleaner[S59].txt - [810 B] - [2015/12/4 4:48:6]
C:/AdwCleaner/AdwCleaner[S5].txt - [10674 B] - [2015/6/30 1:31:22]
C:/AdwCleaner/AdwCleaner[S60].txt - [667 B] - [2015/12/4 4:50:45]
C:/AdwCleaner/AdwCleaner[S61].txt - [1365 B] - [2015/12/4 4:56:5]
C:/AdwCleaner/AdwCleaner[S62].txt - [810 B] - [2015/12/4 5:11:19]
C:/AdwCleaner/AdwCleaner[S63].txt - [810 B] - [2015/12/4 5:13:4]
C:/AdwCleaner/AdwCleaner[S64].txt - [810 B] - [2015/12/4 15:15:23]
C:/AdwCleaner/AdwCleaner[S65].txt - [667 B] - [2015/12/4 15:18:44]
C:/AdwCleaner/AdwCleaner[S66].txt - [667 B] - [2015/12/4 15:22:1]
C:/AdwCleaner/AdwCleaner[S67].txt - [667 B] - [2015/12/4 15:31:11]
C:/AdwCleaner/AdwCleaner[S68].txt - [667 B] - [2015/12/4 15:34:25]
C:/AdwCleaner/AdwCleaner[S69].txt - [667 B] - [2015/12/4 17:45:26]
C:/AdwCleaner/AdwCleaner[S6].txt - [11191 B] - [2015/10/28 15:52:10]
C:/AdwCleaner/AdwCleaner[S70].txt - [667 B] - [2015/12/7 14:6:32]
C:/AdwCleaner/AdwCleaner[S71].txt - [925 B] - [2015/12/16 20:58:58]
C:/AdwCleaner/AdwCleaner[S72].txt - [940 B] - [2015/12/16 21:43:33]
C:/AdwCleaner/AdwCleaner[S73].txt - [940 B] - [2015/12/17 15:8:44]
C:/AdwCleaner/AdwCleaner[S74].txt - [940 B] - [2015/12/17 15:11:53]
C:/AdwCleaner/AdwCleaner[S75].txt - [940 B] - [2015/12/17 15:29:17]
C:/AdwCleaner/AdwCleaner[S76].txt - [940 B] - [2015/12/17 15:37:27]
C:/AdwCleaner/AdwCleaner[S77].txt - [663 B] - [2015/12/17 15:41:59]
C:/AdwCleaner/AdwCleaner[S78].txt - [663 B] - [2015/12/17 15:46:26]
C:/AdwCleaner/AdwCleaner[S79].txt - [663 B] - [2015/12/17 15:57:40]
C:/AdwCleaner/AdwCleaner[S7].txt - [11151 B] - [2015/11/16 14:20:45]
C:/AdwCleaner/AdwCleaner[S80].txt - [663 B] - [2015/12/28 16:42:44]
C:/AdwCleaner/AdwCleaner[S81].txt - [663 B] - [2016/1/20 21:30:12]
C:/AdwCleaner/AdwCleaner[S82].txt - [10251 B] - [2016/8/19 19:56:24]
C:/AdwCleaner/AdwCleaner[S83].txt - [10327 B] - [2016/8/20 21:35:29]
C:/AdwCleaner/AdwCleaner[S84].txt - [10402 B] - [2016/8/25 18:37:14]
C:/AdwCleaner/AdwCleaner[S85].txt - [11292 B] - [2016/9/2 15:3:31]
C:/AdwCleaner/AdwCleaner[S86].txt - [10627 B] - [2016/9/2 15:10:27]
C:/AdwCleaner/AdwCleaner[S87].txt - [10702 B] - [2016/9/2 15:44:57]
C:/AdwCleaner/AdwCleaner[S88].txt - [10777 B] - [2016/9/30 14:40:38]
C:/AdwCleaner/AdwCleaner[S89].txt - [10866 B] - [2016/11/2 14:45:27]
C:/AdwCleaner/AdwCleaner[S8].txt - [9047 B] - [2016/4/28 17:4:21]
C:/AdwCleaner/AdwCleaner[S90].txt - [10941 B] - [2016/11/16 21:4:0]
C:/AdwCleaner/AdwCleaner[S91].txt - [11016 B] - [2016/11/25 22:33:41]
C:/AdwCleaner/AdwCleaner[S92].txt - [11091 B] - [2017/3/26 15:56:43]
C:/AdwCleaner/AdwCleaner[S93].txt - [11201 B] - [2017/5/21 20:39:52]
C:/AdwCleaner/AdwCleaner[S94].txt - [11275 B] - [2017/5/22 1:35:23]
C:/AdwCleaner/AdwCleaner[S95].txt - [11390 B] - [2017/5/22 1:52:19]
C:/AdwCleaner/AdwCleaner[S96].txt - [11465 B] - [2017/5/22 2:8:25]
C:/AdwCleaner/AdwCleaner[S97].txt - [11541 B] - [2017/5/29 1:14:43]
C:/AdwCleaner/AdwCleaner[S98].txt - [11616 B] - [2017/5/31 13:7:24]
C:/AdwCleaner/AdwCleaner[S99].txt - [12096 B] - [2017/6/13 19:59:25]
C:/AdwCleaner/AdwCleaner[S9].txt - [8273 B] - [2016/4/28 17:10:27]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S101].txt ##########


#8 tonynace

tonynace
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 13 November 2017 - 10:22 AM

OK, I finally figured out what was going on here. I did a search of my registry looking for SlimWare and found it, not under the path reported by AdwCleaner, but under a different one, which I can't remember at the moment. Anyhow, when I clicked on that, there was a subkey for Avast Driver Updater, which I had recently installed. I uninstalled it, ran AdwCleaner again, which found the same results as before, but this time, when I completed the removal process and rebooted, and then ran the cleaner again, it was gone. So it's a part of the Avast Driver Updater, so it should be benign I would think, and AdwCleaner should update their database to reflect that.



#9 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:50 AM

Posted 13 November 2017 - 10:33 AM

So the only way for you to avoid SWDUMon to reappear is to uninstall AVG Driver Updater from your computer.
AVG Driver Updater is a rebranded version of a Slimware product.

 

AdwCleaner belongs to Malwarebytes and they rate the rebranded version of a Slimware product as Potentially Unwanted Programm.

Are there any other Malware related issues or can we close this Topic?


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 tonynace

tonynace
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 13 November 2017 - 10:49 AM

So is it a bad program or not? It's labeled as a "Potentially" Unwanted Program, so it's not necessarily bad. Has there been issues with this causing problems? The Avast Driver Updater did find I had a couple ones that needed updating, though I did it manually, as they want to charge for this service, so it is useful in some ways.



#11 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:50 AM

Posted 13 November 2017 - 11:17 AM

It is not malware but "Potentially" Unwanted.
You can Keep it on your own risk, but AdwCleaner will detect it again.

PUPs may cause advertising or collecting user data.
https://en.wikipedia.org/wiki/Potentially_unwanted_program

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 tonynace

tonynace
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 14 November 2017 - 11:47 AM

There's a couple things I'm still wondering about. AdwCleaner reported two items, yet I could not find them. Why could I not find the subfolder in Windows, "SysNative", which was supposed to be in the path, C:\Windows\SysNative\drivers\swdumon.sys, despite the fact that I had "show hidden folders" checked? Also why couldn't I find the key in the registry reported,  "HKLM\SOFTWARE\SlimWare Utilities Inc", also?  



#13 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:50 AM

Posted 14 November 2017 - 12:04 PM

It was there and AdwareCleaner deleted it.

FRST script deleted it as well:
HKLM\System\CurrentControlSet\Services\SWDUMon => key removed successfully
SWDUMon => service removed successfully
C:\WINDOWS\system32\DRIVERS\SWDUMon.sys => moved successfully

Most likely AVG Driver Updater restores it again and again.

---

Only removing malware is my ressort.

I'm not related to AdwCleaner, Malwarebytes or AVG (Driver Updater) and do not make support for those tools or companies.

Malwarebytes AdwCleaner Forum:
https://forums.malwarebytes.com/forum/187-malwarebytes-adwcleaner/

---

If there are no other malware related issues with your pc I would like to close this topic now, thanks.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:50 AM

Posted 17 November 2017 - 03:53 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users