Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus "removed", still having issues


  • This topic is locked This topic is locked
8 replies to this topic

#1 Hayama

Hayama

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 24 December 2017 - 06:13 AM

Hey guys, sorry to do this again, but my previous topic is locked. My computer is exhibiting odd symptoms, from an inability to update spybot to other things. Most recently, Windows 10 will not update. It's been bugging me for a few days and I finally did it. It said it failed to update, and now it's bugging me every hour or so. Doesn't do anything to obey its commands. I would really prefer not to have to do a fresh wipe and install (read: really, really, really don't wanna do that). Here are my logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
Ran by Mitchell (administrator) on BABY (24-12-2017 06:07:52)
Running from C:\Users\Mitchell\Downloads
Loaded Profiles: Mitchell (Available Profiles: Mitchell)
Platform: Windows 10 Home Version 1703 15063.786 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(HP) C:\Windows\System32\hpservice.exe
(HP) C:\Windows\System32\HP3DDGService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hp\HP System Event\HPWMISVC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Discord Inc.) C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\Discord.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Discord Inc.) C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\Discord.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hp\HP System Event\HPMSGSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Discord Inc.) C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\Discord.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [404912 2015-07-25] ()
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [ACPW08EN] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe [1813776 2014-09-17] (ACD Systems)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-23] (Logitech Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518456 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646680 2017-09-27] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [ACDSeeCommanderPro8] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe [2136072 2014-09-19] ()
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7693880 2015-09-10] (GOG.com)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15842280 2017-11-06] (Plex, Inc.)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [15671472 2017-08-23] (NordVPN)
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [CiscoSpark] => C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Spark\Cisco Spark.lnk [2738 2017-12-08] ()
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Run: [Discord] => C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-18\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [15671472 2017-08-23] (NordVPN)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15842280 2017-11-06] (Plex, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{74628100-f84c-4272-aec2-2d09e6074fa7}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8b5122bc-2301-400c-8cc5-42b7c0a525d6}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{e0730efc-674c-463e-9c2a-374d5a100ebd}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{f0c6b50c-af74-4fc0-9773-15c75406f1a6}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{F3578B66-2542-4009-A3E8-FCDDF7947817}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> {1B8AB615-C383-4931-924A-F5E79129E3D0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {1B8AB615-C383-4931-924A-F5E79129E3D0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2612921270-2592388305-428700144-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2612921270-2592388305-428700144-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-2612921270-2592388305-428700144-1002 -> {1B8AB615-C383-4931-924A-F5E79129E3D0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2612921270-2592388305-428700144-1002 -> {D0693E22-8A05-4F8F-85A7-8D2593BEE556} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2612921270-2592388305-428700144-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-9.0.1\bin\ssv.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-9.0.1\bin\jp2ssv.dll [2017-12-14] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\ymuep9dg.default-1438217038008 [2017-12-24]
FF Homepage: Mozilla\Firefox\Profiles\ymuep9dg.default-1438217038008 -> hxxps://www.gamefaqs.com/
FF Session Restore: Mozilla\Firefox\Profiles\ymuep9dg.default-1438217038008 -> is enabled.
FF Extension: (Cisco WebEx Extension) - C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\ymuep9dg.default-1438217038008\Extensions\ciscowebexstart1@cisco.com.xpi [2017-07-19]
FF Extension: (Adblock Plus) - C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\ymuep9dg.default-1438217038008\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @java.com/DTPlugin,version=12.0.1.0 -> C:\Program Files\Java\jre-9.0.1\bin\dtplugin\npDeployJava1.dll [2017-12-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=12.0.1.0 -> C:\Program Files\Java\jre-9.0.1\bin\plugin2\npjp2.dll [2017-12-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2612921270-2592388305-428700144-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Mitchell\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-2612921270-2592388305-428700144-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mitchell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-10-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2612921270-2592388305-428700144-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-04-19] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Mitchell\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-05-07] (Cisco WebEx LLC)

Chrome:
=======
CHR Profile: C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default [2017-12-17]
CHR Extension: (Slides) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-16]
CHR Extension: (YouTube) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-16]
CHR Extension: (Sheets) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-16]
CHR Extension: (Gmail) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-16]
CHR Extension: (Chrome Media Router) - C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-04-19] (Microsoft Corporation)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S4 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1738808 2015-09-10] (GOG.com)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6943800 2015-09-10] (GOG.com)
R2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-10-03] (HP)
R2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [359856 2015-07-25] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-07-01] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-01-23] (Logitech Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-12-02] ()
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [417456 2017-08-23] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [463664 2017-11-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-10-10] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2100200 2017-11-06] (Plex, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-06] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-14] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-14] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe [473824 2017-05-05] (Wondershare)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3832224 2015-12-02] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [54296 2017-10-03] (HP)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [40472 2017-10-03] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-09] (Intel Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [51712 2015-05-07] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-05-28] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-01-23] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2017-01-23] (Logitech Inc.)
S3 LGSUsbFilt; C:\WINDOWS\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-13] (Malwarebytes)
R1 MpKslb5cbaffa; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{156FF6A8-8666-4E8F-844C-8F3C2D414AD8}\MpKslb5cbaffa.sys [58120 2017-12-24] (Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2013-08-06] (Apple Inc.) [File not signed]
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3515152 2015-12-25] (Intel Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2015-06-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_1d911bd7dce07320\nvlddmkm.sys [17020720 2017-11-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-11-27] (NVIDIA Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-01] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-14] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-14] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-14] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 udiskMgr; system32\drivers\vybfil.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-24 06:07 - 2017-12-24 06:07 - 000000000 ____D C:\Users\Mitchell\Downloads\FRST-OlderVersion
2017-12-24 05:47 - 2017-12-24 05:47 - 000142136 ____N C:\WINDOWS\system32\Drivers\nvcxbehk.sys
2017-12-24 05:47 - 2017-12-24 05:47 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-24 05:45 - 2017-12-24 05:58 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-12-16 19:25 - 2017-12-16 19:25 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Mitchell\Downloads\spybotsd-2.6.46.exe
2017-12-16 19:25 - 2017-12-16 19:25 - 000001467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-12-16 19:25 - 2017-12-16 19:25 - 000001455 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-12-16 19:25 - 2017-12-16 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-12-16 19:25 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2017-12-16 12:30 - 2017-12-16 12:30 - 000000009 _____ C:\Users\Mitchell\Desktop\plex password.txt
2017-12-14 16:00 - 2017-12-14 16:00 - 000000000 ____D C:\Users\Default\AppData\Roaming\Sun
2017-12-14 16:00 - 2017-12-14 16:00 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2017-12-14 15:42 - 2017-12-14 15:42 - 000003734 _____ C:\WINDOWS\System32\Tasks\JavaUpdateSched
2017-12-14 14:41 - 2017-12-14 14:59 - 000016034 _____ C:\Users\Mitchell\Downloads\Fixlog.txt
2017-12-14 13:53 - 2017-12-14 13:53 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-14 12:12 - 2017-12-14 12:12 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\32353193.sys
2017-12-14 12:11 - 2017-12-14 12:18 - 000000000 ____D C:\Users\Mitchell\Desktop\mbar
2017-12-14 12:11 - 2017-12-14 12:18 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-14 12:11 - 2017-12-14 12:11 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-12-14 07:26 - 2017-11-29 21:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-14 07:26 - 2017-11-29 21:58 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-14 07:26 - 2017-11-29 21:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-14 07:26 - 2017-11-29 21:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-14 07:26 - 2017-11-29 21:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-14 07:26 - 2017-11-29 21:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-14 07:26 - 2017-11-29 21:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-14 07:26 - 2017-11-29 21:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-14 07:26 - 2017-11-29 21:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-14 07:26 - 2017-11-29 21:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-14 07:26 - 2017-11-29 21:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-14 07:26 - 2017-11-29 21:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-12-14 07:26 - 2017-11-29 21:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-14 07:26 - 2017-11-29 21:37 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-14 07:26 - 2017-11-29 21:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-12-14 07:26 - 2017-11-29 21:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-12-14 07:26 - 2017-11-17 04:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-12-14 07:26 - 2017-11-17 04:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-14 07:25 - 2017-11-29 22:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-14 07:25 - 2017-11-29 22:00 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-14 07:25 - 2017-11-29 21:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-14 07:25 - 2017-11-29 21:44 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-14 07:25 - 2017-11-29 21:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-14 07:25 - 2017-11-29 21:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-12-14 07:25 - 2017-11-29 21:35 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-14 07:24 - 2017-11-29 22:29 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-14 07:24 - 2017-11-29 22:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-14 07:24 - 2017-11-29 21:59 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-14 07:24 - 2017-11-29 21:44 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-14 07:24 - 2017-11-29 21:44 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-14 07:24 - 2017-11-29 21:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-14 07:24 - 2017-11-29 21:43 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-14 07:24 - 2017-11-29 21:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-14 07:24 - 2017-11-29 21:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-12-14 07:24 - 2017-11-29 21:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-14 07:24 - 2017-11-29 21:40 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-14 07:24 - 2017-11-29 21:40 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-14 07:24 - 2017-11-29 21:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-14 07:24 - 2017-11-29 21:38 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-14 07:24 - 2017-11-29 21:37 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-14 07:24 - 2017-11-29 21:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-12-14 07:24 - 2017-11-29 21:36 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-14 07:24 - 2017-11-29 21:36 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-14 07:24 - 2017-11-29 21:36 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-14 07:24 - 2017-11-29 21:36 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-14 07:24 - 2017-11-17 04:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-14 07:23 - 2017-11-29 22:33 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-14 07:23 - 2017-11-29 22:33 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-14 07:23 - 2017-11-29 22:26 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-14 07:23 - 2017-11-29 22:24 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-14 07:23 - 2017-11-29 22:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-14 07:23 - 2017-11-29 21:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-14 07:23 - 2017-11-29 21:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-14 07:23 - 2017-11-29 21:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-14 07:23 - 2017-11-29 21:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-12-14 07:23 - 2017-11-29 21:42 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-14 07:23 - 2017-11-29 21:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-14 07:23 - 2017-11-29 21:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-14 07:23 - 2017-11-29 21:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-14 07:23 - 2017-11-29 21:39 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-14 07:23 - 2017-11-29 21:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-14 07:23 - 2017-11-29 21:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-12-14 07:23 - 2017-11-29 21:38 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-14 07:23 - 2017-11-29 21:37 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-14 07:23 - 2017-11-29 21:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-12-14 07:23 - 2017-11-29 21:36 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-14 07:23 - 2017-11-29 21:36 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-14 07:23 - 2017-11-17 04:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-14 07:23 - 2017-11-17 04:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-14 07:23 - 2017-11-17 04:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-14 07:23 - 2017-11-17 04:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-14 07:23 - 2017-11-17 04:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-14 07:23 - 2017-11-17 04:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-14 07:23 - 2017-11-17 04:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-14 07:23 - 2017-11-17 04:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-14 07:23 - 2017-11-17 04:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-12-14 07:23 - 2017-11-17 04:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-14 07:23 - 2017-11-17 04:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-14 07:23 - 2017-11-17 04:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-14 07:23 - 2017-11-17 04:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-14 07:23 - 2017-11-17 04:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-12-14 07:23 - 2017-11-17 04:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-12-14 07:23 - 2017-11-17 04:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-14 07:23 - 2017-11-17 04:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-14 07:23 - 2017-11-17 03:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-14 07:23 - 2017-11-17 03:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.027
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.026
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.025
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.024
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.023
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.022
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.021
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.020
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.019
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.018
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.017
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.016
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.015
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.014
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.013
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.012
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.011
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.010
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.009
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.008
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.007
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.006
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.005
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.004
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.003
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.002
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.001
2017-12-14 01:30 - 2017-12-14 01:30 - 000000000 __SHD C:\found.000
2017-12-13 19:54 - 2017-12-13 20:00 - 000000000 ____D C:\AdwCleaner
2017-12-13 19:52 - 2017-12-13 20:03 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-12-13 19:44 - 2017-12-13 19:51 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-12-13 19:44 - 2017-12-13 19:51 - 000000000 ____D C:\ProgramData\RogueKiller
2017-12-13 19:44 - 2017-12-13 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-12-13 19:43 - 2017-12-13 19:51 - 000000000 ____D C:\Program Files\RogueKiller
2017-12-13 19:06 - 2017-12-13 19:06 - 000001972 _____ C:\Users\Mitchell\Desktop\Process Hacker 2.lnk
2017-12-13 19:06 - 2017-12-13 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2017-12-13 19:06 - 2017-12-13 19:06 - 000000000 ____D C:\Program Files\Process Hacker 2
2017-12-13 17:12 - 2016-06-28 10:52 - 000318624 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\pskill64.exe
2017-12-13 16:28 - 2017-12-14 12:22 - 000117132 _____ C:\Users\Mitchell\Downloads\Addition.txt
2017-12-13 16:27 - 2017-12-24 06:08 - 000036993 _____ C:\Users\Mitchell\Downloads\FRST.txt
2017-12-13 16:27 - 2017-12-24 06:07 - 000000000 ____D C:\FRST
2017-12-13 16:26 - 2017-12-24 06:07 - 002392064 _____ (Farbar) C:\Users\Mitchell\Downloads\FRST64.exe
2017-12-13 12:36 - 2017-12-13 13:16 - 000004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-12-13 12:34 - 2017-12-13 22:57 - 000000000 ____D C:\Users\Mitchell\AppData\Local\Avg
2017-12-13 12:34 - 2017-12-13 22:57 - 000000000 ____D C:\ProgramData\Avg
2017-12-13 12:34 - 2017-12-13 22:57 - 000000000 ____D C:\Program Files (x86)\AVG
2017-12-13 12:34 - 2017-12-13 22:51 - 000000000 ____D C:\Users\Mitchell\AppData\Local\AvgSetupLog
2017-12-13 12:34 - 2017-12-13 12:34 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-12-13 11:44 - 2017-12-16 19:19 - 000000257 _____ C:\WINDOWS\wininit.ini
2017-12-13 11:38 - 2017-12-13 12:29 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-13 11:37 - 2017-12-13 11:37 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-13 11:26 - 2017-12-13 11:26 - 000000000 ____D C:\Users\Mitchell\Desktop\Process Explorer
2017-12-13 10:09 - 2015-03-22 15:46 - 000000856 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20171213-100906.backup
2017-12-13 10:03 - 2017-12-13 22:48 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-13 10:02 - 2017-12-13 10:02 - 000000000 ____D C:\WINDOWS\pss
2017-12-13 09:48 - 2017-12-16 19:25 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-12-13 09:48 - 2017-12-16 19:25 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-12-13 09:48 - 2017-12-13 09:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-12-13 07:24 - 2017-12-13 07:24 - 3285342941 _____ C:\WINDOWS\MEMORY.DMP
2017-12-13 07:24 - 2017-12-13 07:24 - 000928452 _____ C:\WINDOWS\Minidump\121317-9640-01.dmp
2017-12-13 05:59 - 2017-12-13 05:59 - 000000000 ____D C:\WINDOWS\SysWOW64\coclubd
2017-12-11 17:57 - 2017-12-11 17:57 - 000035750 _____ C:\WINDOWS\uninstaller.dat
2017-12-08 15:39 - 2017-12-08 15:39 - 000000012 _____ C:\Users\Mitchell\Desktop\everyone goes to the rapture.txt
2017-12-06 21:54 - 2017-12-06 21:54 - 000074566 _____ C:\Users\Mitchell\Documents\COMPASS application 12-06-17.pdf
2017-12-06 20:52 - 2017-12-06 21:12 - 000000000 ____D C:\Users\Mitchell\Documents\Copies for assistance application
2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-11-30 19:46 - 2017-11-30 19:46 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-30 19:46 - 2017-09-13 18:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-11-30 19:46 - 2017-09-13 18:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-11-30 19:46 - 2017-09-13 18:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-11-30 19:46 - 2017-09-13 18:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-11-30 19:44 - 2017-11-27 20:56 - 040238576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 036348400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 035159072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 029378960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 023266584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 019039304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 013866792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 013255032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 011780888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 010883744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 004202808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 003615024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001991016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438843.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001674552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438843.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001321264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001101296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001038680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 001032688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000982000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000932424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-11-30 19:44 - 2017-11-27 20:56 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-11-30 19:44 - 2017-11-27 20:56 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-11-25 09:56 - 2017-12-01 21:25 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-25 09:56 - 2017-12-01 21:25 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-24 05:53 - 2017-04-19 00:29 - 002655718 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-24 05:50 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-24 05:50 - 2015-09-24 16:38 - 000000000 ____D C:\Users\Mitchell\Documents\Youcam
2017-12-24 05:49 - 2017-04-19 00:29 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-24 05:49 - 2017-02-21 23:57 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-24 05:49 - 2016-11-16 14:31 - 000000000 ____D C:\Users\Mitchell\AppData\LocalLow\Mozilla
2017-12-24 05:49 - 2015-07-31 20:10 - 000000000 ___RD C:\Users\Mitchell\OneDrive
2017-12-24 05:48 - 2017-04-19 00:29 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-12-24 05:48 - 2015-07-31 19:58 - 000000000 __SHD C:\Users\Mitchell\IntelGraphicsProfiles
2017-12-24 05:47 - 2017-04-19 00:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-24 05:47 - 2017-03-18 06:40 - 018874368 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-24 05:47 - 2017-03-18 06:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-12-24 05:44 - 2017-04-19 00:29 - 000000000 ____D C:\Users\Mitchell
2017-12-24 05:16 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-24 05:14 - 2017-05-26 14:20 - 000000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMitchell.job
2017-12-24 05:14 - 2016-11-20 10:58 - 000000658 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2612921270-2592388305-428700144-1002.job
2017-12-24 05:14 - 2016-11-20 10:58 - 000000562 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2612921270-2592388305-428700144-1002.job
2017-12-24 05:14 - 2016-10-31 22:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-24 05:11 - 2017-08-10 00:04 - 000000000 ____D C:\Users\Mitchell\Documents\Summoners War
2017-12-24 05:09 - 2017-04-19 00:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-24 02:00 - 2014-10-17 16:52 - 000000000 ____D C:\Users\Mitchell\AppData\Local\Adobe
2017-12-23 12:06 - 2017-04-19 00:45 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CE4AE1DE-6B9C-45BA-AE3F-4ED0DC535680}
2017-12-22 15:18 - 2017-05-26 14:20 - 000003258 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMitchell
2017-12-22 06:31 - 2017-07-08 09:36 - 000000000 ____D C:\Users\Mitchell\AppData\Local\GoToMeeting
2017-12-22 06:31 - 2017-04-19 00:45 - 000003810 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2612921270-2592388305-428700144-1002
2017-12-22 06:31 - 2017-04-19 00:45 - 000003714 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2612921270-2592388305-428700144-1002
2017-12-20 05:14 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-20 05:14 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-19 14:26 - 2014-04-17 01:00 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\tixati
2017-12-17 03:41 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-12-14 16:00 - 2017-01-06 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-12-14 16:00 - 2017-01-06 22:03 - 000000000 ____D C:\Program Files\Java
2017-12-14 16:00 - 2014-10-19 02:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-14 16:00 - 2014-10-19 02:24 - 000000000 ____D C:\Program Files (x86)\Java
2017-12-14 15:42 - 2017-01-06 22:05 - 000144448 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-12-14 15:07 - 2014-06-16 21:59 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-12-14 14:54 - 2015-09-23 22:34 - 000000000 ____D C:\Users\Mitchell\AppData\LocalLow\Temp
2017-12-14 13:54 - 2017-04-19 00:28 - 000521712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-14 13:53 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-14 13:53 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-14 12:12 - 2015-07-29 06:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-14 07:27 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-13 20:47 - 2013-08-22 10:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-13 20:00 - 2016-05-12 21:55 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-12-13 19:40 - 2015-10-22 23:21 - 000007597 _____ C:\Users\Mitchell\AppData\Local\Resmon.ResmonCfg
2017-12-13 13:39 - 2016-05-15 11:30 - 000000000 ____D C:\Users\Mitchell\Desktop\SWProxy-windows
2017-12-13 12:06 - 2017-07-27 10:37 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2612921270-2592388305-428700144-1002
2017-12-13 12:06 - 2015-07-31 20:10 - 000002414 _____ C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-13 11:44 - 2016-11-06 22:43 - 000000000 ____D C:\ProgramData\ReviverSoft
2017-12-13 11:44 - 2016-11-06 22:43 - 000000000 ____D C:\Program Files\ReviverSoft
2017-12-13 11:25 - 2014-06-16 23:04 - 000000000 ____D C:\Users\Mitchell\AppData\Local\NVIDIA Corporation
2017-12-13 10:42 - 2017-08-31 21:18 - 000000000 ____D C:\Users\Mitchell\AppData\Local\CiscoSpark
2017-12-13 10:28 - 2014-04-19 21:12 - 000000000 ____D C:\Users\Mitchell\AppData\Local\ElevatedDiagnostics
2017-12-13 09:30 - 2017-01-30 02:28 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\discord
2017-12-13 07:24 - 2017-05-16 01:44 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-13 06:08 - 2017-09-16 23:33 - 000002297 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-13 06:07 - 2017-09-16 23:33 - 000002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-12 19:46 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-12 19:46 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 15:06 - 2014-04-16 20:19 - 000000000 ____D C:\Users\Mitchell\AppData\Local\Packages
2017-12-12 09:53 - 2017-09-27 01:33 - 000002290 _____ C:\Users\Mitchell\Desktop\Discord.lnk
2017-12-12 09:53 - 2017-09-27 01:33 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-12 09:53 - 2017-09-27 01:33 - 000000000 ____D C:\Users\Mitchell\AppData\Local\Discord
2017-12-12 09:52 - 2017-08-31 21:18 - 000000000 ____D C:\Users\Mitchell\AppData\Local\CiscoSparkLauncher
2017-12-12 09:52 - 2017-04-19 00:29 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-12 09:52 - 2016-11-15 17:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-12 09:52 - 2014-04-16 20:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-11 23:06 - 2014-04-16 20:33 - 000001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-11 17:03 - 2015-02-03 23:26 - 000000000 ____D C:\Users\Mitchell\AppData\Local\CutePDF Writer
2017-12-05 16:20 - 2017-08-20 00:16 - 000000000 ____D C:\Users\Mitchell\Desktop\Summoners War Exporter Files
2017-12-01 04:48 - 2015-09-06 16:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 19:46 - 2017-05-06 17:16 - 000000000 ____D C:\Users\Mitchell\AppData\Roaming\NVIDIA
2017-11-30 19:46 - 2017-02-07 19:23 - 000000000 ____D C:\Temp
2017-11-30 19:45 - 2017-04-19 00:29 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-30 19:36 - 2017-05-23 21:28 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-05-23 21:28 - 000001492 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-11-30 19:36 - 2017-04-19 00:45 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:45 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-30 19:36 - 2017-04-19 00:29 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-30 13:48 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-29 14:48 - 2014-04-17 06:37 - 000000000 ____D C:\Users\Mitchell\AppData\Local\CrashDumps
2017-11-28 10:18 - 2017-04-06 21:51 - 017020720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2017-11-27 20:56 - 2017-04-06 21:51 - 004485560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-11-27 20:56 - 2017-04-06 21:51 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-11-27 20:56 - 2017-04-06 21:51 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-11-27 20:56 - 2017-04-06 21:51 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb
2017-11-27 19:37 - 2017-04-19 00:29 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-11-27 19:06 - 2017-04-19 00:29 - 005965624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 002588976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 001766288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 000608240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 000450544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 000122768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-11-27 19:06 - 2017-04-19 00:29 - 000082736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-11-27 13:37 - 2014-04-17 01:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-27 13:33 - 2017-10-10 14:48 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-27 13:33 - 2014-04-17 01:28 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-25 09:57 - 2014-04-17 04:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-25 09:54 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

==================== Files in the root of some directories =======

2015-04-11 00:56 - 2015-04-11 00:57 - 000000093 _____ () C:\Users\Mitchell\AppData\Roaming\ARCompanion.log
2016-01-11 21:34 - 2016-01-11 21:34 - 000000023 _____ () C:\Users\Mitchell\AppData\Roaming\Microsoft\cmldt32.dll
2016-03-27 19:35 - 2016-03-27 19:35 - 000002168 _____ () C:\Users\Mitchell\AppData\Local\recently-used.xbel
2015-10-22 23:21 - 2017-12-13 19:40 - 000007597 _____ () C:\Users\Mitchell\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\nvcxbehk.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-12-17 03:41

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by Mitchell (24-12-2017 06:08:32)
Running from C:\Users\Mitchell\Downloads
Windows 10 Home Version 1703 15063.786 (X64) (2017-04-19 05:48:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2612921270-2592388305-428700144-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2612921270-2592388305-428700144-503 - Limited - Disabled)
Guest (S-1-5-21-2612921270-2592388305-428700144-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2612921270-2592388305-428700144-1004 - Limited - Enabled)
Mitchell (S-1-5-21-2612921270-2592388305-428700144-1002 - Administrator - Enabled) => C:\Users\Mitchell

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Pro 8 (64-bit) (HKLM\...\{F84CE839-8CDD-4DC1-9A05-FA93BEA8B63D}) (Version: 8.0.0.262 - ACD Systems International Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.1.3 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{9F429DF7-F8DD-4980-9673-E6DACA012F6C}) (Version: 3.3 - Microsoft Corporation) Hidden
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{E719AF7A-FBD9-45F8-AD4F-EBD1EFD985BB}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
BetOnline (HKLM-x32\...\BetOnline 0) (Version:  - )
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build Tools - amd64 (HKLM\...\{4926C378-8A39-4273-AF6F-726F899F9F74}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{BB543516-F37F-46A4-BED1-C5146A6D9892}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{5DF74EA2-A660-446F-93B3-B19823435C30}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{FCB384E7-0E3F-431E-A510-2458E1FF21ED}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Bulk Extractor 1.5.1 (HKLM-x32\...\Bulk Extractor 1.5.1) (Version: 1.5.1 - NPS)
CDisplayEx 1.10.23 (HKLM\...\CDisplayEx_is1) (Version:  - cdisplayex.com)
Cisco Spark (HKLM-x32\...\{EC7BBFC9-7522-45A0-9D33-B3B803AD0A0F}) (Version: 2.0.6199.0 - Cisco Systems, Inc)
Cisco WebEx Meetings (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{75FCE33E-4E0C-4CE1-ADF0-75F258DF27A0}) (Version: 1.0.445 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.100.10 - Citrix Systems, Inc.)
Complemento do Microsoft Report Viewer para Visual Studio 2013 (HKLM-x32\...\{1B5ABBBD-3808-403D-A224-F1ACB0A00EB1}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Complemento Microsoft Report Viewer para Visual Studio 2013 (HKLM-x32\...\{56A47015-095E-48CA-819F-15D0B52C274B}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (HKLM-x32\...\{44AEF1F7-C770-471C-AA62-4145A4F2C517}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
CrypTool 1.4.30 (HKLM-x32\...\CrypTool) (Version: 1.4.30 - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Discord) (Version: 0.0.299 - Discord Inc.)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition 5.18.1 (HKLM-x32\...\{9890DF1A-10E9-4236-94B1-1EFAA4099F13}) (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
e5 Secure Download Manager (HKLM-x32\...\{9731C87A-24EE-42AE-A169-759C0060B0DB}) (Version: 3.2.243.0 - Kivuto Solutions Inc.)
Entity Framework 6.1.0 Tools  for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
GameRanger (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\GameRanger) (Version:  - GameRanger Technologies)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoToMeeting 8.19.0.8126 (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\GoToMeeting) (Version: 8.19.0.8126 - LogMeIn, Inc.)
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{1154543C-D5D0-49BE-A004-82EE0A3746AE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.47.1 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{6B1ECC61-B581-400D-BFAF-101B1AAEA5AB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.57 - Softex Inc.) Hidden
Intel® Driver Update Utility 2.4 (HKLM-x32\...\{1766DD04-5D4D-40BC-953A-D80624BCC063}) (Version: 2.4.0.7 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1327.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{A501AF33-9AEA-4703-BC2F-D4B86458899D}) (Version: 17.1.1531.1764 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{561b5fb5-1d4d-40e8-b3e4-ad52858b217c}) (Version: 2.4.0.7 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{03635e3e-3e57-4d80-9c7d-80c9f62bfc80}) (Version: 18.32.0 - Intel Corporation)
Java 9.0.1 (64-bit) (HKLM\...\{2590B9D6-4310-52BC-808E-1A585861A836}) (Version: 9.0.1.0 - Oracle Corporation)
Java™ SE Development Kit 9.0.1 (64-bit) (HKLM\...\{4AC8DBB2-1AE5-5156-83F9-D4E2E6DD564B}) (Version: 9.0.1.0 - Oracle Corporation)
K-Lite Codec Pack 10.4.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
Logitech Gaming Software 8.91 (HKLM\...\Logitech Gaming Software) (Version: 8.91.48 - Logitech Inc.)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Majesty 2 Collection (HKLM-x32\...\Majesty 2 Collection_is1) (Version:  - )
Memory Profiler (HKLM-x32\...\{4A037836-B224-4890-9631-341F759AD703}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{68DA3B27-2C18-4366-93B0-6B97F5E9B309}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{84e72603-1a6a-4c51-81b3-de36aabcc4f8}) (Version: 12.0.30501 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Module Microsoft Report Viewer pour Visual Studio 2013 (HKLM-x32\...\{607562A3-7BD3-4EDE-BDEA-4F1A8D7E84AA}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Nmap 6.49BETA1 (HKLM-x32\...\Nmap) (Version:  - )
NordVPN (HKLM-x32\...\{399A1E19-38E5-40C5-8ACD-BF007782F59A}) (Version: 6.6.11 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.6.11) (Version: 6.6.11 - NordVPN)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.43 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{92838039-27B8-4433-AA2B-F432DC0E5E8B}) (Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Plex Media Server (HKLM-x32\...\{34B11343-9146-43DE-B621-B971E854087D}) (Version: 1.9.6429 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{f3d9eae6-b717-4e4e-884e-227227518530}) (Version: 1.9.6.4429 - Plex, Inc.)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
Python Tools Redirection Template (HKLM-x32\...\{EE541DCE-3018-4A12-B0A3-7C55D62B3D01}) (Version: 1.1 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
RogueKiller version 12.11.27.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.27.0 - Adlice Software)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Self-service Plug-in (HKLM-x32\...\{21451E87-020C-43AD-8043-B07D36BE889E}) (Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
SharePoint Client Components (HKLM\...\{95150002-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17042.12 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17042.12 - Samsung Electronics Co., Ltd.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{992AD614-FFE5-4258-BB56-9E7513E21221}) (Version: 1.9.6429 - Plex, Inc.) Hidden
Summoners War Exporter 0.0.21 (only current user) (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\2c51f908-e8f0-589d-a31c-2016328f814f) (Version: 0.0.21 - porksmash & Xzandro)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{791295AE-3B0A-3222-9E69-26C8C106E8D1}) (Version: 14.0.23102 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\1207658930_is1) (Version: 3.5.0.26 - GOG.com)
The Witcher Enhanced Edition Director's Cut (HKLM-x32\...\1207658924_is1) (Version: 2.1.0.15 - GOG.com)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Total Validator Tool (HKLM-x32\...\Total Validator Tool) (Version: 10.2.2 - Total Validator)
TypeScript Power Tool (HKLM-x32\...\{8A8A0C13-A9B3-45AF-9A4C-4D351E0DFC8A}) (Version: 1.0.1.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{83499F62-B5EC-4F40-A28C-1297241E4D1D}) (Version: 1.0.1.0 - Microsoft Corporation) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity (HKLM-x32\...\Unity) (Version: 5.2.2f1 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual Studio 2013 Update 2 (KB2829760) (HKLM-x32\...\{3c348532-c3bd-4bae-a928-7b555f8c808f}) (Version: 12.0.30501 - Microsoft Corporation)
VitalSource Bookshelf (HKLM-x32\...\{5662bb17-987f-4669-a168-ae4001d70a23}) (Version: 7.6.0004 - Ingram Content Group)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (HKLM-x32\...\{39D9555C-47A7-38F6-AEB9-9E7CAE1C6AF5}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Waterfox 53.0.1 (x64 en-US) (HKLM\...\Waterfox 53.0.1 (x64 en-US)) (Version: 53.0.1 - Mozilla)
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\WinDirStat) (Version:  - )
Windower (HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\Windower) (Version: 4.0.0.0 - Windower Team)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
Надстройка Microsoft Report Viewer для Visual Studio 2013 (HKLM-x32\...\{30BCD3B4-F753-451F-B8F7-86E115A9AE72}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (HKLM-x32\...\{EA754818-DB87-42B6-9753-E668B9186434}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2612921270-2592388305-428700144-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-22] (Cyberlink)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [PicaViewCtxMenuShlExt] -> {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} => C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [2014-09-19] (ACD Systems International Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-22] (Cyberlink)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-07-25] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-27] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {021805C9-0DFD-4C66-883B-3F2B6BA88A44} - System32\Tasks\{C4D6E805-F6FE-453F-A137-D3789CE25DAD} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Mitchell\Downloads\win64_154010.4300.exe -d C:\Users\Mitchell\Downloads
Task: {13016EC2-DC53-42C9-B9C4-29E152F21EFD} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {15C8EDFB-B7DE-416A-A02E-4F203B098437} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-27] (Oracle Corporation)
Task: {17620712-CA36-45A5-A9F5-6B94BE9BC499} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {1CA0D5A5-911C-4059-B853-7738BF7D320A} - System32\Tasks\{34F1B27F-2B3C-4444-9147-35C333415C48} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Mitchell\Downloads\win64_15407.4279.exe -d C:\Users\Mitchell\Downloads
Task: {289A6F20-8DF1-46C9-ACF7-8110020B1C9E} - System32\Tasks\HPCeeScheduleForMitchell => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {304D2137-5BAC-493A-81A6-9DE663854430} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {308D6734-1A88-4EA1-9BBD-8B0BB50B80D4} - System32\Tasks\HP AR Program Upload - 76bb07a27f7d47b0ba699163606b749242d430afe779428caadb922aac41e068 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {5964D12B-61EC-41CD-83FA-8CB81987D47E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {5BF7415E-F0BC-4A6B-914B-A679704CD727} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
Task: {63D8F188-C77F-4C2B-878A-86612DDC90CC} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {6795B95F-3A4E-4699-8594-65272D810302} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {67D22ABE-28E0-4027-BDC7-C1CC8AAA8674} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-19] (Microsoft Corporation)
Task: {6DD92B8B-9AFA-4FDB-AB6B-BAA5EBB8EA37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-16] (Google Inc.)
Task: {6F330E9E-7277-4D29-A8BB-D6258295F2AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {7AFB3A74-5EE7-4C07-9B3C-78798B19AB8C} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2015-02-11] (CyberLink Corp.)
Task: {7CB9935E-E642-4A9B-93A9-1D6FDFCEAA76} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {80916CE6-95F1-4FBB-9FEF-A249965C7744} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {818578A0-7913-4620-8F42-0F5BEEDE1EA7} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {832DC1BC-82E8-443B-BB2E-A13B36F08F12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {83644944-721B-4EA1-8953-17594EF75196} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-19] (Microsoft Corporation)
Task: {8DBAE197-FD5A-490A-A20E-F4EC79C7363B} - System32\Tasks\S-1-5-21-2612921270-2592388305-428700144-1002\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-11-01] (Microsoft Corporation)
Task: {8E33C15B-4C1E-47F8-BF87-2866265D6815} - System32\Tasks\G2MUploadTask-S-1-5-21-2612921270-2592388305-428700144-1002 => C:\Users\Mitchell\AppData\Local\GoToMeeting\8126\g2mupload.exe [2017-12-22] (LogMeIn, Inc.)
Task: {9453977F-197A-4255-90EC-81683F67176F} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
Task: {97237D07-E1C5-4FC5-B99D-1F76FA73BBF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-16] (Google Inc.)
Task: {97879E13-5C17-4D74-BFFC-747256419323} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-14] (Microsoft Corporation)
Task: {9DB28BC3-3033-4C51-832F-625F95066B46} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-14] (Microsoft Corporation)
Task: {A0C4AEF9-4601-4A93-AA49-344E5FCFFCF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {A44A5AEE-985D-4A4D-9DF7-B386F957BB70} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-19] (Microsoft Corporation)
Task: {A52B67B0-39C8-44B5-98E9-038BDB0ED0BD} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {A7364200-2D25-49B4-8BC6-E938506FAC66} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {A8A7923C-7F15-4AE2-AE92-EBB0487320F8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {B39A1960-7D52-4403-86BD-620E2C55FB07} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-19] (Microsoft Corporation)
Task: {B4386D63-D08E-4716-94D2-115DA4410B98} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-14] (Microsoft Corporation)
Task: {B4A0DFAD-4EB6-404D-A2E2-FDA171778741} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {BA590087-A361-4301-9D28-093888FAF61B} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-jakewot@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-05] (Adobe Systems Incorporated)
Task: {BB63FA1D-ACBC-4E86-BC82-A27EA394B5E9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-08-18] (Synaptics Incorporated)
Task: {C0EC013F-F5C0-4FD7-9C60-9293DAD0E049} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {C1A28D13-839A-4FCA-B899-4D412399F815} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {D1856E1E-47D3-4D7F-AF63-1B02F129923E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {D45E00F8-29AD-4D51-AFCB-F85C21EB743E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {DAAED5E1-A9E9-4145-B91B-637F447546AC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {DC4FF96F-BEBE-4C31-8B3A-FCFF90464274} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-14] (Microsoft Corporation)
Task: {DD9921F9-A4BD-40EC-AC26-B5ED48289875} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2017-05-19] (Samsung Electronics Co. Ltd.)
Task: {F10C114C-0D6A-4701-8895-9050552116F8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {F3A4FB45-2568-40B3-B9CA-2D31DB84CC08} - System32\Tasks\G2MUpdateTask-S-1-5-21-2612921270-2592388305-428700144-1002 => C:\Users\Mitchell\AppData\Local\GoToMeeting\8126\g2mupdate.exe [2017-12-22] (LogMeIn, Inc.)
Task: {F455B91F-B84B-494C-B52D-6C6FA1C61817} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {F698F562-03E3-4E72-B340-5C2D8B0A2E48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {FE52ADE5-C22D-43EF-B92C-1B572E654CF8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2612921270-2592388305-428700144-1002.job => C:\Users\Mitchell\AppData\Local\GoToMeeting\8126\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2612921270-2592388305-428700144-1002.job => C:\Users\Mitchell\AppData\Local\GoToMeeting\8126\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMitchell.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Mitchell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2013-10-14 10:25 - 2013-10-14 10:25 - 002541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 000021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 000035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 10:22 - 2013-10-14 10:22 - 000055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 000306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 10:35 - 2013-10-14 10:35 - 001297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-10-14 10:23 - 2013-10-14 10:23 - 000109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 10:24 - 2013-10-14 10:24 - 000627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2015-02-03 23:26 - 2013-10-23 15:24 - 000087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2017-02-22 01:40 - 2017-10-10 20:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-08-23 11:58 - 2017-08-23 11:58 - 000417456 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2013-08-10 01:11 - 2013-08-10 01:11 - 000607744 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.DLL
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2013-10-14 10:30 - 2013-10-14 10:30 - 000065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-03-06 19:07 - 2015-03-06 19:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-01-23 17:19 - 2017-01-23 17:19 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 19:07 - 2015-03-06 19:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-01-23 17:19 - 2017-01-23 17:19 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-12-12 19:46 - 2017-12-12 19:46 - 027795968 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-12-16 19:25 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-12-16 19:25 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-12-16 19:25 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-12-16 19:25 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-02-22 01:40 - 2017-10-10 20:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-12-13 12:06 - 2017-12-13 12:06 - 000102088 _____ () C:\Users\Mitchell\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2017-02-21 23:58 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-02-21 23:58 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-02-21 23:58 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-02-21 23:58 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-02-21 23:58 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-12-13 22:58 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-13 22:58 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-13 22:58 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-13 22:58 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-13 22:58 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-02-21 23:58 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-02-21 23:58 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2017-12-12 09:53 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-12 09:53 - 2017-12-12 09:53 - 001886712 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
2017-12-12 09:53 - 2017-12-12 09:53 - 001773560 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node
2017-11-06 09:51 - 2017-11-06 09:51 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-11-06 09:51 - 2017-11-06 09:51 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2017-12-12 09:53 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-12 09:53 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\Mitchell\AppData\Local\Discord\app-0.0.299\libegl.dll
2017-06-15 16:23 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-02-21 23:58 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-02-21 23:58 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-11-06 09:51 - 2017-11-06 09:51 - 000064488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll
2017-12-12 09:53 - 2017-12-12 09:53 - 009802232 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-12 09:53 - 2017-12-12 09:53 - 001505784 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-12 09:53 - 2017-12-12 09:53 - 000513016 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-12 09:53 - 2017-12-12 09:53 - 002662904 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-12 09:53 - 2017-12-12 09:53 - 001517048 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
2017-12-12 09:53 - 2017-12-12 09:53 - 002749944 _____ () \\?\C:\Users\Mitchell\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node
2014-04-08 03:45 - 2013-08-09 07:25 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2017-12-13 12:38 - 000450607 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    acdid.acdsystems.com
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 15460 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2612921270-2592388305-428700144-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: adawareantivirusservice => 2
MSCONFIG\Services: apexpsvc => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: d8154c9f974cdbb037d0365ba4fd2f29 => 2
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run: => "ACPW08EN"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "beltonbelton"
HKLM\...\StartupApproved\Run: => "beltonglazunov"
HKLM\...\StartupApproved\Run: => "belton"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "carlsoncarlson"
HKLM\...\StartupApproved\Run32: => "carlsonbacksliding"
HKLM\...\StartupApproved\Run32: => "carlson"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\StartupFolder: => "krausekrause.lnk"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\StartupFolder: => "krause.lnk"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "ACDSeeCommanderPro8"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "CiscoSpark"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "melt"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "ampersands"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "glazunovglazunov"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "glazunovbelton"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "glazunov"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "backslidingbacksliding"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "backslidingcarlson"
HKU\S-1-5-21-2612921270-2592388305-428700144-1002\...\StartupApproved\Run: => "backsliding"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9DD49FE1-97F0-4EE0-BEAB-E2F46037CA2B}] => (Block) C:\users\mitchell\desktop\smtp4dev.exe
FirewallRules: [{6C72D9FF-79BB-4062-91A2-01C348006681}] => (Block) C:\users\mitchell\desktop\smtp4dev.exe
FirewallRules: [UDP Query User{621ABA11-A2E9-4AB7-9BC5-7CB492231594}C:\users\mitchell\desktop\smtp4dev.exe] => (Allow) C:\users\mitchell\desktop\smtp4dev.exe
FirewallRules: [TCP Query User{69110F97-0AB6-4EAC-AE7D-454C5198AE13}C:\users\mitchell\desktop\smtp4dev.exe] => (Allow) C:\users\mitchell\desktop\smtp4dev.exe
FirewallRules: [{B7BEBF10-3FC4-4508-8A39-F929052C480E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{BB455E74-8540-4EC1-9F70-86BEEC1788FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{50FAF6E1-FEF9-4D4C-A7A8-2A71DFD103D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F75E35B4-1B04-48A2-871C-43660923992A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{9A83091F-1422-4454-9F7B-A887771FEA64}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FAD550A7-000C-44CE-9205-4741EA815357}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BE1CD32D-D763-420A-B314-89102DB6CB94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Quest\guild-quest.exe
FirewallRules: [{458ADAAE-5995-4BFA-90BC-51020D94F7BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Quest\guild-quest.exe
FirewallRules: [{F672E3ED-1CA3-4125-8650-5F75AEF4B120}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{97907BE0-F7CA-4BB1-A2F9-214A146BC992}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{27ABCD61-1667-4947-9C66-3C4D116C3B16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D870AABC-224B-4DF5-B104-2C957BA4E2EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C268CEF7-43C6-44B9-BFF4-DEB9AFCCEBFA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{56D4C2FD-1D96-40F8-816C-1755AF951E9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{4215337F-A92A-4CC6-9C4C-335639C45C37}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{FADFD97B-7056-4F46-A533-3A3B66F03F8F}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{831D27A9-2BAF-4D21-AD8B-D9C78C91DF3C}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{15D347E0-3574-4B0F-9436-53E6355B4363}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{4D2C9BB1-2CC2-4744-B289-4258AF0480B6}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\Advanced Combat Tracker.exe
FirewallRules: [{2578BE72-CA33-4796-A08F-BABABEB77AED}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\ACTx86.exe
FirewallRules: [{5FD0E67D-AC47-49CD-84CE-28EBEF4C2572}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\ACTx86.exe
FirewallRules: [{8143FC3D-6033-4852-9BAF-9798AB9A7674}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\ACTx86.exe
FirewallRules: [{50AFF731-31D2-4E94-8765-CEC619FD73A2}] => (Allow) C:\Program Files (x86)\Advanced Combat Tracker\ACTx86.exe
FirewallRules: [UDP Query User{939D5F47-1978-492F-A226-647312501626}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{B556CC8A-C66E-42A2-AB1F-DDDC0757B5CC}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{5E623F36-5248-42E0-B392-D2425D7020EF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{72E22A1F-6BD0-4C4D-BD82-2166C58E2CE7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{320F72C4-7E12-4124-8A41-C817DCAE88EA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5C0823EF-EC74-4A87-8EFD-484F834783B5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{647A48A4-F7D0-49DA-8CC5-96F01550B1D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RuneScape Idle Adventures\idle-adventures.exe
FirewallRules: [{A416181D-0A8C-434A-B1F0-F7079A206213}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RuneScape Idle Adventures\idle-adventures.exe
FirewallRules: [{67C3E1B5-639B-4863-9DF9-643A45E1FA8B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{2C4701AF-EADA-4F8D-837E-3280CB3E15F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{BFB9C247-00A8-4238-8A42-370BB88472A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{05F0BFDF-CC19-42FD-AC24-4B9053E0E1F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2BB75696-D861-4760-B186-292B43E7779B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7EE60F40-28D8-44E9-AC70-83FFDBDF83CE}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{3B7D1025-3F35-4FB2-AD37-D5B5B0B9851B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{39DA6B8E-68ED-4BA9-9F5D-1C1F7726334D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8445B0BA-D7DE-47ED-A3CD-BFADEB5ED6C7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{50627A99-E125-425C-BF43-239812DD354F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{435613F8-4F39-4033-ABE3-72BDE3EED05F}] => (Allow) LPort=1900
FirewallRules: [{2AC696B0-67D9-45B5-A70C-1C0CA071F219}] => (Allow) LPort=7900
FirewallRules: [{441E284F-EC62-4398-8DFA-84DE8220B5A5}] => (Allow) LPort=24234
FirewallRules: [{9C699B8E-3342-41F7-8220-F08DFE692A90}] => (Allow) LPort=7679
FirewallRules: [{E45CE7CE-3BB3-411C-A3BD-2E6CF4BA3871}] => (Allow) LPort=7676
FirewallRules: [{0ABEA601-84C8-4976-A116-64CAA11BF165}] => (Allow) LPort=8643
FirewallRules: [{23E16999-5FEC-40CA-9675-8AE43484B413}] => (Allow) LPort=8743
FirewallRules: [{3FD9231E-B2AB-42BC-BCBA-894ACAB610E5}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{5CC3F959-DDFD-4707-A75E-997BB91D5AC5}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{F4A7C589-AD82-4096-AAB8-28831BAC11E8}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{69035B14-084F-4319-9298-AD5246B73A20}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{75DBECFF-08A1-4488-A4D4-716F16934AA7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{65403878-0C0B-4320-BDA7-F27DA4A78EBB}] => (Allow) LPort=2869
FirewallRules: [{DD3F0178-81BD-4433-8973-A32D3C4553A8}] => (Allow) LPort=1900
FirewallRules: [{D1AB65F1-7244-4E60-AF8C-B8103598032E}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{0A4A28A5-738D-421F-9D1B-233698E0831A}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{285C6B7D-9645-4FCB-9FFB-E8E36FBB4A43}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{89F79FC8-7FE2-4FC8-9FB4-3D9F8D9A35AD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{A289AC7B-F0F2-418A-90A4-DA1725017946}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{5B501C93-B2F2-4892-9134-A851C34C336D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{560736DA-249D-418E-A73B-A917A1741916}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{AB1BCFE7-FFF8-4884-B574-D4DC1E0E0EC2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1D234013-8CBB-4329-BAB8-BB8B72F50D9D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3A4F2608-8FB3-45BB-A631-750AC2455188}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{554A406E-2D75-48D0-9D45-17E58A11B2EA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{59E03559-D4D8-4A5D-A6D4-A0B2CC535BF7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F61575D8-5BE1-4ABE-BD98-D1B674C6FF9E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E4CE3BFE-5B44-4B4E-9FE5-73F4CF369739}] => (Allow) C:\Program Files (x86)\Juicy Stakes 2.0\PokerClient.exe
FirewallRules: [{DAD230B9-41A9-4885-A3D4-125E7519C76A}] => (Allow) C:\Program Files (x86)\Juicy Stakes 2.0\PokerClient.exe
FirewallRules: [{099C9D28-A4B5-4C5A-A68D-E1B04249367D}] => (Allow) C:\Program Files (x86)\Steam\steam.exe
FirewallRules: [{67CDCBD9-B2B9-461E-B928-22A529251B36}] => (Allow) C:\Program Files (x86)\Steam\steam.exe
FirewallRules: [{01A804CF-2329-4CE0-A7A2-A1A647CCEDD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ffxi\SquareEnix\FINAL FANTASY XI\polboot.exe
FirewallRules: [{4FDC4927-CBA3-4344-8E28-82ABB1383E17}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ffxi\SquareEnix\FINAL FANTASY XI\polboot.exe
FirewallRules: [{00C9ACF9-9ABC-4432-A2CC-2B8129726EC3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ffxi\SquareEnix\PlayOnlineViewer\polcfg\polcfg.exe
FirewallRules: [{8F97DFBD-8B8A-4145-9352-A99931A637F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ffxi\SquareEnix\PlayOnlineViewer\polcfg\polcfg.exe
FirewallRules: [{FEE7D9F2-61B1-46E4-8DB7-DA8F20D6247F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ffxi\SquareEnix\FINAL FANTASY XI\ToolsUS\FINAL FANTASY XI Config.exe
FirewallRules: [{761BB68B-FE0F-4A0E-A885-C914AEA8DD42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ffxi\SquareEnix\FINAL FANTASY XI\ToolsUS\FINAL FANTASY XI Config.exe
FirewallRules: [{6C8DF2DD-E89C-4437-9DA9-C2984DEC811B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{26D4F5FA-EB18-4223-A73D-EA60B2976E70}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{6D3AB18E-C3D3-4F78-97EC-0C7B846250DC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{D78F0FBC-3AFF-4A70-9FCF-93465CD22574}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{476D0486-3CD6-4A95-A603-99C17338D91A}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{2A48A768-6428-4D36-83C4-3464EED10FF9}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{0ED1D8BE-A820-4739-B53F-E5ED0122D899}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{55202BE8-DE4C-42BD-B33E-BFE2C1CC04A2}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{1175FA90-9D5D-4D94-8F8D-194D2FFE150E}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{D72863B1-D189-4881-86B6-5DFEBDF55368}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{5597888E-4C2A-4F12-9500-72C42EF5C7E6}] => (Allow) C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{45958A22-2B62-4B83-A96D-968A32F9CD52}] => (Allow) C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{C27D315B-58A1-4131-851E-5C02D00A054B}] => (Allow) C:\Users\Mitchell\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{C3BA8B24-F821-49D3-A196-456C2A2E2FC6}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{72F94A03-16F1-4CE5-94F1-E88C58BFC5F6}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{40830D0B-D378-4506-A10C-50A86BDC6C2C}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{E962DD99-C95C-43D0-A47A-CA013FC5286D}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{770C10C3-EFDB-4F71-87E7-AD8E64712C69}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{1CF27D92-B482-4C9A-BC90-3A8C27A2932F}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [{CA29FA5E-C541-4CF8-9310-A738A85535BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{35F6BED5-FDB6-4319-BB18-8DAC6FA0F55D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{772550E9-C12A-448C-BD7F-87849C5190B7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D4B8D2D8-23BB-451C-B18F-0D367FCEFC10}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E57201E6-85CB-4B7A-92B8-ECA3B1A4844C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{89549800-33B9-480D-8C04-6FABFF3A5CB7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{B05EB4A2-CD27-412A-A9D5-6C2DCF9AD3D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{141CCC12-C12D-42A7-9E40-9C05B5F4289D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{297BF69D-42AC-475F-9C0A-8D1D4CE066D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{61C817ED-DCF0-4369-8D76-CA7C6BE2A91F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{569FE9F4-D794-4052-9CF0-8D7EA2D0F89C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{3A1F1FD9-872F-4A6A-9F78-CCF28C3174FA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{7B595FED-C318-41A9-B82F-6385B1FC0CD5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{EA1A7887-C2A3-49D5-815C-9CE979F3A918}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{A9C9EBD0-A333-436F-A417-2AD6C3B9F8F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{409D7315-FDA4-490C-BC3E-0188D0F8C046}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{70FE2697-B125-4D18-82EB-579CC727F7BE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{70C0FC07-5AF1-4D29-BFAE-4D59036D35C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{2603AA47-C29C-4B10-A2B3-CB074EEC8649}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E3F6CFD4-76A2-430C-91F1-28C56889CDA5}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{BC2A9709-9A63-47EE-9E11-AAF9DF36D373}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{FF51758B-37BD-483E-8AC4-3C28AB4EC857}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{23596724-B202-4A13-8D89-ADE36A71D549}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{AD6512AB-4E11-4D7A-BBD1-04C33298FC0C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{C2C2F580-D10D-40C2-83A2-9A10C8909BCA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{ED077B49-DC53-40ED-A826-3A19733B1584}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{B5D68D93-E58A-44F5-8E78-32082DF64A16}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{1BBED777-38C2-4B78-A871-A8B9F481B30D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{FB6928E7-4494-4678-BB35-10C0DFFBFD66}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C552C33C-F44F-4CAE-AD20-49E30A5485A2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E9EC7B65-E8EA-47C3-8479-793C4B2DF8BE}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{A0163A90-67B1-48CF-90D9-4E7699DFDEF5}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{2B0EF1DD-5A48-4E6E-B7F4-AA4F29552B2D}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{F04E8CBE-35C7-4121-8F16-2F12D59F077E}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{43BBA0BF-524A-4462-9387-32D8CD13C319}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{EEB80E7D-64E0-4660-9B69-DA47910A9854}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E7801D90-F39F-4FAF-B38D-4476382540C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90DF39D6-95D2-480D-A4DA-1749A9D638FB}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{2BA379E1-93E9-42C2-B50A-CC15D2BD0CB3}] => (Allow) LPort=5357
FirewallRules: [{9C821D1C-4384-4B50-A44A-3FA3CBCE3DE7}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{F04236A3-1FE5-4361-89EB-C546824A841C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D4E27199-2EB0-490C-8791-335857333FED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{8ABC1622-8197-4AAF-A929-39B3B557C9D9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{57554C43-7A88-485F-8619-0686E2F36EE1}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{AB18EA12-50C5-456D-B46A-204E0347FA55}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{245BCEEF-B2C8-4C0F-8AED-59C25BE87B32}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{F8C6841D-B960-4538-9296-4EDD6DCFFF60}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{16A3AA89-FE7F-490A-90E6-C7FC7371CB1D}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{704C9DBC-0380-4768-A6AC-2F3EBA8FB1F5}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{65403603-293B-47B8-A206-EBE687F9A5ED}] => (Allow) LPort=12292
FirewallRules: [{728C18C9-C620-4F1E-A655-1EB0C67E7D1D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{9F84E46E-CA99-44A1-A756-FDA47F3C8061}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{9388A91B-F627-44A6-93F6-E2D2040090D5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{A2ECF195-18A9-418D-9914-37F77939E0C1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{23BDB5AE-EB9D-4E7C-8B4F-E8EA9C243E68}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{1E12D070-97E3-41A5-8037-6D59E7B7BEBE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [TCP Query User{810AE1D0-1B55-4DBC-83C7-86621E7C9282}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{065570D5-5261-45CE-AE89-49F9B093050C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{4EFAF481-A096-4122-B4B9-829618395C4E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2C6E9976-FDED-4BDF-B052-93BBAE9CD893}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{DD11BCCC-87F7-482A-8578-2EC8E7FE6A25}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [TCP Query User{38E8B992-B006-4DAE-BD32-BAFF7CE64C65}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{322BDDD1-B459-4489-967F-D26DBF9B2F11}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [TCP Query User{949FDD01-041B-407F-BA03-2D4123524637}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0BF375DB-240A-4674-B9D8-3ADF1A560239}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7FB7C4FD-2756-40A4-A238-64E995815D15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{8AB43670-1428-435E-B220-2878874E3CD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{D9212F83-DE8F-4A44-B45F-496960E2A583}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{63AF008A-4B72-4720-969E-9C75E358D1AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{4C4E3F73-C54F-4E81-9E2D-EA0464FBEDEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{09629463-0548-448A-80FC-99289A181F67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{6AC91DD7-2B05-439E-BCE4-865C334EC155}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tap Tap Infinity\TapTapInfinity.exe
FirewallRules: [{FC6C24E8-F407-4E87-BA4B-0C2B7C0E5275}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tap Tap Infinity\TapTapInfinity.exe
FirewallRules: [{4CE6B721-C5AE-4B16-8115-0038075E907E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{7DD72E58-BF36-4685-B387-28B7A1170DD2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{E65385E1-640C-41BE-8D19-FEB7989457C2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Idle Civilization\IdleCivilization.exe
FirewallRules: [{2723F994-83C9-4286-8314-BB1DD952193A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Idle Civilization\IdleCivilization.exe
FirewallRules: [{4445C05B-5239-4A90-8D05-B839EC25B96A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{2E661A5F-4132-419A-8AE5-662DF0F0BB29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{3381556D-F6CD-423F-A381-6BEB6142554A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{28847787-4BDF-4540-8994-E233AB35D18A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{321F1E76-9492-4748-A97D-31837039F618}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{CB48AB03-EBBD-42AC-A8FF-BE5246CDA39D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{EF97E6B7-2144-4E5B-8F2A-A8F109370EB8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{B7A65956-904F-4C7D-BD04-A6FF1865C88B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [TCP Query User{578844A9-80A4-463A-8809-1B30152E709D}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [UDP Query User{6ABF0B7F-B570-4204-8867-D2E1A017822E}C:\program files (x86)\plex\plex media server\plex dlna server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [{2710976B-EB16-4771-9D99-1C66F387D65F}] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [{FEB6E46F-EFF3-4658-ADB3-C1F4139D0116}] => (Allow) C:\program files (x86)\plex\plex media server\plex dlna server.exe
FirewallRules: [{410222C4-111B-46C8-B552-F99A37B66039}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{0BF0C4BC-AF7E-4DB0-8333-5EF69F3E610B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [TCP Query User{9304E758-D47A-4BF0-87FE-AAFFB5E0B749}C:\emu\vbalink\visualboyadvance.exe] => (Allow) C:\emu\vbalink\visualboyadvance.exe
FirewallRules: [UDP Query User{19DB5230-F103-48A7-9FA5-6B19873F72DB}C:\emu\vbalink\visualboyadvance.exe] => (Allow) C:\emu\vbalink\visualboyadvance.exe
FirewallRules: [{1EF0629C-E22D-48A0-8BF2-96345A8F9FA0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{7DE49672-78D7-4619-B350-5FF93DEC2A18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{C610554F-95AF-4E71-9BD2-3963C233DE7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mold on Pizza Deluxe\MoldOnPizza.exe
FirewallRules: [{F4138774-FA4C-4BA9-A743-8B1AB7F7B979}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mold on Pizza Deluxe\MoldOnPizza.exe
FirewallRules: [{73FC695F-2F81-4F04-AC4E-58FADAB4D91C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Over 9000 Zombies!\Over9000Zombies.exe
FirewallRules: [{1EA87698-8A01-4758-ACE9-2D5B9664246A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Over 9000 Zombies!\Over9000Zombies.exe
FirewallRules: [{81697DA3-E4B2-44B5-B862-0B8186C1AED1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Voodoo Garden\Voodoo Garden.exe
FirewallRules: [{D437ABFC-B3B6-4EBE-B220-91228FEF7167}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Voodoo Garden\Voodoo Garden.exe
FirewallRules: [{8A3F4E49-0003-4722-AEA6-58609CE6C050}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{9D5BBAF2-D6BC-4526-85F6-F5AE404AABBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{319FFA61-E9AC-4477-B8C5-15F1C666025C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{D1F4EDAD-F2FB-4E0A-AC6E-93EC60BDC16D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{9193F75B-0C14-480A-8375-C887B00B69BC}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{BF8D6726-422E-456F-A776-0177DE3C3C75}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [TCP Query User{2DDFD7FC-A2E2-4CF0-92CF-E6F4BCCA126E}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [UDP Query User{60CC4152-B318-45AE-84B1-2167A7840AA7}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [{352D7A3F-64C5-4486-84CB-3B15FB4EF6AE}] => (Block) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [{46D7095E-7B1A-4D68-8863-B6EDB66CBDE6}] => (Block) C:\program files (x86)\arc\arcchat.exe
FirewallRules: [TCP Query User{717B6547-E228-4BB9-B3CA-8925A5221705}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{28957877-FE71-4D21-A8DD-689F4C9FAE07}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [{08463932-8EE2-49E4-BF13-40D08CC155B2}] => (Block) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [{9375F4CB-2989-4D0A-88C1-4E9111B0715D}] => (Block) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [{71E5F598-6BA9-40AB-9714-E91F357CCA44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe\LevelEditor.exe
FirewallRules: [{C911D1BE-A040-4188-B9B2-B93F8FB7509B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe\LevelEditor.exe
FirewallRules: [{FABBDF8E-5F59-4F14-8164-6398114FD3AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Toadled\ToadledWindows.exe
FirewallRules: [{222DACB4-BE6B-41CB-90B5-E092873E1830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Toadled\ToadledWindows.exe
FirewallRules: [{E7769FE8-E4F6-4AB6-BACC-0E0D666A88DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creeper World 3\CW3.exe
FirewallRules: [{EEA09435-223A-4497-9B2B-B6E3D8D376AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creeper World 3\CW3.exe
FirewallRules: [{7BED5F60-1F46-43D0-83D6-65A6F0F82BFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{595ECDAA-8F6E-4F59-9379-B3AE230D51B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{E97A8F3E-5214-4DDB-9EC6-79CB311B3166}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{FBE4B1FE-A570-4D75-A4FA-C19DD6EE3790}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{B789AC96-91DE-420A-BDFD-0AF352754F9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{EA2899FB-9314-4198-9735-E6C9D5B799EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{10254347-80C0-4DD8-A4F4-65E8185601E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{539AB3E6-4B58-4155-8FC3-4E0DBD5BB75B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [TCP Query User{8C9F6AF6-F074-4BC8-806C-294B10C47E0C}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{6C43B1AA-E745-4F17-8656-47966A4C1453}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{BA9FC1C6-A863-4E9A-9DFC-FC5AF67A3424}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{51FD769D-A30A-4637-A2A3-45784D219F71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WeaponShopFantasy\WeaponShopFantasy.exe
FirewallRules: [{6F1FF239-F604-4312-B9B9-C13435A1AB34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WeaponShopFantasy\WeaponShopFantasy.exe
FirewallRules: [{F3D234A2-F349-4706-9C58-3CC326F9EDB5}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{3ECB3AC0-5E08-4122-9DD7-6FCBC7DEF037}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{D944DB7A-D474-4F93-85E9-05ED1F78AAC4}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{858F8D8C-DDF3-4860-B05F-63E84148EBCF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{14E037C5-D716-4929-932E-FEAA65542F77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{6104BC0D-96E0-41FB-99C8-4470A20C0EDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{E0CA2696-26C6-45FC-AFA8-6778E0B4543D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Might and Magic Clash of Heroes\ClashOfHeroes.exe
FirewallRules: [{BF6BC3CF-9EE4-43DF-BFB2-B94FEA2B36A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Might and Magic Clash of Heroes\ClashOfHeroes.exe
FirewallRules: [{77FE3B52-1BC1-42F3-B140-DD146670619E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BloonsTD5\BTD5-Win.exe
FirewallRules: [{A56F35B4-9791-4723-BCBD-EFF77D9B3CD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BloonsTD5\BTD5-Win.exe
FirewallRules: [{580E10D2-2799-4C53-9F96-A6EBE1DD3805}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{5D8591EB-192D-49D0-9D6D-EE37FF5F19C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{E24B233A-ADD8-4C29-AE4D-B70E544876F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{AE553D55-C427-4376-B6A6-5AC578E0E0A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{144D09AD-1DD7-4E02-972E-8292DF3FF654}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{20A36DA9-8D67-4076-874B-4C1CF5211442}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3EAD0F4B-486C-4214-B3D4-EA89B501064E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B3B8DD06-54ED-45C2-968E-A69219ADE84D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{D793E2D2-FF5C-4514-AE29-CEA3E4439A9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{97CF0D3A-39B2-4400-ADF4-F152BEE4D724}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DD5537E6-1BBD-4174-A97C-214CA62214E0}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{7B4546B5-BCC1-4DB5-BDFF-AE9F0A68CE2A}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{D05E8C19-E9BA-470F-8825-371B05EDF606}] => (Allow) C:\Program Files (x86)\Nevil\collectives.exe
FirewallRules: [{29C85026-3C37-451F-88E3-8F1020F193BA}] => (Allow) C:\Program Files (x86)\Dad\collectives.exe
FirewallRules: [{AE90E768-D1FD-46AC-8ACB-C2E3A73E7C0C}] => (Allow) C:\Program Files (x86)\kingfisher\gilbride.exe
FirewallRules: [{628A7213-9561-4530-A1F3-5F3C783CEDE4}] => (Allow) C:\Program Files (x86)\Dad\gilbride.exe
FirewallRules: [{213C7FC2-61FD-4D39-9A56-3B856A27CB72}] => (Block) %SystemRoot%\System32\avewmsosvc.exe
FirewallRules: [TCP Query User{B221B510-1DA8-497A-B7AD-8E2A6F8615AD}C:\users\mitchell\appdata\local\programs\sw-exporter\summoners war exporter.exe] => (Allow) C:\users\mitchell\appdata\local\programs\sw-exporter\summoners war exporter.exe
FirewallRules: [UDP Query User{EFB6DF41-7522-4F83-99D1-F1D7EE2B5BBD}C:\users\mitchell\appdata\local\programs\sw-exporter\summoners war exporter.exe] => (Allow) C:\users\mitchell\appdata\local\programs\sw-exporter\summoners war exporter.exe
FirewallRules: [{91B6FDA9-200C-4396-B982-7564C68CB4C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe\DefendersQuest.exe
FirewallRules: [{C614E403-7768-4CAA-B887-6E640284B547}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe\DefendersQuest.exe
FirewallRules: [{457F1062-C53E-4289-9B11-4D68D82E36DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe_gl\DefendersQuest.exe
FirewallRules: [{A4ADCD10-6AA4-4438-BA6B-9E25D0AD9F37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe_gl\DefendersQuest.exe
FirewallRules: [{03F50AD9-B8DB-4554-92E7-D246FFEFE954}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\legacy\DefendersQuest.exe
FirewallRules: [{878BB0E0-CB85-4035-B0C3-BE85E326ECD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\legacy\DefendersQuest.exe
FirewallRules: [{C1EB4D23-77B7-4AD2-8129-900C58102D76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe_gl\LevelEditor.exe
FirewallRules: [{C647DB98-556F-4A11-8922-774E468B15F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DefendersQuest\deluxe_gl\LevelEditor.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

18-12-2017 19:22:25 Windows Update
24-12-2017 05:24:42 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2017 05:18:40 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/23/2017 02:14:13 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/22/2017 02:14:13 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/21/2017 02:14:12 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/20/2017 02:14:12 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/19/2017 02:14:12 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/18/2017 02:14:13 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/17/2017 02:14:13 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/16/2017 07:26:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/16/2017 07:22:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Baby.local already in use; will try Baby-2.local instead


System errors:
=============
Error: (12/24/2017 05:51:58 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (12/24/2017 05:47:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDUpdateService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/24/2017 05:47:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SDUpdateService service to connect.

Error: (12/24/2017 05:47:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (12/24/2017 05:47:09 AM) (Source: DCOM) (EventID: 10010) (User: BABY)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (12/24/2017 05:47:09 AM) (Source: DCOM) (EventID: 10010) (User: BABY)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (12/24/2017 05:44:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDUpdateService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/24/2017 05:44:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SDUpdateService service to connect.

Error: (12/24/2017 05:44:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (12/24/2017 05:44:22 AM) (Source: DCOM) (EventID: 10010) (User: BABY)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2017-12-24 06:07:39.787
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-24 06:07:39.786
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-24 05:24:20.393
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-24 05:24:20.391
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-16 19:25:50.809
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-16 19:25:50.807
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-16 14:10:50.131
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-16 14:10:50.129
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-15 15:08:07.522
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-15 15:08:07.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 16316.02 MB
Available physical RAM: 9743.72 MB
Total Virtual: 18748.02 MB
Available Virtual: 11847.57 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:475.28 GB) (Free:150.91 GB) NTFS
Drive e: (DATA) (Fixed) (Total:931.51 GB) (Free:700.85 GB) NTFS
Drive z: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:642.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1E1F4777)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F2AFF72E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: E13960D3)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 PM

Posted 24 December 2017 - 10:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


To clean this compugter of this infection these Item(s) are required:

USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Another computer (optional: only needed if you cannot work from the infected computer directly)

If you have or can have access to them then lets continue.

===

Launch FRST and copy/paste the following inside the text area. Once done, click on the Fix button. Afterwards, a file called fixlog.txt should appear on your desktop. Attach it in your nexy reply.
 

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers
End::


Wait for further instructions.

#3 Hayama

Hayama
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 27 December 2017 - 04:46 PM

Hello and thanks again. Sorry for the late reply, I've barely been home with the holidays and everything. Here's the fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Mitchell (27-12-2017 16:45:20) Run:2
Running from C:\Users\Mitchell\Downloads
Loaded Profiles: Mitchell (Available Profiles: Mitchell)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: fltmc instances
CMD: dir /a:-d /o:d C:\windows\system32\drivers

*****************


========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========


========= fltmc instances =========

Filter                Volume Name                              Altitude        Instance Name       Frame   SprtFtrs  VlStatus
--------------------  -------------------------------------  ------------  ----------------------  -----   --------  --------
FileInfo                                                         40500     FileInfo                  0     00000003  
FileInfo              \Device\HarddiskVolume2                    40500     FileInfo                  0     00000003  
FileInfo              C:                                         40500     FileInfo                  0     00000003  
FileInfo                                                         40500     FileInfo                  0     00000003  
FileInfo              E:                                         40500     FileInfo                  0     00000003  
FileInfo              Z:                                         40500     FileInfo                  0     00000003  
FileInfo              \Device\Mup                                40500     FileInfo                  0     00000003  
WdFilter                                                        328010     WdFilter Instance         0     00000007  
WdFilter              \Device\HarddiskVolume2                   328010     WdFilter Instance         0     00000007  
WdFilter              C:                                        328010     WdFilter Instance         0     00000007  
WdFilter                                                        328010     WdFilter Instance         0     00000007  
WdFilter              E:                                        328010     WdFilter Instance         0     00000007  
WdFilter              Z:                                        328010     WdFilter Instance         0     00000007  
WdFilter              \Device\Mup                               328010     WdFilter Instance         0     00000007  
Wof                                                              40700     Wof Instance              0     00000003  
Wof                   C:                                         40700     Wof Instance              0     00000003  
Wof                                                              40700     Wof Instance              0     00000003  
Wof                   E:                                         40700     Wof Instance              0     00000003  
Wof                   Z:                                         40700     Wof Instance              0     00000003  
luafv                 C:                                        135000     luafv                     0     00000003  
npsvctrig             \Device\NamedPipe                          46000     npsvctrig                 0     00000000  
wcifs                 C:                                        189900     wcifs Instance            0     00000000  
zmnadrwu              C:                                         45666     zmnadrwu Instance         0     00000000  
zmnadrwu              \Device\Mup                                45666     zmnadrwu Instance         0     00000000  

========= End of CMD: =========


========= dir /a:-d /o:d C:\windows\system32\drivers =========

 Volume in drive C is Windows
 Volume Serial Number is 964A-BDE7

 Directory of C:\windows\system32\drivers

08/21/2012  12:01 PM            33,240 GEARAspiWDM.sys
03/04/2013  07:24 AM            40,344 ElbyCDIO.sys
05/30/2013  10:16 AM            41,752 LGSUsbFilt.sys
07/24/2013  10:02 AM            34,816 VClone.sys
07/25/2013  03:28 AM            20,614 ibtfltcoex_wp8.cat
07/26/2013  06:07 PM           827,096 Rt630x64.sys
08/01/2013  10:57 PM            30,448 Smb_driver_AMDASF.sys
08/06/2013  02:13 PM            23,040 netaapl64.sys
08/07/2013  08:01 PM            46,568 ISCTD64.sys
08/08/2013  04:25 PM            39,320 intelaud.sys
08/08/2013  04:25 PM            26,008 iwdbus.sys
08/08/2013  08:06 PM            21,408 ikbevent.sys
08/08/2013  08:06 PM            21,920 imsevent.sys
08/09/2013  07:25 AM            16,344 IntelMEFWVer.dll
08/16/2013  04:21 AM           551,936 stwrt64.sys
08/19/2013  04:23 PM            26,136 ICCWDT.sys
08/22/2013  06:39 AM            44,544 SETD31E.tmp
08/26/2013  01:07 AM                 0 Msft_User_WpdFs_01_11_00.Wdf
11/12/2013  01:25 PM            91,912 CLVirtualDrive.sys
01/27/2014  10:58 PM            41,704 clwvd.sys
04/08/2014  03:45 AM                 0 Msft_Kernel_TeeDriverx64_01011.Wdf
04/08/2014  03:48 AM                 0 Msft_Kernel_btmhsf_01011.Wdf
04/08/2014  03:48 AM                 0 Msft_Kernel_btmaux_01009.Wdf
04/08/2014  04:03 AM                 0 103C_HP_cNB_ENVY TS 17 Notebook PC_Y5335KV_0U_Q5CG415D3QC_E735953-001_4A_I1966_SHP_V93.49_BF.53_T140305_W8101-0_L409_M16317_J1000_7Intel_86C3_92.40_#140408_N10EC8168;808608B3_(E1P14AV)_XMOBILE_CN10_Z.MRK
04/20/2014  10:25 PM                 0 Msft_User_WpdMtpDr_01_11_00.Wdf
04/27/2014  12:20 AM                 0 Msft_Kernel_WinUSB_01007.Wdf
05/28/2014  02:21 AM            44,744 ISCTD.sys
07/09/2014  01:47 PM                 0 Msft_Kernel_netaapl64_01009.Wdf
10/10/2014  09:54 PM            31,232 tap0901.sys
05/07/2015  04:49 AM            51,712 flashud.sys
05/14/2015  10:44 AM           751,632 RtsPer.sys
06/01/2015  10:55 AM            36,600 npf.sys
06/17/2015  04:04 PM            54,784 usbaapl64.sys
06/23/2015  08:24 PM            30,384 WirelessButtonDriver64.sys
07/01/2015  06:59 AM           144,464 ctxusbm.sys
07/25/2015  10:12 AM         6,270,416 igdkmd64.sys
07/29/2015  03:44 AM         1,462,720 iaStorA.sys
12/25/2015  01:10 AM         3,515,152 Netwbw02.sys
12/25/2015  01:10 AM        10,718,860 Netwfw02.dat
01/18/2016  02:57 PM                 0 Msft_User_SensorsSimulatorDriver_01_11_00.Wdf
03/29/2016  12:01 AM           186,424 TeeDriverW8x64.sys
05/08/2016  11:54 PM           481,768 IntcDAud.sys
07/16/2016  06:42 AM                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
10/12/2016  06:37 AM            56,128 AccelerometerBAD.sys
01/16/2017  01:26 AM           165,504 ssudmdm.sys
01/16/2017  01:26 AM           131,712 ssudbus.sys
01/23/2017  05:20 PM            64,280 LGSHidFilt.Sys
01/23/2017  05:20 PM            67,736 LGJoyXlCore.sys
01/23/2017  05:20 PM            26,008 LGVirHid.sys
01/23/2017  05:20 PM            36,496 LGBusEnum.sys
02/21/2017  10:40 PM           251,848 2B1F0494.sys
03/09/2017  10:10 PM           230,656 ibtusb.sys
03/18/2017  03:56 PM           120,224 pcmcia.sys
03/18/2017  03:56 PM            32,256 BthhfHid.sys
03/18/2017  03:56 PM            43,520 BthAvrcpTg.sys
03/18/2017  03:56 PM            49,152 circlass.sys
03/18/2017  03:56 PM           119,200 EhStorTcgDrv.sys
03/18/2017  03:56 PM            46,592 hidir.sys
03/18/2017  03:56 PM           416,256 HdAudio.sys
03/18/2017  03:56 PM           113,152 iaLPSSi_I2C.sys
03/18/2017  03:56 PM            66,560 bthmodem.sys
03/18/2017  03:56 PM           373,248 portcls.sys
03/18/2017  03:56 PM            97,280 drmk.sys
03/18/2017  03:56 PM           103,424 usbcir.sys
03/18/2017  03:56 PM           134,656 USBAUDIO.sys
03/18/2017  03:56 PM            16,232 drmkaud.sys
03/18/2017  03:56 PM            34,816 rndismpx.sys
03/18/2017  03:56 PM            23,040 usb8023x.sys
03/18/2017  03:56 PM            47,104 usbscan.sys
03/18/2017  03:56 PM            13,312 serscan.sys
03/18/2017  03:56 PM            24,576 WSDScan.sys
03/18/2017  03:56 PM            27,136 usbprint.sys
03/18/2017  03:56 PM            22,528 WSDPrint.sys
03/18/2017  03:56 PM            39,424 monitor.sys
03/18/2017  03:56 PM            74,840 intelpep.sys
03/18/2017  03:56 PM            38,128 iaLPSSi_GPIO.sys
03/18/2017  03:56 PM            14,848 acpipmi.sys
03/18/2017  03:56 PM           533,920 bxvbda.sys
03/18/2017  03:56 PM         3,419,040 evbda.sys
03/18/2017  03:56 PM            20,480 AcpiDev.sys
03/18/2017  03:56 PM           160,256 cdrom.sys
03/18/2017  03:56 PM           110,496 sbp2port.sys
03/18/2017  03:56 PM           122,880 capimg.sys
03/18/2017  03:56 PM           238,080 1394ohci.sys
03/18/2017  03:56 PM           107,424 3ware.sys
03/18/2017  03:56 PM            27,040 amdxata.sys
03/18/2017  03:56 PM            83,352 amdsata.sys
03/18/2017  03:56 PM         1,135,512 adp80xx.sys
03/18/2017  03:56 PM           259,488 amdsbs.sys
03/18/2017  03:56 PM           132,000 arcsas.sys
03/18/2017  03:56 PM            30,720 wacompen.sys
03/18/2017  03:56 PM             9,728 bcmfn2.sys
03/18/2017  03:56 PM            64,416 HpSAMD.sys
03/18/2017  03:56 PM           108,960 lsi_sas.sys
03/18/2017  03:56 PM           123,808 lsi_sas2i.sys
03/18/2017  03:56 PM            82,848 lsi_sss.sys
03/18/2017  03:56 PM           103,328 lsi_sas3i.sys
03/18/2017  03:56 PM            64,416 MegaSas2i.sys
03/18/2017  03:56 PM            59,808 megasas.sys
03/18/2017  03:56 PM            63,904 mvumis.sys
03/18/2017  03:56 PM           575,904 megasr.sys
03/18/2017  03:56 PM            16,896 MTConfig.sys
03/18/2017  03:56 PM            58,784 percsas2i.sys
03/18/2017  03:56 PM           166,304 nvstor.sys
03/18/2017  03:56 PM           150,432 nvraid.sys
03/18/2017  03:56 PM            31,136 stexstor.sys
03/18/2017  03:56 PM            81,824 sisraid4.sys
03/18/2017  03:56 PM            44,960 sisraid2.sys
03/18/2017  03:56 PM            61,848 percsas3i.sys
03/18/2017  03:56 PM            57,856 umbus.sys
03/18/2017  03:56 PM           305,568 VSTXRAID.SYS
03/18/2017  03:56 PM           166,816 vsmraid.sys
03/18/2017  03:56 PM           102,816 cht4dx64.sys
03/18/2017  03:56 PM           347,032 cht4sx64.sys
03/18/2017  03:56 PM            13,824 errdev.sys
03/18/2017  03:56 PM         2,104,224 cht4vx64.sys
03/18/2017  03:56 PM            32,160 winmad.sys
03/18/2017  03:56 PM           108,960 ndfltr.sys
03/18/2017  03:56 PM           842,656 mlx4_bus.sys
03/18/2017  03:56 PM           526,240 ibbus.sys
03/18/2017  03:56 PM            64,920 winverbs.sys
03/18/2017  03:56 PM            32,768 fdc.sys
03/18/2017  03:56 PM            18,432 sfloppy.sys
03/18/2017  03:56 PM           673,184 iaStorAV.sys
03/18/2017  03:56 PM            92,064 IPMIDrv.sys
03/18/2017  03:56 PM            38,296 hidbatt.sys
03/18/2017  03:56 PM            26,624 flpydisk.sys
03/18/2017  03:56 PM           412,064 iaStorV.sys
03/18/2017  03:56 PM            19,360 intelide.sys
03/18/2017  03:56 PM            22,944 isapnp.sys
03/18/2017  03:56 PM            19,352 msisadrv.sys
03/18/2017  03:56 PM           194,464 ataport.sys
03/18/2017  03:56 PM            84,480 serial.sys
03/18/2017  03:56 PM            26,112 serenum.sys
03/18/2017  03:56 PM            53,656 pciidex.sys
03/18/2017  03:56 PM            97,792 parport.sys
03/18/2017  03:56 PM            29,088 atapi.sys
03/18/2017  03:56 PM            16,800 pciide.sys
03/18/2017  03:56 PM            44,960 mssmbios.sys
03/18/2017  03:56 PM            80,896 nvdimmn.sys
03/18/2017  03:56 PM           101,376 pmem.sys
03/18/2017  03:56 PM            91,040 scmbus.sys
03/18/2017  03:56 PM            36,760 storufs.sys
03/18/2017  03:56 PM            78,752 uaspstor.sys
03/18/2017  03:56 PM            54,176 vdrvroot.sys
03/18/2017  03:56 PM            18,432 wmiacpi.sys
03/18/2017  03:56 PM           193,536 intelppm.sys
03/18/2017  03:56 PM            57,344 BasicDisplay.sys
03/18/2017  03:56 PM           172,032 processr.sys
03/18/2017  03:56 PM           172,544 amdppm.sys
03/18/2017  03:56 PM           102,816 disk.sys
03/18/2017  03:56 PM           176,640 amdk8.sys
03/18/2017  03:56 PM            16,288 volume.sys
03/18/2017  03:56 PM           587,168 spaceport.sys
03/18/2017  03:56 PM           167,328 spacedump.sys
03/18/2017  03:56 PM            29,600 uefi.sys
03/18/2017  03:56 PM            83,360 volmgr.sys
03/18/2017  03:56 PM            14,336 acpitime.sys
03/18/2017  03:56 PM            12,800 acpipagr.sys
03/18/2017  03:56 PM           405,408 mausbhost.sys
03/18/2017  03:56 PM            30,208 CmBatt.sys
03/18/2017  03:56 PM            36,256 battc.sys
03/18/2017  03:56 PM           353,696 pci.sys
03/18/2017  03:56 PM            31,128 SDFRd.sys
03/18/2017  03:56 PM            51,104 mausbip.sys
03/18/2017  03:56 PM            18,336 swenum.sys
03/18/2017  03:56 PM            35,328 TsUsbGD.sys
03/18/2017  03:56 PM            85,504 iaLPSS2i_GPIO2_BXT_P.sys
03/18/2017  03:56 PM           165,376 iaLPSS2i_I2C.sys
03/18/2017  03:56 PM           168,448 iaLPSS2i_I2C_BXT_P.sys
03/18/2017  03:56 PM            70,656 iaLPSS2i_GPIO2.sys
03/18/2017  03:56 PM            33,280 iagpio.sys
03/18/2017  03:56 PM            13,824 vmgencounter.sys
03/18/2017  03:56 PM            53,664 CAD.sys
03/18/2017  03:56 PM            81,408 iai2c.sys
03/18/2017  03:56 PM            47,104 dmvsc.sys
03/18/2017  03:56 PM            16,896 hyperkbd.sys
03/18/2017  03:56 PM            25,088 VMBusHID.sys
03/18/2017  03:56 PM             9,216 vms3cap.sys
03/18/2017  03:56 PM            74,656 vpci.sys
03/18/2017  03:56 PM            36,768 storvsc.sys
03/18/2017  03:56 PM            10,240 vmgid.sys
03/18/2017  03:56 PM            64,512 Synth3dVsc.sys
03/18/2017  03:56 PM            40,960 RfxVmt.sys
03/18/2017  03:56 PM            47,520 vmstorfl.sys
03/18/2017  03:56 PM           107,424 vmbus.sys
03/18/2017  03:56 PM            23,552 BtaMPM.sys
03/18/2017  03:56 PM            47,104 BthHfAud.sys
03/18/2017  03:56 PM            29,600 urschipidea.sys
03/18/2017  03:56 PM            49,056 msgpiowin32.sys
03/18/2017  03:56 PM           181,248 BthA2DP.sys
03/18/2017  03:56 PM            27,136 npsvctrig.sys
03/18/2017  03:56 PM            98,712 UfxChipidea.sys
03/18/2017  03:56 PM           138,656 ufxsynopsys.sys
03/18/2017  03:56 PM            21,504 genericusbfn.sys
03/18/2017  03:56 PM            28,064 urssynopsys.sys
03/18/2017  03:56 PM            85,504 BTHUSB.SYS
03/18/2017  03:56 PM            45,568 devauthe.sys
03/18/2017  03:56 PM            14,336 umpass.sys
03/18/2017  03:56 PM            46,592 xinputhid.sys
03/18/2017  03:56 PM           180,736 hidclass.sys
03/18/2017  03:56 PM            40,960 hidusb.sys
03/18/2017  03:56 PM            40,960 hidparse.sys
03/18/2017  03:56 PM            52,224 hidi2c.sys
03/18/2017  03:56 PM            64,416 kbdclass.sys
03/18/2017  03:56 PM           115,200 i8042prt.sys
03/18/2017  03:56 PM            40,448 kbdhid.sys
03/18/2017  03:56 PM            51,104 hidinterrupt.sys
03/18/2017  03:56 PM            28,672 sermouse.sys
03/18/2017  03:56 PM            33,280 mouhid.sys
03/18/2017  03:56 PM            60,320 mouclass.sys
03/18/2017  03:56 PM            98,200 usbehci.sys
03/18/2017  03:56 PM            30,720 usbohci.sys
03/18/2017  03:56 PM           466,336 usbport.sys
03/18/2017  03:56 PM            32,160 usbd.sys
03/18/2017  03:56 PM           131,488 USBSTOR.SYS
03/18/2017  03:56 PM            35,328 usbuhci.sys
03/18/2017  03:56 PM            90,112 winusb.sys
03/18/2017  03:56 PM            94,624 sdstor.sys
03/18/2017  03:56 PM            18,520 WindowsTrustedRTProxy.sys
03/18/2017  03:56 PM            23,040 kdnic.sys
03/18/2017  03:56 PM            54,272 filecrypt.sys
03/18/2017  03:56 PM            28,064 cmimcext.sys
03/18/2017  03:56 PM            98,208 sdport.sys
03/18/2017  03:56 PM            35,328 vhf.sys
03/18/2017  03:56 PM            45,568 Udecx.sys
03/18/2017  03:56 PM           213,920 Ucx01000.sys
03/18/2017  03:56 PM           127,392 acpiex.sys
03/18/2017  03:56 PM            63,904 fsdepends.sys
03/18/2017  03:56 PM            61,440 TsUsbFlt.sys
03/18/2017  03:56 PM           294,816 WdFilter.sys
03/18/2017  03:56 PM            44,632 WdBoot.sys
03/18/2017  03:56 PM           121,248 WdNisDrv.sys
03/18/2017  03:56 PM           118,688 hvsocket.sys
03/18/2017  03:56 PM            31,648 winhv.sys
03/18/2017  03:56 PM            32,768 usbrpm.sys
03/18/2017  03:56 PM           101,888 bowser.sys
03/18/2017  03:57 PM            42,496 modem.sys
03/18/2017  03:57 PM            51,712 tcpipreg.sys
03/18/2017  03:57 PM            20,992 NdisVirtualBus.sys
03/18/2017  03:57 PM            19,968 irenum.sys
03/18/2017  03:57 PM            28,672 asyncmac.sys
03/18/2017  03:57 PM            23,040 usb8023.sys
03/18/2017  03:57 PM            17,920 rasacd.sys
03/18/2017  03:57 PM           150,016 rmcast.sys
03/18/2017  03:57 PM            34,816 RNDISMP.sys
03/18/2017  03:57 PM            81,920 raspppoe.sys
03/18/2017  03:57 PM           120,320 irda.sys
03/18/2017  03:57 PM            87,040 ipfltdrv.sys
03/18/2017  03:57 PM            57,760 netbios.sys
03/18/2017  03:57 PM            50,688 mmcss.sys
03/18/2017  03:57 PM               646 gmreadme.txt
03/18/2017  03:57 PM         3,440,660 gm.dls
03/18/2017  03:57 PM            36,864 filetrace.sys
03/18/2017  03:57 PM           144,384 mrxdav.sys
03/18/2017  03:57 PM            21,504 smclib.sys
03/18/2017  03:57 PM            10,240 beep.sys
03/18/2017  03:57 PM           175,520 scsiport.sys
03/18/2017  03:57 PM            75,776 stream.sys
03/18/2017  03:57 PM            88,992 EhStorClass.sys
03/18/2017  03:57 PM            37,888 USBCAMD2.sys
03/18/2017  03:57 PM            31,232 tape.sys
03/18/2017  03:57 PM            23,552 mcd.sys
03/18/2017  03:57 PM            43,520 scfilter.sys
03/18/2017  03:57 PM            49,664 videoprt.sys
03/18/2017  03:57 PM            55,808 watchdog.sys
03/18/2017  03:57 PM           152,992 pacer.sys
03/18/2017  03:57 PM           122,368 NetAdapterCx.sys
03/18/2017  03:57 PM            40,352 tdi.sys
03/18/2017  03:57 PM           367,000 msrpc.sys
03/18/2017  03:57 PM           419,744 FWPKCLNT.SYS
03/18/2017  03:57 PM            56,224 condrv.sys
03/18/2017  03:57 PM           105,880 mountmgr.sys
03/18/2017  03:57 PM            49,568 iorate.sys
03/18/2017  03:57 PM           391,584 Classpnp.sys
03/18/2017  03:57 PM           220,672 WUDFRd.sys
03/18/2017  03:57 PM           100,864 WUDFPf.sys
03/18/2017  03:57 PM            20,384 wmilib.sys
03/18/2017  03:57 PM            33,184 WppRecorder.sys
03/18/2017  03:57 PM             7,680 null.sys
03/18/2017  03:57 PM         1,735,584 refs.sys
03/18/2017  03:57 PM            69,120 npfs.sys
03/18/2017  03:57 PM            31,744 msfs.sys
03/18/2017  03:57 PM            93,184 cdfs.sys
03/18/2017  03:57 PM            61,672 WdfLdr.sys
03/18/2017  03:57 PM           902,376 Wdf01000.sys
03/18/2017  03:57 PM           386,464 fltMgr.sys
03/18/2017  03:57 PM            33,688 fs_rec.sys
03/18/2017  03:57 PM            20,376 ntosext.sys
03/18/2017  03:57 PM            52,640 pcw.sys
03/18/2017  03:57 PM           239,616 ahcache.sys
03/18/2017  03:57 PM            35,744 Dumpata.sys
03/18/2017  03:57 PM           373,664 volmgrx.sys
03/18/2017  03:57 PM           397,216 volsnap.sys
03/18/2017  03:57 PM           215,456 VerifierExt.sys
03/18/2017  03:57 PM           936,864 refsv1.sys
03/18/2017  03:57 PM            29,600 hwpolicy.sys
03/18/2017  03:57 PM            23,552 ws2ifsl.sys
03/18/2017  03:57 PM            80,288 SpbCx.sys
03/18/2017  03:57 PM           150,528 dfsc.sys
03/18/2017  03:57 PM           282,528 rdyboost.sys
03/18/2017  03:57 PM            50,688 ndiscap.sys
03/18/2017  03:57 PM            55,296 winhvr.sys
03/18/2017  03:57 PM            35,744 wimmount.sys
03/18/2017  03:57 PM            86,432 crashdmp.sys
03/18/2017  03:57 PM           347,136 exfat.sys
03/18/2017  03:57 PM           324,096 udfs.sys
03/18/2017  03:57 PM            77,216 CEA.sys
03/18/2017  03:57 PM            72,192 wcnfs.sys
03/18/2017  03:57 PM           164,768 wfplwfs.sys
03/18/2017  03:57 PM            86,432 fileinfo.sys
03/18/2017  03:57 PM           208,288 wof.sys
03/18/2017  03:57 PM           128,512 NdisImPlatform.sys
03/18/2017  03:57 PM            49,664 qwavedrv.sys
03/18/2017  03:57 PM           169,888 msgpioclx.sys
03/18/2017  03:57 PM           467,352 mrxsmb.sys
03/18/2017  03:57 PM           123,808 mup.sys
03/18/2017  03:57 PM            75,680 SerCx.sys
03/18/2017  03:57 PM           434,080 rdbss.sys
03/18/2017  03:57 PM            14,336 registry.sys
03/18/2017  03:57 PM            74,648 hvservice.sys
03/18/2017  03:57 PM           154,016 SerCx2.sys
03/18/2017  03:57 PM            12,288 mshidumdf.sys
03/18/2017  03:57 PM            15,360 Dmpusbstor.sys
03/18/2017  03:57 PM             8,704 mshidkmdf.sys
03/18/2017  03:57 PM            39,840 cnghwassist.sys
03/18/2017  03:57 PM            46,488 werkernel.sys
03/18/2017  03:57 PM            83,456 mslldp.sys
03/18/2017  03:57 PM            28,064 tbs.sys
03/18/2017  03:58 PM           741,376 PEAuth.sys
03/18/2017  03:58 PM            12,288 cldflt.sys
03/18/2017  03:58 PM           217,088 winnat.sys
03/18/2017  03:58 PM            82,432 rspndr.sys
03/18/2017  03:58 PM            66,560 lltdio.sys
03/18/2017  03:58 PM           877,472 ClipSp.sys
03/18/2017  03:58 PM            32,672 SleepStudyHelper.sys
03/18/2017  03:58 PM            17,920 applockerfltr.sys
03/18/2017  03:58 PM            76,800 mpsdrv.sys
03/18/2017  03:58 PM           263,584 ufx01000.sys
03/18/2017  03:58 PM            59,288 urscx01000.sys
03/18/2017  03:58 PM            36,864 IndirectKmd.sys
03/18/2017  03:58 PM           179,200 UcmTcpciCx.sys
03/18/2017  03:58 PM            32,256 dumpsdport.sys
03/18/2017  03:58 PM            70,232 WindowsTrustedRT.sys
03/18/2017  03:58 PM            10,752 mspqm.sys
03/18/2017  03:58 PM            10,752 mspclock.sys
03/18/2017  03:58 PM            12,800 mstee.sys
03/18/2017  03:58 PM            79,872 rassstp.sys
03/18/2017  03:58 PM            97,792 raspptp.sys
03/18/2017  03:58 PM           107,008 rasl2tp.sys
03/18/2017  03:58 PM           127,488 Ndu.sys
03/18/2017  03:58 PM           192,000 ndiswan.sys
03/18/2017  03:58 PM           162,304 tunnel.sys
03/18/2017  03:58 PM             8,192 gpuenergydrv.sys
03/18/2017  03:58 PM           108,544 agilevpn.sys
03/18/2017  03:58 PM           390,144 ks.sys
03/18/2017  03:58 PM            27,136 vwifibus.sys
03/18/2017  03:58 PM            77,312 vwififlt.sys
03/18/2017  03:58 PM            27,136 ndistapi.sys
03/18/2017  03:58 PM            81,408 wanarp.sys
03/18/2017  03:58 PM            62,464 ndproxy.sys
03/18/2017  03:58 PM           214,528 ipnat.sys
03/18/2017  03:58 PM            65,536 ndisuio.sys
03/18/2017  03:58 PM           170,912 ksecpkg.sys
03/18/2017  03:58 PM            79,872 storqosflt.sys
03/18/2017  03:59 PM            30,624 WpdUpFltr.sys
03/18/2017  03:59 PM            91,152 dumpfve.sys
03/18/2017  09:31 PM           183,296 rdpdr.sys
03/18/2017  09:31 PM            30,624 rdpvideominiport.sys
03/18/2017  09:31 PM            40,352 SpatialGraphFilter.sys
03/18/2017  09:31 PM            37,280 terminpt.sys
03/18/2017  09:31 PM            27,136 rdpbus.sys
03/27/2017  12:21 AM            84,432 tapnordvpn.sys
04/19/2017  12:29 AM                 0 Msft_Kernel_Smb_driver_Intel_01011.Wdf
04/19/2017  12:29 AM            18,960 LNonPnP.sys
04/19/2017  12:29 AM                 0 Msft_Kernel_SynTP_01011.Wdf
04/19/2017  01:18 AM           118,784 netvsc.sys
04/27/2017  07:59 PM           388,000 USBXHCI.SYS
05/20/2017  01:07 AM           277,504 xboxgip.sys
05/20/2017  01:08 AM            13,312 rootmdm.sys
05/20/2017  01:10 AM            27,136 ksthunk.sys
05/20/2017  01:53 AM           363,424 fastfat.sys
05/20/2017  01:54 AM           144,288 storahci.sys
05/20/2017  01:54 AM           730,016 vhdmp.sys
05/20/2017  01:59 AM           112,544 dam.sys
06/03/2017  05:00 AM           219,040 tpm.sys
06/03/2017  05:10 AM           130,464 tm.sys
06/20/2017  12:12 AM            86,528 hdaudbus.sys
06/20/2017  12:12 AM           264,192 usbvideo.sys
06/20/2017  12:14 AM            32,768 mskssrv.sys
06/20/2017  01:00 AM           142,752 wcifs.sys
07/07/2017  02:07 AM         1,106,848 http.sys
07/07/2017  02:24 AM           117,664 pdc.sys
07/27/2017  11:08 PM            97,792 bthhfenum.sys
07/27/2017  11:20 PM           982,016 bthport.sys
07/27/2017  11:25 PM            97,280 Microsoft.Bluetooth.Legacy.LEEnumerator.sys
07/27/2017  11:25 PM           105,472 bthenum.sys
07/27/2017  11:25 PM           115,712 bridge.sys
07/27/2017  11:27 PM            51,712 UcmUcsi.sys
07/28/2017  12:20 AM           279,968 msiscsi.sys
07/28/2017  12:23 AM           723,360 acpi.sys
07/31/2017  08:41 PM           180,736 rfcomm.sys
07/31/2017  08:44 PM            83,968 vmbkmclr.sys
07/31/2017  09:30 PM            82,336 vmbkmcl.sys
07/31/2017  09:36 PM           119,712 tdx.sys
07/31/2017  09:38 PM           382,368 clfs.sys
08/18/2017  01:23 AM            55,384 Smb_driver_Intel_Aux.sys
08/18/2017  01:23 AM            55,384 Smb_driver_Intel.sys
08/18/2017  01:23 AM            53,848 Smb_driver_AMDASF_Aux.sys
08/18/2017  01:23 AM            66,136 SynRMIHID_Aux.sys
08/18/2017  01:23 AM           716,384 SynTP.sys
09/04/2017  11:11 PM           254,976 srvnet.sys
09/04/2017  11:23 PM           305,152 netbt.sys
09/04/2017  11:25 PM            43,520 nsiproxy.sys
09/04/2017  11:26 PM           130,560 bthpan.sys
09/04/2017  11:26 PM           107,008 hidbth.sys
09/04/2017  11:27 PM           104,960 UcmCx.sys
09/04/2017  11:28 PM            71,680 usbser.sys
09/04/2017  11:28 PM            39,424 buttonconverter.sys
09/05/2017  12:11 AM           610,720 afd.sys
09/05/2017  12:21 AM           189,344 dumpsd.sys
09/05/2017  12:24 AM           519,584 netio.sys
09/05/2017  12:25 AM           159,648 partmgr.sys
09/05/2017  12:30 AM           287,648 sdbus.sys
09/18/2017  06:09 PM           554,400 USBHUB3.SYS
09/29/2017  02:20 AM           286,208 mrxsmb10.sys
09/29/2017  02:21 AM           722,944 srv2.sys
09/29/2017  02:21 AM           414,208 srv.sys
09/29/2017  02:29 AM           550,400 nwifi.sys
09/29/2017  02:32 AM            35,840 BasicRender.sys
09/30/2017  12:36 AM         2,672,024 tcpip.sys
09/30/2017  12:40 AM           173,976 usbccgp.sys
09/30/2017  12:40 AM           184,728 appid.sys
09/30/2017  12:41 AM           228,248 mrxsmb20.sys
09/30/2017  12:45 AM           511,896 usbhub.sys
09/30/2017  12:49 AM           135,576 ksecdd.sys
10/03/2017  12:24 PM            54,296 Accelerometer.sys
10/03/2017  12:24 PM            40,472 hpdskflt.sys
10/10/2017  08:05 PM            50,624 nvvad64v.sys
10/15/2017  09:57 AM           409,496 dxgmms1.sys
10/15/2017  09:57 AM           712,600 dxgmms2.sys
11/01/2017  11:19 PM           124,928 luafv.sys
11/01/2017  11:35 PM            25,600 Dumpstorport.sys
11/02/2017  12:12 AM            38,808 Diskdump.sys
11/02/2017  12:12 AM           714,648 fvevol.sys
11/02/2017  12:13 AM           546,712 storport.sys
11/02/2017  12:13 AM            95,640 stornvme.sys
11/02/2017  12:13 AM         2,443,672 dxgkrnl.sys
11/02/2017  12:15 AM         1,239,448 ndis.sys
11/02/2017  12:16 AM         2,327,448 ntfs.sys
11/17/2017  03:56 AM           757,248 WdiWiFi.sys
11/17/2017  04:39 AM           643,200 cng.sys
11/27/2017  08:56 PM            57,792 nvvhci.sys
11/28/2017  10:18 AM        17,020,720 nvlddmkm.sys
11/29/2017  09:44 PM            42,496 vwifimp.sys
12/13/2017  12:29 PM            94,144 mwac.sys
12/13/2017  08:03 PM            28,272 TrueSight.sys
12/14/2017  12:11 PM           192,952 mbamchameleon.sys
12/14/2017  12:12 PM           255,928 32353193.sys
12/27/2017  04:42 PM           142,136 nvchkoru.sys
             460 File(s)    120,109,023 bytes
               0 Dir(s)  159,502,614,528 bytes free

========= End of CMD: =========


==== End of Fixlog 16:45:21 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 PM

Posted 28 December 2017 - 07:55 AM

Hi,

Thank you. For the next step, you'll need to download FRST and the fixlist.txt attached on a clean computer and move them on your USB Flash Drive. You cannot insert the USB in the infected computer if Windows is running. The computer needs to be shut down, or you need to be in the Recovery Environmant. Otherwise, the infection will mess with the files on your USB and you'll have to download them again.

You'll need to download FRST and the fixlist.txt attached on a clean computer and move them on your USB. And before connecting your USB on the infected computer, it must be shut down, then you must boot directly in the Recovery Environment afterwards.

Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Lets start.

FOLLOW THE PROCEDURES FOR YOUR VERSION OF WINDOWS, 7 OR 10.

Item(s) required:

USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

Download the right version of FRST for your system:
64-bit or 32 bit version. Select the one you need.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Download the attached fixlist.txt and move it on your USB Flash Drive as well.

Boot in the Recovery Environment WINDOWS 7 USERS. See below for Windows 10.

Plug your USB Flash Drive in the infected computer
To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
Restart the computer
Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
Use the arrow keys to select Repair your computer, and press on Enter
Select your keyboard layout (US, French, etc.) and click on Next
Click on Command Prompt to open the command prompt

Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial https://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html on SevenForums.

WINDOWS 10 USERS.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on https://www.tenforums.com/tutorials/36083-create-system-repair-disc-windows-10-a.html TenForums.

Once in the command prompt

In the command prompt, type notepad and press on Enter
Notepad will open. Click on the File menu and select Open
Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
Note: Replace the letter e with the drive letter of your USB Flash Drive
FRST will open
Click on Yes to accept the disclaimer
Click on the Fix button and wait for the scan to complete
A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply.

p.s.
If at any time you need additional information please ask before proceeding.

Let me know what problem persists.

=============== old instructions. ============
====================================================
Hi,

You'll need to download FRST and the fixlist.txt attached on a clean computer and move them on your USB. And before connecting your USB on the infected computer, it must be shut down, then you must boot directly in the RE afterwards.

Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

Download the right version of FRST for your system:
FRST 64-bit
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Download the attached fixlist.txt and move it on your USB Flash Drive as well.

Boot in the Recovery Environment

Plug your USB Flash Drive in the infected computer
To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
Restart the computer
Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
Use the arrow keys to select Repair your computer, and press on Enter
Select your keyboard layout (US, French, etc.) and click on Next
Click on Command Prompt to open the command prompt

Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial https://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html on SevenForums.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on https://www.tenforums.com/tutorials/36083-create-system-repair-disc-windows-10-a.html TenForums.

Once in the command prompt

In the command prompt, type notepad and press on Enter
Notepad will open. Click on theHi,

You'll need to download FRST and the fixlist.txt attached on a clean computer and move them on your USB. And before connecting your USB on the infected computer, it must be shut down, then you must boot directly in the RE afterwards.

Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

Download the right version of FRST for your system:
FRST 64-bit
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Download the attached fixlist.txt and move it on your USB Flash Drive as wel.

Boot in the Recovery Environment

Plug your USB Flash Drive in the infected computer
To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
Restart the computer
Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
Use the arrow keys to select Repair your computer, and press on Enter
Select your keyboard layout (US, French, etc.) and click on Next
Click on Command Prompt to open the command prompt

Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial https://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html on SevenForums.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on https://www.tenforums.com/tutorials/36083-create-system-repair-disc-windows-10-a.html TenForums.

Once in the command prompt

In the command prompt, type notepad and press on Enter
Notepad will open. Click on the File menu and select Open
Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
Note: Replace the letter e with the drive letter of your USB Flash Drive
FRST will open
Click on Yes to accept the disclaimer
Click on the Fix button and wait for the scan to complete
A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply
===

Please run the Farbar tool and post a fresh FRST log for my review.

Let me know what problem persists.

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 PM

Posted 03 January 2018 - 08:31 AM

Are you still with me?

#6 Hayama

Hayama
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 03 January 2018 - 02:54 PM

Very sorry, I was trying to find someone with a computer I can use and a lot of personal stuff has been going down. Would it be okay if I used a phone to download them and put them on the flash drive? I have an on the go cable around here somewhere.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 PM

Posted 04 January 2018 - 08:26 AM

Hi,

I will refer you to my post no. 4/

Item(s) required:

USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

Download the right version of FRST for your system:
64-bit or 32 bit version. Select the one you need.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Download the attached fixlist.txt and move it on your USB Flash Drive as well.


This previous method was not correct and was since changed a little.

If you still have the Flash Drive you used to download the FRST or FRST64 programs I suggest you delete the downloaded file in that Flash Drive.

Now using a Clean Computer and A Clean Flash Drive

Download the right version of FRST for your system:
64-bit or 32 bit version. Select the one you need.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Download the attached fixlist.txt and move it on your USB Flash Drive as well.[/quote]

Enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

When in the Recovery Environment Plug your USB Flash Drive in the infected computer.
(In the previous instructions the flash drive was set before entering then RE, the experts have found out that it corrupted the downloads.)

The rest of the instructions are the same.

Once in the command prompt

In the command prompt, type notepad and press on Enter
Notepad will open. Click on the File menu and select Open
Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
Note: Replace the letter e with the drive letter of your USB Flash Drive
FRST will open
Click on Yes to accept the disclaimer
Click on the Fix button and wait for the scan to complete
A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

===

I have attached the Fixlist.txt file again just in case you have not kept the previous one.

Please post the Fixlog.txt and let me know if the problem persists.

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 PM

Posted 10 January 2018 - 08:59 AM

Are you still with me?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 PM

Posted 17 January 2018 - 07:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users