Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown virus I cannot get rid of, asking for help!


  • Please log in to reply
11 replies to this topic

#1 Hayama

Hayama

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 13 December 2017 - 10:07 PM

Hi all, I'm really hoping someone can help me because I'm at my wit's end.

 

So anyway, how this happened is my stupid boyfriend decided to download some shady stuff on my computer while I was sleeping last night. When I turned on my computer, there were ads playing through my speakers, but I couldn't find the source. I eventually found that many processes called "Collectives" and "Gilbride", continuously starting after ending them. There was also a process called Ampersands and AnonymizerLauncher, though those did not clone themselves. AnonymizerGadget was the only program installed on my PC, though I apparently deleted the files before uninstalling so it's stuck in my programs list.  I eventually managed to locate all of the cloned copies of the Collectives and Gilbride executables and deleted them in safe mode. They didn't clone themselves and I no longer have the advertisement issues.

 

I still have some problems, though. A process called "avewmsosvc.exe", located in the System32 folder, continues to run no matter what I do. I can't find any info on any search engines, which is odd. I cannot end it through task manager, Process Explorer, Command Prompt, or anything else, even in full safe mode with a clean boot. I have no idea what it could be doing to my computer. I know that it kept adaware from starting and blocked Windows Defender from turning on real-time protection. It stopped the Spybot updater service from running, though I was able to run and update Malwarebytes (though it would not start after I restarted my computer without reinstalling - it also was unable to activate the real time protection), which did find 175 "problems", though not this process. I was able to install AVG (yes I uninstalled everything else) and it found no problems, however now I am getting errors trying to start the GUI.

 

A last ditch effort idea I had, before giving up and posting here, was to swap in my old HDD which still has Windows on it and delete the avewmsosvc.exe file. I eventually figured out how to do this, however when I swapped back to my SSD, the process started again. Process Explorer showed that it was consistently creating subprocess "sihaglc.exe", which is constantly creating and ending multiple instances of "rekmpgn.exe", which itself sometimes has another subprocess of the same name. I am still able to run Resource Monitor so I was able to see that these processes were frequently consuming over 100 KBPS of bandwidth, combined up and down, which of course worries me. So one more thing I did before posting this was to run RogueKiller, through which I could see the path to the subprocesses, and did the above hard drive swap to delete the folders (which had a LOT of stuff in them - in AppData\Local, they were called ranixbe and sihaglc) and the avewmsosvc.exe file again. Well, the avewmsosvc.exe file is back with the process running, as are the mentioned folders ranixbe and sihaglc, however the subprocesses are no longer running as of right now so I feel a little better. I'm still worried about the avewmsosvc.exe process, however. Oh and I think this is seen in the logs, but the process says it is by TOSHIBA CORPORATION - strange. 

 

Anyway, sorry for being so wordy, but I thought it might help to get out as much info as I could. I've been trying to deal with this all day. Below are my FRST.txt and Addition.txt logs. Any help is appreciated!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
Ran by Mitchell (administrator) on BABY (13-12-2017 21:43:52)
Running from C:\Users\Mitchell\Downloads
Loaded Profiles: Mitchell (Available Profiles: Mitchell)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\avewmsosvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(HP) C:\Windows\System32\hpservice.exe
(HP) C:\Windows\System32\HP3DDGService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hp\HP System Event\HPWMISVC.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Discord Inc.) C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\Discord.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hp\HP System Event\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Discord Inc.) C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\Discord.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Sysinternals - www.sysinternals.com) C:\Users\Mitchell\Desktop\Process Explorer\procexp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [404912 2015-07-25] ()
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [ACPW08EN] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe [1813776 2014-09-17] (ACD Systems)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-23] (Logitech Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [belton] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKLM\...\Run: [beltonglazunov] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKLM\...\Run: [beltonbelton] => "C:\Program Files (x86)\Dad\collectives.exe"
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-12-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518456 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [carlson] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKLM-x32\...\Run: [carlsonbacksliding] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKLM-x32\...\Run: [carlsoncarlson] => "C:\Program Files (x86)\Dad\collectives.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [ACDSeeCommanderPro8] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe [2136072 2014-09-19] ()
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7693880 2015-09-10] (GOG.com)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15842280 2017-11-06] (Plex, Inc.)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [15671472 2017-08-23] (NordVPN)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [CiscoSpark] => C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Spark\Cisco Spark.lnk [2738 2017-12-08] ()
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [Discord] => C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [backsliding] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [backslidingcarlson] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [backslidingbacksliding] => "C:\Program Files (x86)\Dad\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [glazunov] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [glazunovbelton] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [glazunovglazunov] => "C:\Program Files (x86)\Dad\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [ampersands] => "C:\Program Files (x86)\watertown\ampersands.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [melt] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [15671472 2017-08-23] (NordVPN)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15842280 2017-11-06] (Plex, Inc.)
Startup: C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krause.lnk [2017-12-13]
ShortcutTarget: krause.lnk -> C:\Program Files (x86)\Nevil\collectives.exe (No File)
Startup: C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krausekrause.lnk [2017-12-13]
ShortcutTarget: krausekrause.lnk -> C:\Program Files (x86)\kingfisher\gilbride.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{74628100-f84c-4272-aec2-2d09e6074fa7}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8b5122bc-2301-400c-8cc5-42b7c0a525d6}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{e0730efc-674c-463e-9c2a-374d5a100ebd}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{f0c6b50c-af74-4fc0-9773-15c75406f1a6}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{F3578B66-2542-4009-A3E8-FCDDF7947817}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> {1B8AB615-C383-4931-924A-F5E79129E3D0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {1B8AB615-C383-4931-924A-F5E79129E3D0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2612921270-2592388305-428700144-1002 -> {1B8AB615-C383-4931-924A-F5E79129E3D0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2612921270-2592388305-428700144-1002 -> {D0693E22-8A05-4F8F-85A7-8D2593BEE556} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2612921270-2592388305-428700144-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-29] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-29] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-21] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-29] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\ymuep9dg.default-1438217038008 [2017-12-13]
FF Extension: (Cisco WebEx Extension) - C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\ymuep9dg.default-1438217038008\Extensions\ciscowebexstart1@cisco.com.xpi [2017-07-19]
FF Extension: (Looking Glass) - C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\ymuep9dg.default-1438217038008\Extensions\pug.experience@shield.mozilla.org.xpi [2017-12-13] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\ymuep9dg.default-1438217038008\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2612921270-2592388305-428700144-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Mitchell\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-2612921270-2592388305-428700144-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mitchell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-10-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2612921270-2592388305-428700144-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-04-19] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Mitchell\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-05-07] (Cisco WebEx LLC)

Chrome:
=======
CHR Profile: C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default [2017-12-13]
CHR Extension: (Slides) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-16]
CHR Extension: (YouTube) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-16]
CHR Extension: (Sheets) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-27]
CHR Extension: (AVG SafePrice) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-12-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-16]
CHR Extension: (Gmail) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-16]
CHR Extension: (Chrome Media Router) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
U2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-12-13] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [333488 2017-12-13] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7600584 2017-12-13] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-04-19] (Microsoft Corporation)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S4 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1738808 2015-09-10] (GOG.com)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6943800 2015-09-10] (GOG.com)
R2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-10-03] (HP)
R2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [359856 2015-07-25] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-07-01] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-01-23] (Logitech Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-12-02] ()
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [417456 2017-08-23] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [463664 2017-11-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2100200 2017-11-06] (Plex, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe [473824 2017-05-05] (Wondershare)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3832224 2015-12-02] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [54296 2017-10-03] (HP)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [176000 2017-12-13] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166624 2017-12-13] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [314640 2017-12-13] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192584 2017-12-13] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336896 2017-12-13] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51336 2017-12-13] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39424 2017-12-13] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [140704 2017-12-13] (AVG Technologies CZ, s.r.o.)
R1 avgNetSec; C:\WINDOWS\System32\drivers\avgNetSec.sys [562568 2017-12-13] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [102792 2017-12-13] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76832 2017-12-13] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1018648 2017-12-13] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [447800 2017-12-13] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [196392 2017-12-13] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [356880 2017-12-13] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [40472 2017-10-03] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-09] (Intel Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [51712 2015-05-07] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-05-28] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-01-23] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-01-23] (Logitech Inc.)
S3 LGSUsbFilt; C:\WINDOWS\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-13] (Malwarebytes)
S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2013-08-06] (Apple Inc.) [File not signed]
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3515152 2015-12-25] (Intel Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2015-06-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_1d911bd7dce07320\nvlddmkm.sys [17020720 2017-11-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-11-27] (NVIDIA Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-01] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 udiskMgr; system32\drivers\vycfil.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-13 20:01 - 2017-12-13 20:01 - 000142136 ____N C:\WINDOWS\system32\Drivers\nvcbeilo.sys
2017-12-13 19:54 - 2017-12-13 20:00 - 000000000 ____D C:\AdwCleaner
2017-12-13 19:54 - 2017-12-13 19:54 - 008172032 _____ (Malwarebytes) C:\Users\Mitchell\Downloads\AdwCleaner.exe
2017-12-13 19:52 - 2017-12-13 20:03 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-12-13 19:51 - 2017-12-13 19:51 - 036195904 _____ (Adlice Software ) C:\Users\Mitchell\Downloads\setup(1).exe
2017-12-13 19:44 - 2017-12-13 19:51 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-12-13 19:44 - 2017-12-13 19:51 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-13 19:44 - 2017-12-13 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-12-13 19:43 - 2017-12-13 19:51 - 000000000 ____D C:\Program Files\RogueKiller
2017-12-13 19:43 - 2017-12-13 19:43 - 036195904 _____ (Adlice Software ) C:\Users\Mitchell\Downloads\setup.exe
2017-12-13 19:06 - 2017-12-13 19:06 - 000001972 _____ C:\Users\Mitchell\Desktop\Process Hacker 2.lnk
2017-12-13 19:06 - 2017-12-13 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2017-12-13 19:06 - 2017-12-13 19:06 - 000000000 ____D C:\Program Files\Process Hacker 2
2017-12-13 18:35 - 2017-12-13 20:01 - 002884096 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\avewmsosvc.exe
2017-12-13 17:12 - 2016-06-28 10:52 - 000318624 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\pskill64.exe
2017-12-13 16:53 - 2017-12-13 16:53 - 002267848 _____ (wj32 ) C:\Users\Mitchell\Downloads\processhacker-2.39-setup.exe
2017-12-13 16:28 - 2017-12-13 19:31 - 000120468 _____ C:\Users\Mitchell\Downloads\Addition.txt
2017-12-13 16:27 - 2017-12-13 21:44 - 000041360 _____ C:\Users\Mitchell\Downloads\FRST.txt
2017-12-13 16:27 - 2017-12-13 21:43 - 000000000 ____D C:\FRST
2017-12-13 16:26 - 2017-12-13 16:26 - 002392064 _____ (Farbar) C:\Users\Mitchell\Downloads\FRST64.exe
2017-12-13 13:15 - 2017-12-13 21:40 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-12-13 12:36 - 2017-12-13 13:16 - 000004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-12-13 12:36 - 2017-12-13 12:36 - 001018648 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000562568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetSec.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000366288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-12-13 12:36 - 2017-12-13 12:36 - 000356880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000196392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000176000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000140704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-12-13 12:36 - 2017-12-13 12:36 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Internet Security.lnk
2017-12-13 12:36 - 2017-12-13 12:36 - 000002120 _____ C:\Users\Public\Desktop\AVG Internet Security.lnk
2017-12-13 12:36 - 2017-12-13 12:36 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\AVG
2017-12-13 12:35 - 2017-12-13 12:35 - 000000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-12-13 12:35 - 2017-12-13 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-12-13 12:34 - 2017-12-13 13:26 - 000000000 ____D C:\ProgramData\Avg
2017-12-13 12:34 - 2017-12-13 12:36 - 000000000 ____D C:\Users\Mitchell\AppData\Local\Avg
2017-12-13 12:34 - 2017-12-13 12:35 - 000000000 ____D C:\Users\Mitchell\AppData\Local\AvgSetupLog
2017-12-13 12:34 - 2017-12-13 12:35 - 000000000 ____D C:\Program Files (x86)\AVG
2017-12-13 12:34 - 2017-12-13 12:34 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Mitchell\Downloads\AVG_Protection_Free_1606.exe
2017-12-13 12:34 - 2017-12-13 12:34 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-12-13 12:29 - 2017-12-13 12:29 - 000000000 ____D C:\Users\Mitchell\AppData\Local\igfxmtc
2017-12-13 11:44 - 2017-12-13 12:12 - 000000257 _____ C:\WINDOWS\wininit.ini
2017-12-13 11:38 - 2017-12-13 12:29 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-13 11:37 - 2017-12-13 11:37 - 083316440 _____ (Malwarebytes ) C:\Users\Mitchell\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-13 11:37 - 2017-12-13 11:37 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-13 11:30 - 2017-12-13 11:30 - 007806208 _____ C:\Users\Mitchell\Downloads\spybotsd_includes.exe
2017-12-13 11:26 - 2017-12-13 11:26 - 000000000 ____D C:\Users\Mitchell\Desktop\Process Explorer
2017-12-13 10:09 - 2015-03-22 15:46 - 000000856 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20171213-100906.backup
2017-12-13 10:03 - 2017-12-13 17:23 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-13 10:02 - 2017-12-13 10:02 - 000000000 ____D C:\WINDOWS\pss
2017-12-13 09:48 - 2017-12-13 12:13 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-12-13 09:48 - 2017-12-13 12:12 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-12-13 09:48 - 2017-12-13 09:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-12-13 09:47 - 2017-12-13 09:47 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Mitchell\Downloads\spybotsd-2.6.46.exe
2017-12-13 07:24 - 2017-12-13 07:24 - 3285342941 _____ C:\WINDOWS\MEMORY.DMP
2017-12-13 07:24 - 2017-12-13 07:24 - 000928452 _____ C:\WINDOWS\Minidump\121317-9640-01.dmp
2017-12-13 06:03 - 2017-12-13 20:54 - 000000000 ____D C:\Users\Mitchell\AppData\Local\ranixbe
2017-12-13 06:00 - 2017-12-13 21:00 - 000000000 ____D C:\Users\Mitchell\AppData\Local\sihaglc
2017-12-13 05:59 - 2017-12-13 05:59 - 000000000 ____D C:\WINDOWS\SysWOW64\coclubd
2017-12-13 05:59 - 2017-12-13 05:59 - 000000000 ____D C:\WINDOWS\system32\coclubd
2017-12-11 17:57 - 2017-12-11 17:57 - 000035750 _____ C:\WINDOWS\uninstaller.dat
2017-12-08 15:39 - 2017-12-08 15:39 - 000000012 _____ C:\Users\Mitchell\Desktop\everyone goes to the rapture.txt
2017-12-06 21:54 - 2017-12-06 21:54 - 000074566 _____ C:\Users\Mitchell\Documents\COMPASS application 12-06-17.pdf
2017-12-06 20:52 - 2017-12-06 21:12 - 000000000 ____D C:\Users\Mitchell\Documents\Copies for assistance application
2017-11-30 19:46 - 2017-11-30 19:46 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-30 19:46 - 2017-09-13 18:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-11-30 19:46 - 2017-09-13 18:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-11-30 19:46 - 2017-09-13 18:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-11-30 19:46 - 2017-09-13 18:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-11-30 19:44 - 2017-11-27 20:56 - 040238576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 036348400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 035159072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 029378960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 023266584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 019039304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 013866792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 013255032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 011780888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 010883744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 004202808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 003615024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001991016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438843.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001674552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438843.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001321264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001101296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001038680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001032688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000982000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000932424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-11-30 19:44 - 2017-11-27 20:56 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-11-25 09:56 - 2017-12-01 21:25 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-25 09:56 - 2017-12-01 21:25 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-15 06:48 - 2017-11-01 23:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 06:48 - 2017-11-01 23:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 06:48 - 2017-11-01 23:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 06:47 - 2017-11-02 00:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 06:47 - 2017-11-02 00:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-15 06:47 - 2017-11-01 23:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 06:47 - 2017-11-01 23:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 06:47 - 2017-11-01 23:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 06:47 - 2017-11-01 23:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 06:47 - 2017-11-01 23:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 06:47 - 2017-11-01 23:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 06:47 - 2017-11-01 23:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 06:47 - 2017-11-01 23:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 06:47 - 2017-11-01 23:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 06:47 - 2017-11-01 23:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 06:47 - 2017-11-01 23:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 06:47 - 2017-11-01 23:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 06:47 - 2017-11-01 23:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 06:47 - 2017-11-01 23:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 06:47 - 2017-11-01 23:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 06:47 - 2017-11-01 23:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 06:47 - 2017-11-01 23:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 06:47 - 2017-11-01 23:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 06:47 - 2017-11-01 23:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 06:47 - 2017-11-01 23:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 06:47 - 2017-11-01 23:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 06:47 - 2017-11-01 23:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 06:47 - 2017-11-01 23:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 06:47 - 2017-11-01 23:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 06:47 - 2017-11-01 23:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 06:47 - 2017-11-01 23:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 06:47 - 2017-11-01 23:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 06:47 - 2017-11-01 23:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 06:47 - 2017-11-01 23:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 06:47 - 2017-11-01 23:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 06:47 - 2017-11-01 23:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 06:47 - 2017-11-01 23:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 06:47 - 2017-11-01 23:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 06:47 - 2017-11-01 23:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 06:47 - 2017-11-01 23:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 06:47 - 2017-11-01 23:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 06:47 - 2017-11-01 23:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 06:47 - 2017-11-01 23:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 06:47 - 2017-11-01 23:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 06:47 - 2017-11-01 23:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 06:47 - 2017-11-01 23:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 06:47 - 2017-11-01 23:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 06:47 - 2017-11-01 23:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 06:47 - 2017-11-01 23:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 06:47 - 2017-10-25 02:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 06:47 - 2017-10-15 10:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 06:47 - 2017-10-15 10:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 06:47 - 2017-10-15 10:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 06:47 - 2017-10-15 09:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 06:47 - 2017-10-15 09:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 06:47 - 2017-10-15 09:46 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-11-15 06:47 - 2017-10-15 09:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 06:47 - 2017-10-15 09:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 06:47 - 2017-10-15 09:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 06:47 - 2017-10-15 09:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 06:47 - 2017-10-15 09:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 06:47 - 2017-10-15 09:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 06:47 - 2017-10-15 09:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 06:47 - 2017-10-15 09:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 06:47 - 2017-10-15 09:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 06:44 - 2017-11-02 00:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 06:44 - 2017-11-02 00:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 06:44 - 2017-11-02 00:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 06:44 - 2017-11-02 00:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 06:44 - 2017-11-02 00:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 06:44 - 2017-11-02 00:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 06:44 - 2017-11-02 00:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-15 06:44 - 2017-11-02 00:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 06:44 - 2017-11-01 23:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 06:44 - 2017-11-01 23:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 06:44 - 2017-11-01 23:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 06:44 - 2017-11-01 23:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 06:44 - 2017-11-01 23:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 06:44 - 2017-11-01 23:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 06:44 - 2017-11-01 23:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 06:44 - 2017-11-01 23:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 06:44 - 2017-11-01 23:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 06:44 - 2017-11-01 23:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 06:44 - 2017-11-01 23:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 06:44 - 2017-11-01 23:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 06:44 - 2017-11-01 23:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 06:44 - 2017-11-01 23:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 06:44 - 2017-11-01 23:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 06:44 - 2017-11-01 23:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-15 06:44 - 2017-11-01 23:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 06:44 - 2017-11-01 23:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 06:44 - 2017-11-01 23:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 06:44 - 2017-11-01 23:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 06:44 - 2017-11-01 23:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 06:44 - 2017-11-01 23:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 06:44 - 2017-11-01 23:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 06:44 - 2017-11-01 23:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 06:44 - 2017-11-01 23:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 06:44 - 2017-11-01 23:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 06:44 - 2017-11-01 23:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 06:44 - 2017-11-01 23:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 06:44 - 2017-11-01 23:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 06:44 - 2017-11-01 23:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 06:44 - 2017-11-01 23:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 06:44 - 2017-11-01 23:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 06:44 - 2017-11-01 23:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 06:44 - 2017-11-01 23:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 06:44 - 2017-11-01 23:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 06:44 - 2017-11-01 23:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 06:44 - 2017-11-01 23:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 06:44 - 2017-11-01 23:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 06:44 - 2017-11-01 23:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 06:44 - 2017-11-01 23:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 06:44 - 2017-11-01 23:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 06:44 - 2017-11-01 23:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 06:44 - 2017-10-15 09:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 06:44 - 2017-10-15 09:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 06:44 - 2017-10-15 09:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 06:44 - 2017-10-15 09:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 06:44 - 2017-10-15 09:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 06:44 - 2017-10-15 09:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 06:44 - 2017-10-15 09:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 06:44 - 2017-10-15 09:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-15 06:43 - 2017-11-02 00:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 06:43 - 2017-11-02 00:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 06:43 - 2017-11-02 00:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-15 06:43 - 2017-11-02 00:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 06:43 - 2017-11-02 00:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-15 06:43 - 2017-11-02 00:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-15 06:43 - 2017-11-02 00:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 06:43 - 2017-11-02 00:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 06:43 - 2017-11-02 00:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 06:43 - 2017-11-02 00:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 06:43 - 2017-11-02 00:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 06:43 - 2017-11-02 00:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 06:43 - 2017-11-02 00:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 06:43 - 2017-11-02 00:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 06:43 - 2017-11-02 00:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-15 06:43 - 2017-11-02 00:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 06:43 - 2017-11-02 00:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 06:43 - 2017-11-02 00:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 06:43 - 2017-11-02 00:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 06:43 - 2017-11-02 00:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 06:43 - 2017-11-02 00:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 06:43 - 2017-11-01 23:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 06:43 - 2017-11-01 23:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 06:43 - 2017-11-01 23:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 06:43 - 2017-11-01 23:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 06:43 - 2017-11-01 23:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 06:43 - 2017-11-01 23:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 06:43 - 2017-11-01 23:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 06:43 - 2017-11-01 23:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 06:43 - 2017-11-01 23:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 06:43 - 2017-11-01 23:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 06:43 - 2017-11-01 23:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 06:43 - 2017-11-01 23:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 06:43 - 2017-11-01 23:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 06:43 - 2017-11-01 23:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 06:43 - 2017-11-01 23:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 06:43 - 2017-11-01 23:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 06:43 - 2017-11-01 23:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 06:43 - 2017-11-01 23:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 06:43 - 2017-11-01 23:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 06:43 - 2017-11-01 23:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 06:43 - 2017-11-01 23:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-15 06:43 - 2017-11-01 23:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 06:43 - 2017-11-01 23:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 06:43 - 2017-11-01 23:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 06:43 - 2017-11-01 23:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 06:43 - 2017-11-01 23:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 06:43 - 2017-11-01 23:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 06:43 - 2017-11-01 23:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 06:43 - 2017-11-01 23:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 06:43 - 2017-11-01 23:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 06:43 - 2017-10-15 09:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 06:43 - 2017-10-15 09:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 06:43 - 2017-10-15 09:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 06:43 - 2017-10-15 09:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 06:43 - 2017-10-15 09:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 06:43 - 2017-10-15 09:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 06:43 - 2017-10-15 09:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 06:43 - 2017-10-15 09:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 06:43 - 2017-10-15 09:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 06:43 - 2017-10-15 09:07 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-11-15 06:43 - 2017-10-15 09:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 06:43 - 2017-10-15 09:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 06:43 - 2017-10-15 09:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 06:42 - 2017-11-02 00:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 06:42 - 2017-11-02 00:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 06:42 - 2017-11-02 00:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 06:42 - 2017-11-02 00:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-15 06:42 - 2017-11-02 00:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-15 06:42 - 2017-11-02 00:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 06:42 - 2017-11-02 00:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-15 06:42 - 2017-11-02 00:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 06:42 - 2017-11-02 00:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 06:42 - 2017-11-02 00:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 06:42 - 2017-11-02 00:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 06:42 - 2017-11-02 00:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-15 06:42 - 2017-11-02 00:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 06:42 - 2017-11-02 00:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 06:42 - 2017-11-02 00:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 06:42 - 2017-11-01 23:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 06:42 - 2017-11-01 23:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 06:42 - 2017-11-01 23:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 06:42 - 2017-11-01 23:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 06:42 - 2017-11-01 23:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 06:42 - 2017-10-15 09:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 06:42 - 2017-10-15 09:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-13 08:04 - 2017-11-13 08:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2017-11-13 08:04 - 2017-11-13 08:04 - 000000000 ____D C:\Program Files (x86)\Plex

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-13 21:40 - 2016-11-16 14:31 - 000000000 ____D C:\Users\Mitchell\AppData\LocalLow\Mozilla
2017-12-13 21:34 - 2017-02-21 23:57 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-13 21:34 - 2015-09-24 16:38 - 000000000 ____D C:\Users\Mitchell\Documents\Youcam
2017-12-13 21:34 - 2015-07-31 20:10 - 000000000 ___RD C:\Users\Mitchell\OneDrive
2017-12-13 21:33 - 2017-04-19 00:29 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-12-13 21:33 - 2017-04-19 00:29 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-13 21:33 - 2015-07-31 19:58 - 000000000 __SHD C:\Users\Mitchell\IntelGraphicsProfiles
2017-12-13 21:02 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-13 20:47 - 2013-08-22 10:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-13 20:07 - 2017-04-19 00:29 - 002461754 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-13 20:01 - 2017-04-19 00:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-13 20:01 - 2017-03-18 06:40 - 019136512 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-13 20:01 - 2017-03-18 06:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-12-13 20:00 - 2016-05-12 21:55 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-12-13 19:40 - 2015-10-22 23:21 - 000007597 _____ C:\Users\Mitchell\AppData\Local\Resmon.ResmonCfg
2017-12-13 17:23 - 2017-04-19 00:28 - 000521712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-13 17:18 - 2017-04-19 00:29 - 000000000 ____D C:\Users\Mitchell
2017-12-13 15:30 - 2017-04-19 00:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-13 15:15 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-13 15:15 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-13 13:39 - 2016-05-15 11:30 - 000000000 ____D C:\Users\Mitchell\Desktop\SWProxy-windows
2017-12-13 13:30 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-13 12:17 - 2015-07-29 06:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-13 12:06 - 2017-07-27 10:37 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2612921270-2592388305-428700144-1002
2017-12-13 12:06 - 2015-07-31 20:10 - 000002414 _____ C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-13 11:44 - 2016-11-06 22:43 - 000000000 ____D C:\ProgramData\ReviverSoft
2017-12-13 11:44 - 2016-11-06 22:43 - 000000000 ____D C:\Program Files\ReviverSoft
2017-12-13 11:25 - 2014-06-16 23:04 - 000000000 ____D C:\Users\Mitchell\AppData\Local\NVIDIA Corporation
2017-12-13 10:42 - 2017-08-31 21:18 - 000000000 ____D C:\Users\Mitchell\AppData\Local\CiscoSpark
2017-12-13 10:28 - 2014-04-19 21:12 - 000000000 ____D C:\Users\Mitchell\AppData\Local\ElevatedDiagnostics
2017-12-13 09:30 - 2017-01-30 02:28 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\discord
2017-12-13 07:24 - 2017-05-26 14:20 - 000000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMitchell.job
2017-12-13 07:24 - 2017-05-16 01:44 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-13 06:08 - 2017-09-16 23:33 - 000002297 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-13 06:07 - 2017-09-16 23:33 - 000002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-13 02:12 - 2014-04-17 01:00 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\tixati
2017-12-13 02:00 - 2014-10-17 16:52 - 000000000 ____D C:\Users\Mitchell\AppData\Local\Adobe
2017-12-12 23:29 - 2017-04-19 00:45 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CE4AE1DE-6B9C-45BA-AE3F-4ED0DC535680}
2017-12-12 19:46 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-12 19:46 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 15:45 - 2017-05-26 14:20 - 000003258 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMitchell
2017-12-12 15:06 - 2014-04-16 20:19 - 000000000 ____D C:\Users\Mitchell\AppData\Local\Packages
2017-12-12 09:53 - 2017-09-27 01:33 - 000002290 _____ C:\Users\Mitchell\Desktop\Discord.lnk
2017-12-12 09:53 - 2017-09-27 01:33 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-12 09:53 - 2017-09-27 01:33 - 000000000 ____D C:\Users\Mitchell\AppData\Local\Discord
2017-12-12 09:52 - 2017-08-31 21:18 - 000000000 ____D C:\Users\Mitchell\AppData\Local\CiscoSparkLauncher
2017-12-12 09:52 - 2017-04-19 00:29 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-12 09:52 - 2016-11-20 10:58 - 000000658 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2612921270-2592388305-428700144-1002.job
2017-12-12 09:52 - 2016-11-20 10:58 - 000000562 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2612921270-2592388305-428700144-1002.job
2017-12-12 09:52 - 2016-11-15 17:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-12 09:52 - 2014-04-16 20:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-12 09:48 - 2017-08-10 00:04 - 000000000 ____D C:\Users\Mitchell\Documents\Summoners War
2017-12-11 23:06 - 2014-04-16 20:33 - 000001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-11 17:03 - 2015-02-03 23:26 - 000000000 ____D C:\Users\Mitchell\AppData\Local\CutePDF Writer
2017-12-09 16:31 - 2017-07-08 09:36 - 000000000 ____D C:\Users\Mitchell\AppData\Local\GoToMeeting
2017-12-09 14:35 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-09 14:34 - 2016-10-31 22:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-08 19:39 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-07 10:36 - 2017-04-19 00:45 - 000003810 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2612921270-2592388305-428700144-1002
2017-12-07 10:36 - 2017-04-19 00:45 - 000003714 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2612921270-2592388305-428700144-1002
2017-12-05 16:20 - 2017-08-20 00:16 - 000000000 ____D C:\Users\Mitchell\Desktop\Summoners War Exporter Files
2017-12-01 04:48 - 2015-09-06 16:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 19:46 - 2017-05-06 17:16 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\NVIDIA
2017-11-30 19:46 - 2017-02-07 19:23 - 000000000 ____D C:\Temp
2017-11-30 19:45 - 2017-04-19 00:29 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-30 19:36 - 2017-05-23 21:28 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-05-23 21:28 - 000001492 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-11-30 19:36 - 2017-04-19 00:45 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:29 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-30 13:48 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-29 14:48 - 2014-04-17 06:37 - 000000000 ____D C:\Users\Mitchell\AppData\Local\CrashDumps
2017-11-28 10:18 - 2017-04-06 21:51 - 017020720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2017-11-27 20:56 - 2017-04-06 21:51 - 004485560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-11-27 20:56 - 2017-04-06 21:51 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-11-27 20:56 - 2017-04-06 21:51 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-11-27 20:56 - 2017-04-06 21:51 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-11-27 19:37 - 2017-04-19 00:29 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-11-27 19:06 - 2017-04-19 00:29 - 005965624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 002588976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 001766288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 000608240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 000450544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 000122768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 000082736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-11-27 13:37 - 2014-04-17 01:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-27 13:33 - 2017-10-10 14:48 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-27 13:33 - 2014-04-17 01:28 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-26 00:50 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-25 09:57 - 2014-04-17 04:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-22 19:55 - 2014-04-16 20:33 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\Mozilla
2017-11-20 06:04 - 2017-04-19 00:29 - 007874971 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-11-17 15:01 - 2015-02-07 20:05 - 000000000 ____D C:\ProgramData\HP
2017-11-15 01:09 - 2017-04-19 00:45 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-14 16:46 - 2017-04-19 00:45 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-14 14:38 - 2017-09-16 23:32 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 14:38 - 2017-09-16 23:32 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-13 08:04 - 2014-04-08 03:46 - 000000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2015-04-11 00:56 - 2015-04-11 00:57 - 000000093 _____ () C:\Users\Mitchell\AppData\Roaming\ARCompanion.log
2016-01-11 21:34 - 2016-01-11 21:34 - 000000023 _____ () C:\Users\Mitchell\AppData\Roaming\Microsoft\cmldt32.dll
2016-03-27 19:35 - 2016-03-27 19:35 - 000002168 _____ () C:\Users\Mitchell\AppData\Local\recently-used.xbel
2015-10-22 23:21 - 2017-12-13 19:40 - 000007597 _____ () C:\Users\Mitchell\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-12-13 19:44 - 2017-09-05 00:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Mitchell\AppData\Local\Temp\dllnt_dump.dll
2017-05-14 20:42 - 2017-05-14 20:42 - 000066048 _____ () C:\Users\Mitchell\AppData\Local\Temp\Execute2App.exe
2017-05-04 17:34 - 2017-05-04 17:34 - 000739904 _____ (Oracle Corporation) C:\Users\Mitchell\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-07-22 14:23 - 2017-07-22 14:23 - 000739904 _____ (Oracle Corporation) C:\Users\Mitchell\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-10-29 19:50 - 2017-10-29 19:50 - 001856576 _____ (Oracle Corporation) C:\Users\Mitchell\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-05-14 20:42 - 2015-04-23 09:08 - 000568832 _____ (Microsoft Corporation) C:\Users\Mitchell\AppData\Local\Temp\msvcp90.dll
2017-05-14 20:42 - 2015-04-23 09:08 - 000655872 _____ (Microsoft Corporation) C:\Users\Mitchell\AppData\Local\Temp\msvcr90.dll
2017-05-19 14:42 - 2017-05-19 14:42 - 014608752 _____ (Samsung Electronics                                         ) C:\Users\Mitchell\AppData\Local\Temp\Samsung_Magician_Installer.exe
2017-11-17 15:01 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Mitchell\AppData\Local\Temp\TAInstaller.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\nvcbeilo.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-12-07 00:52

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 Hayama

Hayama
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 13 December 2017 - 10:09 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2017
Ran by Mitchell (13-12-2017 21:44:31)
Running from C:\Users\Mitchell\Downloads
Windows 10 Home Version 1703 15063.726 (X64) (2017-04-19 05:48:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2612921270-2592388305-428700144-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2612921270-2592388305-428700144-503 - Limited - Disabled)
Guest (S-1-5-21-2612921270-2592388305-428700144-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2612921270-2592388305-428700144-1004 - Limited - Enabled)
Mitchell (S-1-5-21-2612921270-2592388305-428700144-1002 - Administrator - Enabled) => C:\Users\Mitchell

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Antivirus (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Pro 8 (64-bit) (HKLM\...\{F84CE839-8CDD-4DC1-9A05-FA93BEA8B63D}) (Version: 8.0.0.262 - ACD Systems International Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.1.3 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{9F429DF7-F8DD-4980-9673-E6DACA012F6C}) (Version: 3.3 - Microsoft Corporation) Hidden
AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 17.8.3036 - AVG Technologies)
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{E719AF7A-FBD9-45F8-AD4F-EBD1EFD985BB}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
BetOnline (HKLM-x32\...\BetOnline 0) (Version:  - )
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build Tools - amd64 (HKLM\...\{4926C378-8A39-4273-AF6F-726F899F9F74}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{BB543516-F37F-46A4-BED1-C5146A6D9892}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{5DF74EA2-A660-446F-93B3-B19823435C30}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{FCB384E7-0E3F-431E-A510-2458E1FF21ED}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Bulk Extractor 1.5.1 (HKLM-x32\...\Bulk Extractor 1.5.1) (Version: 1.5.1 - NPS)
CDisplayEx 1.10.23 (HKLM\...\CDisplayEx_is1) (Version:  - cdisplayex.com)
Cisco Spark (HKLM-x32\...\{EC7BBFC9-7522-45A0-9D33-B3B803AD0A0F}) (Version: 2.0.6199.0 - Cisco Systems, Inc)
Cisco WebEx Meetings (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{75FCE33E-4E0C-4CE1-ADF0-75F258DF27A0}) (Version: 1.0.445 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.100.10 - Citrix Systems, Inc.)
Complemento do Microsoft Report Viewer para Visual Studio 2013 (HKLM-x32\...\{1B5ABBBD-3808-403D-A224-F1ACB0A00EB1}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Complemento Microsoft Report Viewer para Visual Studio 2013 (HKLM-x32\...\{56A47015-095E-48CA-819F-15D0B52C274B}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (HKLM-x32\...\{44AEF1F7-C770-471C-AA62-4145A4F2C517}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
CrypTool 1.4.30 (HKLM-x32\...\CrypTool) (Version: 1.4.30 - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Discord) (Version: 0.0.299 - Discord Inc.)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition 5.18.1 (HKLM-x32\...\{9890DF1A-10E9-4236-94B1-1EFAA4099F13}) (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Duplicate Cleaner Free 3.2.7 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.7 - DigitalVolcano Software Ltd) <==== ATTENTION
e5 Secure Download Manager (HKLM-x32\...\{9731C87A-24EE-42AE-A169-759C0060B0DB}) (Version: 3.2.243.0 - Kivuto Solutions Inc.)
Entity Framework 6.1.0 Tools  for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden
GameRanger (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\GameRanger) (Version:  - GameRanger Technologies)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoToMeeting 8.18.0.8034 (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\GoToMeeting) (Version: 8.18.0.8034 - LogMeIn, Inc.)
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{1154543C-D5D0-49BE-A004-82EE0A3746AE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.47.1 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{6B1ECC61-B581-400D-BFAF-101B1AAEA5AB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.57 - Softex Inc.) Hidden
Intel® Driver Update Utility 2.4 (HKLM-x32\...\{1766DD04-5D4D-40BC-953A-D80624BCC063}) (Version: 2.4.0.7 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1327.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{A501AF33-9AEA-4703-BC2F-D4B86458899D}) (Version: 17.1.1531.1764 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{561b5fb5-1d4d-40e8-b3e4-ad52858b217c}) (Version: 2.4.0.7 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{03635e3e-3e57-4d80-9c7d-80c9f62bfc80}) (Version: 18.32.0 - Intel Corporation)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java SE Development Kit 8 Update 111 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180111}) (Version: 8.0.1110.14 - Oracle Corporation)
K-Lite Codec Pack 10.4.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
Logitech Gaming Software 8.91 (HKLM\...\Logitech Gaming Software) (Version: 8.91.48 - Logitech Inc.)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Majesty 2 Collection (HKLM-x32\...\Majesty 2 Collection_is1) (Version:  - )
Memory Profiler (HKLM-x32\...\{4A037836-B224-4890-9631-341F759AD703}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{68DA3B27-2C18-4366-93B0-6B97F5E9B309}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{84e72603-1a6a-4c51-81b3-de36aabcc4f8}) (Version: 12.0.30501 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Module Microsoft Report Viewer pour Visual Studio 2013 (HKLM-x32\...\{607562A3-7BD3-4EDE-BDEA-4F1A8D7E84AA}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Nmap 6.49BETA1 (HKLM-x32\...\Nmap) (Version:  - )
NordVPN (HKLM-x32\...\{399A1E19-38E5-40C5-8ACD-BF007782F59A}) (Version: 6.6.11 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.6.11) (Version: 6.6.11 - NordVPN)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.43 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{92838039-27B8-4433-AA2B-F432DC0E5E8B}) (Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Plex Media Server (HKLM-x32\...\{34B11343-9146-43DE-B621-B971E854087D}) (Version: 1.9.6429 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{f3d9eae6-b717-4e4e-884e-227227518530}) (Version: 1.9.6.4429 - Plex, Inc.)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
Python Tools Redirection Template (HKLM-x32\...\{EE541DCE-3018-4A12-B0A3-7C55D62B3D01}) (Version: 1.1 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
RogueKiller version 12.11.27.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.27.0 - Adlice Software)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Self-service Plug-in (HKLM-x32\...\{21451E87-020C-43AD-8043-B07D36BE889E}) (Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
SharePoint Client Components (HKLM\...\{95150002-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17042.12 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17042.12 - Samsung Electronics Co., Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{992AD614-FFE5-4258-BB56-9E7513E21221}) (Version: 1.9.6429 - Plex, Inc.) Hidden
Summoners War Exporter 0.0.21 (only current user) (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\2c51f908-e8f0-589d-a31c-2016328f814f) (Version: 0.0.21 - porksmash & Xzandro)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{791295AE-3B0A-3222-9E69-26C8C106E8D1}) (Version: 14.0.23102 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\1207658930_is1) (Version: 3.5.0.26 - GOG.com)
The Witcher Enhanced Edition Director's Cut (HKLM-x32\...\1207658924_is1) (Version: 2.1.0.15 - GOG.com)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Total Validator Tool (HKLM-x32\...\Total Validator Tool) (Version: 10.2.2 - Total Validator)
TypeScript Power Tool (HKLM-x32\...\{8A8A0C13-A9B3-45AF-9A4C-4D351E0DFC8A}) (Version: 1.0.1.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{83499F62-B5EC-4F40-A28C-1297241E4D1D}) (Version: 1.0.1.0 - Microsoft Corporation) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity (HKLM-x32\...\Unity) (Version: 5.2.2f1 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual Studio 2013 Update 2 (KB2829760) (HKLM-x32\...\{3c348532-c3bd-4bae-a928-7b555f8c808f}) (Version: 12.0.30501 - Microsoft Corporation)
VitalSource Bookshelf (HKLM-x32\...\{5662bb17-987f-4669-a168-ae4001d70a23}) (Version: 7.6.0004 - Ingram Content Group)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (HKLM-x32\...\{39D9555C-47A7-38F6-AEB9-9E7CAE1C6AF5}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Waterfox 53.0.1 (x64 en-US) (HKLM\...\Waterfox 53.0.1 (x64 en-US)) (Version: 53.0.1 - Mozilla)
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\WinDirStat) (Version:  - )
Windower (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Windower) (Version: 4.0.0.0 - Windower Team)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
Надстройка Microsoft Report Viewer для Visual Studio 2013 (HKLM-x32\...\{30BCD3B4-F753-451F-B8F7-86E115A9AE72}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (HKLM-x32\...\{EA754818-DB87-42B6-9753-E668B9186434}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2612921270-2592388305-428700144-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mitchell\AppData\Local\Citrix\GoToMeeting\5808\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2612921270-2592388305-428700144-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-12-13] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-22] (Cyberlink)
ContextMenuHandlers1: [PicaViewCtxMenuShlExt] -> {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} => C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [2014-09-19] (ACD Systems International Inc.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-22] (Cyberlink)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-07-25] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-27] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-12-13] (AVG Technologies CZ, s.r.o.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {021805C9-0DFD-4C66-883B-3F2B6BA88A44} - System32\Tasks\{C4D6E805-F6FE-453F-A137-D3789CE25DAD} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Mitchell\Downloads\win64_154010.4300.exe -d C:\Users\Mitchell\Downloads
Task: {04A59D2D-349A-46A9-A62F-271461F63B63} - \Sak4831887k4831887 -> No File <==== ATTENTION
Task: {13016EC2-DC53-42C9-B9C4-29E152F21EFD} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {17620712-CA36-45A5-A9F5-6B94BE9BC499} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {1CA0D5A5-911C-4059-B853-7738BF7D320A} - System32\Tasks\{34F1B27F-2B3C-4444-9147-35C333415C48} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Mitchell\Downloads\win64_15407.4279.exe -d C:\Users\Mitchell\Downloads
Task: {1FEF12E3-AB83-4B3F-9856-9BF745ED1CF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {23EBF5EA-2036-4EBA-AA8B-89CBFBEBE7B2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2765F2B1-E99B-447C-949A-88D7D2FDE48C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {2C8C9661-3CAA-4CF2-A8CC-0D1B8A839362} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {304D2137-5BAC-493A-81A6-9DE663854430} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {308D6734-1A88-4EA1-9BBD-8B0BB50B80D4} - System32\Tasks\HP AR Program Upload - 76bb07a27f7d47b0ba699163606b749242d430afe779428caadb922aac41e068 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {41A69370-E2E7-40ED-B993-29DA1241FE19} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-03] (Microsoft Corporation)
Task: {42A1D4A6-F0C7-4585-9B71-64F551A7D1BB} - \Sa47704175477041754770417547704175 -> No File <==== ATTENTION
Task: {45B52735-C49B-43C9-98B9-73B6C5EA8012} - \Sa4831887483188748318874831887 -> No File <==== ATTENTION
Task: {5718877F-BF31-45A1-B26A-A4CFC9D38F6B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5964D12B-61EC-41CD-83FA-8CB81987D47E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {5BF7415E-F0BC-4A6B-914B-A679704CD727} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {63D8F188-C77F-4C2B-878A-86612DDC90CC} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {6DD92B8B-9AFA-4FDB-AB6B-BAA5EBB8EA37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-16] (Google Inc.)
Task: {6F330E9E-7277-4D29-A8BB-D6258295F2AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {77F1C98A-6D87-4C09-974E-B27636BE02E3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7AFB3A74-5EE7-4C07-9B3C-78798B19AB8C} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2015-02-11] (CyberLink Corp.)
Task: {80916CE6-95F1-4FBB-9FEF-A249965C7744} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {818578A0-7913-4620-8F42-0F5BEEDE1EA7} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {832DC1BC-82E8-443B-BB2E-A13B36F08F12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {83644944-721B-4EA1-8953-17594EF75196} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-03] (Microsoft Corporation)
Task: {8413BF9C-40DF-49BB-8CC7-B1821E8A2A37} - System32\Tasks\HPCeeScheduleForMitchell => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {88AD84C5-D0A1-4902-8F3C-43053DF2B054} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-03] (Microsoft Corporation)
Task: {8DBAE197-FD5A-490A-A20E-F4EC79C7363B} - System32\Tasks\S-1-5-21-2612921270-2592388305-428700144-1002\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-11-01] (Microsoft Corporation)
Task: {8E33C15B-4C1E-47F8-BF87-2866265D6815} - System32\Tasks\G2MUploadTask-S-1-5-21-2612921270-2592388305-428700144-1002 => C:\Users\Mitchell\AppData\Local\GoToMeeting\8034\g2mupload.exe [2017-12-07] (LogMeIn, Inc.)
Task: {9453977F-197A-4255-90EC-81683F67176F} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-12-13] (AVG Technologies CZ, s.r.o.)
Task: {95694D9C-717A-465C-BAA6-F924367E7246} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {97237D07-E1C5-4FC5-B99D-1F76FA73BBF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-16] (Google Inc.)
Task: {9D85C7BA-AC42-49E0-AFF6-EE9B328791CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A0C4AEF9-4601-4A93-AA49-344E5FCFFCF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {A52B67B0-39C8-44B5-98E9-038BDB0ED0BD} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {B31B7ABA-906F-4835-943A-719A6DFDA4B1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {B4A0DFAD-4EB6-404D-A2E2-FDA171778741} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {BA590087-A361-4301-9D28-093888FAF61B} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-jakewot@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-05] (Adobe Systems Incorporated)
Task: {BB63FA1D-ACBC-4E86-BC82-A27EA394B5E9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-08-18] (Synaptics Incorporated)
Task: {BDA17C6F-D9B2-4596-A526-764D963D50BA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C0EC013F-F5C0-4FD7-9C60-9293DAD0E049} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {C1A28D13-839A-4FCA-B899-4D412399F815} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {C22A715A-C08B-4C71-906C-C5B42C92997C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C9C85384-8F5B-4A0B-8B62-5341736E9EBD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CF07E067-86F1-4DCC-9D28-5FA3AC58A043} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D1856E1E-47D3-4D7F-AF63-1B02F129923E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {D39F9F4D-0F7C-4FA7-BC1E-EF5A071AA51C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {D45E00F8-29AD-4D51-AFCB-F85C21EB743E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {DD0312F4-BE34-49D2-A325-235B6568AAD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DD9921F9-A4BD-40EC-AC26-B5ED48289875} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2017-05-19] (Samsung Electronics Co. Ltd.)
Task: {F378A3DF-1A8F-44D8-B7CF-BDECB878197E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {F3A4FB45-2568-40B3-B9CA-2D31DB84CC08} - System32\Tasks\G2MUpdateTask-S-1-5-21-2612921270-2592388305-428700144-1002 => C:\Users\Mitchell\AppData\Local\GoToMeeting\8034\g2mupdate.exe [2017-12-07] (LogMeIn, Inc.)
Task: {F455B91F-B84B-494C-B52D-6C6FA1C61817} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {F698F562-03E3-4E72-B340-5C2D8B0A2E48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {FE52ADE5-C22D-43EF-B92C-1B572E654CF8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2612921270-2592388305-428700144-1002.job => C:\Users\Mitchell\AppData\Local\GoToMeeting\8034\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2612921270-2592388305-428700144-1002.job => C:\Users\Mitchell\AppData\Local\GoToMeeting\8034\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMitchell.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Mitchell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Mitchell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b2063d7d92872715\IdleEvolution.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Idle Evolution\nw.exe (The NWJS Community) -> --user-data-dir="C:\Users\Mitchell\AppData\Local\IdleEvolution\User Data" --profile-directory=Default --app-id=jkiddabbdmojakblbpmmkhfhpoadbnlb
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2013-10-14 10:25 - 2013-10-14 10:25 - 002541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 000021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 000035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 000055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 000306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 001297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-10-14 10:23 - 2013-10-14 10:23 - 000109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 10:24 - 2013-10-14 10:24 - 000627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2015-02-03 23:26 - 2013-10-23 15:24 - 000087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2017-08-23 11:58 - 2017-08-23 11:58 - 000417456 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2017-02-22 01:40 - 2017-10-10 20:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-12-13 12:36 - 2017-12-13 12:36 - 000068528 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\module_lifetime.dll
2013-08-10 01:11 - 2013-08-10 01:11 - 000607744 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.DLL
2017-04-19 00:29 - 2017-11-27 19:06 - 000134456 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-03-01 16:58 - 2017-11-07 03:45 - 008931496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2013-10-14 10:30 - 2013-10-14 10:30 - 000065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-03-06 19:07 - 2015-03-06 19:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-01-23 17:19 - 2017-01-23 17:19 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-01-23 17:19 - 2017-01-23 17:19 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-12-12 19:46 - 2017-12-12 19:46 - 027795968 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-04-08 03:45 - 2013-08-09 07:25 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-02-22 01:40 - 2017-10-10 20:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-12-13 12:34 - 2017-12-13 12:34 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-12-13 12:36 - 2017-12-13 12:36 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-12-13 12:36 - 2017-12-13 12:36 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll
2017-12-13 12:36 - 2017-12-13 12:36 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-12-13 12:36 - 2017-12-13 12:36 - 000238928 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-12-13 12:36 - 2017-12-13 12:36 - 000245704 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-12-13 12:06 - 2017-12-13 12:06 - 000102088 _____ () C:\Users\Mitchell\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2017-02-21 23:58 - 2017-09-09 14:25 - 000688416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-02-21 23:58 - 2017-10-30 22:22 - 002546976 _____ () C:\Program Files (x86)\Steam\video.dll
2017-02-21 23:58 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-02-21 23:58 - 2016-01-27 02:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-02-21 23:58 - 2016-01-27 02:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-02-21 23:58 - 2016-01-27 02:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-02-21 23:58 - 2016-01-27 02:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-02-21 23:58 - 2016-01-27 02:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-02-21 23:58 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-02-21 23:58 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-02-21 23:58 - 2017-10-30 22:22 - 000901408 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-02-21 23:58 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-06-15 16:23 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-02-21 23:58 - 2017-08-16 17:28 - 073130272 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-02-21 23:58 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2017-12-12 09:53 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-12 09:53 - 2017-12-12 09:53 - 001886712 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
2017-12-12 09:53 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-12 09:53 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\libegl.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000064488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll
2017-12-12 09:53 - 2017-12-12 09:53 - 009802232 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-12 09:53 - 2017-12-12 09:53 - 001505784 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-12 09:53 - 2017-12-12 09:53 - 000513016 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-12 09:53 - 2017-12-12 09:53 - 002662904 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-12 09:53 - 2017-12-12 09:53 - 001517048 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
2017-12-12 09:53 - 2017-12-12 09:53 - 002749944 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2017-12-13 12:38 - 000450607 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    acdid.acdsystems.com
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 15460 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2612921270-2592388305-428700144-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: adawareantivirusservice => 2
MSCONFIG\Services: apexpsvc => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: d8154c9f974cdbb037d0365ba4fd2f29 => 2
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run: => "ACPW08EN"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "beltonbelton"
HKLM\...\StartupApproved\Run: => "beltonglazunov"
HKLM\...\StartupApproved\Run: => "belton"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "carlsoncarlson"
HKLM\...\StartupApproved\Run32: => "carlsonbacksliding"
HKLM\...\StartupApproved\Run32: => "carlson"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\StartupFolder: => "krausekrause.lnk"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\StartupFolder: => "krause.lnk"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "ACDSeeCommanderPro8"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "CiscoSpark"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "melt"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "ampersands"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "glazunovglazunov"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "glazunovbelton"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "glazunov"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "backslidingbacksliding"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "backslidingcarlson"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "backsliding"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9DD49FE1-97F0-4EE0-BEAB-E2F46037CA2B}] => (Block) C:\users\mitchell\desktop\smtp4dev.exe
FirewallRules: [{6C72D9FF-79BB-4062-91A2-01C348006681}] => (Block) C:\users\mitchell\desktop\smtp4dev.exe
FirewallRules: [UDP Query User{621ABA11-A2E9-4AB7-9BC5-7CB492231594}C:\users\mitchell\desktop\smtp4dev.exe] => (Allow) C:\users\mitchell\desktop\smtp4dev.exe
FirewallRules: [TCP Query User{69110F97-0AB6-4EAC-AE7D-454C5198AE13}C:\users\mitchell\desktop\smtp4dev.exe] => (Allow) C:\users\mitchell\desktop\smtp4dev.exe
FirewallRules: [{B7BEBF10-3FC4-4508-8A39-F929052C480E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{BB455E74-8540-4EC1-9F70-86BEEC1788FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{50FAF6E1-FEF9-4D4C-A7A8-2A71DFD103D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F75E35B4-1B04-48A2-871C-43660923992A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{9A83091F-1422-4454-9F7B-A887771FEA64}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FAD550A7-000C-44CE-9205-4741EA815357}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BE1CD32D-D763-420A-B314-89102DB6CB94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Quest\guild-quest.exe
FirewallRules: [{458ADAAE-5995-4BFA-90BC-51020D94F7BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Quest\guild-quest.exe
FirewallRules: [{F672E3ED-1CA3-4125-8650-5F75AEF4B120}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{97907BE0-F7CA-4BB1-A2F9-214A146BC992}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{27ABCD61-1667-4947-9C66-3C4D116C3B16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D870AABC-224B-4DF5-B104-2C957BA4E2EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C268CEF7-43C6-44B9-BFF4-DEB9AFCCEBFA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{56D4C2FD-1D96-40F8-816C-1755AF951E9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{4215337F-A92A-4CC6-9C4C-335639C45C37}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{FADFD97B-7056-4F46-A533-3A3B66F03F8F}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{831D27A9-2BAF-4D21-AD8B-D9C78C91DF3C}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{15D347E0-3574-4B0F-9436-53E6355B4363}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{4D2C9BB1-2CC2-4744-B289-4258AF0480B6}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{2578BE72-CA33-4796-A08F-BABABEB77AED}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\ACTx86.exe
FirewallRules: [{5FD0E67D-AC47-49CD-84CE-28EBEF4C2572}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\ACTx86.exe
FirewallRules: [{8143FC3D-6033-4852-9BAF-9798AB9A7674}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\ACTx86.exe
FirewallRules: [{50AFF731-31D2-4E94-8765-CEC619FD73A2}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\ACTx86.exe
FirewallRules: [UDP Query User{939D5F47-1978-492F-A226-647312501626}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{B556CC8A-C66E-42A2-AB1F-DDDC0757B5CC}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{5E623F36-5248-42E0-B392-D2425D7020EF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{72E22A1F-6BD0-4C4D-BD82-2166C58E2CE7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{320F72C4-7E12-4124-8A41-C817DCAE88EA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5C0823EF-EC74-4A87-8EFD-484F834783B5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{647A48A4-F7D0-49DA-8CC5-96F01550B1D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RuneScape Idle Adventures\idle-adventures.exe
FirewallRules: [{A416181D-0A8C-434A-B1F0-F7079A206213}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RuneScape Idle Adventures\idle-adventures.exe
FirewallRules: [{67C3E1B5-639B-4863-9DF9-643A45E1FA8B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{2C4701AF-EADA-4F8D-837E-3280CB3E15F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{BFB9C247-00A8-4238-8A42-370BB88472A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{05F0BFDF-CC19-42FD-AC24-4B9053E0E1F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2BB75696-D861-4760-B186-292B43E7779B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7EE60F40-28D8-44E9-AC70-83FFDBDF83CE}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{3B7D1025-3F35-4FB2-AD37-D5B5B0B9851B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{39DA6B8E-68ED-4BA9-9F5D-1C1F7726334D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8445B0BA-D7DE-47ED-A3CD-BFADEB5ED6C7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{50627A99-E125-425C-BF43-239812DD354F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{435613F8-4F39-4033-ABE3-72BDE3EED05F}] => (Allow) LPort=1900
FirewallRules: [{2AC696B0-67D9-45B5-A70C-1C0CA071F219}] => (Allow) LPort=7900
FirewallRules: [{441E284F-EC62-4398-8DFA-84DE8220B5A5}] => (Allow) LPort=24234
FirewallRules: [{9C699B8E-3342-41F7-8220-F08DFE692A90}] => (Allow) LPort=7679
FirewallRules: [{E45CE7CE-3BB3-411C-A3BD-2E6CF4BA3871}] => (Allow) LPort=7676
FirewallRules: [{0ABEA601-84C8-4976-A116-64CAA11BF165}] => (Allow) LPort=8643
FirewallRules: [{23E16999-5FEC-40CA-9675-8AE43484B413}] => (Allow) LPort=8743
FirewallRules: [{3FD9231E-B2AB-42BC-BCBA-894ACAB610E5}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{5CC3F959-DDFD-4707-A75E-997BB91D5AC5}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{F4A7C589-AD82-4096-AAB8-28831BAC11E8}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{69035B14-084F-4319-9298-AD5246B73A20}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{75DBECFF-08A1-4488-A4D4-716F16934AA7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{65403878-0C0B-4320-BDA7-F27DA4A78EBB}] => (Allow) LPort=2869
FirewallRules: [{DD3F0178-81BD-4433-8973-A32D3C4553A8}] => (Allow) LPort=1900
FirewallRules: [{D1AB65F1-7244-4E60-AF8C-B8103598032E}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{0A4A28A5-738D-421F-9D1B-233698E0831A}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{285C6B7D-9645-4FCB-9FFB-E8E36FBB4A43}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{89F79FC8-7FE2-4FC8-9FB4-3D9F8D9A35AD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{A289AC7B-F0F2-418A-90A4-DA1725017946}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{5B501C93-B2F2-4892-9134-A851C34C336D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{560736DA-249D-418E-A73B-A917A1741916}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{AB1BCFE7-FFF8-4884-B574-D4DC1E0E0EC2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1D234013-8CBB-4329-BAB8-BB8B72F50D9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3A4F2608-8FB3-45BB-A631-750AC2455188}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{554A406E-2D75-48D0-9D45-17E58A11B2EA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{59E03559-D4D8-4A5D-A6D4-A0B2CC535BF7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F61575D8-5BE1-4ABE-BD98-D1B674C6FF9E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E4CE3BFE-5B44-4B4E-9FE5-73F4CF369739}] => (Allow) C:\Program Files (x86)\Juicy Stakes 2.0\PokerClient.exe
FirewallRules: [{DAD230B9-41A9-4885-A3D4-125E7519C76A}] => (Allow) C:\Program Files (x86)\Juicy Stakes 2.0\PokerClient.exe
FirewallRules: [{099C9D28-A4B5-4C5A-A68D-E1B04249367D}] => (Allow) C:\Program Files (x86)\Steam\steam.exe
FirewallRules: [{67CDCBD9-B2B9-461E-B928-22A529251B36}] => (Allow) C:\Program Files (x86)\Steam\steam.exe
FirewallRules: [{01A804CF-2329-4CE0-A7A2-A1A647CCEDD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ffxi\SquareEnix\FINAL FANTASY XI\polboot.exe
FirewallRules: [{4FDC4927-CBA3-4344-8E28-82ABB1383E17}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ffxi\SquareEnix\FINAL FANTASY XI\polboot.exe
FirewallRules: [{00C9ACF9-9ABC-4432-A2CC-2B8129726EC3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ffxi\SquareEnix\PlayOnlineViewer\polcfg\polcfg.exe
FirewallRules: [{8F97DFBD-8B8A-4145-9352-A99931A637F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ffxi\SquareEnix\PlayOnlineViewer\polcfg\polcfg.exe
FirewallRules: [{FEE7D9F2-61B1-46E4-8DB7-DA8F20D6247F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ffxi\SquareEnix\FINAL FANTASY XI\ToolsUS\FINAL FANTASY XI Config.exe
FirewallRules: [{761BB68B-FE0F-4A0E-A885-C914AEA8DD42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ffxi\SquareEnix\FINAL FANTASY XI\ToolsUS\FINAL FANTASY XI Config.exe
FirewallRules: [{6C8DF2DD-E89C-4437-9DA9-C2984DEC811B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{26D4F5FA-EB18-4223-A73D-EA60B2976E70}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{6D3AB18E-C3D3-4F78-97EC-0C7B846250DC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{D78F0FBC-3AFF-4A70-9FCF-93465CD22574}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{476D0486-3CD6-4A95-A603-99C17338D91A}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{2A48A768-6428-4D36-83C4-3464EED10FF9}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{0ED1D8BE-A820-4739-B53F-E5ED0122D899}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{55202BE8-DE4C-42BD-B33E-BFE2C1CC04A2}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{1175FA90-9D5D-4D94-8F8D-194D2FFE150E}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{D72863B1-D189-4881-86B6-5DFEBDF55368}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{5597888E-4C2A-4F12-9500-72C42EF5C7E6}] => (Allow) C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{45958A22-2B62-4B83-A96D-968A32F9CD52}] => (Allow) C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{C27D315B-58A1-4131-851E-5C02D00A054B}] => (Allow) C:\Users\Mitchell\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{C3BA8B24-F821-49D3-A196-456C2A2E2FC6}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{72F94A03-16F1-4CE5-94F1-E88C58BFC5F6}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{40830D0B-D378-4506-A10C-50A86BDC6C2C}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{E962DD99-C95C-43D0-A47A-CA013FC5286D}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{770C10C3-EFDB-4F71-87E7-AD8E64712C69}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{1CF27D92-B482-4C9A-BC90-3A8C27A2932F}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [{CA29FA5E-C541-4CF8-9310-A738A85535BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{35F6BED5-FDB6-4319-BB18-8DAC6FA0F55D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{772550E9-C12A-448C-BD7F-87849C5190B7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D4B8D2D8-23BB-451C-B18F-0D367FCEFC10}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E57201E6-85CB-4B7A-92B8-ECA3B1A4844C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{89549800-33B9-480D-8C04-6FABFF3A5CB7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{B05EB4A2-CD27-412A-A9D5-6C2DCF9AD3D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{141CCC12-C12D-42A7-9E40-9C05B5F4289D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{297BF69D-42AC-475F-9C0A-8D1D4CE066D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{61C817ED-DCF0-4369-8D76-CA7C6BE2A91F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{569FE9F4-D794-4052-9CF0-8D7EA2D0F89C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{3A1F1FD9-872F-4A6A-9F78-CCF28C3174FA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{7B595FED-C318-41A9-B82F-6385B1FC0CD5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{EA1A7887-C2A3-49D5-815C-9CE979F3A918}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{A9C9EBD0-A333-436F-A417-2AD6C3B9F8F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{409D7315-FDA4-490C-BC3E-0188D0F8C046}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{70FE2697-B125-4D18-82EB-579CC727F7BE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{70C0FC07-5AF1-4D29-BFAE-4D59036D35C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{2603AA47-C29C-4B10-A2B3-CB074EEC8649}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E3F6CFD4-76A2-430C-91F1-28C56889CDA5}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{BC2A9709-9A63-47EE-9E11-AAF9DF36D373}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{FF51758B-37BD-483E-8AC4-3C28AB4EC857}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{23596724-B202-4A13-8D89-ADE36A71D549}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{AD6512AB-4E11-4D7A-BBD1-04C33298FC0C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{C2C2F580-D10D-40C2-83A2-9A10C8909BCA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{ED077B49-DC53-40ED-A826-3A19733B1584}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{B5D68D93-E58A-44F5-8E78-32082DF64A16}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{1BBED777-38C2-4B78-A871-A8B9F481B30D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{FB6928E7-4494-4678-BB35-10C0DFFBFD66}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C552C33C-F44F-4CAE-AD20-49E30A5485A2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E9EC7B65-E8EA-47C3-8479-793C4B2DF8BE}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{A0163A90-67B1-48CF-90D9-4E7699DFDEF5}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{2B0EF1DD-5A48-4E6E-B7F4-AA4F29552B2D}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{F04E8CBE-35C7-4121-8F16-2F12D59F077E}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{43BBA0BF-524A-4462-9387-32D8CD13C319}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{EEB80E7D-64E0-4660-9B69-DA47910A9854}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E7801D90-F39F-4FAF-B38D-4476382540C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90DF39D6-95D2-480D-A4DA-1749A9D638FB}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{2BA379E1-93E9-42C2-B50A-CC15D2BD0CB3}] => (Allow) LPort=5357
FirewallRules: [{9C821D1C-4384-4B50-A44A-3FA3CBCE3DE7}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{F04236A3-1FE5-4361-89EB-C546824A841C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D4E27199-2EB0-490C-8791-335857333FED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{8ABC1622-8197-4AAF-A929-39B3B557C9D9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{57554C43-7A88-485F-8619-0686E2F36EE1}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{AB18EA12-50C5-456D-B46A-204E0347FA55}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{245BCEEF-B2C8-4C0F-8AED-59C25BE87B32}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{F8C6841D-B960-4538-9296-4EDD6DCFFF60}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{16A3AA89-FE7F-490A-90E6-C7FC7371CB1D}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{704C9DBC-0380-4768-A6AC-2F3EBA8FB1F5}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{65403603-293B-47B8-A206-EBE687F9A5ED}] => (Allow) LPort=12292
FirewallRules: [{728C18C9-C620-4F1E-A655-1EB0C67E7D1D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{9F84E46E-CA99-44A1-A756-FDA47F3C8061}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{9388A91B-F627-44A6-93F6-E2D2040090D5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{A2ECF195-18A9-418D-9914-37F77939E0C1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{23BDB5AE-EB9D-4E7C-8B4F-E8EA9C243E68}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{1E12D070-97E3-41A5-8037-6D59E7B7BEBE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [TCP Query User{810AE1D0-1B55-4DBC-83C7-86621E7C9282}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{065570D5-5261-45CE-AE89-49F9B093050C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{4EFAF481-A096-4122-B4B9-829618395C4E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2C6E9976-FDED-4BDF-B052-93BBAE9CD893}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{DD11BCCC-87F7-482A-8578-2EC8E7FE6A25}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [TCP Query User{38E8B992-B006-4DAE-BD32-BAFF7CE64C65}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{322BDDD1-B459-4489-967F-D26DBF9B2F11}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [TCP Query User{949FDD01-041B-407F-BA03-2D4123524637}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0BF375DB-240A-4674-B9D8-3ADF1A560239}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7FB7C4FD-2756-40A4-A238-64E995815D15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{8AB43670-1428-435E-B220-2878874E3CD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{D9212F83-DE8F-4A44-B45F-496960E2A583}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{63AF008A-4B72-4720-969E-9C75E358D1AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{4C4E3F73-C54F-4E81-9E2D-EA0464FBEDEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{09629463-0548-448A-80FC-99289A181F67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{6AC91DD7-2B05-439E-BCE4-865C334EC155}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tap Tap Infinity\TapTapInfinity.exe
FirewallRules: [{FC6C24E8-F407-4E87-BA4B-0C2B7C0E5275}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tap Tap Infinity\TapTapInfinity.exe
FirewallRules: [{4CE6B721-C5AE-4B16-8115-0038075E907E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{7DD72E58-BF36-4685-B387-28B7A1170DD2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{E65385E1-640C-41BE-8D19-FEB7989457C2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Idle Civilization\IdleCivilization.exe
FirewallRules: [{2723F994-83C9-4286-8314-BB1DD952193A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Idle Civilization\IdleCivilization.exe
FirewallRules: [{4445C05B-5239-4A90-8D05-B839EC25B96A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{2E661A5F-4132-419A-8AE5-662DF0F0BB29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{3381556D-F6CD-423F-A381-6BEB6142554A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{28847787-4BDF-4540-8994-E233AB35D18A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{321F1E76-9492-4748-A97D-31837039F618}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{CB48AB03-EBBD-42AC-A8FF-BE5246CDA39D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{EF97E6B7-2144-4E5B-8F2A-A8F109370EB8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{B7A65956-904F-4C7D-BD04-A6FF1865C88B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [TCP Query User{578844A9-80A4-463A-8809-1B30152E709D}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [UDP Query User{6ABF0B7F-B570-4204-8867-D2E1A017822E}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [{2710976B-EB16-4771-9D99-1C66F387D65F}] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [{FEB6E46F-EFF3-4658-ADB3-C1F4139D0116}] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [{410222C4-111B-46C8-B552-F99A37B66039}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{0BF0C4BC-AF7E-4DB0-8333-5EF69F3E610B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [TCP Query User{9304E758-D47A-4BF0-87FE-AAFFB5E0B749}C:\emu\vbalink\visualboyadvance.exe] => (Allow) C:\emu\vbalink\visualboyadvance.exe
FirewallRules: [UDP Query User{19DB5230-F103-48A7-9FA5-6B19873F72DB}C:\emu\vbalink\visualboyadvance.exe] => (Allow) C:\emu\vbalink\visualboyadvance.exe
FirewallRules: [{1EF0629C-E22D-48A0-8BF2-96345A8F9FA0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{7DE49672-78D7-4619-B350-5FF93DEC2A18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{C610554F-95AF-4E71-9BD2-3963C233DE7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mold on Pizza Deluxe\MoldOnPizza.exe
FirewallRules: [{F4138774-FA4C-4BA9-A743-8B1AB7F7B979}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mold on Pizza Deluxe\MoldOnPizza.exe
FirewallRules: [{73FC695F-2F81-4F04-AC4E-58FADAB4D91C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Over 9000 Zombies!\Over9000Zombies.exe
FirewallRules: [{1EA87698-8A01-4758-ACE9-2D5B9664246A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Over 9000 Zombies!\Over9000Zombies.exe
FirewallRules: [{81697DA3-E4B2-44B5-B862-0B8186C1AED1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Voodoo Garden\Voodoo Garden.exe
FirewallRules: [{D437ABFC-B3B6-4EBE-B220-91228FEF7167}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Voodoo Garden\Voodoo Garden.exe
FirewallRules: [{8A3F4E49-0003-4722-AEA6-58609CE6C050}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{9D5BBAF2-D6BC-4526-85F6-F5AE404AABBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{319FFA61-E9AC-4477-B8C5-15F1C666025C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{D1F4EDAD-F2FB-4E0A-AC6E-93EC60BDC16D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{9193F75B-0C14-480A-8375-C887B00B69BC}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{BF8D6726-422E-456F-A776-0177DE3C3C75}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [TCP Query User{2DDFD7FC-A2E2-4CF0-92CF-E6F4BCCA126E}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [UDP Query User{60CC4152-B318-45AE-84B1-2167A7840AA7}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [{352D7A3F-64C5-4486-84CB-3B15FB4EF6AE}] => (Block) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [{46D7095E-7B1A-4D68-8863-B6EDB66CBDE6}] => (Block) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [TCP Query User{717B6547-E228-4BB9-B3CA-8925A5221705}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{28957877-FE71-4D21-A8DD-689F4C9FAE07}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [{08463932-8EE2-49E4-BF13-40D08CC155B2}] => (Block) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [{9375F4CB-2989-4D0A-88C1-4E9111B0715D}] => (Block) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [{725169D0-98D1-48BB-8049-9D070558867A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe\DefendersQuest.exe
FirewallRules: [{39C6FCFB-32B6-4C64-B5E7-7DD271E8B47B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe\DefendersQuest.exe
FirewallRules: [{EAC09886-C9F5-470D-A0FD-B1FC1F3CDC02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe_gl\DefendersQuest.exe
FirewallRules: [{2EC75AF1-C3FC-4530-BF02-4D3A26EF612A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe_gl\DefendersQuest.exe
FirewallRules: [{89A03A15-7E2C-4A91-83C4-B4F5C658F163}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\legacy\DefendersQuest.exe
FirewallRules: [{7A45094A-35B2-46A3-A87D-05673677FFC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\legacy\DefendersQuest.exe
FirewallRules: [{71E5F598-6BA9-40AB-9714-E91F357CCA44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe\LevelEditor.exe
FirewallRules: [{C911D1BE-A040-4188-B9B2-B93F8FB7509B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe\LevelEditor.exe
FirewallRules: [{A95F42EB-8EF9-4C68-99BF-57CD503A38D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe_gl\LevelEditor.exe
FirewallRules: [{DFD9F99B-FD5F-4627-9768-2F3CC21C551B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe_gl\LevelEditor.exe
FirewallRules: [{56E87B07-4DE4-4614-85A5-BE28A3771D5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Idle Evolution\IdleEvolution.exe
FirewallRules: [{E4E8F1A9-9C0D-4DC9-89FE-7B6ABB8FAC56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Idle Evolution\IdleEvolution.exe
FirewallRules: [{FABBDF8E-5F59-4F14-8164-6398114FD3AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Toadled\ToadledWindows.exe
FirewallRules: [{222DACB4-BE6B-41CB-90B5-E092873E1830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Toadled\ToadledWindows.exe
FirewallRules: [{E7769FE8-E4F6-4AB6-BACC-0E0D666A88DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creeper World 3\CW3.exe
FirewallRules: [{EEA09435-223A-4497-9B2B-B6E3D8D376AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creeper World 3\CW3.exe
FirewallRules: [{7BED5F60-1F46-43D0-83D6-65A6F0F82BFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{595ECDAA-8F6E-4F59-9379-B3AE230D51B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{E97A8F3E-5214-4DDB-9EC6-79CB311B3166}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{FBE4B1FE-A570-4D75-A4FA-C19DD6EE3790}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{B789AC96-91DE-420A-BDFD-0AF352754F9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{EA2899FB-9314-4198-9735-E6C9D5B799EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{10254347-80C0-4DD8-A4F4-65E8185601E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{539AB3E6-4B58-4155-8FC3-4E0DBD5BB75B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [TCP Query User{8C9F6AF6-F074-4BC8-806C-294B10C47E0C}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{6C43B1AA-E745-4F17-8656-47966A4C1453}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{BA9FC1C6-A863-4E9A-9DFC-FC5AF67A3424}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{51FD769D-A30A-4637-A2A3-45784D219F71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WeaponShopFantasy\WeaponShopFantasy.exe
FirewallRules: [{6F1FF239-F604-4312-B9B9-C13435A1AB34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WeaponShopFantasy\WeaponShopFantasy.exe
FirewallRules: [{F3D234A2-F349-4706-9C58-3CC326F9EDB5}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{3ECB3AC0-5E08-4122-9DD7-6FCBC7DEF037}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{D944DB7A-D474-4F93-85E9-05ED1F78AAC4}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{858F8D8C-DDF3-4860-B05F-63E84148EBCF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{14E037C5-D716-4929-932E-FEAA65542F77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{6104BC0D-96E0-41FB-99C8-4470A20C0EDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{E0CA2696-26C6-45FC-AFA8-6778E0B4543D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Might and Magic Clash of Heroes\ClashOfHeroes.exe
FirewallRules: [{BF6BC3CF-9EE4-43DF-BFB2-B94FEA2B36A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Might and Magic Clash of Heroes\ClashOfHeroes.exe
FirewallRules: [{77FE3B52-1BC1-42F3-B140-DD146670619E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BloonsTD5\BTD5-Win.exe
FirewallRules: [{A56F35B4-9791-4723-BCBD-EFF77D9B3CD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BloonsTD5\BTD5-Win.exe
FirewallRules: [{580E10D2-2799-4C53-9F96-A6EBE1DD3805}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{5D8591EB-192D-49D0-9D6D-EE37FF5F19C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{E24B233A-ADD8-4C29-AE4D-B70E544876F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{AE553D55-C427-4376-B6A6-5AC578E0E0A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{144D09AD-1DD7-4E02-972E-8292DF3FF654}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{20A36DA9-8D67-4076-874B-4C1CF5211442}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3EAD0F4B-486C-4214-B3D4-EA89B501064E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B3B8DD06-54ED-45C2-968E-A69219ADE84D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{D793E2D2-FF5C-4514-AE29-CEA3E4439A9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{97CF0D3A-39B2-4400-ADF4-F152BEE4D724}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DD5537E6-1BBD-4174-A97C-214CA62214E0}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{7B4546B5-BCC1-4DB5-BDFF-AE9F0A68CE2A}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{D05E8C19-E9BA-470F-8825-371B05EDF606}] => (Allow) C:\Program Files (x86)\Nevil\collectives.exe
FirewallRules: [{29C85026-3C37-451F-88E3-8F1020F193BA}] => (Allow) C:\Program Files (x86)\Dad\collectives.exe
FirewallRules: [{AE90E768-D1FD-46AC-8ACB-C2E3A73E7C0C}] => (Allow) C:\Program Files (x86)\kingfisher\gilbride.exe
FirewallRules: [{628A7213-9561-4530-A1F3-5F3C783CEDE4}] => (Allow) C:\Program Files (x86)\Dad\gilbride.exe
FirewallRules: [{213C7FC2-61FD-4D39-9A56-3B856A27CB72}] => (Block) %SystemRoot%\System32\avewmsosvc.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2017 08:47:49 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (12/13/2017 08:47:49 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (12/13/2017 08:47:38 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (12/13/2017 08:47:38 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (12/13/2017 08:01:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Baby.local already in use; will try Baby-2.local instead

Error: (12/13/2017 08:01:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister    4 Baby.local. Addr 10.0.0.41

Error: (12/13/2017 08:01:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.41:5353   16 Baby.local. AAAA 2601:0541:0200:EA4A:0000:0000:0000:10CA

Error: (12/13/2017 06:35:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Baby.local already in use; will try Baby-2.local instead

Error: (12/13/2017 06:35:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Baby.local. Addr 10.0.0.41

Error: (12/13/2017 06:35:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.41:5353   16 Baby.local. AAAA 2601:0541:0200:EA4A:0000:0000:0000:10CA


System errors:
=============
Error: (12/13/2017 09:38:49 PM) (Source: DCOM) (EventID: 10010) (User: BABY)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.

Error: (12/13/2017 09:36:52 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (12/13/2017 09:35:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/13/2017 09:33:55 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (12/13/2017 09:04:22 PM) (Source: DCOM) (EventID: 10010) (User: BABY)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (12/13/2017 09:02:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/13/2017 09:01:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/13/2017 09:01:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (12/13/2017 09:01:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (12/13/2017 09:01:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


CodeIntegrity:
===================================
  Date: 2017-12-13 11:39:13.330
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-12-13 11:39:00.489
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-12-13 11:39:00.105
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-12-13 11:38:59.879
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-12-13 05:58:00.001
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Users\Mitchell\AppData\Roaming\Microsoft\Protect\c65560-bb88d1-674f5484-1fb4d0-21c0.rs that did not meet the Microsoft signing level requirements.

  Date: 2017-10-30 02:23:59.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_f0b2a5e1e71031b3\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-30 02:23:59.088
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-22 03:20:36.810
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_5968d4ac6c3a9ae5\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-22 03:20:36.667
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-11 19:43:56.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_5968d4ac6c3a9ae5\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 59%
Total physical RAM: 16316.02 MB
Available physical RAM: 6617.55 MB
Total Virtual: 23228.02 MB
Available Virtual: 13799.53 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:475.28 GB) (Free:154.54 GB) NTFS
Drive e: (DATA) (Fixed) (Total:931.51 GB) (Free:701.51 GB) NTFS
Drive z: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:648.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1E1F4777)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F2AFF72E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: E13960D3)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 14 December 2017 - 08:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run this Malwarebytes Anti-Rootkit.

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Before you run the program make sure you follow the instructions under Section 5.
5. Unselect sectors and system below. Hit the scan button.

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
<<<>>>

Please run the Farbar program and post a fresh FRST log for my review.

Let me know what problem persists.

#4 Hayama

Hayama
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 14 December 2017 - 12:23 PM

Hello and thank you for your reply! What's strange is that when I started my computer today, the avewmsosvc.exe process is no longer running and the file is gone from System32. MBAR ran fine and found no threats. Does that mean I am clean? I don't know if this is important, but I uninstalled AVG last night because it was unresponsive and the firewall was messing with a program I needed to run. Windows firewall is still on. Posting both requested logs below. Thanks!

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.12.14.04
  rootkit: v2017.10.14.01

Windows 10 x64 NTFS
Internet Explorer 11.726.15063.0
Mitchell :: BABY [administrator]

12/14/2017 12:12:52 PM
mbar-log-2017-12-14 (12-12-52).txt

Scan type:
Scan options enabled: Anti-Rootkit | Drivers | MBR
Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Objects scanned: 202
Time elapsed: 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
Ran by Mitchell (administrator) on BABY (14-12-2017 12:20:52)
Running from C:\Users\Mitchell\Downloads
Loaded Profiles: Mitchell (Available Profiles: Mitchell)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(HP) C:\Windows\System32\hpservice.exe
(HP) C:\Windows\System32\HP3DDGService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hp\HP System Event\HPWMISVC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Discord Inc.) C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\Discord.exe
(Discord Inc.) C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\Discord.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hp\HP System Event\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Discord Inc.) C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\Discord.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(porksmash & Xzandro) C:\Users\Mitchell\AppData\Local\Programs\sw-exporter\Summoners War Exporter.exe
(porksmash & Xzandro) C:\Users\Mitchell\AppData\Local\Programs\sw-exporter\Summoners War Exporter.exe
(porksmash & Xzandro) C:\Users\Mitchell\AppData\Local\Programs\sw-exporter\Summoners War Exporter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [404912 2015-07-25] ()
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [ACPW08EN] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe [1813776 2014-09-17] (ACD Systems)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-23] (Logitech Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [belton] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKLM\...\Run: [beltonglazunov] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKLM\...\Run: [beltonbelton] => "C:\Program Files (x86)\Dad\collectives.exe"
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518456 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [carlson] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKLM-x32\...\Run: [carlsonbacksliding] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKLM-x32\...\Run: [carlsoncarlson] => "C:\Program Files (x86)\Dad\collectives.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [ACDSeeCommanderPro8] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe [2136072 2014-09-19] ()
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7693880 2015-09-10] (GOG.com)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-13] (Valve Corporation)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15842280 2017-11-06] (Plex, Inc.)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [15671472 2017-08-23] (NordVPN)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [CiscoSpark] => C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Spark\Cisco Spark.lnk [2738 2017-12-08] ()
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [Discord] => C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [backsliding] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [backslidingcarlson] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [backslidingbacksliding] => "C:\Program Files (x86)\Dad\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [glazunov] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [glazunovbelton] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [glazunovglazunov] => "C:\Program Files (x86)\Dad\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [ampersands] => "C:\Program Files (x86)\watertown\ampersands.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [melt] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [15671472 2017-08-23] (NordVPN)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15842280 2017-11-06] (Plex, Inc.)
Startup: C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krause.lnk [2017-12-13]
ShortcutTarget: krause.lnk -> C:\Program Files (x86)\Nevil\collectives.exe (No File)
Startup: C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krausekrause.lnk [2017-12-13]
ShortcutTarget: krausekrause.lnk -> C:\Program Files (x86)\kingfisher\gilbride.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{74628100-f84c-4272-aec2-2d09e6074fa7}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8b5122bc-2301-400c-8cc5-42b7c0a525d6}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{e0730efc-674c-463e-9c2a-374d5a100ebd}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{f0c6b50c-af74-4fc0-9773-15c75406f1a6}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{F3578B66-2542-4009-A3E8-FCDDF7947817}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> {1B8AB615-C383-4931-924A-F5E79129E3D0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {1B8AB615-C383-4931-924A-F5E79129E3D0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2612921270-2592388305-428700144-1002 -> {1B8AB615-C383-4931-924A-F5E79129E3D0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2612921270-2592388305-428700144-1002 -> {D0693E22-8A05-4F8F-85A7-8D2593BEE556} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2612921270-2592388305-428700144-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-29] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-29] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-21] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-29] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\ymuep9dg.default-1438217038008 [2017-12-14]
FF Extension: (Cisco WebEx Extension) - C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\ymuep9dg.default-1438217038008\Extensions\ciscowebexstart1@cisco.com.xpi [2017-07-19]
FF Extension: (Looking Glass) - C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\ymuep9dg.default-1438217038008\Extensions\pug.experience@shield.mozilla.org.xpi [2017-12-13] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\ymuep9dg.default-1438217038008\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2612921270-2592388305-428700144-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Mitchell\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-2612921270-2592388305-428700144-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mitchell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-10-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2612921270-2592388305-428700144-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-04-19] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Mitchell\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-05-07] (Cisco WebEx LLC)

Chrome:
=======
CHR Profile: C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default [2017-12-13]
CHR Extension: (Slides) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-16]
CHR Extension: (YouTube) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-16]
CHR Extension: (Sheets) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-27]
CHR Extension: (AVG SafePrice) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2017-12-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-16]
CHR Extension: (Gmail) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-16]
CHR Extension: (Chrome Media Router) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-04-19] (Microsoft Corporation)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S4 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1738808 2015-09-10] (GOG.com)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6943800 2015-09-10] (GOG.com)
R2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-10-03] (HP)
R2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [359856 2015-07-25] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-07-01] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-01-23] (Logitech Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-12-02] ()
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [417456 2017-08-23] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [463664 2017-11-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2100200 2017-11-06] (Plex, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe [473824 2017-05-05] (Wondershare)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3832224 2015-12-02] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [54296 2017-10-03] (HP)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [40472 2017-10-03] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-09] (Intel Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [51712 2015-05-07] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-05-28] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-01-23] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-01-23] (Logitech Inc.)
S3 LGSUsbFilt; C:\WINDOWS\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-13] (Malwarebytes)
S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2013-08-06] (Apple Inc.) [File not signed]
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3515152 2015-12-25] (Intel Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2015-06-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_1d911bd7dce07320\nvlddmkm.sys [17020720 2017-11-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-11-27] (NVIDIA Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-01] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 udiskMgr; system32\drivers\ybfilo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-14 12:12 - 2017-12-14 12:12 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\32353193.sys
2017-12-14 12:11 - 2017-12-14 12:18 - 000000000 ____D C:\Users\Mitchell\Desktop\mbar
2017-12-14 12:11 - 2017-12-14 12:18 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-14 12:11 - 2017-12-14 12:11 - 014161479 _____ C:\Users\Mitchell\Downloads\mbar-1.10.3.1001-nr.exe
2017-12-14 12:11 - 2017-12-14 12:11 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.027
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.026
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.025
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.024
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.023
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.022
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.021
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.020
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.019
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.018
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.017
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.016
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.015
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.014
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.013
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.012
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.011
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.010
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.009
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.008
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.007
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.006
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.005
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.004
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.003
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.002
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.001
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.000
2017-12-13 22:56 - 2017-12-13 22:56 - 000142136 ____N C:\WINDOWS\system32\Drivers\nvcehlor.sys
2017-12-13 19:54 - 2017-12-13 20:00 - 000000000 ____D C:\AdwCleaner
2017-12-13 19:54 - 2017-12-13 19:54 - 008172032 _____ (Malwarebytes) C:\Users\Mitchell\Downloads\AdwCleaner.exe
2017-12-13 19:52 - 2017-12-13 20:03 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-12-13 19:51 - 2017-12-13 19:51 - 036195904 _____ (Adlice Software ) C:\Users\Mitchell\Downloads\setup(1).exe
2017-12-13 19:44 - 2017-12-13 19:51 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-12-13 19:44 - 2017-12-13 19:51 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-13 19:44 - 2017-12-13 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-12-13 19:43 - 2017-12-13 19:51 - 000000000 ____D C:\Program Files\RogueKiller
2017-12-13 19:43 - 2017-12-13 19:43 - 036195904 _____ (Adlice Software ) C:\Users\Mitchell\Downloads\setup.exe
2017-12-13 19:06 - 2017-12-13 19:06 - 000001972 _____ C:\Users\Mitchell\Desktop\Process Hacker 2.lnk
2017-12-13 19:06 - 2017-12-13 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2017-12-13 19:06 - 2017-12-13 19:06 - 000000000 ____D C:\Program Files\Process Hacker 2
2017-12-13 17:12 - 2016-06-28 10:52 - 000318624 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\pskill64.exe
2017-12-13 16:53 - 2017-12-13 16:53 - 002267848 _____ (wj32 ) C:\Users\Mitchell\Downloads\processhacker-2.39-setup.exe
2017-12-13 16:28 - 2017-12-13 21:45 - 000119312 _____ C:\Users\Mitchell\Downloads\Addition.txt
2017-12-13 16:27 - 2017-12-14 12:21 - 000038484 _____ C:\Users\Mitchell\Downloads\FRST.txt
2017-12-13 16:27 - 2017-12-14 12:20 - 000000000 ____D C:\FRST
2017-12-13 16:26 - 2017-12-13 16:26 - 002392064 _____ (Farbar) C:\Users\Mitchell\Downloads\FRST64.exe
2017-12-13 12:36 - 2017-12-13 13:16 - 000004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-12-13 12:34 - 2017-12-13 22:57 - 000000000 ____D C:\Users\Mitchell\AppData\Local\Avg
2017-12-13 12:34 - 2017-12-13 22:57 - 000000000 ____D C:\ProgramData\Avg
2017-12-13 12:34 - 2017-12-13 22:57 - 000000000 ____D C:\Program Files (x86)\AVG
2017-12-13 12:34 - 2017-12-13 22:51 - 000000000 ____D C:\Users\Mitchell\AppData\Local\AvgSetupLog
2017-12-13 12:34 - 2017-12-13 12:34 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Mitchell\Downloads\AVG_Protection_Free_1606.exe
2017-12-13 12:34 - 2017-12-13 12:34 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-12-13 11:44 - 2017-12-13 12:12 - 000000257 _____ C:\WINDOWS\wininit.ini
2017-12-13 11:38 - 2017-12-13 12:29 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-13 11:37 - 2017-12-13 11:37 - 083316440 _____ (Malwarebytes ) C:\Users\Mitchell\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-13 11:37 - 2017-12-13 11:37 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-13 11:30 - 2017-12-13 11:30 - 007806208 _____ C:\Users\Mitchell\Downloads\spybotsd_includes.exe
2017-12-13 11:26 - 2017-12-13 11:26 - 000000000 ____D C:\Users\Mitchell\Desktop\Process Explorer
2017-12-13 10:09 - 2015-03-22 15:46 - 000000856 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20171213-100906.backup
2017-12-13 10:03 - 2017-12-13 22:48 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-13 10:02 - 2017-12-13 10:02 - 000000000 ____D C:\WINDOWS\pss
2017-12-13 09:48 - 2017-12-13 12:13 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-12-13 09:48 - 2017-12-13 12:12 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-12-13 09:48 - 2017-12-13 09:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-12-13 09:47 - 2017-12-13 09:47 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Mitchell\Downloads\spybotsd-2.6.46.exe
2017-12-13 07:24 - 2017-12-13 07:24 - 3285342941 _____ C:\WINDOWS\MEMORY.DMP
2017-12-13 07:24 - 2017-12-13 07:24 - 000928452 _____ C:\WINDOWS\Minidump\121317-9640-01.dmp
2017-12-13 05:59 - 2017-12-13 05:59 - 000000000 ____D C:\WINDOWS\SysWOW64\coclubd
2017-12-11 17:57 - 2017-12-11 17:57 - 000035750 _____ C:\WINDOWS\uninstaller.dat
2017-12-08 15:39 - 2017-12-08 15:39 - 000000012 _____ C:\Users\Mitchell\Desktop\everyone goes to the rapture.txt
2017-12-06 21:54 - 2017-12-06 21:54 - 000074566 _____ C:\Users\Mitchell\Documents\COMPASS application 12-06-17.pdf
2017-12-06 20:52 - 2017-12-06 21:12 - 000000000 ____D C:\Users\Mitchell\Documents\Copies for assistance application
2017-11-30 19:46 - 2017-11-30 19:46 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-30 19:46 - 2017-09-13 18:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-11-30 19:46 - 2017-09-13 18:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-11-30 19:46 - 2017-09-13 18:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-11-30 19:46 - 2017-09-13 18:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-11-30 19:44 - 2017-11-27 20:56 - 040238576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 036348400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 035159072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 029378960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 023266584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 019039304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 013866792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 013255032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 011780888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 010883744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 004202808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 003615024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001991016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438843.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001674552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438843.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001321264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001101296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001038680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001032688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000982000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000932424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-11-30 19:44 - 2017-11-27 20:56 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-11-25 09:56 - 2017-12-01 21:25 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-25 09:56 - 2017-12-01 21:25 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-15 06:48 - 2017-11-01 23:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 06:48 - 2017-11-01 23:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 06:48 - 2017-11-01 23:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 06:47 - 2017-11-02 00:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 06:47 - 2017-11-02 00:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-15 06:47 - 2017-11-01 23:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 06:47 - 2017-11-01 23:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 06:47 - 2017-11-01 23:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 06:47 - 2017-11-01 23:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 06:47 - 2017-11-01 23:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 06:47 - 2017-11-01 23:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 06:47 - 2017-11-01 23:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 06:47 - 2017-11-01 23:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 06:47 - 2017-11-01 23:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 06:47 - 2017-11-01 23:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 06:47 - 2017-11-01 23:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 06:47 - 2017-11-01 23:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 06:47 - 2017-11-01 23:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 06:47 - 2017-11-01 23:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 06:47 - 2017-11-01 23:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 06:47 - 2017-11-01 23:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 06:47 - 2017-11-01 23:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 06:47 - 2017-11-01 23:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 06:47 - 2017-11-01 23:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 06:47 - 2017-11-01 23:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 06:47 - 2017-11-01 23:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 06:47 - 2017-11-01 23:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 06:47 - 2017-11-01 23:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 06:47 - 2017-11-01 23:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 06:47 - 2017-11-01 23:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 06:47 - 2017-11-01 23:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 06:47 - 2017-11-01 23:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 06:47 - 2017-11-01 23:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 06:47 - 2017-11-01 23:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 06:47 - 2017-11-01 23:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 06:47 - 2017-11-01 23:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 06:47 - 2017-11-01 23:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 06:47 - 2017-11-01 23:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 06:47 - 2017-11-01 23:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 06:47 - 2017-11-01 23:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 06:47 - 2017-11-01 23:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 06:47 - 2017-11-01 23:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 06:47 - 2017-11-01 23:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 06:47 - 2017-11-01 23:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 06:47 - 2017-11-01 23:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 06:47 - 2017-11-01 23:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 06:47 - 2017-11-01 23:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 06:47 - 2017-11-01 23:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 06:47 - 2017-11-01 23:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 06:47 - 2017-10-25 02:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 06:47 - 2017-10-15 10:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 06:47 - 2017-10-15 10:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 06:47 - 2017-10-15 10:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 06:47 - 2017-10-15 09:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 06:47 - 2017-10-15 09:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 06:47 - 2017-10-15 09:46 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-11-15 06:47 - 2017-10-15 09:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 06:47 - 2017-10-15 09:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 06:47 - 2017-10-15 09:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 06:47 - 2017-10-15 09:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 06:47 - 2017-10-15 09:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 06:47 - 2017-10-15 09:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 06:47 - 2017-10-15 09:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 06:47 - 2017-10-15 09:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 06:47 - 2017-10-15 09:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 06:44 - 2017-11-02 00:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 06:44 - 2017-11-02 00:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 06:44 - 2017-11-02 00:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 06:44 - 2017-11-02 00:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 06:44 - 2017-11-02 00:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 06:44 - 2017-11-02 00:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 06:44 - 2017-11-02 00:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-15 06:44 - 2017-11-02 00:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 06:44 - 2017-11-01 23:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 06:44 - 2017-11-01 23:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 06:44 - 2017-11-01 23:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 06:44 - 2017-11-01 23:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 06:44 - 2017-11-01 23:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 06:44 - 2017-11-01 23:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 06:44 - 2017-11-01 23:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 06:44 - 2017-11-01 23:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 06:44 - 2017-11-01 23:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 06:44 - 2017-11-01 23:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 06:44 - 2017-11-01 23:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 06:44 - 2017-11-01 23:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 06:44 - 2017-11-01 23:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 06:44 - 2017-11-01 23:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 06:44 - 2017-11-01 23:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 06:44 - 2017-11-01 23:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-15 06:44 - 2017-11-01 23:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 06:44 - 2017-11-01 23:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 06:44 - 2017-11-01 23:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 06:44 - 2017-11-01 23:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 06:44 - 2017-11-01 23:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 06:44 - 2017-11-01 23:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 06:44 - 2017-11-01 23:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 06:44 - 2017-11-01 23:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 06:44 - 2017-11-01 23:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 06:44 - 2017-11-01 23:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 06:44 - 2017-11-01 23:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 06:44 - 2017-11-01 23:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 06:44 - 2017-11-01 23:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 06:44 - 2017-11-01 23:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 06:44 - 2017-11-01 23:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 06:44 - 2017-11-01 23:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 06:44 - 2017-11-01 23:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 06:44 - 2017-11-01 23:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 06:44 - 2017-11-01 23:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 06:44 - 2017-11-01 23:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 06:44 - 2017-11-01 23:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 06:44 - 2017-11-01 23:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 06:44 - 2017-11-01 23:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 06:44 - 2017-11-01 23:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 06:44 - 2017-11-01 23:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 06:44 - 2017-11-01 23:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 06:44 - 2017-10-15 09:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 06:44 - 2017-10-15 09:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 06:44 - 2017-10-15 09:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 06:44 - 2017-10-15 09:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 06:44 - 2017-10-15 09:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 06:44 - 2017-10-15 09:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 06:44 - 2017-10-15 09:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 06:44 - 2017-10-15 09:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-15 06:43 - 2017-11-02 00:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 06:43 - 2017-11-02 00:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 06:43 - 2017-11-02 00:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-15 06:43 - 2017-11-02 00:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 06:43 - 2017-11-02 00:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-15 06:43 - 2017-11-02 00:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-15 06:43 - 2017-11-02 00:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 06:43 - 2017-11-02 00:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 06:43 - 2017-11-02 00:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 06:43 - 2017-11-02 00:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 06:43 - 2017-11-02 00:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 06:43 - 2017-11-02 00:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 06:43 - 2017-11-02 00:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 06:43 - 2017-11-02 00:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 06:43 - 2017-11-02 00:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-15 06:43 - 2017-11-02 00:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 06:43 - 2017-11-02 00:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 06:43 - 2017-11-02 00:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 06:43 - 2017-11-02 00:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 06:43 - 2017-11-02 00:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 06:43 - 2017-11-02 00:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 06:43 - 2017-11-01 23:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 06:43 - 2017-11-01 23:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 06:43 - 2017-11-01 23:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 06:43 - 2017-11-01 23:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 06:43 - 2017-11-01 23:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 06:43 - 2017-11-01 23:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 06:43 - 2017-11-01 23:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 06:43 - 2017-11-01 23:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 06:43 - 2017-11-01 23:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 06:43 - 2017-11-01 23:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 06:43 - 2017-11-01 23:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 06:43 - 2017-11-01 23:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 06:43 - 2017-11-01 23:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 06:43 - 2017-11-01 23:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 06:43 - 2017-11-01 23:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 06:43 - 2017-11-01 23:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 06:43 - 2017-11-01 23:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 06:43 - 2017-11-01 23:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 06:43 - 2017-11-01 23:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 06:43 - 2017-11-01 23:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 06:43 - 2017-11-01 23:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-15 06:43 - 2017-11-01 23:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 06:43 - 2017-11-01 23:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 06:43 - 2017-11-01 23:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 06:43 - 2017-11-01 23:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 06:43 - 2017-11-01 23:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 06:43 - 2017-11-01 23:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 06:43 - 2017-11-01 23:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 06:43 - 2017-11-01 23:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 06:43 - 2017-11-01 23:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 06:43 - 2017-10-15 09:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 06:43 - 2017-10-15 09:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 06:43 - 2017-10-15 09:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 06:43 - 2017-10-15 09:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 06:43 - 2017-10-15 09:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 06:43 - 2017-10-15 09:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 06:43 - 2017-10-15 09:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 06:43 - 2017-10-15 09:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 06:43 - 2017-10-15 09:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 06:43 - 2017-10-15 09:07 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-11-15 06:43 - 2017-10-15 09:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 06:43 - 2017-10-15 09:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 06:43 - 2017-10-15 09:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 06:42 - 2017-11-02 00:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 06:42 - 2017-11-02 00:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 06:42 - 2017-11-02 00:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 06:42 - 2017-11-02 00:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-15 06:42 - 2017-11-02 00:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-15 06:42 - 2017-11-02 00:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 06:42 - 2017-11-02 00:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-15 06:42 - 2017-11-02 00:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 06:42 - 2017-11-02 00:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 06:42 - 2017-11-02 00:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 06:42 - 2017-11-02 00:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 06:42 - 2017-11-02 00:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-15 06:42 - 2017-11-02 00:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 06:42 - 2017-11-02 00:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 06:42 - 2017-11-02 00:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 06:42 - 2017-11-01 23:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 06:42 - 2017-11-01 23:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 06:42 - 2017-11-01 23:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 06:42 - 2017-11-01 23:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 06:42 - 2017-11-01 23:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 06:42 - 2017-10-15 09:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 06:42 - 2017-10-15 09:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-14 12:16 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-14 12:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-14 12:12 - 2015-07-29 06:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-14 11:57 - 2017-04-19 00:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-14 07:27 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-14 02:00 - 2014-10-17 16:52 - 000000000 ____D C:\Users\Mitchell\AppData\Local\Adobe
2017-12-14 00:45 - 2017-04-19 00:45 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CE4AE1DE-6B9C-45BA-AE3F-4ED0DC535680}
2017-12-13 23:04 - 2017-04-19 00:29 - 002518896 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-13 23:01 - 2016-11-16 14:31 - 000000000 ____D C:\Users\Mitchell\AppData\LocalLow\Mozilla
2017-12-13 22:59 - 2015-09-24 16:38 - 000000000 ____D C:\Users\Mitchell\Documents\Youcam
2017-12-13 22:58 - 2017-04-19 00:29 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-12-13 22:58 - 2017-04-19 00:29 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-13 22:58 - 2017-02-21 23:57 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-13 22:58 - 2015-07-31 20:10 - 000000000 ___RD C:\Users\Mitchell\OneDrive
2017-12-13 22:58 - 2015-07-31 19:58 - 000000000 __SHD C:\Users\Mitchell\IntelGraphicsProfiles
2017-12-13 22:57 - 2017-04-19 00:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-13 22:57 - 2017-04-19 00:28 - 000521712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-13 22:56 - 2017-03-18 06:40 - 019398656 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-13 22:56 - 2017-03-18 06:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-12-13 21:02 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-13 20:47 - 2013-08-22 10:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-13 20:00 - 2016-05-12 21:55 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-12-13 19:40 - 2015-10-22 23:21 - 000007597 _____ C:\Users\Mitchell\AppData\Local\Resmon.ResmonCfg
2017-12-13 17:18 - 2017-04-19 00:29 - 000000000 ____D C:\Users\Mitchell
2017-12-13 13:39 - 2016-05-15 11:30 - 000000000 ____D C:\Users\Mitchell\Desktop\SWProxy-windows
2017-12-13 12:06 - 2017-07-27 10:37 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2612921270-2592388305-428700144-1002
2017-12-13 12:06 - 2015-07-31 20:10 - 000002414 _____ C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-13 11:44 - 2016-11-06 22:43 - 000000000 ____D C:\ProgramData\ReviverSoft
2017-12-13 11:44 - 2016-11-06 22:43 - 000000000 ____D C:\Program Files\ReviverSoft
2017-12-13 11:25 - 2014-06-16 23:04 - 000000000 ____D C:\Users\Mitchell\AppData\Local\NVIDIA Corporation
2017-12-13 10:42 - 2017-08-31 21:18 - 000000000 ____D C:\Users\Mitchell\AppData\Local\CiscoSpark
2017-12-13 10:28 - 2014-04-19 21:12 - 000000000 ____D C:\Users\Mitchell\AppData\Local\ElevatedDiagnostics
2017-12-13 09:30 - 2017-01-30 02:28 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\discord
2017-12-13 07:24 - 2017-05-26 14:20 - 000000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMitchell.job
2017-12-13 07:24 - 2017-05-16 01:44 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-13 06:08 - 2017-09-16 23:33 - 000002297 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-13 06:07 - 2017-09-16 23:33 - 000002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-13 02:12 - 2014-04-17 01:00 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\tixati
2017-12-12 19:46 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-12 19:46 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 15:45 - 2017-05-26 14:20 - 000003258 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMitchell
2017-12-12 15:06 - 2014-04-16 20:19 - 000000000 ____D C:\Users\Mitchell\AppData\Local\Packages
2017-12-12 09:53 - 2017-09-27 01:33 - 000002290 _____ C:\Users\Mitchell\Desktop\Discord.lnk
2017-12-12 09:53 - 2017-09-27 01:33 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-12 09:53 - 2017-09-27 01:33 - 000000000 ____D C:\Users\Mitchell\AppData\Local\Discord
2017-12-12 09:52 - 2017-08-31 21:18 - 000000000 ____D C:\Users\Mitchell\AppData\Local\CiscoSparkLauncher
2017-12-12 09:52 - 2017-04-19 00:29 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-12 09:52 - 2016-11-20 10:58 - 000000658 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2612921270-2592388305-428700144-1002.job
2017-12-12 09:52 - 2016-11-20 10:58 - 000000562 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2612921270-2592388305-428700144-1002.job
2017-12-12 09:52 - 2016-11-15 17:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-12 09:52 - 2014-04-16 20:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-12 09:48 - 2017-08-10 00:04 - 000000000 ____D C:\Users\Mitchell\Documents\Summoners War
2017-12-11 23:06 - 2014-04-16 20:33 - 000001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-11 17:03 - 2015-02-03 23:26 - 000000000 ____D C:\Users\Mitchell\AppData\Local\CutePDF Writer
2017-12-09 16:31 - 2017-07-08 09:36 - 000000000 ____D C:\Users\Mitchell\AppData\Local\GoToMeeting
2017-12-09 14:35 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-09 14:34 - 2016-10-31 22:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-08 19:39 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-07 10:36 - 2017-04-19 00:45 - 000003810 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2612921270-2592388305-428700144-1002
2017-12-07 10:36 - 2017-04-19 00:45 - 000003714 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2612921270-2592388305-428700144-1002
2017-12-05 16:20 - 2017-08-20 00:16 - 000000000 ____D C:\Users\Mitchell\Desktop\Summoners War Exporter Files
2017-12-01 04:48 - 2015-09-06 16:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 19:46 - 2017-05-06 17:16 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\NVIDIA
2017-11-30 19:46 - 2017-02-07 19:23 - 000000000 ____D C:\Temp
2017-11-30 19:45 - 2017-04-19 00:29 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-30 19:36 - 2017-05-23 21:28 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-05-23 21:28 - 000001492 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-11-30 19:36 - 2017-04-19 00:45 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:29 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-30 13:48 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-29 14:48 - 2014-04-17 06:37 - 000000000 ____D C:\Users\Mitchell\AppData\Local\CrashDumps
2017-11-28 10:18 - 2017-04-06 21:51 - 017020720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2017-11-27 20:56 - 2017-04-06 21:51 - 004485560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-11-27 20:56 - 2017-04-06 21:51 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-11-27 20:56 - 2017-04-06 21:51 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-11-27 20:56 - 2017-04-06 21:51 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-11-27 19:37 - 2017-04-19 00:29 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-11-27 19:06 - 2017-04-19 00:29 - 005965624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 002588976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 001766288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 000608240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 000450544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 000122768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 000082736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-11-27 13:37 - 2014-04-17 01:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-27 13:33 - 2017-10-10 14:48 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-27 13:33 - 2014-04-17 01:28 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-26 00:50 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-25 09:57 - 2014-04-17 04:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-22 19:55 - 2014-04-16 20:33 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\Mozilla
2017-11-20 06:04 - 2017-04-19 00:29 - 007874971 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-11-17 15:01 - 2015-02-07 20:05 - 000000000 ____D C:\ProgramData\HP
2017-11-15 01:09 - 2017-04-19 00:45 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-14 16:46 - 2017-04-19 00:45 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-14 14:38 - 2017-09-16 23:32 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 14:38 - 2017-09-16 23:32 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2015-04-11 00:56 - 2015-04-11 00:57 - 000000093 _____ () C:\Users\Mitchell\AppData\Roaming\ARCompanion.log
2016-01-11 21:34 - 2016-01-11 21:34 - 000000023 _____ () C:\Users\Mitchell\AppData\Roaming\Microsoft\cmldt32.dll
2016-03-27 19:35 - 2016-03-27 19:35 - 000002168 _____ () C:\Users\Mitchell\AppData\Local\recently-used.xbel
2015-10-22 23:21 - 2017-12-13 19:40 - 000007597 _____ () C:\Users\Mitchell\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-12-13 19:44 - 2017-09-05 00:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Mitchell\AppData\Local\Temp\dllnt_dump.dll
2017-05-14 20:42 - 2017-05-14 20:42 - 000066048 _____ () C:\Users\Mitchell\AppData\Local\Temp\Execute2App.exe
2017-05-04 17:34 - 2017-05-04 17:34 - 000739904 _____ (Oracle Corporation) C:\Users\Mitchell\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-07-22 14:23 - 2017-07-22 14:23 - 000739904 _____ (Oracle Corporation) C:\Users\Mitchell\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-10-29 19:50 - 2017-10-29 19:50 - 001856576 _____ (Oracle Corporation) C:\Users\Mitchell\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-05-14 20:42 - 2015-04-23 09:08 - 000568832 _____ (Microsoft Corporation) C:\Users\Mitchell\AppData\Local\Temp\msvcp90.dll
2017-05-14 20:42 - 2015-04-23 09:08 - 000655872 _____ (Microsoft Corporation) C:\Users\Mitchell\AppData\Local\Temp\msvcr90.dll
2017-05-19 14:42 - 2017-05-19 14:42 - 014608752 _____ (Samsung Electronics                                         ) C:\Users\Mitchell\AppData\Local\Temp\Samsung_Magician_Installer.exe
2017-11-17 15:01 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Mitchell\AppData\Local\Temp\TAInstaller.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\nvcehlor.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-12-07 00:52

==================== End of FRST.txt ============================



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 14 December 2017 - 02:16 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your first FRST log was showing sign of the SmartService rootkit The version of the Farbar program you used was able to remove the infector.
MBAM did not find any trace of it in the Registry. That is good.

This fix wll remove the left over entries that have random names.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Duplicate Cleaner Free 3.2.7 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.7 - DigitalVolcano Software Ltd) <==== ATTENTION
===

Did you install this game? \Steam\steamapps\common\Idle Evolution\nw.exe
The nw.exe could be compromised. If having problems I suggest you delete the Shortcut.

ShortcutWithArgument: C:\Users\Mitchell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b2063d7d92872715\IdleEvolution.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Idle Evolution\nw.exe (The NWJS Community) -> --user-data-dir="C:\Users\Mitchell\AppData\Local\IdleEvolution\User Data" --profile-directory=Default --app-id=jkiddabbdmojakblbpmmkhfhpoadbnlb


===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [belton] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKLM\...\Run: [beltonglazunov] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKLM\...\Run: [beltonbelton] => "C:\Program Files (x86)\Dad\collectives.exe"
HKLM-x32\...\Run: [carlson] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKLM-x32\...\Run: [carlsonbacksliding] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKLM-x32\...\Run: [carlsoncarlson] => "C:\Program Files (x86)\Dad\collectives.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [backsliding] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [backslidingcarlson] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [backslidingbacksliding] => "C:\Program Files (x86)\Dad\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [glazunov] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [glazunovbelton] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [glazunovglazunov] => "C:\Program Files (x86)\Dad\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [ampersands] => "C:\Program Files (x86)\watertown\ampersands.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [melt] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krause.lnk [2017-12-13]
ShortcutTarget: krause.lnk -> C:\Program Files (x86)\Nevil\collectives.exe (No File)
Startup: C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krausekrause.lnk [2017-12-13]
ShortcutTarget: krausekrause.lnk -> C:\Program Files (x86)\kingfisher\gilbride.exe (No File)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [X]
S3 udiskMgr; system32\drivers\ybfilo.sys [X]

CustomCLSID: HKU\S-1-5-21-2612921270-2592388305-428700144-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mitchell\AppData\Local\Citrix\GoToMeeting\5808\G2MOutlookAddin64.dll => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {04A59D2D-349A-46A9-A62F-271461F63B63} - \Sak4831887k4831887 -> No File <==== ATTENTION
Task: {1FEF12E3-AB83-4B3F-9856-9BF745ED1CF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {23EBF5EA-2036-4EBA-AA8B-89CBFBEBE7B2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2C8C9661-3CAA-4CF2-A8CC-0D1B8A839362} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {42A1D4A6-F0C7-4585-9B71-64F551A7D1BB} - \Sa47704175477041754770417547704175 -> No File <==== ATTENTION
Task: {45B52735-C49B-43C9-98B9-73B6C5EA8012} - \Sa4831887483188748318874831887 -> No File <==== ATTENTION
Task: {5718877F-BF31-45A1-B26A-A4CFC9D38F6B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {77F1C98A-6D87-4C09-974E-B27636BE02E3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {95694D9C-717A-465C-BAA6-F924367E7246} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9D85C7BA-AC42-49E0-AFF6-EE9B328791CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BDA17C6F-D9B2-4596-A526-764D963D50BA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C22A715A-C08B-4C71-906C-C5B42C92997C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C9C85384-8F5B-4A0B-8B62-5341736E9EBD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CF07E067-86F1-4DCC-9D28-5FA3AC58A043} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DD0312F4-BE34-49D2-A325-235B6568AAD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krause.lnk
C:\Program Files (x86)\Nevil
C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krausekrause.lnk

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java SE Development Kit 8 Update 111 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180111}) (Version: 8.0.1110.14 - Oracle Corporation)
===

Please post the log and let me know of any remaining programs.

#6 Hayama

Hayama
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 14 December 2017 - 04:04 PM

Hello again and thanks for all your help! I've followed all steps. The page to check Java version said I was up to date, but when I installed the JDK 9.0.1, it also installed Java 9.0.1 so I uninstalled all 3 of the listed Java items. Below is my Fixlog. Let me know if you need anything else. Thanks!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-12-2017
Ran by Mitchell (14-12-2017 14:41:07) Run:1
Running from C:\Users\Mitchell\Downloads
Loaded Profiles: Mitchell (Available Profiles: Mitchell)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [belton] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKLM\...\Run: [beltonglazunov] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKLM\...\Run: [beltonbelton] => "C:\Program Files (x86)\Dad\collectives.exe"
HKLM-x32\...\Run: [carlson] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKLM-x32\...\Run: [carlsonbacksliding] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKLM-x32\...\Run: [carlsoncarlson] => "C:\Program Files (x86)\Dad\collectives.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [backsliding] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [backslidingcarlson] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [backslidingbacksliding] => "C:\Program Files (x86)\Dad\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [glazunov] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [glazunovbelton] => "C:\Program Files (x86)\kingfisher\gilbride.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [glazunovglazunov] => "C:\Program Files (x86)\Dad\collectives.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [ampersands] => "C:\Program Files (x86)\watertown\ampersands.exe"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [melt] => "C:\Program Files (x86)\Nevil\collectives.exe"
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krause.lnk [2017-12-13]
ShortcutTarget: krause.lnk -> C:\Program Files (x86)\Nevil\collectives.exe (No File)
Startup: C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krausekrause.lnk [2017-12-13]
ShortcutTarget: krausekrause.lnk -> C:\Program Files (x86)\kingfisher\gilbride.exe (No File)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [X]
S3 udiskMgr; system32\drivers\ybfilo.sys [X]

CustomCLSID: HKU\S-1-5-21-2612921270-2592388305-428700144-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mitchell\AppData\Local\Citrix\GoToMeeting\5808\G2MOutlookAddin64.dll => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {04A59D2D-349A-46A9-A62F-271461F63B63} - \Sak4831887k4831887 -> No File <==== ATTENTION
Task: {1FEF12E3-AB83-4B3F-9856-9BF745ED1CF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {23EBF5EA-2036-4EBA-AA8B-89CBFBEBE7B2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2C8C9661-3CAA-4CF2-A8CC-0D1B8A839362} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {42A1D4A6-F0C7-4585-9B71-64F551A7D1BB} - \Sa47704175477041754770417547704175 -> No File <==== ATTENTION
Task: {45B52735-C49B-43C9-98B9-73B6C5EA8012} - \Sa4831887483188748318874831887 -> No File <==== ATTENTION
Task: {5718877F-BF31-45A1-B26A-A4CFC9D38F6B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {77F1C98A-6D87-4C09-974E-B27636BE02E3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {95694D9C-717A-465C-BAA6-F924367E7246} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9D85C7BA-AC42-49E0-AFF6-EE9B328791CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BDA17C6F-D9B2-4596-A526-764D963D50BA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C22A715A-C08B-4C71-906C-C5B42C92997C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C9C85384-8F5B-4A0B-8B62-5341736E9EBD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CF07E067-86F1-4DCC-9D28-5FA3AC58A043} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DD0312F4-BE34-49D2-A325-235B6568AAD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krause.lnk
C:\Program Files (x86)\Nevil
C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krausekrause.lnk

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\belton => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\beltonglazunov => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\beltonbelton => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\carlson => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\carlsonbacksliding => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\carlsoncarlson => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\Software\Microsoft\Windows\CurrentVersion\Run\\backsliding => value removed successfully
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\Software\Microsoft\Windows\CurrentVersion\Run\\backslidingcarlson => value removed successfully
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\Software\Microsoft\Windows\CurrentVersion\Run\\backslidingbacksliding => value removed successfully
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\Software\Microsoft\Windows\CurrentVersion\Run\\glazunov => value removed successfully
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\Software\Microsoft\Windows\CurrentVersion\Run\\glazunovbelton => value removed successfully
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\Software\Microsoft\Windows\CurrentVersion\Run\\glazunovglazunov => value removed successfully
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\Software\Microsoft\Windows\CurrentVersion\Run\\ampersands => value removed successfully
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\Software\Microsoft\Windows\CurrentVersion\Run\\melt => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krause.lnk => moved successfully
C:\Program Files => FRST is scripted not to move this directory.
C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krausekrause.lnk => moved successfully
C:\Program Files => FRST is scripted not to move this directory.
"HKLM\System\CurrentControlSet\Services\ibtsiva" => removed successfully
ibtsiva => service removed successfully
"HKLM\System\CurrentControlSet\Services\WsDrvInst" => removed successfully
WsDrvInst => service removed successfully
"HKLM\System\CurrentControlSet\Services\udiskMgr" => removed successfully
udiskMgr => service removed successfully
"HKU\S-1-5-21-2612921270-2592388305-428700144-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => key not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04A59D2D-349A-46A9-A62F-271461F63B63} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04A59D2D-349A-46A9-A62F-271461F63B63}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sak4831887k4831887" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FEF12E3-AB83-4B3F-9856-9BF745ED1CF9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FEF12E3-AB83-4B3F-9856-9BF745ED1CF9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23EBF5EA-2036-4EBA-AA8B-89CBFBEBE7B2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23EBF5EA-2036-4EBA-AA8B-89CBFBEBE7B2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C8C9661-3CAA-4CF2-A8CC-0D1B8A839362}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C8C9661-3CAA-4CF2-A8CC-0D1B8A839362}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42A1D4A6-F0C7-4585-9B71-64F551A7D1BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42A1D4A6-F0C7-4585-9B71-64F551A7D1BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sa47704175477041754770417547704175" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45B52735-C49B-43C9-98B9-73B6C5EA8012}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45B52735-C49B-43C9-98B9-73B6C5EA8012}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sa4831887483188748318874831887" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5718877F-BF31-45A1-B26A-A4CFC9D38F6B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5718877F-BF31-45A1-B26A-A4CFC9D38F6B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77F1C98A-6D87-4C09-974E-B27636BE02E3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77F1C98A-6D87-4C09-974E-B27636BE02E3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95694D9C-717A-465C-BAA6-F924367E7246}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95694D9C-717A-465C-BAA6-F924367E7246}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D85C7BA-AC42-49E0-AFF6-EE9B328791CD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D85C7BA-AC42-49E0-AFF6-EE9B328791CD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDA17C6F-D9B2-4596-A526-764D963D50BA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDA17C6F-D9B2-4596-A526-764D963D50BA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C22A715A-C08B-4C71-906C-C5B42C92997C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C22A715A-C08B-4C71-906C-C5B42C92997C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C9C85384-8F5B-4A0B-8B62-5341736E9EBD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9C85384-8F5B-4A0B-8B62-5341736E9EBD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF07E067-86F1-4DCC-9D28-5FA3AC58A043}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF07E067-86F1-4DCC-9D28-5FA3AC58A043}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD0312F4-BE34-49D2-A325-235B6568AAD0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD0312F4-BE34-49D2-A325-235B6568AAD0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krause.lnk" => not found.
"C:\Program Files (x86)\Nevil" => not found.
"C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\krausekrause.lnk" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 171850743 B
Java, Flash, Steam htmlcache => 564333329 B
Windows/system/drivers => 19119148 B
Edge => 236301415 B
Chrome => 143103984 B
Firefox => 517305858 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 36900 B
NetworkService => 605532 B
Mitchell => 5013499898 B

RecycleBin => 24290916 B
EmptyTemp: => 6.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:59:11 ====



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 15 December 2017 - 07:31 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#8 Hayama

Hayama
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 15 December 2017 - 02:04 PM

Hello,

 

Thank you for all your help! I'm not seeing any remnants of the files or processes anywhere. I was able to turn on the real time protection in Windows Defender, however one thing that's still not working is Spybot Search & Destroy cannot update - the service won't start. I don't know if this would be from the virus(es) or if it's something else.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 15 December 2017 - 02:37 PM

Hi,

I would remove it using the Add/Remove programs > Programs features and after a restart of the computer reinstall the program.

#10 Hayama

Hayama
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 15 December 2017 - 03:33 PM

I have done that a couple times and same result.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 16 December 2017 - 07:27 AM



Hi,

Follow the instructions on this page.

https://www.safer-networking.org/faq/spybot-search-destroy-update-failed/

As suggested on the page contact them if the problem persists.

#12 Hayama

Hayama
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 16 December 2017 - 08:18 PM

Thank you, I will do that.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users