Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Video recording choppy, start button not working, won't shutdown, cant enter bio


  • This topic is locked This topic is locked
8 replies to this topic

#1 D78GHUO

D78GHUO

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 23 November 2017 - 01:18 AM

Hi there I am having some computer problems which consist of 1) computer will not shutdown, when I click shutdown it either hangs, or restarts. Problem 2) When recording screen capture the sound is jerky, was not the case before. The sound chops out, for the first couple of minutes its fine. Problem 3) some of the buttons when I click fail to respond, such as windows start button. Also at other times windows explorer fails to load and I have to click multiple times, then it loads slowly. Problem 3) I thought about reinstalling all software but the system will not allow me to enter the bios or boot sequence when I press f12 at startup and just continues on to load the windows system. Problem 4) It seems very slow and some of my other softwares started getting buggy and stop working, such as my cd burner, instead of being able to burn a data disk it insists on creating an image, this was solved with a fresh install but it comes back after a while. The buttons on some of my other softwares which are all paid ones, not ripped have new bugs in them that prevent them working. Problem 5) the keyboard sometimes stops typing or the mouse tempararily hangs.

I have windows 10 installed on a 64 bit system. I really appreciate any help you can give us on this, thanks in advance. My logs are down below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-11-2017
Ran by booge (administrator) on DESKTOP-JIUJLN1 (23-11-2017 13:47:42)
Running from C:\Users\booge\Downloads
Loaded Profiles: booge (Available Profiles: booge)
Platform: Windows 10 Pro Version 1709 16299.64 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Spotify Ltd) C:\Users\booge\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\booge\AppData\Roaming\Spotify\Spotify.exe
(ExpressVPN) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe
(Spotify Ltd) C:\Users\booge\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\booge\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\booge\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\booge\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Corel Corporation) C:\Program Files\WinZip\WinZip Smart Monitor\WinZipCompressionSmartMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(ExpressVPN) C:\Program Files (x86)\ExpressVPN\xvpnd\windows\rasutility\RasUtility.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\expressvpn-browser-helper.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [ISW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe [936056 2016-03-25] (Check Point Software Technologies LTD)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2016-01-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-10-24] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [117760 2017-10-24] (WinZip Computing, S.L.)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-10-24] (WinZip Computing, S.L.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-03-24] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110008 2015-07-06] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [499640 2015-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [265656 2015-06-15] (CyberLink Corp.)
HKU\S-1-5-21-24704615-1488910953-2457280611-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-11-01] (Siber Systems)
HKU\S-1-5-21-24704615-1488910953-2457280611-1001\...\Run: [Spotify] => C:\Users\booge\AppData\Roaming\Spotify\Spotify.exe [21025392 2017-11-13] (Spotify Ltd)
HKU\S-1-5-21-24704615-1488910953-2457280611-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe [806528 2017-10-29] (ExpressVPN)
HKU\S-1-5-21-24704615-1488910953-2457280611-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-19] (Piriform Ltd)
HKU\S-1-5-21-24704615-1488910953-2457280611-1001\...\Run: [Spotify Web Helper] => C:\Users\booge\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-13] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{0389D5DE-0484-4188-86DF-3C52AA57986D}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{089F0C7E-0F7F-488D-A7AD-27CEEAA380B4}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{248CA014-BE7C-4DB8-A017-22D242FE1B95}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{28693521-61FD-4999-B686-115AFC59564D}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{29ED2A8F-E4B8-479C-B5E1-DBB111F6775B}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{326E3569-C96B-401F-AA45-09C3FDAA16FB}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{38cf4526-d69c-4826-afbd-9b08e4e22006}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4DA0EA96-1E95-4924-97D5-F4238DBFAA01}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{4E999825-9554-4C74-9C24-EBF6515A8813}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{50E6ED17-0D05-4FB5-A9A6-F094AF917F5C}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{53202AC6-1F3F-4258-B28B-C74600F963CF}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{5E01537B-55E8-4F41-A66A-5FC039C62957}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{6C1BB7C0-9B12-4BC0-8866-4F50586D51FE}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{6CFD1814-FE11-4D57-81BE-D792226849D0}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{849AEEEA-8B15-450A-B5C0-03B0251D20BC}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{9DF05548-5608-412A-8F62-3940FB41FD48}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{A2A558DB-D357-4BF7-987D-DF5EDF96088E}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{B6B0A96A-8658-4C83-8411-50AE541C365D}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{BD006F36-4E16-4214-A43A-376E808CD721}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{C00A0E22-D1E8-4087-A75F-65F68DBAF52F}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{C244D5A2-8CA5-4347-8E3D-3CC86EE2F6CB}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{E7A77EA2-B33C-446C-B56B-D5A42AFB0D42}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{EA88EF67-33CB-466E-B7EE-C3AEC642653E}: [NameServer] 10.0.1.1
Tcpip\..\Interfaces\{EA88EF67-33CB-466E-B7EE-C3AEC642653E}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-11-01] (Siber Systems Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-11-01] (Siber Systems Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-11-01] (Siber Systems Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-11-01] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll [2017-10-10] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll [2017-10-10] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File

FireFox:
========
FF DefaultProfile: 9zkfgmmg.default
FF ProfilePath: C:\Users\booge\AppData\Roaming\Mozilla\Firefox\Profiles\9zkfgmmg.default [2017-11-23]
FF Extension: (Flash Video Downloader) - C:\Users\booge\AppData\Roaming\Mozilla\Firefox\Profiles\9zkfgmmg.default\Extensions\artur.dubovoy@gmail.com.xpi [2017-11-23]
FF Extension: (Easy Screenshot) - C:\Users\booge\AppData\Roaming\Mozilla\Firefox\Profiles\9zkfgmmg.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2017-11-17]
FF Extension: (__MSG_appName__) - C:\Users\booge\AppData\Roaming\Mozilla\Firefox\Profiles\9zkfgmmg.default\Extensions\firefox-addon@expressvpn.com.xpi [2017-11-01]
FF Extension: (Ghostery) - C:\Users\booge\AppData\Roaming\Mozilla\Firefox\Profiles\9zkfgmmg.default\Extensions\firefox@ghostery.com.xpi [2017-11-01]
FF Extension: (HTTPS Everywhere) - C:\Users\booge\AppData\Roaming\Mozilla\Firefox\Profiles\9zkfgmmg.default\Extensions\https-everywhere-eff@eff.org.xpi [2017-11-23]
FF Extension: (RoboForm Password Manager) - C:\Users\booge\AppData\Roaming\Mozilla\Firefox\Profiles\9zkfgmmg.default\Extensions\rf-firefox@siber.com.xpi [2017-11-06]
FF Extension: (Video DownloadHelper) - C:\Users\booge\AppData\Roaming\Mozilla\Firefox\Profiles\9zkfgmmg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-11-17]
FF Extension: (Adblock Plus) - C:\Users\booge\AppData\Roaming\Mozilla\Firefox\Profiles\9zkfgmmg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-13]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\booge\AppData\Roaming\Mozilla\Firefox\Profiles\9zkfgmmg.default\features\{6c972d5b-58db-4ecc-b5d3-a39fa31fed47}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-23] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-28] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default [2017-11-23]
CHR Extension: (Slides) - C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-01]
CHR Extension: (Docs) - C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-01]
CHR Extension: (Google Drive) - C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-01]
CHR Extension: (YouTube) - C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-01]
CHR Extension: (Sheets) - C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-01]
CHR Extension: (ZoneAlarm Anti-Phishing) - C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default\Extensions\flljooaijgdgaaogmfhakpojmddcjjmj [2017-11-01]
CHR Extension: (HTTPS Everywhere) - C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-01]
CHR Extension: (AdBlock) - C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-01]
CHR Extension: (Ghostery) - C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-01]
CHR Extension: (Gmail) - C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-01]
CHR Extension: (Chrome Media Router) - C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-01]
CHR Extension: (RoboForm Password Manager) - C:\Users\booge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-11-01]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2017-11-01]
CHR HKLM-x32\...\Chrome\Extension: [flljooaijgdgaaogmfhakpojmddcjjmj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2017-11-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CWUpdaterDaemon; C:\Program Files (x86)\CheckPoint\Parental Controls\bin\cwupdater.exe [9729368 2015-08-13] (ContentWatch, Inc.)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2017-10-29] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-15] ()
R2 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1157752 2016-03-25] (Check Point Software Technologies LTD)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-28] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [622872 2016-08-29] (CyberLink)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4297920 2017-09-29] (Microsoft Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-03-24] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] ()
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm AntiTheft; C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [3011896 2017-03-24] (Check Point Software Technologies Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-03-24] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-07-17] (Check Point Software Technologies LTD)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2016-03-25] (Check Point Software Technologies LTD)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2017-03-22] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29216 2017-03-22] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [189672 2017-03-22] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [435032 2017-03-22] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1007848 2017-03-22] (AO Kaspersky Lab)
R0 klupd_KLIF_arkmon; C:\Windows\System32\Drivers\klupd_KLIF_arkmon.sys [229288 2017-11-01] (AO Kaspersky Lab)
R3 klupd_KLIF_kimul; C:\Windows\System32\Drivers\klupd_KLIF_kimul.sys [87584 2017-11-01] (AO Kaspersky Lab)
S3 klupd_KLIF_klark; C:\Windows\System32\Drivers\klupd_KLIF_klark.sys [251656 2017-11-08] (AO Kaspersky Lab)
R0 klupd_KLIF_klbg; C:\Windows\System32\Drivers\klupd_KLIF_klbg.sys [112912 2017-11-01] (AO Kaspersky Lab)
R3 klupd_KLIF_mark; C:\Windows\System32\Drivers\klupd_KLIF_mark.sys [173144 2017-11-01] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [135904 2017-03-22] (AO Kaspersky Lab)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-10-10] (Realtek )
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-29] (Microsoft Corporation)
S3 tapexpressvpn; C:\Windows\System32\drivers\tapexpressvpn.sys [45048 2017-10-29] (The OpenVPN Project)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [461240 2017-03-24] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-23 13:47 - 2017-11-23 13:50 - 000023550 _____ C:\Users\booge\Downloads\FRST.txt
2017-11-23 13:45 - 2017-11-23 13:47 - 000000000 ____D C:\FRST
2017-11-23 13:44 - 2017-11-23 13:45 - 002391552 _____ (Farbar) C:\Users\booge\Downloads\FRST64.exe
2017-11-22 13:21 - 2017-11-22 13:33 - 111132210 _____ C:\Users\booge\Documents\eh churches_7.mp4
2017-11-22 13:21 - 2017-11-22 13:33 - 000000592 _____ C:\Users\booge\Documents\eh churches_7_mp4.mrk
2017-11-22 13:21 - 2017-11-22 13:21 - 000000000 ____D C:\Users\booge\Documents\e-Sword
2017-11-22 13:20 - 2017-11-22 13:20 - 000002014 _____ C:\Users\Public\Desktop\e-Sword.lnk
2017-11-22 13:20 - 2017-11-22 13:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
2017-11-22 13:20 - 2017-11-22 13:20 - 000000000 ____D C:\Program Files (x86)\e-Sword
2017-11-22 13:19 - 2017-11-22 13:19 - 000000000 ____D C:\Users\booge\AppData\Local\Downloaded Installations
2017-11-22 13:18 - 2017-11-22 13:18 - 057186514 _____ (Rick Meyers) C:\Users\booge\Downloads\setup1110.exe
2017-11-22 13:15 - 2017-11-22 13:18 - 015916649 _____ C:\Users\booge\Documents\eh churches_6.mp4
2017-11-22 13:15 - 2017-11-22 13:18 - 000000508 _____ C:\Users\booge\Documents\eh churches_6_mp4.mrk
2017-11-22 12:23 - 2017-11-22 13:04 - 517850544 _____ C:\Users\booge\Documents\eh churches_5.mp4
2017-11-22 12:23 - 2017-11-22 13:04 - 000000090 _____ C:\Users\booge\Documents\eh churches_5_mp4.mrk
2017-11-22 12:21 - 2017-11-22 12:22 - 001286482 _____ C:\Users\booge\Documents\eh churches_4.mp4
2017-11-22 12:21 - 2017-11-22 12:22 - 000000087 _____ C:\Users\booge\Documents\eh churches_4_mp4.mrk
2017-11-22 12:12 - 2017-11-22 12:12 - 000002274 _____ C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk
2017-11-22 12:12 - 2017-11-22 12:12 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Director Suite 5
2017-11-22 12:11 - 2017-11-22 12:11 - 000002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 8 (64-bit).lnk
2017-11-22 12:11 - 2017-11-22 12:11 - 000002125 _____ C:\Users\Public\Desktop\CyberLink PhotoDirector 8 (64-bit).lnk
2017-11-22 12:09 - 2017-11-22 12:09 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Screen Recorder 15.lnk
2017-11-22 12:09 - 2017-11-22 12:09 - 000002136 _____ C:\Users\Public\Desktop\CyberLink Screen Recorder 15.lnk
2017-11-22 12:09 - 2017-11-22 12:09 - 000002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 15 (64-bit).lnk
2017-11-22 12:09 - 2017-11-22 12:09 - 000002053 _____ C:\Users\Public\Desktop\CyberLink PowerDirector 15 (64-bit).lnk
2017-11-22 12:05 - 2017-11-22 12:05 - 000002120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink ColorDirector 5 (64-bit).lnk
2017-11-22 12:05 - 2017-11-22 12:05 - 000002108 _____ C:\Users\Public\Desktop\CyberLink ColorDirector 5 (64-bit).lnk
2017-11-22 12:04 - 2017-11-22 12:04 - 000002124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink AudioDirector 7 (64-bit).lnk
2017-11-22 12:04 - 2017-11-22 12:04 - 000002112 _____ C:\Users\Public\Desktop\CyberLink AudioDirector 7 (64-bit).lnk
2017-11-22 11:44 - 2017-11-22 11:44 - 000000000 ____D C:\Users\booge\Downloads\New folder
2017-11-22 01:12 - 2017-11-22 01:12 - 000004030 _____ C:\Users\booge\Documents\eh churches_3_mp4.mrk
2017-11-22 00:17 - 2017-11-22 01:12 - 1095360253 _____ C:\Users\booge\Documents\eh churches_3.mp4
2017-11-22 00:16 - 2017-11-22 00:16 - 000000088 _____ C:\Users\booge\Documents\eh churches_2_mp4.mrk
2017-11-22 00:15 - 2017-11-22 00:15 - 000000255 _____ C:\Users\booge\Documents\eh churches_1_mp4.mrk
2017-11-22 00:13 - 2017-11-22 00:16 - 004753505 _____ C:\Users\booge\Documents\eh churches_2.mp4
2017-11-22 00:13 - 2017-11-22 00:15 - 013877920 _____ C:\Users\booge\Documents\eh churches_1.mp4
2017-11-22 00:13 - 2017-11-22 00:14 - 001309206 _____ C:\Users\booge\Documents\eh churches.mp4
2017-11-22 00:13 - 2017-11-22 00:14 - 000000128 _____ C:\Users\booge\Documents\eh churches_mp4.mrk
2017-11-21 23:58 - 2017-11-21 23:59 - 051891206 _____ C:\Users\booge\Downloads\VID_20170905_125722.mp4
2017-11-21 23:51 - 2017-11-22 01:16 - 000003988 _____ C:\Users\booge\Desktop\links.txt
2017-11-21 23:05 - 2017-11-21 23:36 - 769018663 _____ C:\Users\booge\Documents\Eh Pole box bike crash.mp4
2017-11-21 23:05 - 2017-11-21 23:36 - 000007081 _____ C:\Users\booge\Documents\Eh Pole box bike crash_mp4.mrk
2017-11-21 22:27 - 2017-11-21 23:54 - 000000000 ____D C:\Users\booge\Downloads\set right ministry
2017-11-21 21:19 - 2017-11-21 21:19 - 000545440 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-11-21 21:09 - 2017-11-21 21:58 - 1226221345 _____ C:\Users\booge\Documents\Eh Pole box bike crash_2.mp4
2017-11-21 21:09 - 2017-11-21 21:58 - 000015325 _____ C:\Users\booge\Documents\Eh Pole box bike crash_2_mp4.mrk
2017-11-21 17:15 - 2017-11-21 17:40 - 000000000 ____D C:\Users\booge\Downloads\eh pics
2017-11-21 16:20 - 2017-11-21 16:39 - 000000170 _____ C:\Users\booge\Desktop\towers.txt
2017-11-21 16:05 - 2017-11-21 16:05 - 000001304 _____ C:\Users\booge\Documents\Eh Pole box bike crash_1_mp4.mrk
2017-11-21 15:55 - 2017-11-21 16:05 - 134518617 _____ C:\Users\booge\Documents\Eh Pole box bike crash_1.mp4
2017-11-21 11:20 - 2017-11-21 11:24 - 000000000 ____D C:\Users\booge\AppData\Roaming\vlc
2017-11-21 11:20 - 2017-11-21 11:20 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-11-21 11:19 - 2017-11-21 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-11-21 11:19 - 2017-11-21 11:19 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2017-11-21 11:18 - 2017-11-21 11:19 - 030950664 _____ C:\Users\booge\Downloads\vlc-2.2.6-win32.exe
2017-11-21 10:04 - 2017-10-30 22:36 - 000001371 _____ C:\Users\booge\Desktop\Porton Down links.txt
2017-11-20 20:34 - 2017-11-20 20:34 - 000403233 _____ C:\Users\booge\Downloads\Cancer Healing.pdf
2017-11-20 20:25 - 2017-11-20 20:25 - 000003708 _____ C:\Windows\System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-20 20:25 - 2017-11-20 20:25 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-20 20:25 - 2017-10-28 00:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-11-20 20:25 - 2017-09-14 07:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-11-20 20:25 - 2017-09-14 07:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-11-20 20:25 - 2017-09-14 07:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2017-11-20 20:25 - 2017-09-14 07:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2017-11-20 20:23 - 2017-11-20 20:25 - 000000000 ____D C:\Windows\LastGood.Tmp
2017-11-20 20:17 - 2017-11-20 20:17 - 000000000 ____D C:\Users\booge\Downloads\BOOKS
2017-11-20 18:01 - 2017-11-21 09:45 - 000000000 ____D C:\Users\Public\Documents\CyberLink
2017-11-20 18:00 - 2017-11-20 18:00 - 000001453 _____ C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
2017-11-20 17:57 - 2013-11-12 14:25 - 000091912 _____ (CyberLink) C:\Windows\system32\Drivers\CLVirtualDrive.sys
2017-11-20 17:55 - 2017-11-20 18:00 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2017-11-20 16:43 - 2017-11-20 16:43 - 023166010 _____ C:\Users\booge\Downloads\mobizen_20171108_065417.mp4
2017-11-20 13:58 - 2017-11-20 14:07 - 000000000 ____D C:\Users\booge\Downloads\audios
2017-11-19 19:17 - 2017-11-19 21:54 - 000000000 ____D C:\Users\booge\Downloads\CIA
2017-11-19 18:44 - 2017-11-19 18:44 - 000000910 _____ C:\Users\booge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-11-19 18:44 - 2017-11-19 18:44 - 000000862 _____ C:\Users\booge\Desktop\Start Tor Browser.lnk
2017-11-19 18:44 - 2017-11-19 18:44 - 000000000 ____D C:\Users\booge\Desktop\Tor Browser
2017-11-19 18:43 - 2017-11-19 18:44 - 053494112 _____ C:\Users\booge\Downloads\torbrowser-install-7.0.10_en-US.exe
2017-11-19 18:00 - 2017-11-21 11:13 - 000000000 ____D C:\ProgramData\CanonIJPLM
2017-11-19 18:00 - 2017-11-19 18:00 - 000000000 ___HD C:\ProgramData\CanonIJQuickMenu
2017-11-19 18:00 - 2017-11-19 18:00 - 000000000 ____D C:\Users\booge\AppData\Roaming\Canon
2017-11-19 17:59 - 2013-03-24 05:00 - 000393728 _____ (CANON INC.) C:\Windows\system32\CNMXLMBW.DLL
2017-11-19 17:59 - 2013-02-04 15:10 - 000321536 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BWL.dll
2017-11-19 17:59 - 2012-11-09 10:41 - 000088064 _____ C:\Windows\SysWOW64\CNC176CD.TBL
2017-11-19 17:59 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2017-11-19 17:56 - 2017-11-19 17:56 - 000002094 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2017-11-19 17:56 - 2017-11-19 17:56 - 000000000 ____D C:\Users\booge\AppData\LocalLow\Canon Easy-WebPrint EX2
2017-11-19 17:56 - 2017-11-19 17:56 - 000000000 ____D C:\Users\booge\AppData\LocalLow\Canon Easy-WebPrint EX
2017-11-19 17:56 - 2017-11-19 17:56 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2017-11-19 17:53 - 2017-11-19 17:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-11-19 17:53 - 2017-11-19 17:56 - 000000000 ____D C:\Program Files\Canon
2017-11-19 17:52 - 2017-11-19 17:52 - 000002435 _____ C:\Users\Public\Desktop\Canon MG2400 series On-screen Manual.lnk
2017-11-19 17:52 - 2017-11-19 17:52 - 000000000 ___HD C:\ProgramData\CanonBJ
2017-11-19 17:52 - 2017-11-19 17:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2400 series Manual
2017-11-19 17:52 - 2013-02-04 15:12 - 000367104 _____ (CANON INC.) C:\Windows\system32\CNC_BWL.dll
2017-11-19 17:52 - 2012-11-09 10:41 - 000088064 _____ C:\Windows\system32\CNC176CD.TBL
2017-11-19 17:52 - 2012-11-08 13:04 - 000282624 _____ (CANON INC.) C:\Windows\system32\CNC_BWC.dll
2017-11-19 17:52 - 2012-11-08 13:03 - 000106496 _____ (CANON INC.) C:\Windows\system32\CNC_BWI.dll
2017-11-19 17:52 - 2008-08-25 18:02 - 000017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2017-11-19 17:51 - 2017-11-19 17:52 - 000000000 ___HD C:\Program Files\CanonBJ
2017-11-19 17:51 - 2013-03-24 05:00 - 000391168 _____ (CANON INC.) C:\Windows\system32\CNMLMBW.DLL
2017-11-19 17:50 - 2017-11-19 17:59 - 000000000 ____D C:\Program Files (x86)\Canon
2017-11-19 17:44 - 2017-11-19 17:44 - 000000783 _____ C:\Users\booge\Downloads\HitFilm 4 Express.license
2017-11-15 10:50 - 2017-10-25 17:11 - 017083904 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2017-11-15 10:50 - 2017-10-25 17:11 - 000336896 _____ (Microsoft Corporation) C:\Windows\system32\HolographicRuntimes.dll
2017-11-15 10:50 - 2017-10-25 17:09 - 021753344 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2017-11-15 10:50 - 2017-10-25 16:57 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2017-11-15 10:50 - 2017-10-25 16:57 - 000882688 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll
2017-11-15 10:50 - 2017-10-25 16:56 - 000665600 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll
2017-11-15 10:50 - 2017-10-25 14:36 - 000618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2017-11-15 10:50 - 2017-10-25 12:41 - 000362176 _____ (Microsoft Corporation) C:\Windows\system32\BioIso.exe
2017-11-15 10:50 - 2017-10-25 12:40 - 001634288 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-11-15 10:50 - 2017-10-25 12:40 - 000612760 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-15 10:50 - 2017-10-25 12:39 - 007831248 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-11-15 10:50 - 2017-10-25 12:39 - 000479912 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-11-15 10:50 - 2017-10-25 12:37 - 000610712 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-15 10:50 - 2017-10-25 12:36 - 008590744 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-11-15 10:50 - 2017-10-25 12:36 - 002400664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 10:50 - 2017-10-25 12:34 - 002573208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-11-15 10:50 - 2017-10-25 12:34 - 000839928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Perception.Stub.dll
2017-11-15 10:50 - 2017-10-25 12:34 - 000710920 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2017-11-15 10:50 - 2017-10-25 12:32 - 000559512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-11-15 10:50 - 2017-10-25 12:31 - 000436120 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostCommon.dll
2017-11-15 10:50 - 2017-10-25 12:31 - 000045464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storufs.sys
2017-11-15 10:50 - 2017-10-25 12:30 - 004487968 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-11-15 10:50 - 2017-10-25 12:29 - 002269080 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2017-11-15 10:50 - 2017-10-25 12:29 - 001507736 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-11-15 10:50 - 2017-10-25 12:29 - 000603920 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-11-15 10:50 - 2017-10-25 12:28 - 001170008 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-11-15 10:50 - 2017-10-25 12:27 - 006791472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-11-15 10:50 - 2017-10-25 12:27 - 001970520 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-11-15 10:50 - 2017-10-25 12:27 - 001426152 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-11-15 10:50 - 2017-10-25 12:27 - 000374032 _____ (Microsoft Corporation) C:\Windows\system32\vac.exe
2017-11-15 10:50 - 2017-10-25 12:24 - 000428952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-11-15 10:50 - 2017-10-25 12:20 - 002717392 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-11-15 10:50 - 2017-10-25 11:50 - 001528904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-11-15 10:50 - 2017-10-25 11:36 - 025246208 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-11-15 10:50 - 2017-10-25 11:30 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-11-15 10:50 - 2017-10-25 11:30 - 000354200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
2017-11-15 10:50 - 2017-10-25 11:28 - 004648528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-11-15 10:50 - 2017-10-25 11:28 - 001246432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-11-15 10:50 - 2017-10-25 11:28 - 000982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-11-15 10:50 - 2017-10-25 11:27 - 001454568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2017-11-15 10:50 - 2017-10-25 11:27 - 001377080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-11-15 10:50 - 2017-10-25 11:24 - 000506256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Perception.Stub.dll
2017-11-15 10:50 - 2017-10-25 11:22 - 006015200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-11-15 10:50 - 2017-10-25 11:22 - 002465848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-11-15 10:50 - 2017-10-25 11:19 - 003670016 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-11-15 10:50 - 2017-10-25 11:18 - 000975872 _____ C:\Windows\system32\FaceProcessor.dll
2017-11-15 10:50 - 2017-10-25 11:18 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\AcGenral.dll
2017-11-15 10:50 - 2017-10-25 11:18 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\AcLayers.dll
2017-11-15 10:50 - 2017-10-25 11:16 - 023658496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-15 10:50 - 2017-10-25 11:16 - 000227328 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManager.dll
2017-11-15 10:50 - 2017-10-25 11:15 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2017-11-15 10:50 - 2017-10-25 11:14 - 000541184 _____ (Microsoft Corporation) C:\Windows\system32\HolographicExtensions.dll
2017-11-15 10:50 - 2017-10-25 11:13 - 013655552 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 10:50 - 2017-10-25 11:13 - 002972672 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2017-11-15 10:50 - 2017-10-25 11:12 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-15 10:50 - 2017-10-25 11:11 - 000768512 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2017-11-15 10:50 - 2017-10-25 11:10 - 008099328 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-11-15 10:50 - 2017-10-25 11:10 - 004742144 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-15 10:50 - 2017-10-25 11:10 - 001167360 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2017-11-15 10:50 - 2017-10-25 11:09 - 002862080 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-11-15 10:50 - 2017-10-25 11:09 - 002106368 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-11-15 10:50 - 2017-10-25 11:09 - 001806336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2017-11-15 10:50 - 2017-10-25 11:09 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-15 10:50 - 2017-10-25 11:08 - 002905600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-11-15 10:50 - 2017-10-25 11:08 - 002781696 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-11-15 10:50 - 2017-10-25 11:08 - 002633216 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-11-15 10:50 - 2017-10-25 11:08 - 002392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2017-11-15 10:50 - 2017-10-25 11:08 - 001667584 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2017-11-15 10:50 - 2017-10-25 11:08 - 000654848 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2017-11-15 10:50 - 2017-10-25 11:07 - 018914304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-11-15 10:50 - 2017-10-25 11:07 - 001485824 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-11-15 10:50 - 2017-10-25 11:07 - 000685056 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-11-15 10:50 - 2017-10-25 11:07 - 000372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcLayers.dll
2017-11-15 10:50 - 2017-10-25 11:05 - 019339776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-15 10:50 - 2017-10-25 11:05 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-11-15 10:50 - 2017-10-25 11:02 - 000591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2017-11-15 10:50 - 2017-10-25 11:01 - 012687360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-15 10:50 - 2017-10-25 10:59 - 003679232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-15 10:50 - 2017-10-25 10:59 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-15 10:50 - 2017-10-25 10:58 - 002467840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2017-11-15 10:50 - 2017-10-25 10:58 - 001322496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-15 10:50 - 2017-10-25 10:57 - 006035968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-11-15 10:50 - 2017-10-21 20:25 - 003313968 _____ C:\Windows\system32\Windows.Mirage.dll
2017-11-15 10:50 - 2017-10-20 22:17 - 002474584 _____ C:\Windows\SysWOW64\Windows.Mirage.dll
2017-11-15 10:50 - 2017-10-20 13:08 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-15 10:49 - 2017-10-25 12:40 - 000269696 _____ C:\Windows\system32\FaceProcessorCore.dll
2017-11-15 10:49 - 2017-10-25 12:39 - 000285080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2017-11-15 10:49 - 2017-10-25 12:37 - 001954048 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-11-15 10:49 - 2017-10-25 12:36 - 000187288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2017-11-15 10:49 - 2017-10-25 12:32 - 000147864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2017-11-15 10:49 - 2017-10-25 12:30 - 000555416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2017-11-15 10:49 - 2017-10-25 11:52 - 001615720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-11-15 10:49 - 2017-10-25 11:27 - 001015008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-11-15 10:49 - 2017-10-25 11:19 - 000097792 _____ C:\Windows\system32\runexehelper.exe
2017-11-15 10:49 - 2017-10-25 11:18 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-15 10:49 - 2017-10-25 11:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManagerClient.dll
2017-11-15 10:49 - 2017-10-25 11:18 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\AcSpecfc.dll
2017-11-15 10:49 - 2017-10-25 11:16 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmCx.sys
2017-11-15 10:49 - 2017-10-25 11:16 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-11-15 10:49 - 2017-10-25 11:14 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\rdrleakdiag.exe
2017-11-15 10:49 - 2017-10-25 11:12 - 000599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-15 10:49 - 2017-10-25 11:12 - 000568832 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2017-11-15 10:49 - 2017-10-25 11:08 - 000487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2017-11-15 10:49 - 2017-10-25 11:08 - 000465408 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-11-15 10:49 - 2017-10-25 11:07 - 003478016 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-11-15 10:49 - 2017-10-25 11:07 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-15 10:49 - 2017-10-25 11:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-11-15 10:49 - 2017-10-25 11:05 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\msdtcVSp1res.dll
2017-11-15 10:49 - 2017-10-25 11:04 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 10:49 - 2017-10-25 11:04 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdrleakdiag.exe
2017-11-15 10:49 - 2017-10-25 11:03 - 000450048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2017-11-15 10:49 - 2017-10-25 11:01 - 000462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-15 10:49 - 2017-10-25 10:58 - 001280000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2017-11-15 10:49 - 2017-10-25 10:55 - 002864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-11-15 10:49 - 2017-10-25 10:54 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcVSp1res.dll
2017-11-15 08:21 - 2017-11-15 08:21 - 000000000 ____D C:\ProgramData\Wondershare
2017-11-14 21:01 - 2017-11-14 21:01 - 000673822 _____ C:\Users\booge\Downloads\The-Secret-20-Bitcoin-Blueprint.pdf
2017-11-14 21:01 - 2017-11-14 21:01 - 000653430 _____ C:\Users\booge\Downloads\Your-Crypto-Buying-Primer.pdf
2017-11-14 15:49 - 2017-11-14 15:49 - 000000625 _____ C:\Users\Public\Desktop\iSkysoft Data Recovery.lnk
2017-11-14 15:38 - 2017-11-14 15:38 - 000000000 ____D C:\Users\booge\AppData\Local\Wondershare
2017-11-14 15:38 - 2017-11-14 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2017-11-14 15:38 - 2017-11-14 15:38 - 000000000 ____D C:\Program Files (x86)\iSkysoft
2017-11-14 15:37 - 2017-11-14 15:49 - 000000000 ____D C:\Users\Public\Documents\iSkysoft
2017-11-14 15:36 - 2017-11-14 15:36 - 001161992 _____ C:\Users\booge\Downloads\data-recovery_setup_full1657.exe
2017-11-09 12:59 - 2017-11-09 12:59 - 000000000 ____D C:\Users\booge\AppData\Roaming\FVD Downloader Module
2017-11-09 12:58 - 2017-11-09 12:58 - 025562624 _____ C:\Users\booge\Downloads\FVD_Downloader_Module.msi
2017-11-09 12:39 - 2017-11-09 12:39 - 000000000 ____D C:\Users\booge\dwhelper
2017-11-09 12:39 - 2017-11-09 12:39 - 000000000 ____D C:\Program Files\ConvertHelper3
2017-11-09 12:38 - 2017-11-09 12:38 - 045999936 _____ (DownloadHelper ) C:\Users\booge\Downloads\ConvertHelperSetup-3.2.exe
2017-11-09 04:40 - 2017-11-09 04:40 - 036248176 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-11-09 04:40 - 2017-11-09 04:40 - 029279672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-11-09 04:40 - 2017-11-09 04:40 - 000624240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000989808 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000940984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000514672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000054192 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001997752 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001682544 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001108408 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001039800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 000748144 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 000607160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 040246384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 035165624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 004210288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 003623024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 023474480 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 019212720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 013379352 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 010986768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 000633256 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 001154296 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 000902312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 000810304 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 013994136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 011891200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001351792 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001342008 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001062920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001056720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 000648728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-11-09 03:57 - 2017-11-09 03:57 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-11-09 03:57 - 2017-11-09 03:57 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2017-11-08 11:44 - 2017-11-08 11:44 - 000251656 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_KLIF_klark.sys
2017-11-07 15:53 - 2017-11-15 10:51 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-11-07 15:53 - 2017-11-07 15:53 - 000000000 ____D C:\Users\booge\AppData\Roaming\Macromedia
2017-11-07 15:52 - 2017-11-07 15:53 - 000000000 ____D C:\Users\booge\AppData\Local\Adobe
2017-11-06 12:38 - 2017-11-06 12:52 - 220556421 _____ C:\Users\booge\Documents\King Khan_2.mp4
2017-11-06 12:38 - 2017-11-06 12:52 - 000000423 _____ C:\Users\booge\Documents\King Khan_2_mp4.mrk
2017-11-06 12:02 - 2017-11-06 12:05 - 018646703 _____ C:\Users\booge\Documents\King Khan_1.mp4
2017-11-06 12:02 - 2017-11-06 12:05 - 000000382 _____ C:\Users\booge\Documents\King Khan_1_mp4.mrk
2017-11-06 11:31 - 2017-11-06 14:07 - 000000000 ____D C:\Users\booge\.gimp-2.8
2017-11-06 11:31 - 2017-11-06 11:31 - 000000939 _____ C:\Users\booge\Desktop\GIMP 2.lnk
2017-11-06 11:31 - 2017-11-06 11:31 - 000000000 ____D C:\Users\booge\AppData\Local\gegl-0.2
2017-11-06 11:31 - 2017-11-06 11:31 - 000000000 ____D C:\Users\booge\AppData\Local\fontconfig
2017-11-06 11:30 - 2017-11-06 11:30 - 000000939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-11-06 11:30 - 2017-11-06 11:30 - 000000000 ____D C:\Program Files\GIMP 2
2017-11-06 11:29 - 2017-11-06 11:29 - 089579672 _____ (The GIMP Team ) C:\Users\booge\Downloads\gimp-2.8.22-setup.exe
2017-11-06 11:12 - 2017-11-22 12:33 - 000004212 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-11-06 11:12 - 2017-11-06 11:12 - 000002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-11-06 11:12 - 2017-11-06 11:12 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-06 11:12 - 2017-11-06 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-06 11:12 - 2017-11-06 11:12 - 000000000 ____D C:\Program Files\CCleaner
2017-11-06 11:11 - 2017-11-06 11:12 - 010427120 _____ (Piriform Ltd) C:\Users\booge\Downloads\ccsetup536.exe
2017-11-04 15:17 - 2017-11-04 15:17 - 000000000 ____D C:\Users\booge\AppData\Local\Power2Go8
2017-11-04 15:15 - 2017-11-23 13:22 - 000000000 ____D C:\Users\booge\Documents\Youcam
2017-11-04 15:15 - 2014-01-28 11:58 - 000041704 _____ (CyberLink Corporation) C:\Windows\system32\Drivers\clwvd.sys
2017-11-04 14:28 - 2017-11-04 15:05 - 621517069 _____ C:\Users\booge\Documents\kiteman73.mp4
2017-11-04 13:40 - 2017-11-04 14:26 - 1115524732 _____ C:\Users\booge\Documents\King Khan.mp4
2017-11-04 13:40 - 2017-11-04 14:26 - 000007540 _____ C:\Users\booge\Documents\King Khan_mp4.mrk
2017-11-04 13:39 - 2017-11-04 13:39 - 000000087 _____ C:\Users\booge\Documents\test_6_mp4.mrk
2017-11-04 13:38 - 2017-11-04 13:39 - 000000086 _____ C:\Users\booge\Documents\test_5_mp4.mrk
2017-11-04 13:36 - 2017-11-04 13:37 - 000000087 _____ C:\Users\booge\Documents\test_4_mp4.mrk
2017-11-03 18:27 - 2017-11-03 18:27 - 000000087 _____ C:\Users\booge\Documents\test_3_mp4.mrk
2017-11-03 18:26 - 2017-11-03 18:26 - 000000087 _____ C:\Users\booge\Documents\test_2_mp4.mrk
2017-11-03 18:24 - 2017-11-03 18:25 - 000000087 _____ C:\Users\booge\Documents\test_1_mp4.mrk
2017-11-03 18:19 - 2017-11-03 18:21 - 000000423 _____ C:\Users\booge\Documents\test_mp4.mrk
2017-11-03 18:18 - 2017-11-03 19:38 - 000000000 ____D C:\Users\booge\Documents\CyberLink
2017-11-03 18:17 - 2017-11-20 17:53 - 000000000 ____D C:\Users\booge\AppData\Roaming\CyberLink
2017-11-03 18:17 - 2017-11-03 19:38 - 000000000 ____D C:\Users\booge\AppData\Local\CyberLink
2017-11-03 18:12 - 2017-11-03 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD
2017-11-03 17:51 - 2017-11-22 11:37 - 000000000 ____D C:\ProgramData\Temp
2017-11-03 17:48 - 2017-11-22 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2017-11-03 17:48 - 2017-11-22 12:10 - 000000000 ____D C:\Program Files\NewBlue
2017-11-03 17:48 - 2017-11-03 18:12 - 000000000 ____D C:\Users\booge\AppData\Roaming\proDAD
2017-11-03 17:48 - 2017-11-03 18:12 - 000000000 ____D C:\Program Files\proDAD
2017-11-03 17:48 - 2017-11-03 17:49 - 000000000 ____D C:\Program Files (x86)\NewBlue
2017-11-03 17:48 - 2017-11-03 17:48 - 000000000 ____D C:\ProgramData\proDAD
2017-11-03 17:48 - 2017-11-03 17:48 - 000000000 ____D C:\Program Files\Common Files\NewBlue
2017-11-03 17:48 - 2015-05-11 16:00 - 000376344 _____ (proDAD GmbH) C:\Windows\system32\proDAD-PA-Support.dll
2017-11-03 17:48 - 2013-08-17 11:09 - 000607256 _____ (proDAD GmbH) C:\Windows\system32\prodad-codec.dll
2017-11-03 17:43 - 2017-11-22 12:12 - 000000000 ____D C:\ProgramData\install_backup
2017-11-03 17:43 - 2017-11-22 12:12 - 000000000 ____D C:\Program Files (x86)\CyberLink
2017-11-03 17:43 - 2017-11-22 12:10 - 000000000 ____D C:\Program Files\CyberLink
2017-11-03 17:43 - 2017-11-03 18:18 - 000000000 ____D C:\Users\Public\Cyberlink
2017-11-03 17:43 - 2017-11-03 17:51 - 000000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2017-11-03 17:42 - 2017-11-22 12:14 - 000000000 ____D C:\ProgramData\SUPPORTDIR
2017-11-03 17:42 - 2017-11-22 12:04 - 000000000 ____D C:\ProgramData\CLSK
2017-11-03 17:42 - 2017-11-22 12:03 - 000000000 ____D C:\ProgramData\CyberLink
2017-11-03 17:42 - 2017-11-04 15:15 - 000000000 ____D C:\ProgramData\install_clap
2017-11-03 17:39 - 2017-11-03 17:40 - 000000000 ____D C:\ProgramData\WinZip
2017-11-03 17:39 - 2017-11-03 17:39 - 000001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2017-11-03 17:39 - 2017-11-03 17:39 - 000001890 _____ C:\Users\Public\Desktop\WinZip.lnk
2017-11-03 17:39 - 2017-11-03 17:39 - 000000000 ____D C:\Users\booge\AppData\Local\WinZip
2017-11-03 17:39 - 2017-11-03 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 22.0
2017-11-03 17:39 - 2017-11-03 17:39 - 000000000 ____D C:\Program Files\WinZip
2017-11-03 17:38 - 2017-11-03 17:38 - 000000000 ____D C:\ProgramData\UniqueId
2017-11-03 17:36 - 2017-11-03 17:36 - 000763112 _____ (WinZip Computing, S.L.) C:\Users\booge\Downloads\winzip22_downwz.exe
2017-11-03 16:51 - 2017-11-22 11:58 - 000000000 ____D C:\Users\booge\Downloads\cyberlink
2017-11-03 16:42 - 2017-11-03 19:06 - 000000000 ____D C:\Users\booge\Downloads\king khan
2017-11-03 16:22 - 2017-11-03 20:17 - 000000000 ____D C:\Users\booge\Downloads\kiteman73
2017-11-03 02:19 - 2017-11-19 18:09 - 000000000 ____D C:\Windows\system32\MRT
2017-11-03 02:19 - 2017-11-19 18:04 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-03 02:19 - 2017-11-19 18:04 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-03 02:19 - 2017-11-03 02:19 - 000000000 ____D C:\Users\booge\AppData\Local\PeerDistRepub
2017-11-02 16:19 - 2017-11-22 11:45 - 000000000 ____D C:\Users\booge\AppData\Local\CrashDumps
2017-11-02 16:19 - 2017-11-02 16:19 - 000000000 ____D C:\Users\booge\AppData\Local\DBG
2017-11-02 09:28 - 2017-11-02 09:28 - 000001194 _____ C:\Users\booge\Desktop\HitFilm 4 Express.lnk
2017-11-02 02:12 - 2017-11-06 11:12 - 000000000 ____D C:\Windows\Panther
2017-11-02 01:14 - 2017-11-02 01:14 - 000000000 _SHDL C:\Documents and Settings
2017-11-02 01:14 - 2017-11-02 01:14 - 000000000 ____D C:\Windows\CSC
2017-11-02 01:14 - 2017-09-29 21:41 - 002241024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-11-02 01:13 - 2017-11-23 13:20 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-02 01:13 - 2017-11-23 13:20 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-11-02 01:13 - 2017-11-23 09:21 - 000230400 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-02 01:13 - 2017-11-02 01:13 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-11-02 01:13 - 2017-11-02 01:13 - 000000000 ____D C:\Windows\ServiceProfiles
2017-11-01 14:52 - 2017-11-21 22:08 - 000000000 ____D C:\Users\booge\Downloads\STREAM
2017-11-01 13:25 - 2017-11-01 13:25 - 020807336 _____ (ExpressVPN) C:\Users\booge\Downloads\expressvpn_6.2.7.3059.exe
2017-11-01 13:25 - 2017-11-01 13:25 - 000002080 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
2017-11-01 13:25 - 2017-11-01 13:25 - 000000000 ____D C:\Users\booge\AppData\Local\IsolatedStorage
2017-11-01 13:25 - 2017-11-01 13:25 - 000000000 ____D C:\Users\booge\AppData\Local\ExpressVPN
2017-11-01 13:25 - 2017-11-01 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2017-11-01 13:25 - 2017-11-01 13:25 - 000000000 ____D C:\ProgramData\ExpressVPN
2017-11-01 13:25 - 2017-11-01 13:25 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2017-11-01 13:15 - 2017-11-01 13:15 - 000000000 ____D C:\Users\booge\AppData\Local\HitFilm 4 Express Activation
2017-11-01 13:14 - 2017-11-03 18:18 - 000000000 ____D C:\Users\booge\AppData\Roaming\NVIDIA
2017-11-01 13:14 - 2017-11-01 13:14 - 000000000 ____D C:\Users\booge\Documents\FXHOME
2017-11-01 13:14 - 2017-11-01 13:14 - 000000000 ____D C:\Users\booge\AppData\Local\FXHOME Helper
2017-11-01 13:14 - 2017-11-01 13:14 - 000000000 ____D C:\Users\booge\AppData\Local\FXHOME
2017-11-01 13:14 - 2017-11-01 13:14 - 000000000 ____D C:\Users\booge\AppData\Local\Crashpad
2017-11-01 13:14 - 2017-11-01 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitFilm 4 Express
2017-11-01 13:14 - 2017-11-01 13:14 - 000000000 ____D C:\ProgramData\FXHOME
2017-11-01 13:14 - 2017-11-01 13:14 - 000000000 ____D C:\Program Files\FXHOME
2017-11-01 13:14 - 2017-11-01 13:14 - 000000000 ____D C:\Program Files\Common Files\OFX
2017-11-01 13:14 - 2017-11-01 13:14 - 000000000 ____D C:\Program Files\Boris FX, Inc
2017-11-01 13:14 - 2017-11-01 13:14 - 000000000 ____D C:\Program Files (x86)\Boris FX, Inc
2017-11-01 13:14 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-11-01 13:14 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-11-01 12:41 - 2017-11-23 13:24 - 000000000 ____D C:\Users\booge\AppData\Roaming\Spotify
2017-11-01 12:41 - 2017-11-23 13:22 - 000000000 ____D C:\Users\booge\AppData\Local\Spotify
2017-11-01 12:41 - 2017-11-01 12:41 - 000001850 _____ C:\Users\booge\Desktop\Spotify.lnk
2017-11-01 12:41 - 2017-11-01 12:41 - 000001836 _____ C:\Users\booge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-11-01 12:40 - 2017-11-01 12:40 - 000723152 _____ (Spotify Ltd) C:\Users\booge\Downloads\SpotifySetup.exe
2017-11-01 12:37 - 2017-11-01 12:39 - 455245824 _____ C:\Users\booge\Downloads\HitFilm4Express_x64_4.0.5723.10801.msi
2017-11-01 12:16 - 2017-11-01 12:16 - 000000000 ____D C:\Program Files (x86)\ExpressVpn Tap Driver Win10
2017-11-01 12:11 - 2017-11-01 12:12 - 000000000 ____D C:\Users\booge\AppData\Local\NVIDIA Corporation
2017-11-01 12:10 - 2017-11-01 12:11 - 000000000 ____D C:\Users\booge\AppData\Local\NVIDIA
2017-11-01 12:10 - 2017-11-01 12:10 - 000001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-11-01 12:10 - 2016-06-15 04:01 - 001767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-11-01 12:10 - 2016-06-15 04:01 - 001756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-11-01 12:10 - 2016-06-15 04:01 - 001377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-11-01 12:10 - 2016-06-15 04:01 - 001316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-11-01 12:10 - 2016-06-15 04:01 - 000112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-11-01 12:10 - 2016-04-14 13:38 - 000113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-11-01 12:10 - 2016-04-14 13:38 - 000102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-11-01 12:10 - 2016-04-14 13:38 - 000056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-11-01 12:10 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-11-01 12:10 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-11-01 12:10 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-11-01 12:10 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-11-01 12:10 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-11-01 12:10 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-11-01 12:09 - 2016-06-20 14:46 - 106587080 _____ (NVIDIA Corporation) C:\Users\booge\Downloads\GFExperienceSetupIntFull-1008402-01.exe
2017-11-01 11:56 - 2017-11-01 11:56 - 000929958 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-11-01 11:56 - 2017-11-01 11:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-11-01 11:56 - 2017-11-01 11:56 - 000000000 ____D C:\Users\booge\AppData\Roaming\Intel Corporation
2017-11-01 11:55 - 2015-10-10 07:27 - 000935168 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2017-11-01 11:55 - 2015-10-10 07:27 - 000082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-11-01 11:53 - 2017-11-22 12:12 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-11-01 11:53 - 2017-11-01 11:53 - 000000000 ____D C:\Program Files\Realtek
2017-11-01 11:53 - 2016-01-27 10:04 - 003195648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-11-01 11:53 - 2016-01-27 10:04 - 002894976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-11-01 11:53 - 2016-01-27 10:03 - 072203792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2017-11-01 11:53 - 2016-01-27 10:03 - 007172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 007096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 003769493 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-11-01 11:53 - 2016-01-27 10:03 - 003283248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 003080784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 002036992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 001965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 001780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 001591064 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 001508936 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 001356504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000708320 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000447728 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000445408 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000327464 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000253904 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000253872 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000192992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000134208 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000118600 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000105312 _____ C:\Windows\system32\audioLibVc.dll
2017-11-01 11:53 - 2016-01-27 10:03 - 000084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2017-11-01 11:53 - 2016-01-06 16:23 - 002826832 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-11-01 11:47 - 2017-11-01 11:55 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-11-01 11:47 - 2017-11-01 11:53 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-11-01 11:46 - 2017-11-01 11:46 - 000000000 ____D C:\Users\booge\Intel
2017-11-01 11:46 - 2017-11-01 11:46 - 000000000 ____D C:\ProgramData\Intel
2017-11-01 11:46 - 2017-11-01 11:46 - 000000000 ____D C:\Program Files (x86)\Intel
2017-11-01 11:43 - 2017-11-01 11:56 - 000000000 ____D C:\Program Files\Intel
2017-11-01 11:42 - 2017-11-01 11:54 - 000026192 ____N (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2017-11-01 11:42 - 2017-11-01 11:54 - 000000010 _____ C:\Windows\GSetup.ini
2017-11-01 11:42 - 2009-08-27 15:04 - 000207400 ____R () C:\Windows\GSetup.exe
2017-11-01 11:36 - 2017-11-01 11:36 - 000000000 ____D C:\Windows\containers
2017-11-01 11:30 - 2017-10-10 15:14 - 000139672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-11-01 11:30 - 2017-10-10 15:11 - 000739696 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-11-01 11:30 - 2017-10-10 15:10 - 001200024 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-11-01 11:30 - 2017-10-10 15:01 - 005906264 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2017-11-01 11:30 - 2017-10-10 15:00 - 001053592 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-11-01 11:30 - 2017-10-10 15:00 - 000373656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-11-01 11:30 - 2017-10-10 14:59 - 001641536 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-11-01 11:30 - 2017-10-10 14:59 - 000778936 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2017-11-01 11:30 - 2017-10-10 14:54 - 001463856 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-11-01 11:30 - 2017-10-10 14:53 - 000464416 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2017-11-01 11:30 - 2017-10-10 14:53 - 000232344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-11-01 11:30 - 2017-10-10 14:51 - 000184984 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-11-01 11:30 - 2017-10-10 14:49 - 001554216 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2017-11-01 11:30 - 2017-10-10 14:49 - 000060824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\urscx01000.sys
2017-11-01 11:30 - 2017-10-10 14:48 - 000677280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-11-01 11:30 - 2017-10-10 14:44 - 000246168 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2017-11-01 11:30 - 2017-10-10 14:43 - 000418712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-11-01 11:30 - 2017-10-10 14:36 - 001436432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-11-01 11:30 - 2017-10-10 14:31 - 001323840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-11-01 11:30 - 2017-10-10 14:30 - 000123520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-11-01 11:30 - 2017-10-10 14:26 - 000649304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2017-11-01 11:30 - 2017-10-10 14:11 - 000597160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-11-01 11:30 - 2017-10-10 14:07 - 001261864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2017-11-01 11:30 - 2017-10-10 14:06 - 000353688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-11-01 11:30 - 2017-10-10 13:46 - 001470976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-11-01 11:30 - 2017-10-10 13:46 - 000136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-01 11:30 - 2017-10-10 13:43 - 000566272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll
2017-11-01 11:30 - 2017-10-10 13:43 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll
2017-11-01 11:30 - 2017-10-10 13:42 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2017-11-01 11:30 - 2017-10-10 13:42 - 000326144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2017-11-01 11:30 - 2017-10-10 13:37 - 002869248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-01 11:30 - 2017-10-10 13:37 - 001587200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-11-01 11:30 - 2017-10-10 13:37 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-01 11:30 - 2017-10-10 13:36 - 001664000 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-11-01 11:30 - 2017-10-10 13:36 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-01 11:30 - 2017-10-10 13:34 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmUcsi.sys
2017-11-01 11:30 - 2017-10-10 13:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-11-01 11:30 - 2017-10-10 13:34 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-11-01 11:30 - 2017-10-10 13:33 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthTokenBrokerExt.dll
2017-11-01 11:30 - 2017-10-10 13:33 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-11-01 11:30 - 2017-10-10 13:32 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-11-01 11:30 - 2017-10-10 13:32 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-11-01 11:30 - 2017-10-10 13:31 - 000665088 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll
2017-11-01 11:30 - 2017-10-10 13:31 - 000478208 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2017-11-01 11:30 - 2017-10-10 13:30 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2017-11-01 11:30 - 2017-10-10 13:30 - 000442880 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2017-11-01 11:30 - 2017-10-10 13:27 - 001547264 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-11-01 11:30 - 2017-10-10 13:26 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-01 11:30 - 2017-10-10 13:26 - 001856000 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-11-01 11:30 - 2017-10-10 13:25 - 001822208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-01 11:30 - 2017-10-10 13:25 - 000925184 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2017-11-01 11:30 - 2017-10-10 13:24 - 000726016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-11-01 11:30 - 2017-10-10 13:24 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-11-01 11:30 - 2017-10-04 06:42 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-11-01 11:30 - 2017-10-04 06:42 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-11-01 11:26 - 2017-11-03 17:42 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-01 11:23 - 2017-11-01 11:23 - 000000000 ____D C:\Users\booge\AppData\Roaming\MailFrontier
2017-11-01 11:23 - 2017-11-01 11:23 - 000000000 ____D C:\ProgramData\MailFrontier
2017-11-01 11:22 - 2017-11-01 11:22 - 000229288 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_KLIF_arkmon.sys
2017-11-01 11:22 - 2017-11-01 11:22 - 000173144 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_KLIF_mark.sys
2017-11-01 11:22 - 2017-11-01 11:22 - 000112912 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_KLIF_klbg.sys
2017-11-01 11:22 - 2017-11-01 11:22 - 000087584 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_KLIF_kimul.sys
2017-11-01 11:22 - 2017-11-01 11:22 - 000000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
2017-11-01 11:22 - 2017-03-24 22:09 - 000942904 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\AntiTheftCredentialProvider.dll
2017-11-01 11:21 - 2017-11-01 11:21 - 000440988 _____ C:\Windows\system32\Drivers\vsconfig.xml
2017-11-01 11:21 - 2017-11-01 11:21 - 000000144 _____ C:\Windows\SysWOW64\lkfl.dat
2017-11-01 11:21 - 2017-11-01 11:21 - 000000128 _____ C:\Windows\SysWOW64\pdfl.dat
2017-11-01 11:21 - 2017-11-01 11:21 - 000000080 _____ C:\Windows\SysWOW64\ibfl.dat
2017-11-01 11:21 - 2017-11-01 11:21 - 000000000 ____D C:\Users\booge\AppData\Roaming\CheckPoint
2017-11-01 11:21 - 2017-11-01 11:21 - 000000000 ____D C:\ProgramData\ContentWatch
2017-11-01 11:21 - 2017-11-01 11:21 - 000000000 ____D C:\Program Files (x86)\PC Tune-Up
2017-11-01 11:21 - 2017-03-22 08:06 - 000554408 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kl1.sys
2017-11-01 11:21 - 2017-03-22 08:06 - 000435032 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2017-11-01 11:20 - 2017-11-01 11:20 - 000000778 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2017-11-01 11:20 - 2017-11-01 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2017-11-01 11:15 - 2017-11-01 11:21 - 000000000 ____D C:\ProgramData\CheckPoint
2017-11-01 11:15 - 2017-11-01 11:21 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2017-11-01 11:15 - 2017-11-01 11:15 - 005109248 _____ (Check Point Software Technologies Ltd.) C:\Users\booge\Downloads\ZASPSetupWeb_151_501_17249.exe
2017-11-01 11:12 - 2017-11-01 11:12 - 000004284 _____ C:\Windows\System32\Tasks\Open URL by RoboForm
2017-11-01 11:12 - 2017-11-01 11:12 - 000003592 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2017-11-01 11:12 - 2017-11-01 11:12 - 000000000 ____D C:\Users\booge\AppData\Local\RoboForm
2017-11-01 11:12 - 2017-11-01 11:12 - 000000000 ____D C:\ProgramData\RoboForm
2017-11-01 11:12 - 2017-11-01 11:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2017-11-01 11:11 - 2017-11-01 11:11 - 000000000 ____D C:\Program Files (x86)\Siber Systems
2017-11-01 11:10 - 2017-11-01 11:11 - 022461808 _____ (Siber Systems) C:\Users\booge\Downloads\RoboForm-v8-Setup-12e00.exe
2017-11-01 11:04 - 2017-11-17 19:54 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-01 11:04 - 2017-11-17 19:54 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-01 11:04 - 2017-11-14 11:10 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-01 11:04 - 2017-11-14 11:10 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-01 11:04 - 2017-11-01 11:04 - 000000000 ____D C:\Users\booge\AppData\Local\Google
2017-11-01 11:04 - 2017-11-01 11:04 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-01 11:03 - 2017-11-23 13:24 - 000000000 ____D C:\Users\booge\AppData\LocalLow\Mozilla
2017-11-01 11:03 - 2017-11-21 09:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-01 11:03 - 2017-11-21 09:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-01 11:03 - 2017-11-17 19:25 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-01 11:03 - 2017-11-17 19:25 - 000000000 ____D C:\Users\booge\AppData\Roaming\Mozilla
2017-11-01 11:03 - 2017-11-01 11:08 - 000000000 ____D C:\Users\booge\AppData\Local\Mozilla
2017-11-01 11:03 - 2017-11-01 11:04 - 001130328 _____ (Google Inc.) C:\Users\booge\Downloads\ChromeSetup.exe
2017-11-01 11:03 - 2017-11-01 11:03 - 000000993 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-01 10:38 - 2017-11-01 10:38 - 000000000 ____D C:\Users\booge\AppData\Local\PlaceholderTileLogoFolder
2017-11-01 10:37 - 2017-11-01 10:37 - 000000000 ____D C:\Users\booge\AppData\Local\PackageStaging
2017-11-01 10:37 - 2017-11-01 10:37 - 000000000 ____D C:\Users\booge\AppData\Local\Comms
2017-11-01 10:30 - 2017-11-20 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-11-01 10:28 - 2017-11-23 13:20 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-01 10:28 - 2017-11-21 15:46 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-01 10:28 - 2017-11-20 20:25 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-01 10:28 - 2017-11-20 20:23 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-11-01 10:28 - 2017-10-28 00:36 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-11-01 10:28 - 2017-10-28 00:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-11-01 10:28 - 2017-10-28 00:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-11-01 10:28 - 2017-10-28 00:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-11-01 10:28 - 2017-10-28 00:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-11-01 10:28 - 2017-10-28 00:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-11-01 10:28 - 2017-10-28 00:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-11-01 10:28 - 2017-10-28 00:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-11-01 10:28 - 2017-10-25 18:33 - 007802921 _____ C:\Windows\system32\nvcoproc.bin
2017-11-01 10:28 - 2017-05-19 18:07 - 000521816 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-11-01 10:23 - 2017-11-07 07:58 - 000003374 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-24704615-1488910953-2457280611-1001
2017-11-01 10:22 - 2017-11-19 23:27 - 000000000 __RDL C:\Users\booge\OneDrive
2017-11-01 10:22 - 2017-11-07 07:58 - 000002363 _____ C:\Users\booge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-01 10:22 - 2017-11-01 10:22 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-01 10:21 - 2017-11-23 13:26 - 001183244 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-01 10:20 - 2017-11-01 10:54 - 000000000 ____D C:\Users\booge\AppData\Local\Packages
2017-11-01 10:20 - 2017-11-01 10:22 - 000000000 ____D C:\Users\booge\AppData\Local\ConnectedDevicesPlatform
2017-11-01 10:20 - 2017-11-01 10:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-01 10:20 - 2017-11-01 10:20 - 000000000 ___RD C:\Users\booge\3D Objects
2017-11-01 10:20 - 2017-11-01 10:20 - 000000000 ___HD C:\Users\booge\MicrosoftEdgeBackups
2017-11-01 10:20 - 2017-11-01 10:20 - 000000000 ____D C:\Users\booge\AppData\Roaming\Adobe
2017-11-01 10:20 - 2017-11-01 10:20 - 000000000 ____D C:\Users\booge\AppData\Local\VirtualStore
2017-11-01 10:20 - 2017-11-01 10:20 - 000000000 ____D C:\Users\booge\AppData\Local\Publishers
2017-11-01 10:20 - 2017-11-01 10:20 - 000000000 ____D C:\Users\booge\AppData\Local\MicrosoftEdge
2017-11-01 10:18 - 2017-11-23 13:21 - 000000000 ____D C:\Users\booge
2017-11-01 10:18 - 2017-11-01 11:53 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2017-11-01 10:18 - 2017-11-01 10:18 - 000000020 ___SH C:\Users\booge\ntuser.ini
2017-11-01 10:18 - 2017-11-01 10:18 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-11-01 10:18 - 2017-11-01 10:18 - 000000000 ____D C:\ProgramData\USOShared
2017-10-29 22:35 - 2017-10-29 22:35 - 000045048 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapexpressvpn.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-23 13:24 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2017-11-23 13:21 - 2017-09-29 21:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-23 13:21 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\AppReadiness
2017-11-23 13:19 - 2017-09-29 16:45 - 000524288 _____ C:\Windows\system32\config\BBI
2017-11-21 22:10 - 2017-09-29 21:44 - 000000000 ____D C:\Windows\INF
2017-11-19 17:59 - 2017-09-29 21:46 - 000000000 __RSD C:\Windows\media
2017-11-17 15:37 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\rescache
2017-11-16 19:14 - 2017-09-29 21:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2017-11-16 19:14 - 2017-09-29 21:46 - 000000000 ___SD C:\Windows\system32\F12
2017-11-16 19:14 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\TextInput
2017-11-16 19:14 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\SysWOW64\Dism
2017-11-16 19:14 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2017-11-16 19:14 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-16 19:14 - 2017-09-29 16:45 - 000000000 ____D C:\Windows\system32\Dism
2017-11-15 10:51 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-15 10:51 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-15 10:51 - 2017-09-29 21:37 - 000000000 ____D C:\Windows\CbsTemp
2017-11-09 04:38 - 2017-05-19 18:03 - 001624168 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-11-09 04:38 - 2017-05-19 18:03 - 000233904 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-11-09 04:25 - 2017-10-09 11:06 - 003859848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-11-09 04:25 - 2017-05-19 17:47 - 004533184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-11-09 03:57 - 2017-05-19 14:22 - 000048442 _____ C:\Windows\system32\nvinfo.pb
2017-11-07 19:46 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\LiveKernelReports
2017-11-04 09:25 - 2017-09-29 21:49 - 000835568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-04 09:25 - 2017-09-29 21:49 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-03 17:42 - 2017-09-29 21:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-11-02 08:41 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\appcompat
2017-11-02 02:12 - 2017-09-29 21:46 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2017-11-02 01:14 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\system32\spool
2017-11-02 01:14 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-11-02 01:14 - 2017-09-29 16:45 - 000000000 ____D C:\Windows\system32\Sysprep
2017-11-02 01:13 - 2017-09-29 21:46 - 000000000 ___RD C:\Windows\PrintDialog
2017-11-02 01:13 - 2017-09-29 21:46 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\yo-NG
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\wo-SN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\ur-PK
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\ug-CN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\tt-RU
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\tk-TM
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\ti-ET
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\te-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\ta-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\sw-KE
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\sq-AL
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\si-LK
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\rw-RW
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\quz-PE
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\prs-AF
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\pa-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\or-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\nn-NO
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\ne-NP
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\mt-MT
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\mr-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\mn-MN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\ml-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\mk-MK
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\lo-LA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\lb-LU
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\ky-KG
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\kok-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\kn-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\km-KH
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\ka-GE
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\is-IS
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\ig-NG
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\hy-AM
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\gu-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\gd-GB
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\ga-IE
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\fil-PH
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\fa-IR
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\cy-GB
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\bn-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\bn-BD
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\be-BY
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\as-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\am-ET
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\SysWOW64\af-ZA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\zu-ZA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\yo-NG
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\xh-ZA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\wo-SN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\vi-VN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\uz-Latn-UZ
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\ur-PK
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\ug-CN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\tt-RU
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\tn-ZA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\tk-TM
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\ti-ET
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\tg-Cyrl-TJ
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\te-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\ta-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\sw-KE
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\sr-Cyrl-RS
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\sr-Cyrl-BA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\sq-AL
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\si-LK
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\sd-Arab-PK
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\rw-RW
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\quz-PE
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\quc-Latn-GT
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\prs-AF
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\pa-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\pa-Arab-PK
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\or-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\nso-ZA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\nn-NO
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\ne-NP
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\mt-MT
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\mr-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\mn-MN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\ml-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\mk-MK
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\mi-NZ
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\lo-LA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\lb-LU
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\ky-KG
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\ku-Arab-IQ
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\kok-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\kn-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\km-KH
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\kk-KZ
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\ka-GE
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\is-IS
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\ig-NG
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\id-ID
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\hy-AM
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\ha-Latn-NG
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\gu-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\gd-GB
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\ga-IE
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\fil-PH
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\fa-IR
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\cy-GB
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\chr-CHER-US
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\ca-ES-valencia
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\bs-Latn-BA
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\bn-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\bn-BD
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\be-BY
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\az-Latn-AZ
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\as-IN
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\am-ET
2017-11-01 11:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\system32\af-ZA
2017-11-01 11:21 - 2017-09-29 16:45 - 000032768 _____ C:\Windows\system32\config\ELAM
2017-11-01 10:36 - 2017-09-29 22:41 - 000000000 ____D C:\Windows\OCR
2017-11-01 10:36 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\system32\en-GB
2017-11-01 10:28 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\Help
2017-11-01 10:18 - 2017-09-29 21:46 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2017-11-01 10:15 - 2017-09-29 21:46 - 000000000 ____D C:\ProgramData\USOPrivate

Some files in TEMP:
====================
2017-11-19 17:50 - 2013-04-10 21:25 - 001044048 ____N (CANON INC.) C:\Users\booge\AppData\Local\Temp\MSETUP4.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-13 10:16

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2017
Ran by booge (23-11-2017 13:51:19)
Running from C:\Users\booge\Downloads
Windows 10 Pro Version 1709 16299.64 (X64) (2017-11-01 17:14:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-24704615-1488910953-2457280611-500 - Administrator - Disabled)
booge (S-1-5-21-24704615-1488910953-2457280611-1001 - Administrator - Enabled) => C:\Users\booge
DefaultAccount (S-1-5-21-24704615-1488910953-2457280611-503 - Limited - Disabled)
Guest (S-1-5-21-24704615-1488910953-2457280611-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-24704615-1488910953-2457280611-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ZoneAlarm Extreme Security Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Extreme Security Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Extreme Security Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG2400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series) (Version: 1.00 - Canon Inc.)
Canon MG2400 series On-screen Manual (HKLM-x32\...\Canon MG2400 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Click Install if prompted (HKLM-x32\...\{92A9572E-834E-477B-A100-C9AD3EE4B4B9}) (Version: 1.0.0.0 - ExpressVpn) Hidden
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CyberLink Director Suite 5 (HKLM-x32\...\{FBFC2A17-8C05-4F92-A2A9-236C51D62E55}) (Version: 5.0 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
e-Sword (HKLM-x32\...\{1D3D8773-56B9-44F0-ACC6-3DEA462E665F}) (Version: 11.01.0000 - Rick Meyers)
ExpressVPN (HKLM-x32\...\{18CFE0F1-0032-4F11-9102-159A8597A73E}) (Version: 6.2.7.3059 - ExpressVPN) Hidden
ExpressVPN (HKLM-x32\...\{7d319cbe-e608-4933-93f9-b2a71a3e59c6}) (Version: 6.2.7.3059 - ExpressVPN)
FVD Downloader Module (HKLM-x32\...\{A3F74A3C-6824-4878-AB46-21280389D09F}) (Version: 1.0.7 - Nimbus)
GFExperience.Deployer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.Deployer) (Version: 3.10.0.95 - NVIDIA Corporation) Hidden
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HitFilm 4 Express (HKLM\...\{F8BB3662-69A1-4EF1-8674-ADD90AAD3D08}) (Version: 4.0.5723.10801 - FXHOME)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
iSkysoft Data Recovery(Build 3.0.0.12) (HKLM-x32\...\{656DB838-DB63-4acd-82E3-BB363ED99116}_is1) (Version: 3.0.0.12 - iSkysoft Software Co.,Ltd.)
Microsoft OneDrive (HKU\S-1-5-21-24704615-1488910953-2457280611-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla)
NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 3.0 - NewBlue)
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.5 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM-x32\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM-x32\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
PC Tune-Up (HKLM-x32\...\PC Tune-Up) (Version: 2.2.0.1 - ZoneAlarm) Hidden
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.108.2 - proDAD GmbH)
proDAD Vitascene 2.0 (64bit) (HKLM\...\proDAD-Vitascene-2.0) (Version: 2.0.243 - proDAD GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.)
RoboForm 8-4-3-4 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-4-3-4 - Siber Systems)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-24704615-1488910953-2457280611-1001\...\Spotify) (Version: 1.0.67.582.g19436fa3 - Spotify AB)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinZip 22.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24113}) (Version: 22.0.12663 - Corel Corporation)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
ZoneAlarm Antivirus (HKLM-x32\...\{D457D6C7-C040-40CB-8BF8-D8ECC8FDDACE}) (Version: 15.1.501.17249 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Extreme Security (HKLM-x32\...\ZoneAlarm Extreme Security) (Version: 15.1.501.17249 - Check Point)
ZoneAlarm Find My Laptop (HKLM-x32\...\{C7E7A446-DE1F-441D-9519-BD858266A7AB}) (Version: 15.1.501.17249 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{902E1EFE-94FC-4209-9409-EBB2CA9E8DA6}) (Version: 15.1.501.17249 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Parental Controls (HKLM\...\{9D0D6B72-4C5C-498D-9A8A-DA53341E8BC1}) (Version: 7.2.6.1 - ContentWatch) Hidden
ZoneAlarm Security (HKLM-x32\...\{9F5DAD59-9A81-44E4-A075-0C943932FD10}) (Version: 15.1.501.17249 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt_20171120_17_56_58.dll [2015-07-07] (Cyberlink)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-10-24] (WinZip Computing, S.L.)
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2017-03-24] (Check Point Software Technologies Ltd.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt_20171120_17_56_58.dll [2015-07-07] (Cyberlink)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-10-24] (WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-28] (NVIDIA Corporation)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-10-24] (WinZip Computing, S.L.)
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2017-03-24] (Check Point Software Technologies Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {25679340-EE26-46C3-9BAB-0527E34264E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-01] (Google Inc.)
Task: {36986754-CE0A-4ED1-ACEE-0244FB9432BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-01] (Google Inc.)
Task: {3F791E96-7956-4665-B3DD-12A3C854FE4B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {40FA48EF-D707-4670-A6A0-4E00C26F923A} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2017-11-09] ()
Task: {81C9AAB9-5DB2-4E64-A38B-C13CDEB899C4} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMOMJMIMMJJJHMMMPMCNPMLJJMGMCNLMHMKMOJCNHMNJNMMJCNMMJJOMGMHMPMIMMMIMJMMMHMJNJICMHMCNLMCNMMFMOMOMCNOMKMCNOMJMNMGMGMFMPMCNPMCNOMJMNMGMGMCNNMJNPICMKMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMNJAJAJIJKJGIAJBJLJAJIIBJPLHJKIMIHJCJOJGJD (the data entry has 86 more characters).
Task: {A2B77F6E-AD6F-45DB-9B04-D5206CF1F7EE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-11-01] (Siber Systems)
Task: {B6310A3F-7A2E-4BF0-B98F-7AECD0CB32A0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-19] (Piriform Ltd)
Task: {C589168A-8064-435C-B198-EF0032E19327} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-19] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 21:41 - 2017-09-29 21:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-10-29 22:35 - 2017-10-29 22:35 - 000339168 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
2017-11-19 18:00 - 2013-05-15 02:50 - 000140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2017-09-01 19:15 - 2017-09-01 19:15 - 000495872 _____ () C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
2017-10-29 22:37 - 2017-10-29 22:37 - 009413248 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
2017-09-29 21:42 - 2017-09-29 22:42 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 21:42 - 2017-09-29 22:42 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-12 15:52 - 2017-11-12 15:53 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-12 15:52 - 2017-11-12 15:53 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-12 15:52 - 2017-11-12 15:53 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-07 07:47 - 2017-11-07 07:47 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-12 15:52 - 2017-11-12 15:53 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-10-29 22:37 - 2017-10-29 22:37 - 007731840 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\expressvpn-browser-helper.exe
2017-03-22 08:06 - 2017-03-22 08:06 - 000865232 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
2017-10-29 22:37 - 2017-10-29 22:37 - 006427160 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\libxvclient.dll
2017-10-29 22:38 - 2017-10-29 22:38 - 000447616 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll
2017-11-01 12:10 - 2016-06-15 04:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-11-01 12:41 - 2017-11-13 09:00 - 068211824 _____ () C:\Users\booge\AppData\Roaming\Spotify\libcef.dll
2017-11-01 12:41 - 2017-11-13 09:00 - 003110512 _____ () C:\Users\booge\AppData\Roaming\Spotify\libglesv2.dll
2017-11-01 12:41 - 2017-11-13 09:00 - 000087152 _____ () C:\Users\booge\AppData\Roaming\Spotify\libegl.dll
2017-03-24 22:06 - 2017-03-24 22:06 - 000095544 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\TEComUtilDLL.dll
2017-11-14 15:38 - 2016-07-21 10:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-11-14 15:38 - 2016-10-08 16:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-11-20 17:56 - 2014-12-08 15:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2014-12-08 15:28 - 2014-12-08 15:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 21:46 - 2017-09-29 21:44 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-24704615-1488910953-2457280611-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138 - 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2C836938-8947-47A6-8BC0-8B10417E62A1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{86133F16-4E96-4114-9699-D50C0A66A569}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A9CBADE3-DBC4-4C38-977D-F9D54C54EBF2}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{A5C852A9-2110-437B-A608-EEF0FE8CC42B}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{8D1A532A-7CDE-412B-9E83-89CCDE1DCF2E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{992E0972-C725-4E65-8E91-E85ADDAA9224}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{E66D197E-254E-403C-86A6-17FCB2E88D6E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{59098941-3D2D-48F4-A139-8E4B21C7FEE3}C:\users\booge\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\booge\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7C3FAE53-644B-4881-8B22-6E5C789D2E7C}C:\users\booge\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\booge\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4BEE2B7E-BDF2-4F3B-B8CE-F3FAB21193DC}] => (Allow) C:\Program Files\CyberLink\PowerDirector15\PDR10.EXE

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: ExpressVPN Tap Adapter
Description: ExpressVPN Tap Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ExpressVPN Tap Adapter #2
Description: ExpressVPN Tap Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ExpressVPN Tap Adapter #3
Description: ExpressVPN Tap Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ExpressVPN Tap Adapter #4
Description: ExpressVPN Tap Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2017 01:20:53 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.

Error: (11/23/2017 01:19:26 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.

Error: (11/23/2017 09:37:15 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={36F5054E-1F46-4C9E-BE0A-B5739A77A31A}: The user SYSTEM dialed a connection named ExpressVPN which has failed. The error code returned on failure is 1168.

Error: (11/23/2017 09:37:13 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={B0D5A886-5228-4DBF-B531-A76DBF6CCF5D}: The user SYSTEM dialed a connection named ExpressVPN which has failed. The error code returned on failure is 1168.

Error: (11/23/2017 09:35:33 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={7456E4BA-1E57-4A83-8026-1C2435F3EFA3}: The user SYSTEM dialed a connection named ExpressVPN which has failed. The error code returned on failure is 1168.

Error: (11/23/2017 09:30:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-JIUJLN1)
Description: Package Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (11/23/2017 09:21:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1020

Start Time: 01d363f95a3938fa

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Report Id: cbedfe3e-2086-4ae1-9e77-bac9894f8784

Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Error: (11/23/2017 09:21:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-JIUJLN1)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (11/23/2017 09:21:14 AM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.

Error: (11/22/2017 11:34:23 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={4C301401-A920-4E54-8E3A-8D30278C4A8C}: The user SYSTEM dialed a connection named ExpressVPN which has failed. The error code returned on failure is 1168.


System errors:
=============
Error: (11/23/2017 01:21:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-JIUJLN1)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-JIUJLN1\booge SID (S-1-5-21-24704615-1488910953-2457280611-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2017 01:21:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2017 01:21:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2017 01:21:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2017 01:21:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2017 01:20:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Streamer Network Service service to connect.

Error: (11/23/2017 01:19:41 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The TrueVector Internet Monitor service did not shut down properly after receiving a preshutdown control.

Error: (11/23/2017 01:19:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Streamer Network Service service to connect.

Error: (11/23/2017 01:19:20 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (11/23/2017 01:19:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:18:43 PM on ‎23/‎11/‎2017 was unexpected.


==================== Memory info ===========================

Processor: Intel® Core™ i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 23%
Total physical RAM: 16342.05 MB
Available physical RAM: 12567.81 MB
Total Virtual: 18774.05 MB
Available Virtual: 14258.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.75 GB) (Free:36.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: B1064FBC)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 28 November 2017 - 01:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/663580 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 D78GHUO

D78GHUO
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 30 November 2017 - 08:41 PM

My system is a Desktop Microsoft 10, 64bit system. I have problems with my video recording chopping mostly the sound. I also have problem accessing some of the features of windows because the buttons won

t respond when I click on them with the mouse. Such as start button, windows explorer and others. I also don't have ability to access the bios so that I can change the boot sequence. I was going to do a fresh install but unfortunately to do that and boot from the usb thumb drive which had windows installed, I couldn't because of the button on keyboard not responding to acess bios at bootup. Thats about all, and I still need help, sorry for the late response, it appears this automated response went to my old email address and I hadn't checked it.

Thanks for any help you can give me.



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 03 December 2017 - 01:25 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:01 PM

Posted 07 December 2017 - 09:41 AM

Greetings D78GHUO and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please attempt to run and post the results of a fresh FRST scan.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:01 PM

Posted 10 December 2017 - 06:37 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 D78GHUO

D78GHUO
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 11 December 2017 - 07:33 AM

Hi, I'm not sure what happened to my computer but it just fixed itself. I don't know how it happened and I didn't do anything to it, it just completely fixed itself.

 

Thanks for the help and sorry for the late response. I just was busy and forgot about it.

 

Kind Regards D78GHUO



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:01 PM

Posted 11 December 2017 - 09:52 AM

Thanks for letting us know. If the symptoms return feel free to contact a Moderator to re-open the topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:01 PM

Posted 11 December 2017 - 09:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users