Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% Disk Usage sometimes - system stops responding


  • This topic is locked This topic is locked
6 replies to this topic

#1 juniorelson4

juniorelson4

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 08 December 2017 - 12:55 PM

So, I've started to get this issue of 100% disk usage sometimes and I don't really know what is doing it. But I tried to monitor things with Task Manager and Resource Monitor and it looks like Google Chrome x64 Portable and Microsoft Windows Defender related processes are the ones consuming more disk when the issue of 100% disk usage happens. One time WIndows Defender reported that it got disabled and I had to manually enable it again. So for now I stopped using my Chrome Portable and I'm using Microsoft Edge browser and the issue still didn't happen (only some hours since I did this), but I'm monitoring the situation.
 
EDITED: It just happened again using Edge. The system froze. When the disk usage started to reduce again, Windows Defender was the one using more disk resources.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-12-2017
Ran by juniorelson4 (administrator) on JUNIORELSON4-PC (08-12-2017 15:51:17)
Running from C:\Users\juniorelson4\Desktop
Loaded Profiles: juniorelson4 (Available Profiles: juniorelson4 & Guest user & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(f.lux Software LLC) C:\Users\juniorelson4\AppData\Local\FluxSoftware\Flux\flux.exe
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Xmarks.com) C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
(Spotify Ltd) C:\Users\juniorelson4\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
(Lau Han Ching) C:\Program Files (x86)\Lau Han Ching\KeepNetworkAlive\KeepNetworkAlive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8730.20741.0_x64__8wekyb3d8bbwe\onenoteim.exe
() C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.34.12002.0_x64__8wekyb3d8bbwe\CallsApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17102.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Node.js) C:\Windows\Prey\versions\1.7.2\bin\node.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.7.2\node_modules\triggers\bin\lightevt.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9230304 2017-11-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489920 2017-11-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489920 2017-11-01] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112104 2017-03-21] (VMware, Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112104 2017-03-21] (VMware, Inc.)
HKLM-x32\...\Run: [ABNotify] => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe [89960 2017-03-25] ()
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Run: [f.lux] => C:\Users\juniorelson4\AppData\Local\FluxSoftware\Flux\flux.exe [1661432 2017-08-04] (f.lux Software LLC)
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Run: [Google Update] => C:\Users\juniorelson4\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Run: [BigNox] => C:\Users\juniorelson4\AppData\Roaming\Nox\bin\Nox.exe [5306696 2016-09-16] (Duodian Technology Co. Ltd.)
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [11136712 2017-10-27] (FreeDownloadManager.org)
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Run: [Xmarks] => C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe [1202200 2017-01-23] (Xmarks.com)
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Run: [Spotify Web Helper] => C:\Users\juniorelson4\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-27] (Spotify Ltd)
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\RunOnce: [Application Restart #1] => H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe [1592664 2017-12-06] (Google Inc.)
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-411181793-808532874-1999897628-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [11136712 2017-10-27] (FreeDownloadManager.org)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-04-19]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KeepNetworkAlive.lnk [2016-05-11]
ShortcutTarget: KeepNetworkAlive.lnk -> C:\Program Files (x86)\Lau Han Ching\KeepNetworkAlive\KeepNetworkAlive.exe (Lau Han Ching)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{07ba47fa-b929-4baf-bda5-7fc15060a56c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40aea452-d880-45c6-bd71-00bcfb6334e5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e044e9af-f2e8-426b-adb4-a75da326e6d1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-411181793-808532874-1999897628-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-17] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-04-19] (LastPass)
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-04-19] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-04-19] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-04-19] (LastPass)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)

Edge:
======
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.3.0.0_neutral__c1wakc4j0nefm [2017-10-04]
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.45.0_neutral__qq0fmhteeht3j [2017-06-23]

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-04-19] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-04-19] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-22] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-411181793-808532874-1999897628-1000: @tools.google.com/Google Update;version=3 -> C:\Users\juniorelson4\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-411181793-808532874-1999897628-1000: @tools.google.com/Google Update;version=9 -> C:\Users\juniorelson4\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-411181793-808532874-1999897628-1000: SkypePlugin -> C:\Users\juniorelson4\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi.dll [2016-03-31] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-411181793-808532874-1999897628-1000: SkypePlugin64 -> C:\Users\juniorelson4\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi-x64.dll [2016-03-31] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-411181793-808532874-1999897628-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)

Chrome:
=======
CHR Profile: C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default [2017-12-08]
CHR Extension: (Google Slides) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-19]
CHR Extension: (Google Docs) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-10]
CHR Extension: (Google Drive) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-10]
CHR Extension: (YouTube) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-10]
CHR Extension: (Google Sheets) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-10]
CHR Extension: (Gmail) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-10]
CHR Extension: (Chrome Media Router) - C:\Users\juniorelson4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-07] (Windows ® Win 7 DDK provider)
S2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122736 2017-03-25] (AOMEI Tech Co., Ltd.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-04-28] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2017-11-05] (Fork, Ltd.) [File not signed]
S2 Ds3Service; H:\Movable\Games\ScpServer\SCP-DS-Driver-Package-1.2.0.160\bin\ScpService.exe [381952 2014-04-02] (Scarlet.Crush Productions) [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-05-16] (EasyAntiCheat Ltd)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2017-05-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-09-16] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-09-19] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2147216 2017-05-10] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3116440 2017-05-10] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2016-06-08] ()
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-19] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-11-01] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated)
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12482024 2017-03-21] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation) <==== ATTENTION
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation) <==== ATTENTION
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-23] ()
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-23] ()
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2016-12-23] ()
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2016-04-24] (Zemana Ltd.)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4591032 2017-09-26] (Qualcomm Atheros Communications, Inc.)
S3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [10752 2016-07-14] (Cypress Semiconductor, Inc.)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-05] (Dell Computer Corporation)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-08-31] (REALiX™)
S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [161408 2017-03-22] (Zemana Ltd.)
S3 LcUvcUpper; C:\WINDOWS\system32\DRIVERS\LcUvcUpper.sys [37912 2015-09-21] (Microsoft Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [47104 2016-05-20] ()
S3 MotioninJoyXFilter; C:\WINDOWS\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R1 MpKsl790de268; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{510A3AF0-137E-45FA-BA16-4DC24BF5CDF3}\MpKsl790de268.sys [58120 2017-12-08] (Microsoft Corporation)
R1 MpKsl9ecf740a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4019DF86-B423-4F15-B2B8-B87DFA44D681}\MpKsl9ecf740a.sys [58120 2017-11-18] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_53c980648711c73a\nvlddmkm.sys [15619320 2017-09-18] (NVIDIA Corporation)
S0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_53c980648711c73a\nvpciflt.sys [47216 2017-09-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-09-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-11-12] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-09-16] (NVIDIA Corporation)
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; c:\program files\dell\supportassist\pcdsrvc_x64.pkms [25584 2017-09-12] (PC-Doctor, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-11-12] (Realtek )
R0 rtcrfilt64; C:\WINDOWS\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-04] (Realtek Semiconductor Corp.)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-08-09] (Realsil Semiconductor Corporation)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-05-06] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [136312 2016-06-27] (Razer, Inc.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72288 2017-02-16] (Synaptics Incorporated)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-09-29] ()
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [133248 2016-07-06] (BigNox Corporation)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2016-09-06] (VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-02] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [37960 2016-11-14] (VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
S1 XQHDrv; C:\WINDOWS\system32\DRIVERS\XQHDrv.sys [281728 2016-07-06] (BigNox Corporation)
S1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [281728 2016-07-06] (BigNox Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-19] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office "
2017-12-08 15:43 - 2017-12-08 15:43 - 002390528 _____ (Farbar) C:\Users\juniorelson4\Desktop\FRST64.exe
2017-12-07 00:46 - 2017-12-08 13:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-11-18 20:34 - 2017-11-18 20:34 - 000003066 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (juniorelson4)
2017-11-18 19:36 - 2017-12-08 15:51 - 005165913 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-11-14 20:08 - 2017-11-04 23:40 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-14 20:08 - 2017-11-04 23:40 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-14 20:07 - 2017-11-02 03:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-14 20:07 - 2017-11-02 03:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-14 20:07 - 2017-11-02 03:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-14 20:07 - 2017-11-02 03:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-14 20:07 - 2017-11-02 02:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-14 20:07 - 2017-11-02 02:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-14 20:07 - 2017-11-02 02:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-14 20:07 - 2017-11-02 02:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-14 20:07 - 2017-11-02 02:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-14 20:07 - 2017-11-02 02:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-14 20:07 - 2017-11-02 02:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-14 20:07 - 2017-11-02 02:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-14 20:07 - 2017-11-02 02:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-14 20:07 - 2017-11-02 02:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-14 20:07 - 2017-11-02 02:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-14 20:07 - 2017-11-02 02:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-14 20:07 - 2017-11-02 02:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-14 20:07 - 2017-11-02 02:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-14 20:07 - 2017-11-02 02:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-14 20:07 - 2017-11-02 02:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-14 20:07 - 2017-11-02 02:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-14 20:07 - 2017-11-02 02:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-14 20:07 - 2017-11-02 02:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-14 20:07 - 2017-11-02 02:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-14 20:07 - 2017-11-02 02:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-14 20:07 - 2017-11-02 02:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-14 20:07 - 2017-11-02 02:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-14 20:07 - 2017-11-02 02:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-14 20:07 - 2017-11-02 02:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-14 20:07 - 2017-11-02 02:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-14 20:07 - 2017-11-02 02:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-14 20:07 - 2017-11-02 02:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-14 20:07 - 2017-11-02 02:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-14 20:07 - 2017-11-02 02:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-14 20:07 - 2017-11-02 02:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-14 20:07 - 2017-11-02 02:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-14 20:07 - 2017-11-02 02:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-14 20:07 - 2017-11-02 02:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-14 20:07 - 2017-11-02 02:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-14 20:07 - 2017-11-02 02:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-14 20:07 - 2017-11-02 02:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-14 20:07 - 2017-11-02 02:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-14 20:07 - 2017-11-02 02:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-14 20:07 - 2017-11-02 02:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-14 20:07 - 2017-11-02 02:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-14 20:07 - 2017-10-25 05:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-14 20:07 - 2017-10-15 13:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-14 20:07 - 2017-10-15 13:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-14 20:07 - 2017-10-15 13:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-14 20:07 - 2017-10-15 12:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-14 20:07 - 2017-10-15 12:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-14 20:07 - 2017-10-15 12:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-14 20:07 - 2017-10-15 12:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-14 20:07 - 2017-10-15 12:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-14 20:07 - 2017-10-15 12:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-14 20:07 - 2017-10-15 12:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-14 20:07 - 2017-10-15 12:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-14 20:07 - 2017-10-15 12:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-14 20:07 - 2017-10-15 12:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-14 20:06 - 2017-11-02 03:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-14 20:06 - 2017-11-02 03:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-14 20:06 - 2017-11-02 03:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-14 20:06 - 2017-11-02 03:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-14 20:06 - 2017-11-02 03:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-14 20:06 - 2017-11-02 03:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-14 20:06 - 2017-11-02 03:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-14 20:06 - 2017-11-02 03:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-14 20:06 - 2017-11-02 03:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-14 20:06 - 2017-11-02 03:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-14 20:06 - 2017-11-02 03:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-14 20:06 - 2017-11-02 03:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-14 20:06 - 2017-11-02 03:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-14 20:06 - 2017-11-02 03:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-14 20:06 - 2017-11-02 03:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-14 20:06 - 2017-11-02 03:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-14 20:06 - 2017-11-02 03:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-14 20:06 - 2017-11-02 03:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-14 20:06 - 2017-11-02 03:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-14 20:06 - 2017-11-02 03:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-14 20:06 - 2017-11-02 03:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-14 20:06 - 2017-11-02 03:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-14 20:06 - 2017-11-02 03:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-14 20:06 - 2017-11-02 03:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-14 20:06 - 2017-11-02 03:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-14 20:06 - 2017-11-02 03:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-14 20:06 - 2017-11-02 03:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-14 20:06 - 2017-11-02 03:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-14 20:06 - 2017-11-02 03:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-14 20:06 - 2017-11-02 03:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-14 20:06 - 2017-11-02 03:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-14 20:06 - 2017-11-02 03:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-14 20:06 - 2017-11-02 03:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-14 20:06 - 2017-11-02 03:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-14 20:06 - 2017-11-02 03:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-14 20:06 - 2017-11-02 03:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-14 20:06 - 2017-11-02 03:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-14 20:06 - 2017-11-02 03:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-14 20:06 - 2017-11-02 03:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-14 20:06 - 2017-11-02 03:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 20:06 - 2017-11-02 03:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-14 20:06 - 2017-11-02 03:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-14 20:06 - 2017-11-02 02:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-14 20:06 - 2017-11-02 02:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-14 20:06 - 2017-11-02 02:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-14 20:06 - 2017-11-02 02:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-14 20:06 - 2017-11-02 02:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-14 20:06 - 2017-11-02 02:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-14 20:06 - 2017-11-02 02:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-14 20:06 - 2017-11-02 02:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-14 20:06 - 2017-11-02 02:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-14 20:06 - 2017-11-02 02:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-14 20:06 - 2017-11-02 02:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-14 20:06 - 2017-11-02 02:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-14 20:06 - 2017-11-02 02:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-14 20:06 - 2017-11-02 02:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-14 20:06 - 2017-11-02 02:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-14 20:06 - 2017-11-02 02:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-14 20:06 - 2017-11-02 02:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 20:06 - 2017-11-02 02:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-14 20:06 - 2017-11-02 02:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-14 20:06 - 2017-11-02 02:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-14 20:06 - 2017-11-02 02:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-14 20:06 - 2017-11-02 02:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-14 20:06 - 2017-11-02 02:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-14 20:06 - 2017-11-02 02:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-14 20:06 - 2017-11-02 02:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-14 20:06 - 2017-11-02 02:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-14 20:06 - 2017-11-02 02:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-14 20:06 - 2017-11-02 02:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-14 20:06 - 2017-11-02 02:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-14 20:06 - 2017-11-02 02:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-14 20:06 - 2017-11-02 02:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-14 20:06 - 2017-11-02 02:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-14 20:06 - 2017-11-02 02:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-14 20:06 - 2017-11-02 02:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-14 20:06 - 2017-11-02 02:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-14 20:06 - 2017-11-02 02:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-14 20:06 - 2017-11-02 02:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-14 20:06 - 2017-11-02 02:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-14 20:06 - 2017-11-02 02:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-14 20:06 - 2017-11-02 02:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-14 20:06 - 2017-11-02 02:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-14 20:06 - 2017-11-02 02:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-14 20:06 - 2017-11-02 02:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-14 20:06 - 2017-11-02 02:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-14 20:06 - 2017-11-02 02:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-14 20:06 - 2017-11-02 02:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-14 20:06 - 2017-11-02 02:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-14 20:06 - 2017-11-02 02:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-14 20:06 - 2017-11-02 02:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 20:06 - 2017-11-02 02:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-14 20:06 - 2017-11-02 02:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-14 20:06 - 2017-11-02 02:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-14 20:06 - 2017-11-02 02:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-14 20:06 - 2017-11-02 02:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-14 20:06 - 2017-11-02 02:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-14 20:06 - 2017-11-02 02:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-14 20:06 - 2017-11-02 02:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-14 20:06 - 2017-11-02 02:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-14 20:06 - 2017-11-02 02:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-14 20:06 - 2017-11-02 02:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-14 20:06 - 2017-11-02 02:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-14 20:06 - 2017-11-02 02:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-14 20:06 - 2017-11-02 02:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-14 20:06 - 2017-11-02 02:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-14 20:06 - 2017-11-02 02:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-14 20:06 - 2017-11-02 02:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-14 20:06 - 2017-11-02 02:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-14 20:06 - 2017-11-02 02:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-14 20:06 - 2017-11-02 02:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-14 20:06 - 2017-11-02 02:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-14 20:06 - 2017-11-02 02:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-14 20:06 - 2017-11-02 02:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-14 20:06 - 2017-11-02 02:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-14 20:06 - 2017-11-02 02:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-14 20:06 - 2017-11-02 02:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-14 20:06 - 2017-11-02 02:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-14 20:06 - 2017-11-02 02:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-14 20:06 - 2017-11-02 02:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-14 20:06 - 2017-11-02 02:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-14 20:06 - 2017-11-02 02:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-14 20:06 - 2017-11-02 02:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-14 20:06 - 2017-11-02 02:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-14 20:06 - 2017-11-02 02:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-14 20:06 - 2017-10-15 12:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-14 20:06 - 2017-10-15 12:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-14 20:06 - 2017-10-15 12:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-14 20:06 - 2017-10-15 12:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-14 20:06 - 2017-10-15 12:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-14 20:06 - 2017-10-15 12:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-14 20:06 - 2017-10-15 12:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-14 20:06 - 2017-10-15 12:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-14 20:06 - 2017-10-15 12:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-14 20:06 - 2017-10-15 12:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-14 20:06 - 2017-10-15 12:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-14 20:06 - 2017-10-15 12:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-14 20:06 - 2017-10-15 12:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-14 20:06 - 2017-10-15 12:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-14 20:06 - 2017-10-15 12:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-14 20:06 - 2017-10-15 12:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-14 20:06 - 2017-10-15 12:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-14 20:06 - 2017-10-15 12:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-14 20:06 - 2017-10-15 12:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-14 20:06 - 2017-10-15 12:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-14 20:06 - 2017-10-15 12:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-14 20:06 - 2017-10-15 12:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-14 20:06 - 2017-10-15 12:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-12 20:29 - 2017-11-12 20:29 - 001010648 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-11-12 20:28 - 2017-11-12 20:28 - 000050808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-11-12 12:05 - 2017-11-12 12:05 - 000016632 _____ C:\Users\juniorelson4\Downloads\declaracao_07835391694.pdf
2017-11-11 22:28 - 2017-11-11 22:28 - 000003290 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2017-11-11 11:24 - 2017-11-11 11:24 - 000423389 _____ C:\Users\juniorelson4\Downloads\10005174.w3g
2017-11-10 19:11 - 2017-11-10 19:11 - 000384215 _____ C:\Users\juniorelson4\Downloads\10007910.w3g

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-08 15:52 - 2017-09-23 15:21 - 000030400 _____ C:\Users\juniorelson4\Desktop\FRST.txt
2017-12-08 15:51 - 2017-09-23 15:20 - 000000000 ____D C:\FRST
2017-12-08 15:46 - 2016-04-19 17:16 - 000000000 ____D C:\Users\juniorelson4\AppData\Local\Xmarks
2017-12-08 15:43 - 2017-09-24 12:48 - 000000000 ____D C:\Users\juniorelson4\Desktop\FRST-OlderVersion
2017-12-08 15:14 - 2017-05-11 17:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-08 14:12 - 2017-05-24 14:31 - 000000000 ____D C:\Users\juniorelson4\AppData\Roaming\vlc
2017-12-08 14:12 - 2016-08-03 18:48 - 000002640 _____ C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2017-12-08 14:12 - 2016-08-03 18:48 - 000002603 _____ C:\Users\juniorelson4\Desktop\Google Chrome Canary.lnk
2017-12-08 12:28 - 2017-05-11 17:07 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-08 11:09 - 2017-05-11 17:30 - 000004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C37C4416-B27F-4B6E-B291-D84A4B1440B0}
2017-12-08 11:08 - 2016-08-21 21:48 - 000000000 ____D C:\Users\juniorelson4\AppData\Local\Free Download Manager
2017-12-08 08:54 - 2017-03-18 19:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-08 08:54 - 2017-03-18 19:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-07 21:40 - 2017-06-27 17:17 - 000000000 ____D C:\WINDOWS\Prey
2017-12-07 15:34 - 2017-07-31 00:41 - 000000000 ____D C:\Users\juniorelson4\AppData\Local\Spotify
2017-12-07 15:32 - 2017-07-31 00:41 - 000000000 ____D C:\Users\juniorelson4\AppData\Roaming\Spotify
2017-12-07 13:45 - 2016-05-30 15:04 - 000000000 ____D C:\Users\juniorelson4\AppData\Roaming\PCDr
2017-12-07 12:53 - 2016-04-12 22:10 - 000000000 ____D C:\Program Files\Process Lasso
2017-12-03 11:23 - 2016-07-14 18:11 - 000000000 ____D C:\Users\juniorelson4\AppData\Local\Packages
2017-12-03 11:10 - 2016-04-17 12:56 - 000000000 ____D C:\Users\juniorelson4\AppData\Local\CrashDumps
2017-12-01 03:58 - 2017-03-18 19:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-01 03:56 - 2016-04-12 09:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-21 00:44 - 2010-11-21 01:27 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-18 20:33 - 2017-10-03 13:23 - 000056427 _____ C:\WINDOWS\cFosSpeed_Setup_Log.txt
2017-11-18 20:32 - 2017-03-18 19:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-18 20:30 - 2016-04-23 23:48 - 000000000 __SHD C:\Users\juniorelson4\IntelGraphicsProfiles
2017-11-18 20:17 - 2017-05-11 17:09 - 000903808 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-18 20:12 - 2016-05-25 09:49 - 000000000 ____D C:\ProgramData\VMware
2017-11-18 20:11 - 2017-05-11 17:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-18 17:53 - 2017-05-11 17:10 - 000000000 ____D C:\Users\juniorelson4
2017-11-16 06:15 - 2016-08-04 00:15 - 000002559 _____ C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-16 06:15 - 2016-08-04 00:15 - 000002551 _____ C:\Users\juniorelson4\Desktop\Google Chrome.lnk
2017-11-15 00:45 - 2017-05-11 17:30 - 000004554 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-15 00:45 - 2017-03-18 19:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-15 00:45 - 2017-03-18 19:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-14 21:11 - 2016-04-27 04:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-14 21:08 - 2017-05-11 17:01 - 000381096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-14 21:07 - 2017-05-16 17:40 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-11-14 21:07 - 2016-04-26 09:09 - 000000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2017-11-14 21:06 - 2017-03-18 09:40 - 002359296 _____ C:\WINDOWS\system32\config\BBI
2017-11-14 21:05 - 2017-03-18 19:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-14 21:05 - 2017-03-18 19:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-14 21:05 - 2017-03-18 19:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-14 21:05 - 2017-03-18 19:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-14 21:05 - 2017-03-18 19:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-14 20:17 - 2017-03-18 18:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-14 20:14 - 2016-04-11 23:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-14 20:08 - 2017-10-10 22:02 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-14 20:08 - 2016-04-11 23:54 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-14 18:05 - 2017-05-11 17:30 - 000003716 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-411181793-808532874-1999897628-1000UA1d257d6e3dc274d
2017-11-14 18:05 - 2017-05-11 17:30 - 000003448 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-411181793-808532874-1999897628-1000Core1d257d6e3d0174d
2017-11-13 12:17 - 2016-04-11 15:09 - 000000000 ____D C:\ProgramData\ProductData
2017-11-12 20:30 - 2017-09-06 14:56 - 000002362 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk

==================== Files in the root of some directories =======

2016-08-24 16:17 - 2016-08-24 16:17 - 002823287 _____ () C:\Program Files (x86)\cef.pak
2016-08-24 16:17 - 2016-08-24 16:17 - 000151562 _____ () C:\Program Files (x86)\cef_100_percent.pak
2016-08-24 16:17 - 2016-08-24 16:17 - 000242597 _____ () C:\Program Files (x86)\cef_200_percent.pak
2016-08-24 16:17 - 2016-08-24 16:17 - 002107504 _____ (Microsoft Corporation) C:\Program Files (x86)\d3dcompiler_43.dll
2016-08-24 16:17 - 2016-08-24 16:17 - 003700848 _____ (Microsoft Corporation) C:\Program Files (x86)\d3dcompiler_47.dll
2016-08-24 16:17 - 2016-08-24 16:17 - 004896422 _____ () C:\Program Files (x86)\devtools_resources.pak
2016-08-24 16:17 - 2016-08-24 16:17 - 010127152 _____ () C:\Program Files (x86)\icudtl.dat
2016-08-24 16:17 - 2016-08-24 16:17 - 000000020 _____ () C:\Program Files (x86)\inst_ver.dat
2016-08-24 16:17 - 2016-08-24 16:17 - 051330160 _____ () C:\Program Files (x86)\libcef.dll
2016-08-24 16:17 - 2016-08-24 16:17 - 000088176 _____ () C:\Program Files (x86)\libEGL.dll
2016-08-24 16:17 - 2016-08-24 16:17 - 001763952 _____ () C:\Program Files (x86)\libGLESv2.dll
2016-08-24 16:17 - 2016-08-24 16:17 - 000394628 _____ () C:\Program Files (x86)\natives_blob.bin
2016-08-24 16:17 - 2016-08-24 16:17 - 000643204 _____ () C:\Program Files (x86)\snapshot_blob.bin
2016-08-24 16:17 - 2016-08-24 16:17 - 006930544 _____ (Spotify Ltd) C:\Program Files (x86)\Spotify.exe
2016-08-24 16:17 - 2016-08-24 16:17 - 000515184 _____ (Spotify Ltd) C:\Program Files (x86)\SpotifyCrashService.exe
2016-08-24 16:17 - 2016-08-24 16:17 - 000188016 _____ (Spotify Ltd) C:\Program Files (x86)\SpotifyLauncher.exe
2016-08-24 16:17 - 2016-08-24 16:17 - 001523312 _____ (Spotify Ltd) C:\Program Files (x86)\SpotifyWebHelper.exe
2016-08-24 16:17 - 2016-08-24 16:17 - 000220272 _____ (The Chromium Authors) C:\Program Files (x86)\widevinecdmadapter.dll
2016-04-19 17:17 - 2016-04-19 17:17 - 021572120 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-08-31 03:27 - 2016-08-31 03:27 - 000000022 ___SH () C:\Users\juniorelson4\AppData\Roaming\App6788DataCollection.xrd
2016-05-02 01:15 - 2016-05-29 18:53 - 000045270 _____ () C:\Users\juniorelson4\AppData\Roaming\room_v3.dat
2016-04-16 09:39 - 2016-04-16 09:39 - 000000020 _____ () C:\Users\juniorelson4\AppData\Roaming\system.xml
2016-08-31 03:27 - 2016-08-31 03:27 - 000000022 ___SH () C:\Users\juniorelson4\AppData\Roaming\System2058ConfDB.ind
2016-04-22 10:30 - 2016-04-22 10:30 - 000000024 ___SH () C:\Users\juniorelson4\AppData\Roaming\System3465 Conf_Repository.xrd
2016-05-29 18:24 - 2016-05-29 18:24 - 000000044 _____ () C:\Users\juniorelson4\AppData\Roaming\twow_sysprepdt.dat
2016-04-22 10:30 - 2016-04-22 10:30 - 000000024 ___SH () C:\Users\juniorelson4\AppData\Roaming\Win1347.ConfigCollection.dlx
2016-08-29 11:56 - 2016-08-29 11:56 - 000000892 _____ () C:\Users\juniorelson4\AppData\Local\Nox_crash.log
2016-04-11 15:03 - 2016-04-11 15:03 - 000008540 _____ () C:\Users\juniorelson4\AppData\Local\WiDiSetupLog.20160411.140308.txt

Some files in TEMP:
====================
2017-11-18 20:32 - 2017-11-02 17:12 - 001830232 _____ (cFos Software GmbH) C:\Users\juniorelson4\AppData\Local\Temp\DELDC32.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-05 17:37

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2017
Ran by juniorelson4 (08-12-2017 15:52:41)
Running from C:\Users\juniorelson4\Desktop
Windows 10 Pro Version 1703 15063.726 (X64) (2017-05-11 19:39:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-411181793-808532874-1999897628-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-411181793-808532874-1999897628-503 - Limited - Disabled)
Guest (S-1-5-21-411181793-808532874-1999897628-501 - Limited - Disabled)
Guest user (S-1-5-21-411181793-808532874-1999897628-1013 - Limited - Enabled) => C:\Users\Guest user
henri (S-1-5-21-411181793-808532874-1999897628-1011 - Limited - Disabled)
henri_puz84er (S-1-5-21-411181793-808532874-1999897628-1012 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-411181793-808532874-1999897628-1008 - Limited - Enabled)
juniorelson4 (S-1-5-21-411181793-808532874-1999897628-1000 - Administrator - Enabled) => C:\Users\juniorelson4

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.69 - NVIDIA Corporation) Hidden
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 6.1.4.0 - Auslogics Labs Pty Ltd)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.34 - Piriform)
Crusader No Remorse (HKLM-x32\...\{2AEA735F-B393-4D89-93EF-5849CB72B4A3}) (Version: 1.0.0.2 - Electronic Arts)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell System Detect (HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\d24084d039586cae) (Version: 8.8.0.1 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Driver Booster 4.5 (HKLM-x32\...\Driver Booster_is1) (Version: 4.5.0 - IObit)
EMCO MoveOnBoot 2.3 (HKLM\...\{5723E2BA-B062-4916-B51F-4E910DD1081A}) (Version: 2.3.5.3510 - EMCO Software)
Eurobattle.net (HKLM-x32\...\Eurobattle.net) (Version: - Eurobattle.net)
f.lux (HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Flux) (Version: - f.lux Software LLC)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG)
Glest version 3.2.2 (HKLM-x32\...\Glest_is1) (Version: 3.2.2 - )
GoldenDict (HKLM-x32\...\GoldenDict) (Version: - )
Google Chrome (HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Google Chrome SxS) (Version: 65.0.3288.2 - Google Inc.)
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)
Happy Cloud Client (HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.2.0 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 14.0.14176.1823 - Hewlett-Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Universal Fax Driver (HKLM\...\{C2B45120-48BB-41FC-A1A7-4FF24DA5CDA3}) (Version: 1.0.246.0 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
Inpaint 4.7 (HKLM-x32\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4653 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
KeepNetworkAlive (HKLM-x32\...\{E1084644-02D2-4EFB-8665-874735C106CD}) (Version: 1.1.4328 - Lau Han Ching)
KeyCrypt SDK version 1.8.1.199 (HKLM-x32\...\{5575EADE-4685-4E15-A9CD-6036BC2A3F75}_is1) (Version: 1.8.1.199 - Zemana Ltd.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
League of Legends (HKLM-x32\...\{1D3C4B2C-AA57-46A2-888E-4D4DE9D7B155}) (Version: 4.1.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.1) (Version: 4.1.1 - Riot Games)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MegaGlest v3.12.0 (HKLM-x32\...\MegaGlest) (Version: - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft Office 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{02A39130-2CF3-30CA-8623-30F6071A4221}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
NOX (HKLM-x32\...\{BF152F35-9708-452C-862C-F7E3B62DF732}) (Version: 2.0.0.20 - Electronic Arts, Inc.)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.2.0 - Duodian Technology Co. Ltd.)
NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.69 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenRA (HKLM-x32\...\OpenRA) (Version: - OpenRA developers)
Origin (HKLM-x32\...\Origin) (Version: 10.4.9.38188 - Electronic Arts, Inc.)
PeaZip 6.4.1 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.4.1 - Giorgio Tani)
PeaZip configuration (WIN64) (HKLM\...\{4F8D60A8-C53D-47BD-AE5C-31AE6566D638}_is1) (Version: - Giorgio Tani)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.1.2 - Popcorn Time) <==== ATTENTION
Prey Anti-Theft (HKLM-x32\...\{7DD63A94-70CB-4A7A-AECB-A0C36D827649}) (Version: 1.7.2 - Prey, Inc.) Hidden
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 9.0.0.419 BETA - Bitsum)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python 2.5.4 (HKLM-x32\...\{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}) (Version: 2.5.4150 - Python Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.007 - Dell Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.822 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8198 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
RogueKiller version 12.11.17.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.17.0 - Adlice Software)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
Safest Tibian - Flash Bot version 1.0 (HKLM-x32\...\{8BDCE6F3-1F35-4D29-A408-3ECE3202A384}_is1) (Version: 1.0 - Blackdtools.com)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype Web Plugin (HKLM-x32\...\{7E4C8063-6644-4580-B27F-6B70B1A51F0E}) (Version: 7.17.0.44 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17042.12 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17042.12 - Samsung Electronics Co., Ltd.)
Spotify (HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
sXe Injected (HKLM-x32\...\sXe Injected) (Version: 15.7.0.0 - Alejandro Cortés)
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
TERA (HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\teraenmasse) (Version: - )
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.00 - CipSoft GmbH)
Tibia (HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\Tibia) (Version: - CipSoft GmbH)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.9 - Tweaking.com)
Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)
Vice City: Multiplayer (v0.4) (remove only) (HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\vcmp04) (Version: - )
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Workstation (HKLM\...\{A4D1DB40-C6DC-40F8-AF6D-46BD4DD5ACAC}) (Version: 12.5.5 - VMware, Inc.)
VS10Runtimex64 (HKLM\...\{82CD33B2-1DE6-4663-B6F0-1592B2376F78}) (Version: 1.0.0 - sourcefire) Hidden
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17346 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System (05/27/2016 4.3.12) (HKLM\...\94C2625000FDEC5DD549EADDF8698D48672C3037) (Version: 05/27/2016 4.3.12 - BigNox Corporation)
Windows Driver Package - Oracle Corporation (VBoxUSB) USB (05/27/2016 4.3.12) (HKLM\...\9B8A57D7ECC2B5D3115B5A1361FAE29AC92E355B) (Version: 05/27/2016 4.3.12 - Oracle Corporation)
Windows Driver Package - Oracle Corporation VBoxUSBMon System (05/27/2016 4.3.12) (HKLM\...\2B96D1320C797F081985B7C1EA9A2DABAC2644BF) (Version: 05/27/2016 4.3.12 - Oracle Corporation)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
Worms Clan Wars (HKLM-x32\...\Worms Clan Wars_is1) (Version: - Team17 Digital Ltd)
Xmarks for IE (HKLM-x32\...\{41DFCF45-5ECA-41A5-9329-FFA8E0181AC5}) (Version: 127.0.190 - Xmarks)
XnView 2.36 (HKLM-x32\...\XnView_is1) (Version: 2.36 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-411181793-808532874-1999897628-1000_Classes\CLSID\{0BFBE3EE-00BF-49F9-BC19-26B42AF261C1}\InprocServer32 -> C:\Users\juniorelson4\AppData\Local\SkypePlugin\7.17.0.44\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-411181793-808532874-1999897628-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\juniorelson4\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-411181793-808532874-1999897628-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-411181793-808532874-1999897628-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\juniorelson4\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-411181793-808532874-1999897628-1000_Classes\CLSID\{AC4E242D-28FB-40A2-9C2E-150FF1EE5B49}\localserver32 -> C:\Users\juniorelson4\AppData\Local\SkypePlugin\7.17.0.44\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-411181793-808532874-1999897628-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\juniorelson4\AppData\Local\SkypePlugin\7.17.0.44\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-411181793-808532874-1999897628-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\juniorelson4\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1-x32: [IXnView] -> {A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} => C:\Program Files (x86)\XnView\ShellEx\XnViewShellExt.dll [2015-02-19] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2017-03-21] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2017-03-21] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-05-18] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-09-16] (NVIDIA Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AC300D7-E89D-4899-8E03-C81616A6B3C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-411181793-808532874-1999897628-1000Core => C:\Users\juniorelson4\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {0DFF9295-7F38-4E43-B14B-AB5AC01D3CB9} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.5.0\Scheduler.exe [2017-07-26] (IObit)
Task: {1939FFF2-A49A-4C3D-9E54-F219181B90ED} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-09-19] (NVIDIA Corporation)
Task: {1A4C4C06-843D-4344-9B89-9E1538B768B0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {25583EC8-9DE5-4947-9777-321EE70A99B1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-411181793-808532874-1999897628-1000UA1d257d6e3dc274d => C:\Users\juniorelson4\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {2B1D2D81-DA40-4656-89F4-4F57C5453541} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {2F1B8D9F-4B7E-4471-8D46-D3332DFC5899} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-411181793-808532874-1999897628-1000UA => C:\Users\juniorelson4\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {4E786C29-9E85-4E22-850B-93B9BC6570E5} - System32\Tasks\Driver Booster SkipUAC (juniorelson4) => C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe [2017-07-28] (IObit)
Task: {526EE8AF-CD2C-4C7E-8A65-720CAFD802D7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {55436F67-65A8-42AE-BEA0-9617C151D004} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {5DB027FD-FDD9-4F74-B9A0-7F23CA22149A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-09-19] (NVIDIA Corporation)
Task: {6304D0CA-1CFE-4DDB-845C-A263323C59F3} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-09-19] (NVIDIA Corporation)
Task: {683BD906-247A-401B-88BA-61ED6FCF2D7C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {684795C6-3168-4EFC-991F-7BD53482BB14} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-411181793-808532874-1999897628-1000Core1d257d6e3d0174d => C:\Users\juniorelson4\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {6E5EA063-219F-471A-8310-C9A28AFAD224} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {70EF54A6-FE0F-43DD-A300-BBFB2201A916} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2017-12-06] (Bitsum LLC)
Task: {80C0FC68-75EB-4531-8A39-1A0588AFCEC9} - System32\Tasks\cFos\Registration Tasks\Open Browser => c:\windows\system32\launchwinapp.exe "hxxp://www.cfos.de/en/cfosspeed/documentation/driver-not-loaded.htm?sw-10.24.2304&days=1"
Task: {843E9C6B-9AFE-44FA-B03C-B631A2A95CCD} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-09-19] (NVIDIA Corporation)
Task: {84A7314F-5C72-41FF-A98A-E3C65CC2DF3D} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {8B27F1CD-387F-46B5-9786-B8CD2BF349F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {9286F082-BADE-4171-BD75-58CE3C06CBB2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-09-19] (NVIDIA Corporation)
Task: {A20816CE-15D6-4AC0-9625-5B20B29E8368} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [2017-12-06] (Bitsum LLC)
Task: {B3C493B3-4AD4-4ACE-BE4C-4DA2E3F302FE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {BAF96531-0378-4EE5-AA37-B6C5A5A2CC13} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-09-19] (NVIDIA Corporation)
Task: {BFB3DB25-2973-49D1-8E3F-A3BD31F683DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {C5C23C40-EF47-4C5B-BD70-15F15EB5E5F7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-09-19] (NVIDIA Corporation)
Task: {C692D1FC-0678-486D-8209-FA47FABD41D9} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [2017-10-27] (FreeDownloadManager.org)
Task: {CEFDE216-9570-4609-9FB6-F58C96F4FC8E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-09-19] (NVIDIA Corporation)
Task: {D4E546CE-086F-47B6-AE3E-D4852320ADD1} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-11-01] (Realtek Semiconductor)
Task: {DBB3B744-8BBD-4015-8D2C-C02B8B68F723} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {DEDFAEF8-3847-4248-B09C-5CA83BBBB81C} - System32\Tasks\Toolbox.exe_{452E9FAB-A2AE-4365-9896-B7DC156321F4} => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\Toolbox.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E8C614D2-8EF0-44DA-BB29-903D33C8DCCD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {EB319ED8-4101-426E-BA6E-409BDCA8C955} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {F068C48C-DE92-4E2C-B2F4-8E71E5FAF3BC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {F5B6BF13-79B8-40FD-B2DB-8183D64B4D65} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {FD68AE45-DE2B-406B-90A9-B040A323E0BB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {FF4A804A-C329-49C2-800D-6EB70CDBF939} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-07] (Piriform Ltd)
Task: {FF65650D-3B3E-4998-812D-840656D497D8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-01] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-411181793-808532874-1999897628-1000Core.job => C:\Users\juniorelson4\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-411181793-808532874-1999897628-1000UA.job => C:\Users\juniorelson4\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TeamViewer.lnk -> H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="H:\Movable\PortablePlat\PortableApps\GoogleChromePortable64\Data\profile" --profile-directory=Default --app-id=oooiobdokpcfdlahlmcddobejikcmkfo

==================== Loaded Modules (Whitelisted) ==============

2017-11-01 00:09 - 2017-10-27 17:26 - 000029184 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll
2017-09-23 16:59 - 2017-09-19 05:20 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-06-08 17:28 - 2016-06-08 17:28 - 000075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-03-18 18:58 - 2017-03-18 18:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-01 00:09 - 2017-04-13 11:42 - 002158592 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avformat-57.dll
2017-11-01 00:09 - 2017-04-13 11:42 - 001825792 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avfilter-6.dll
2017-11-01 00:09 - 2017-04-13 11:42 - 000662016 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swscale-4.dll
2017-11-01 00:09 - 2017-04-13 11:42 - 000485376 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avutil-55.dll
2017-11-01 00:09 - 2017-04-13 11:42 - 000138752 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swresample-2.dll
2017-11-01 00:09 - 2017-04-13 11:42 - 012242432 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avcodec-57.dll
2017-11-01 00:09 - 2017-10-27 17:27 - 000104448 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winunivappfeatures.dll
2017-03-09 13:08 - 2017-02-15 19:26 - 069756416 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libcef.dll
2017-03-09 13:08 - 2017-02-15 19:26 - 002323456 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libglesv2.dll
2017-03-09 13:08 - 2017-02-15 19:26 - 000094208 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libegl.dll
2017-05-16 17:34 - 2017-03-25 17:26 - 000089960 _____ () C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
2017-10-26 17:20 - 2017-10-26 17:21 - 001921208 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8730.20741.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-11-28 21:39 - 2017-11-28 21:39 - 001903616 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.34.12002.0_x64__8wekyb3d8bbwe\CallsApp.exe
2017-11-28 21:39 - 2017-11-28 21:39 - 004036608 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.34.12002.0_x64__8wekyb3d8bbwe\CallsCore.dll
2017-11-28 21:39 - 2017-11-28 21:39 - 000332800 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.34.12002.0_x64__8wekyb3d8bbwe\CallsPresenters.dll
2017-11-28 21:39 - 2017-11-28 21:39 - 000433664 _____ () C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.34.12002.0_x64__8wekyb3d8bbwe\PersonPicture.UAP.dll
2017-11-29 19:58 - 2017-11-29 19:58 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-29 19:58 - 2017-11-29 19:58 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-01 16:59 - 2017-12-01 17:00 - 026657792 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17102.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-12-01 16:59 - 2017-12-01 17:00 - 009162240 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17102.13911.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 08:44 - 2017-09-26 08:45 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17102.13911.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-03 05:07 - 2017-11-03 05:07 - 001088000 _____ () \\?\C:\Windows\Prey\versions\1.7.2\node_modules\sqlite3\lib\binding\node-v46-win32-x64\node_sqlite3.node
2017-03-18 18:59 - 2017-03-19 00:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-11 14:16 - 2012-06-25 03:11 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-06-09 05:30 - 2016-06-09 05:30 - 000107520 _____ () C:\Program Files (x86)\Xmarks\IE Extension\zlib1.dll
2017-05-16 17:34 - 2017-03-25 17:27 - 000331632 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2017-09-23 16:59 - 2017-09-19 05:20 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [252]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\office.com -> hxxps://stores.office.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-11-06 14:21 - 2017-11-06 14:21 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-411181793-808532874-1999897628-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\juniorelson4\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "vmware-tray"
HKU\S-1-5-21-411181793-808532874-1999897628-1000\...\StartupApproved\Run: => "BigNox"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{A10DD2C5-2BDF-411B-B54E-A8F84857A06B}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{437E639B-3516-4560-A21A-EFD3779F2BF0}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{95F51AD9-6250-456D-A7B1-89400F4FA757}H:\movable\games\warcraft iii\warcraft iii.exe] => (Allow) H:\movable\games\warcraft iii\warcraft iii.exe
FirewallRules: [UDP Query User{6F11345D-332A-4286-AAFE-66DFA0B0651F}H:\movable\games\warcraft iii\warcraft iii.exe] => (Allow) H:\movable\games\warcraft iii\warcraft iii.exe
FirewallRules: [TCP Query User{1094A340-E52B-4DAA-B05F-F19EA9791E8F}H:\movable\portableplat\portableapps\googlechromeportable64\app\chrome-bin\chrome.exe] => (Allow) H:\movable\portableplat\portableapps\googlechromeportable64\app\chrome-bin\chrome.exe
FirewallRules: [UDP Query User{5D09C877-234C-4985-A53D-2F4AD1D80F28}H:\movable\portableplat\portableapps\googlechromeportable64\app\chrome-bin\chrome.exe] => (Allow) H:\movable\portableplat\portableapps\googlechromeportable64\app\chrome-bin\chrome.exe
FirewallRules: [TCP Query User{754F7EED-5763-45FC-93CD-C0C9058B4CED}H:\movable\portableplat\portableapps\maxthonportable\app\maxthon\bin\maxthon.exe] => (Allow) H:\movable\portableplat\portableapps\maxthonportable\app\maxthon\bin\maxthon.exe
FirewallRules: [UDP Query User{4E50AB41-DAC0-4039-9635-7F219AF97D27}H:\movable\portableplat\portableapps\maxthonportable\app\maxthon\bin\maxthon.exe] => (Allow) H:\movable\portableplat\portableapps\maxthonportable\app\maxthon\bin\maxthon.exe
FirewallRules: [TCP Query User{0F26A8A1-130B-47F2-92FF-8D0D76C799C8}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{EB4E46D2-CF0D-4A58-BF06-2053A706EF89}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{BD696274-E73A-48FB-B0BD-464B8998BDF4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B2989579-7632-41CF-932F-26F59808DA60}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
FirewallRules: [{64DE09B2-B5B9-4A9B-907F-9FD5CD3E1DEE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
FirewallRules: [{1B3E9C3F-EC77-40D1-B13F-2F6D25E2E266}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DBDownloader.exe
FirewallRules: [{E087A9CA-06AF-4F79-866A-D9BA928EB03F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DBDownloader.exe
FirewallRules: [{F8ABBACF-C2C4-4EA7-B112-41922CD28BBF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.5.0\AutoUpdate.exe
FirewallRules: [{BAF37DB1-3678-4139-AD43-FAF68A1AA9C8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.5.0\AutoUpdate.exe
FirewallRules: [{4CEDC2A2-CEE3-47DE-92A9-E1F4698F27AA}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{E66EB67F-682B-4C7C-A647-EDB4D6764223}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{62AD39E2-3EF4-4F4C-874B-DD5770278963}] => (Allow) C:\Windows\Prey\versions\1.7.2\bin\node.exe
FirewallRules: [TCP Query User{FB9B1B68-77B4-4BF7-A844-68DCFB36B463}C:\users\juniorelson4\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\juniorelson4\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{07249E1F-68AA-44E9-9AB9-CF7AE168597F}C:\users\juniorelson4\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\juniorelson4\appdata\roaming\spotify\spotify.exe

==================== Restore Points =========================

04-12-2017 19:02:27 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/08/2017 02:22:07 PM) (Source: ESENT) (EventID: 481) (User: )
Description: svchost (12188) Unistore: An attempt to read from the file "C:\Users\juniorelson4\AppData\Local\Comms\UnistoreDB\store.vol" at offset 14393344 (0x0000000000dba000) for 4096 (0x00001000) bytes failed after 3.892 seconds with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1021 (0xfffffc03). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (12/08/2017 01:06:04 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/08/2017 12:44:58 PM) (Source: ESENT) (EventID: 481) (User: )
Description: svchost (12188) Unistore: An attempt to read from the file "C:\Users\juniorelson4\AppData\Local\Comms\UnistoreDB\store.vol" at offset 14393344 (0x0000000000dba000) for 4096 (0x00001000) bytes failed after 487.249 seconds with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1021 (0xfffffc03). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (12/08/2017 12:40:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JUNIORELSON4-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/08/2017 12:40:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JUNIORELSON4-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/08/2017 12:36:18 PM) (Source: ESENT) (EventID: 481) (User: )
Description: svchost (12188) Unistore: An attempt to read from the file "C:\Users\juniorelson4\AppData\Local\Comms\UnistoreDB\store.vol" at offset 14393344 (0x0000000000dba000) for 4096 (0x00001000) bytes failed after 487.309 seconds with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1021 (0xfffffc03). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (12/08/2017 12:28:08 PM) (Source: ESENT) (EventID: 481) (User: )
Description: svchost (12188) Unistore: An attempt to read from the file "C:\Users\juniorelson4\AppData\Local\Comms\UnistoreDB\store.vol" at offset 14393344 (0x0000000000dba000) for 4096 (0x00001000) bytes failed after 365.587 seconds with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1021 (0xfffffc03). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (12/08/2017 12:26:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JUNIORELSON4-PC)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/08/2017 12:26:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JUNIORELSON4-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/08/2017 10:22:06 AM) (Source: ESENT) (EventID: 481) (User: )
Description: svchost (12188) Unistore: An attempt to read from the file "C:\Users\juniorelson4\AppData\Local\Comms\UnistoreDB\store.vol" at offset 14393344 (0x0000000000dba000) for 4096 (0x00001000) bytes failed after 3.897 seconds with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1021 (0xfffffc03). If this error persists then the file may be damaged and may need to be restored from a previous backup.


System errors:
=============
Error: (12/08/2017 02:22:07 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/08/2017 02:22:05 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/08/2017 12:44:58 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/08/2017 12:40:55 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/08/2017 12:36:18 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/08/2017 12:32:13 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/08/2017 12:28:08 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/08/2017 12:26:05 PM) (Source: DCOM) (EventID: 10010) (User: JUNIORELSON4-PC)
Description: The server Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca did not register with DCOM within the required timeout.

Error: (12/08/2017 12:24:05 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/08/2017 10:22:06 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===================================
Date: 2017-12-07 01:20:42.015
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_53c980648711c73a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-07 00:46:25.521
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-12-07 00:46:25.519
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-19 18:59:38.213
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_53c980648711c73a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-11-15 18:43:40.677
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_53c980648711c73a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-11-12 20:58:19.095
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_53c980648711c73a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-11-06 18:06:50.939
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_53c980648711c73a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-11-02 19:25:33.676
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_53c980648711c73a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-11-01 22:52:14.288
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_53c980648711c73a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-24 14:00:37.556
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 8089.04 MB
Available physical RAM: 4609.79 MB
Total Virtual: 12151.73 MB
Available Virtual: 7763.73 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:238.06 GB) (Free:105.29 GB) NTFS
Drive h: (H True Data) (Fixed) (Total:205.08 GB) (Free:24.62 GB) NTFS
Drive m: (Backups) (Fixed) (Total:488.28 GB) (Free:374.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00002DD7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 11 December 2017 - 01:25 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 AM

Posted 11 December 2017 - 01:25 PM

Greetings juniorelson4 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Before we do anything please back up all of your important data, like documents, photos, music, etc. Let me know when you have accomplished that.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 juniorelson4

juniorelson4
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 12 December 2017 - 01:52 PM

Hello Gary! My first name is Elson.

 

During the past days my Windows 10 got upgraded to build 1709 and the issue seems to be almost gone now. But now Dell SupportAssist is reporting that my notebook's hard drive is failing (the battery was already failing since months ago). The Dell application reported that my hard drive failed the SMART Short Self Test.

 

I backed up my documents and pictures to an external hard drive.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 AM

Posted 12 December 2017 - 03:29 PM

Greetings Elson.
 

But now Dell SupportAssist is reporting that my notebook's hard drive is failing (the battery was already failing since months ago). The Dell application reported that my hard drive failed the SMART Short Self Test.

This is exactly why I asked you to back up your data. There are indications in the FRST report that your hard drive may be failing.

 

We can run some additional tests on your hard drive but given the manufacturer is warning you I would suggest you should assume your drive my fail at any moment. Obviously the resolution to this is to get a new drive.

 

If you plan on getting a new drive now an need some assistance getting your computer up and running I can leave this topic open. Let me know what you would like to do.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 AM

Posted 14 December 2017 - 09:16 PM

How are we doing?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 AM

Posted 15 December 2017 - 10:19 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 AM

Posted 17 December 2017 - 09:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users