Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disk is frequently at %100 and Chrome causes computer to freeze


  • This topic is locked This topic is locked
21 replies to this topic

#1 hishighness

hishighness

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 25 March 2018 - 03:34 AM

Good day. Over the past couple of days I've been unable to run Chrome on my laptop, I can open it but then the computer starts using %100 disk and it freezes, I can still move the mouse but nothing responds or if it does it takes forever. Also when I restart my computer the disk is frequently at %100 usage for much longer than normal.

Something else is the first time I tried to run FRST when I opened it there were letters missing in the program's screen. Like, imagine a sentence but %75 of the letters from it were invisible. Also, it seems to be using the network even when I'm not doing anything or downloading. Thank you for your time.
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by toopr (administrator) on CMHALENOVO (25-03-2018 05:18:13)
Running from C:\Users\toopr\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: toopr (Available Profiles: toopr & hishi)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Copyright © 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Cisco) C:\Users\toopr\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5062384 2015-08-30] (Realtek semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13886208 2015-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-05-21] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2016-08-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2016-08-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-03-15] (Dropbox, Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-11-16] ()
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-08-16] (Copyright © 2017 Plays.tv, LLC)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-07] (COMODO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [986648 2016-09-29] (BlueStack Systems, Inc.)
HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\Run: [Discord] => C:\Users\toopr\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1207112 2018-03-05] ()
HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\Run: [VideoGuardMonitor] => C:\Users\toopr\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [4155656 2016-07-10] (Cisco)
HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\Run: [Resilio Sync] => C:\Users\toopr\AppData\Roaming\Resilio Sync\Resilio Sync.exe [16339976 2017-04-12] (Resilio, Inc.)
Startup: C:\Users\toopr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2017-04-08]
ShortcutTarget: Curse.lnk -> C:\Users\toopr\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 24.222.0.94 24.222.0.95
Tcpip\..\Interfaces\{2e8114a5-6968-49cb-944d-4adc2575b009}: [DhcpNameServer] 24.222.0.94 24.222.0.95
Tcpip\..\Interfaces\{b6875e86-5a0f-4498-aeca-e4f98e8b310f}: [DhcpNameServer] 24.222.0.94 24.222.0.95
Tcpip\..\Interfaces\{b71f7603-ef53-4f9a-97e0-c866d7621d14}: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
Internet Explorer:
==================
HKU\S-1-5-21-651665887-602624498-1960067312-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.ca/
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-09] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-09] (Oracle Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\toopr\AppData\Roaming\oneteam\Profiles\4vgmuq3x.default [2016-08-20]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-651665887-602624498-1960067312-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\toopr\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-03-19] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR Profile: C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default [2018-03-24]
CHR Extension: (Slides) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-25]
CHR Extension: (Flash Video Downloader) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-03-01]
CHR Extension: (Removes Taboola) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajdhffnbdccpannhhpeclanoojjloech [2016-08-12]
CHR Extension: (BetterTTV) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-20]
CHR Extension: (Docs) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25]
CHR Extension: (Google Drive) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-12]
CHR Extension: (Turn Off the Lights) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2018-03-15]
CHR Extension: (Stencil) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjkdefgpgngdhagacbeajapgnoobjig [2016-08-21]
CHR Extension: (YouTube) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-12]
CHR Extension: (Adblock Plus) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-30]
CHR Extension: (Gmail™ Notifier) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\chchfhampioeijdffegkhnpccchjbfpk [2018-01-14]
CHR Extension: (uBlock Origin) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-03-23]
CHR Extension: (Tampermonkey) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-01-26]
CHR Extension: (Disable HTML5 Autoplay) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdhoaajjjgckpbkoglidkeendpkolai [2018-01-17]
CHR Extension: (ARC Welder) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2018-02-08]
CHR Extension: (Social Notifications [Mod]) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdplekadlcjnnjeffgnobeilnchinoko [2017-03-17]
CHR Extension: (Full Page Screen Capture) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2018-03-23]
CHR Extension: (Sheets) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-25]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2018-03-01]
CHR Extension: (Nano Defender) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggolfgbegefeeoocgjbmkembbncoadlb [2018-03-23]
CHR Extension: (Google Docs Offline) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-12]
CHR Extension: (AdBlock) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-15]
CHR Extension: (Full Page Screenshot) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\glgomjpomoahpeekneidkinhcfjnnhmb [2018-03-15]
CHR Extension: (SwagButton) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2018-03-15]
CHR Extension: (Pinterest Save Button) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-11-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-03-15]
CHR Extension: (TuneIn Radio) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhkolpgedpldcfmkgbdokgiljfbblpfj [2016-08-21]
CHR Extension: (Permanent clipboard) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hilkjcfodmbdgpadbpehimibheopoccb [2018-03-23]
CHR Extension: (Auto Refresh) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2017-12-27]
CHR Extension: (Twitch Live) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2017-08-30]
CHR Extension: (Reddit Notifier) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikingdipinldcfllekffnlgbojbbpilk [2016-08-12]
CHR Extension: (Google Forms) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2017-11-02]
CHR Extension: (RetailMeNot Coupons) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljagpkilagnnjglodjinldilnaphmeo [2016-08-21]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2017-08-08]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2018-01-26]
CHR Extension: (Steam Database) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdbmhfkmnlmbkgbabkdealhhbfhlmmon [2018-03-21]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-12-09]
CHR Extension: (The Great Suspender) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2018-01-17]
CHR Extension: (Twitch 5) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\knankefoajngclnjgnelanfohgihifpc [2017-11-08]
CHR Extension: (Bookmarks Bar Switcher) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcaelgondnfehcambmdhhfokjknhfahc [2017-08-08]
CHR Extension: (Audio EQ) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfafdlnjaliaghpjdajmlcnnblkgcefh [2016-11-21]
CHR Extension: (Boomerang for Gmail) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-05-17]
CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2016-10-27]
CHR Extension: (Google Mail Checker) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-08-12]
CHR Extension: (Google Hangouts) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-02-14]
CHR Extension: (WeatherBug) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2017-12-22]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2016-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-30]
CHR Extension: (Context Menu Search) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2017-04-28]
CHR Extension: (Bookmax - Online Bookmark Manager) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjpkfadmfhloombfmmlllnbhkoehckm [2016-08-21]
CHR Extension: (Enhanced Steam) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-12-27]
CHR Extension: (uBlock Origin Extra) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgdnlhfefecpicbbihgmbmffkjpaplco [2018-03-15]
CHR Extension: (BackStop) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pidcjgldchekcoolelhbjfbnccjkckfj [2016-08-12]
CHR Extension: (Gmail) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-12]
CHR Extension: (Chrome Media Router) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-16]
CHR Profile: C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-05-10]
CHR Extension: (Google Slides) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-01]
CHR Extension: (Google Docs) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-01]
CHR Extension: (Google Drive) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-01]
CHR Extension: (YouTube) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-01]
CHR Extension: (Adblock Plus) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-05-01]
CHR Extension: (Tampermonkey) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-01]
CHR Extension: (Google Sheets) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-01]
CHR Extension: (Google Docs Offline) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-05-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-01]
CHR Extension: (Gmail) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-01]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-13] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2017-02-02] (BitRaider, LLC)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-09-29] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-09-29] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-09-29] (BlueStack Systems, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-14] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [389392 2016-11-10] (EasyAntiCheat Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [104448 2016-11-16] (Freemake) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-08-11] (Futuremark)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [359848 2015-09-04] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-08-19] (Intel Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-07] (COMODO)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-23] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-23] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1452360 2018-03-05] (Overwolf LTD)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-08-16] (Copyright © 2017 Plays.tv, LLC)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-10-22] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [189248 2016-10-22] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-03-01] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
R2 postgresql-x64-9.3; "C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe" runservice -N "postgresql-x64-9.3" -D "C:/Program Files/PostgreSQL/9.3/data" -w [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-09-29] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-09-28] (Bluestack System Inc. )
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2017-09-29] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_9cf4218401aa29c5\nvlddmkm.sys [14847088 2017-04-20] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-09-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-09-19] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-09-19] (NVIDIA Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3069680 2015-08-30] (Realtek Semiconductor Corp.)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
R3 voxaldriver; C:\WINDOWS\system32\DRIVERS\voxaldriverx64.sys [52976 2017-03-22] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-25 05:06 - 2018-03-25 05:18 - 000000000 ____D C:\FRST
2018-03-24 22:31 - 2018-03-24 22:31 - 000944114 _____ C:\Users\toopr\AppData\Local\census.cache
2018-03-24 22:27 - 2018-03-24 22:27 - 000434964 _____ C:\Users\toopr\AppData\Local\ars.cache
2018-03-24 21:57 - 2018-03-24 22:40 - 000000010 _____ C:\Users\toopr\AppData\Local\sponge.last.runtime.cache
2018-03-24 21:46 - 2018-03-24 21:46 - 002527376 _____ (Trend Micro Inc.) C:\Users\toopr\Downloads\HousecallLauncher64 (1).exe
2018-03-24 21:43 - 2018-03-24 21:43 - 000000036 _____ C:\Users\toopr\AppData\Local\housecall.guid.cache
2018-03-24 21:43 - 2017-10-17 13:40 - 000334488 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2018-03-21 23:34 - 2018-03-21 23:57 - 000000014 _____ C:\Users\toopr\Desktop\SeaOfThieves.txt
2018-03-19 14:56 - 2018-03-19 14:56 - 000000000 ____D C:\Users\toopr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2018-03-19 14:55 - 2018-03-19 14:56 - 000000000 ____D C:\Users\toopr\AppData\Roaming\Zoom
2018-03-19 14:53 - 2018-03-19 14:54 - 000133640 _____ (Zoom Video Communications, Inc.) C:\Users\toopr\Downloads\Zoom_launcher.exe
2018-03-19 14:53 - 2018-03-19 14:54 - 000133640 _____ (Zoom Video Communications, Inc.) C:\Users\toopr\Downloads\Zoom_launcher (1).exe
2018-03-16 17:30 - 2018-03-16 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-15 08:50 - 2018-03-15 08:50 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-03-15 08:50 - 2018-03-15 08:50 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-03-15 08:50 - 2018-03-15 08:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-03-15 08:50 - 2018-03-15 08:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-03-15 06:39 - 2018-03-02 18:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-15 06:39 - 2018-03-02 18:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-14 08:50 - 2018-03-02 00:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 08:50 - 2018-03-02 00:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 08:50 - 2018-03-02 00:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 08:50 - 2018-03-02 00:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 08:50 - 2018-03-02 00:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 08:50 - 2018-03-02 00:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 08:50 - 2018-03-01 23:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 08:50 - 2018-03-01 17:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 08:50 - 2018-03-01 04:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-14 08:50 - 2018-03-01 04:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-14 08:50 - 2018-03-01 04:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-14 08:50 - 2018-03-01 04:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-14 08:50 - 2018-03-01 04:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 08:50 - 2018-03-01 04:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-14 08:50 - 2018-03-01 04:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-14 08:50 - 2018-03-01 04:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-14 08:50 - 2018-03-01 04:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 08:50 - 2018-03-01 04:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 08:50 - 2018-03-01 04:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-14 08:50 - 2018-03-01 04:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-14 08:50 - 2018-03-01 04:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-14 08:50 - 2018-03-01 04:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 08:50 - 2018-03-01 04:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 08:50 - 2018-03-01 04:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-14 08:50 - 2018-03-01 04:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 08:50 - 2018-03-01 04:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 08:50 - 2018-03-01 04:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 08:50 - 2018-03-01 04:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-14 08:50 - 2018-03-01 04:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-14 08:50 - 2018-03-01 04:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-14 08:50 - 2018-03-01 04:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 08:50 - 2018-03-01 04:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 08:50 - 2018-03-01 04:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 08:50 - 2018-03-01 04:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-14 08:50 - 2018-03-01 04:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-14 08:50 - 2018-03-01 04:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 08:50 - 2018-03-01 04:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 08:50 - 2018-03-01 04:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 08:50 - 2018-03-01 04:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 08:50 - 2018-03-01 04:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 08:50 - 2018-03-01 04:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 08:50 - 2018-03-01 04:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 08:50 - 2018-03-01 04:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-14 08:50 - 2018-03-01 04:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 08:50 - 2018-03-01 04:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 08:50 - 2018-03-01 04:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 08:50 - 2018-03-01 04:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 08:50 - 2018-03-01 04:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 08:50 - 2018-03-01 04:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 08:50 - 2018-03-01 04:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-14 08:50 - 2018-03-01 03:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 08:50 - 2018-03-01 03:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-14 08:50 - 2018-03-01 03:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-14 08:50 - 2018-03-01 03:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 08:50 - 2018-03-01 03:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 08:50 - 2018-03-01 03:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 08:50 - 2018-03-01 03:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 08:50 - 2018-03-01 03:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 08:50 - 2018-03-01 03:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-14 08:50 - 2018-03-01 03:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 08:50 - 2018-03-01 03:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 08:50 - 2018-03-01 03:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 08:50 - 2018-03-01 03:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-14 08:50 - 2018-03-01 03:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 08:50 - 2018-03-01 03:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 08:50 - 2018-03-01 03:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-14 08:50 - 2018-03-01 03:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-14 08:50 - 2018-03-01 03:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 08:50 - 2018-03-01 03:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 08:50 - 2018-03-01 03:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-14 08:50 - 2018-03-01 03:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 08:50 - 2018-03-01 03:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-14 08:50 - 2018-03-01 03:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-14 08:50 - 2018-03-01 03:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-14 08:50 - 2018-03-01 03:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 08:50 - 2018-03-01 03:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 08:50 - 2018-03-01 02:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 08:50 - 2018-03-01 02:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 08:50 - 2018-03-01 02:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-14 08:50 - 2018-03-01 02:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 08:50 - 2018-03-01 02:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 08:50 - 2018-03-01 02:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 08:50 - 2018-03-01 02:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-14 08:50 - 2018-03-01 02:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-14 08:50 - 2018-03-01 02:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 08:50 - 2018-03-01 02:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-14 08:50 - 2018-03-01 02:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-14 08:50 - 2018-03-01 02:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 08:50 - 2018-03-01 02:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 08:50 - 2018-03-01 02:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 08:50 - 2018-03-01 02:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 08:50 - 2018-03-01 02:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 08:50 - 2018-03-01 02:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 08:50 - 2018-03-01 02:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 08:50 - 2018-03-01 02:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 08:50 - 2018-03-01 02:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 08:50 - 2018-03-01 02:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 08:50 - 2018-03-01 02:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 08:50 - 2018-03-01 02:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 08:50 - 2018-03-01 02:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 08:50 - 2018-03-01 02:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 08:50 - 2018-03-01 02:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 08:50 - 2018-03-01 02:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-14 08:50 - 2018-03-01 02:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 08:50 - 2018-03-01 02:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 08:50 - 2018-03-01 02:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 08:50 - 2018-03-01 02:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 08:50 - 2018-03-01 02:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-14 08:50 - 2018-03-01 02:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 08:50 - 2018-03-01 02:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 08:50 - 2018-03-01 02:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 08:50 - 2018-03-01 02:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 08:50 - 2018-03-01 02:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 08:50 - 2018-03-01 02:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 08:50 - 2018-03-01 02:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 08:50 - 2018-03-01 02:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 08:50 - 2018-03-01 02:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 08:50 - 2018-03-01 02:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 08:50 - 2018-03-01 02:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-14 08:50 - 2018-03-01 02:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 08:50 - 2018-03-01 02:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 08:50 - 2018-03-01 02:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 08:50 - 2018-03-01 02:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 08:50 - 2018-03-01 02:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 08:50 - 2018-03-01 02:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 08:50 - 2018-03-01 02:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 08:50 - 2018-03-01 02:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 08:50 - 2018-03-01 02:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 08:50 - 2018-03-01 02:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-14 08:50 - 2018-03-01 02:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 08:50 - 2018-03-01 02:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 08:50 - 2018-03-01 02:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-14 08:50 - 2018-03-01 02:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-14 08:50 - 2018-03-01 02:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-14 08:50 - 2018-03-01 02:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 08:50 - 2018-03-01 02:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-14 08:50 - 2018-03-01 02:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 08:50 - 2018-03-01 02:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 08:50 - 2018-03-01 02:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 08:50 - 2018-03-01 02:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 08:50 - 2018-03-01 02:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 08:50 - 2018-03-01 02:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 08:50 - 2018-03-01 02:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-14 08:50 - 2018-03-01 02:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-14 08:50 - 2018-03-01 02:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 08:50 - 2018-03-01 02:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 08:50 - 2018-03-01 02:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-14 08:50 - 2018-03-01 02:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-14 08:50 - 2018-03-01 02:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-14 08:50 - 2018-02-21 23:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-14 08:50 - 2018-02-21 23:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-14 08:50 - 2018-02-21 23:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-14 08:50 - 2018-02-21 23:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 08:50 - 2018-02-21 23:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 08:50 - 2018-02-21 23:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 08:50 - 2018-02-21 23:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 08:50 - 2018-02-21 23:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 08:50 - 2018-02-21 23:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 08:50 - 2018-02-21 23:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-14 08:50 - 2018-02-21 23:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-14 08:50 - 2018-02-21 23:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 08:50 - 2018-02-21 23:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 08:50 - 2018-02-21 23:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 08:50 - 2018-02-21 23:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 08:50 - 2018-02-21 23:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 08:50 - 2018-02-21 22:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 08:50 - 2018-02-21 22:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 08:50 - 2018-02-21 22:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 08:50 - 2018-02-21 22:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-14 08:50 - 2018-02-21 22:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 08:50 - 2018-02-21 22:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 08:50 - 2018-02-21 22:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 08:50 - 2018-02-21 22:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 08:50 - 2018-02-21 21:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 08:50 - 2018-02-21 21:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 08:50 - 2018-02-21 21:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-14 08:50 - 2018-02-21 21:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 08:50 - 2018-02-21 21:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 08:50 - 2018-02-21 21:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 08:50 - 2018-02-21 21:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-14 08:50 - 2018-02-21 21:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 08:50 - 2018-02-21 21:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 08:50 - 2018-02-21 21:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-09 19:28 - 2018-03-25 05:09 - 000001261 _____ C:\Users\toopr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sharemouse.lnk
2018-03-09 19:27 - 2018-03-09 19:27 - 004937664 _____ (Bartels Media GmbH ) C:\Users\toopr\Downloads\ShareMouseSetup.exe
2018-03-05 19:05 - 2018-03-05 19:12 - 380739166 _____ C:\Users\toopr\Downloads\20180301_234053038_H1Z1.mp4
2018-03-04 00:23 - 2018-03-04 00:23 - 020765663 _____ (Thüring IT-Consulting ) C:\Users\toopr\Downloads\MP4Tools-3.6-win32.exe
2018-03-03 22:07 - 2018-03-03 22:07 - 000000000 ____D C:\ProgramData\AutoUpdate
2018-03-03 22:06 - 2018-03-03 22:06 - 000001260 _____ C:\Users\Public\Desktop\Launch Airy 2.1.lnk
2018-03-03 22:06 - 2018-03-03 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airy Team
2018-03-03 22:06 - 2018-03-03 22:06 - 000000000 ____D C:\ProgramData\Airy Team
2018-03-03 22:06 - 2018-03-03 22:06 - 000000000 ____D C:\Program Files (x86)\Airy Team
2018-03-03 22:02 - 2018-03-03 22:02 - 066400072 _____ (APOWERSOFT LIMITED ) C:\Users\toopr\Downloads\video-download-capture.exe
2018-03-03 22:02 - 2018-03-03 22:02 - 014403088 _____ (Airy Team ) C:\Users\toopr\Downloads\airy.exe
2018-03-02 11:04 - 2018-03-02 11:04 - 000000000 ____D C:\Users\toopr\AppData\Local\PrivateInternetAccess
2018-03-02 11:03 - 2018-03-02 11:03 - 000001058 _____ C:\Users\toopr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Private Internet Access.lnk
2018-03-02 11:03 - 2018-03-02 11:03 - 000000951 _____ C:\Users\toopr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reinstall TAP Driver.lnk
2018-03-02 11:03 - 2018-03-02 11:03 - 000000919 _____ C:\Users\toopr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk
2018-03-02 11:03 - 2018-03-02 11:03 - 000000889 _____ C:\Users\toopr\Desktop\Private Internet Access.lnk
2018-03-02 11:02 - 2018-03-02 11:03 - 044745960 _____ (London Trust Media, Inc. ) C:\Users\toopr\Downloads\pia-v77-installer-win.exe
2018-03-02 04:38 - 2018-03-02 04:38 - 000256240 _____ C:\Users\toopr\Downloads\tap-windows-9.21.2.exe
2018-03-02 04:38 - 2018-03-02 04:38 - 000000000 ____D C:\Program Files\TAP-Windows
2018-03-01 03:26 - 2018-03-01 03:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-25 05:17 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-25 05:16 - 2017-08-08 03:43 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-25 05:15 - 2017-12-27 04:48 - 000006934 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-25 05:14 - 2017-01-31 20:00 - 000000000 ____D C:\WINDOWS\uninstall
2018-03-25 05:11 - 2016-08-12 14:10 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-25 05:09 - 2017-08-08 03:43 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-03-25 05:09 - 2016-08-12 13:33 - 000000000 __SHD C:\Users\toopr\IntelGraphicsProfiles
2018-03-25 05:08 - 2017-12-27 05:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-25 05:07 - 2017-09-29 05:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-25 05:06 - 2017-12-27 04:48 - 000000000 ____D C:\Users\toopr
2018-03-25 04:21 - 2016-08-15 17:23 - 000000000 ____D C:\Users\toopr\AppData\Roaming\vlc
2018-03-25 03:55 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-25 03:04 - 2017-12-27 04:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-24 14:58 - 2017-12-27 05:18 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E9C322AD-A9CE-492E-AE28-A1DC5B33B55B}
2018-03-23 16:46 - 2017-04-07 23:41 - 000000000 ____D C:\Users\toopr\AppData\Roaming\qBittorrent
2018-03-22 22:34 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-21 23:40 - 2017-09-29 10:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-20 20:24 - 2016-08-12 13:50 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-18 04:19 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-16 17:31 - 2016-08-14 01:07 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-03-16 04:07 - 2017-09-29 10:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-15 06:41 - 2017-12-27 05:22 - 000000000 ___RD C:\Users\toopr\3D Objects
2018-03-15 06:41 - 2016-04-27 03:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-15 06:38 - 2017-12-27 04:41 - 002888896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-15 06:34 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-15 06:34 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-15 06:34 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-15 06:33 - 2016-08-14 02:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-14 23:53 - 2017-11-16 17:45 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2018-03-14 09:09 - 2017-09-29 10:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-14 09:09 - 2016-08-13 15:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 09:03 - 2017-10-10 22:46 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 09:03 - 2016-08-13 15:49 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-14 08:53 - 2017-09-29 10:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 08:53 - 2017-09-29 10:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-14 00:39 - 2018-01-04 21:42 - 000000000 ____D C:\Users\toopr\Desktop\Power
2018-03-07 21:17 - 2016-11-09 21:16 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-03-02 20:48 - 2017-12-27 05:18 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-651665887-602624498-1960067312-1001
2018-03-02 20:48 - 2016-08-12 13:37 - 000002408 _____ C:\Users\toopr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-02 20:48 - 2016-08-12 13:37 - 000000000 ___RD C:\Users\toopr\OneDrive
2018-03-02 11:04 - 2017-12-27 05:18 - 000003296 _____ C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2018-03-02 11:04 - 2016-09-10 23:20 - 000000000 ____D C:\Program Files\pia_manager
2018-03-02 05:27 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-01 19:26 - 2018-02-19 06:51 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-01 03:29 - 2017-09-29 10:46 - 000000000 ___RD C:\Program Files\Windows Defender
 
==================== Files in the root of some directories =======
 
2017-11-07 20:03 - 2017-08-29 01:56 - 000365248 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-03-22 11:53 - 2017-03-22 11:53 - 000001167 _____ () C:\Users\toopr\AppData\Roaming\trace_FilterInstaller.txt
2017-03-22 11:53 - 2017-03-22 11:53 - 000000000 _____ () C:\Users\toopr\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-13 00:24 - 2017-09-13 05:32 - 000004537 _____ () C:\Users\toopr\AppData\Roaming\VoiceMeeterDefault.xml
2018-03-24 22:27 - 2018-03-24 22:27 - 000434964 _____ () C:\Users\toopr\AppData\Local\ars.cache
2018-03-24 22:31 - 2018-03-24 22:31 - 000944114 _____ () C:\Users\toopr\AppData\Local\census.cache
2018-03-24 21:43 - 2018-03-24 21:43 - 000000036 _____ () C:\Users\toopr\AppData\Local\housecall.guid.cache
2018-01-25 07:11 - 2018-01-25 07:11 - 000000218 _____ () C:\Users\toopr\AppData\Local\recently-used.xbel
2018-03-24 21:57 - 2018-03-24 22:40 - 000000010 _____ () C:\Users\toopr\AppData\Local\sponge.last.runtime.cache
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-18 04:08
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by toopr (25-03-2018 05:20:44)
Running from C:\Users\toopr\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-27 08:20:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-651665887-602624498-1960067312-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-651665887-602624498-1960067312-503 - Limited - Disabled)
Guest (S-1-5-21-651665887-602624498-1960067312-501 - Limited - Disabled)
hishi (S-1-5-21-651665887-602624498-1960067312-1003 - Administrator - Enabled) => C:\Users\hishi
toopr (S-1-5-21-651665887-602624498-1960067312-1001 - Administrator - Enabled) => C:\Users\toopr
WDAGUtilityAccount (S-1-5-21-651665887-602624498-1960067312-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DMark (HKLM\...\{F611E93B-8EC1-4662-BDFF-6909DB820862}) (Version: 2.2.3509.0 - Futuremark) Hidden
3DMark (HKLM-x32\...\{4bf26510-8c4e-447c-b819-2967aeca2839}) (Version: 2.2.3509.0 - Futuremark)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Anchor Service x64 CS4 (HKLM\...\{887797BF-37A5-4199-B0C9-0D38D6196E9A}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (HKLM\...\{90BA8112-80B3-4617-A3C1-BD2771B60F74}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (HKLM\...\{8DAA31EB-6830-4006-A99F-4DF8AB24714F}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (HKLM\...\{A3454894-144A-4D80-B605-C128FE0D7329}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (HKLM\...\{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (HKLM\...\{8875A1C0-6308-4790-8CF6-D34E89880052}) (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (HKLM\...\{DFFABE78-8173-4E97-9C5C-22FB26192FC5}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (HKLM\...\{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (HKLM\...\{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (HKLM\...\{295CFB7C-A57E-4313-93E7-68E7CE1D0332}) (Version: 1.1 - Adobe Systems Incorporated) Hidden
Airy (HKLM-x32\...\Airy_is1) (Version: 2.1.191 - Airy Team)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.89 - NVIDIA Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AutoHotkey 1.1.24.04 (HKLM\...\AutoHotkey) (Version: 1.1.24.04 - Lexikos)
Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1942 WWII Anthology HD (HKLM-x32\...\{41AA2A65-DC47-4A15-9EBB-7D2B1FB1A51E}_is1) (Version: 1.61 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlefield™ 1 Open Beta (HKLM-x32\...\{F9E19363-7B10-4F8A-8640-945C36D4B504}) (Version: 1.0.8.10777 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
BitMinter Client (HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\BitMinter Client) (Version:  - BitMinter.com)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\{437221A8-91D1-42A0-9E04-0AD64B502374}) (Version: 2.78.1 - Blender Foundation)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.61.6289 - BlueStack Systems, Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
CheVolume 0.4.0.2 (HKLM-x32\...\CheVolume 0.4.0.2) (Version:  - WellWeWeb)
Cisco VideoGuard Player (HKLM-x32\...\{28c1da00-d362-464b-bdee-90ef5358f8d7}) (Version: 6.8 - Cisco Systems, Inc)
Connect (HKLM-x32\...\{B29AD377-CC12-490A-A480-1452337C618D}) (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version:  - ConTEXT Project Ltd)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
Discord (HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Duplicate File Finder (HKLM-x32\...\{1041487C-12E6-47FE-B83A-E9891782C8FE}}_is1) (Version: 6.3 - Ashisoft)
Duplicate Files Finder (HKLM-x32\...\Duplicate Files Finder) (Version:  - )
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Entropia Universe (HKLM-x32\...\Entropia Universe) (Version: 15.10.2.139052 - MindArk PE AB)
Epic Pen version Epic Pen (HKLM-x32\...\Epic Pen_is1) (Version: Epic Pen - TANK Media)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVE Pirate's Little Helper (HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\3d96228556213162) (Version: 1.7.1.1 - Jonas Jacobi)
EVEMon (HKLM-x32\...\EVEMon) (Version: 3.0.2 - EVEMon Development Team)
Evernus (HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\{eb133847-45fe-40f7-a6b9-cbcb935bbe12}) (Version: 1.42 - Evernus)
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 3.03 - NCH Software)
FlashBack Express 5 (HKLM-x32\...\FlashBack Express 5) (Version: 5.27.0.4280 - Blueberry Software (UK) Ltd.)
FlightConnect for FSX (HKLM-x32\...\{E129010E-6A4E-4AB1-96E5-F439D145E880}) (Version: 2.8.3 - Vine Ripe Consulting)
Free2X Webcam Recorder 1.0.0.1 (HKLM-x32\...\Free2X Webcam Recorder_is1) (Version:  - )
Freemake Audio Converter version 1.1.8 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.8 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
FreePIE (HKLM-x32\...\{FD5ADEC0-F65D-4F0E-8CD2-D905FA372E61}) (Version: 1.9.629.0 - FreePIE)
Futuremark SystemInfo (HKLM-x32\...\{E540B871-3230-4C5B-AAD5-A30F64398275}) (Version: 4.48.599.0 - Futuremark)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys Logic)
GoldenEye: Source (HKLM-x32\...\gesource) (Version: 5.0 - The GoldenEye: Source Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version:  - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4279 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_10.0.26.0396) (Version: 10.0.26.0396 - Intel Corporation)
Intel® RealSense™ SDK Runtime Gold (x86): Core (HKLM-x32\...\{4BAB7070-1D73-11E6-8844-2C44FD873B55}) (Version: 10.0.26.396 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Core: Calibration (HKLM-x32\...\{676C639E-1D73-11E6-BF2F-2C44FD873B55}) (Version: 10.0.26.396 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): User Segmentation (HKLM-x32\...\{51040000-1D73-11E6-A45D-2C44FD873B55}) (Version: 10.0.26.396 - Intel Corporation) Hidden
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.424651.94 - Comodo)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Jivaro (HKLM-x32\...\{95CF931D-DDEB-4B15-B52C-80096CB5275E}) (Version: 2.2.15.0 - Jivaro ehf)
KeePass Password Safe 1.32 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.32 - Dominik Reichl)
kuler (HKLM-x32\...\{098727E1-775A-4450-B573-3F441F1CA243}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{4B2B6F4B-9B09-46ED-935E-A84A669D2DC9}) (Version: 2.8.2.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Muxy Ticker (HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\Muxy) (Version: 0.6.6 - Muxy)
Node.js (HKLM\...\{92E3C936-BE50-4D58-AB85-769E6438025E}) (Version: 6.10.2 - Node.js Foundation)
NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.0 - OBS Project)
OneTeam (HKLM-x32\...\{E027596A-8BD5-4D08-A618-C3E6D2E92CD7}) (Version: 0.99.321 - Process-One)
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.111.1.28 - Overwolf Ltd.)
PDF Settings CS4 (HKLM-x32\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (HKLM-x32\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (HKLM\...\{2D74E972-5A85-44DC-9193-8A302BA8C181}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.11.0 - )
PlanetSide 2 (HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.26.0-r124601-release - Plays.tv, LLC)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version:  - )
PostgreSQL 9.3  (HKLM\...\PostgreSQL 9.3) (Version: 9.3 - PostgreSQL Global Development Group)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Private Internet Access v77 (HKLM-x32\...\{148169C2-5558-4C3E-B38A-7B1813A264CA}_is1) (Version: 77 - London Trust Media, Inc.)
Project64 version 2.3.0.210 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.0.210 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PuTTY release 0.69 (64-bit) (HKLM\...\{5FE84905-DAF1-4319-82B2-D60BCA095BCE}) (Version: 0.69.0.0 - Simon Tatham)
qBittorrent 4.0.3 (HKLM-x32\...\qBittorrent) (Version: 4.0.3 - The qBittorrent project)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7514 - Realtek Semiconductor Corp.)
Resilio Sync (HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\Resilio Sync) (Version: 2.4.5 - Resilio, Inc.)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SketchUp 2017 (HKLM\...\{BCA90A4C-9C6A-49D1-91F9-594A0BE02432}) (Version: 17.1.174 - Trimble, Inc.)
South Park - The Stick of Truth (HKLM-x32\...\South Park - The Stick of Truth_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 12.0.0.7 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Suite Shared Configuration CS4 (HKLM-x32\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.95388 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Twitch Leecher 1.4.1 (HKLM\...\{6E15E350-AC55-436D-BA37-ED298E1AFD1A}) (Version: 1.4.1.0 - Fake Smile Revolution) Hidden
Twitch Leecher 1.4.1 (HKLM-x32\...\{ff03e5ca-3b49-4f00-b5cc-bfbab08150d6}) (Version: 1.4.1.0 - Fake Smile Revolution)
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Unity (HKLM-x32\...\Unity) (Version: 5.5.1f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 30.0 - Ubisoft)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.48 - NCH Software)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voxal Voice Changer (HKLM-x32\...\Voxal) (Version: 2.00 - NCH Software)
VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Zoom (HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-651665887-602624498-1960067312-1001_Classes\CLSID\{581FFA00-FC33-0005-0402-95003A5CDE89}\InprocServer32 -> C:\Users\toopr\AppData\Roaming\Resilio Sync\ShellExtensionPath64_387.dll ()
CustomCLSID: HKU\S-1-5-21-651665887-602624498-1960067312-1001_Classes\CLSID\{581FFA01-FC33-0005-0402-95003A5CDE89}\InprocServer32 -> C:\Users\toopr\AppData\Roaming\Resilio Sync\ShellExtensionPath64_387.dll ()
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!Resilio Sync 2.4.2Done] -> {581FFA04-FC33-0002-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2C4.dll [2016-11-29] ()
ShellIconOverlayIdentifiers: [!Resilio Sync 2.4.2RO] -> {581FFA03-FC33-0002-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2C4.dll [2016-11-29] ()
ShellIconOverlayIdentifiers: [!Resilio Sync 2.4.2RW] -> {581FFA02-FC33-0002-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2C4.dll [2016-11-29] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [!Resilio Sync 2.4.2Done] -> {581FFA04-FC33-0002-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2C4.dll [2016-11-29] ()
ShellIconOverlayIdentifiers-x32: [!Resilio Sync 2.4.2RO] -> {581FFA03-FC33-0002-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2C4.dll [2016-11-29] ()
ShellIconOverlayIdentifiers-x32: [!Resilio Sync 2.4.2RW] -> {581FFA02-FC33-0002-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2C4.dll [2016-11-29] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2016-12-02] ()
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers2: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated)
ContextMenuHandlers3: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-09-04] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-04-19] (NVIDIA Corporation)
ContextMenuHandlers5: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2016-12-02] ()
ContextMenuHandlers1_S-1-5-21-651665887-602624498-1960067312-1001: [Resilio Sync 2.4.5] -> {581FFA00-FC33-0005-0402-95003A5CDE89} => C:\Users\toopr\AppData\Roaming\Resilio Sync\ShellExtensionPath64_387.dll [2017-04-12] ()
ContextMenuHandlers4_S-1-5-21-651665887-602624498-1960067312-1001: [Resilio Sync 2.4.5] -> {581FFA00-FC33-0005-0402-95003A5CDE89} => C:\Users\toopr\AppData\Roaming\Resilio Sync\ShellExtensionPath64_387.dll [2017-04-12] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {034CC34E-6EC8-483B-872B-EFA4171A5EDD} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {0573E7EF-A00F-497A-8BED-227CFD03A7E5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {088317F8-DE00-4BB7-8E99-F87925C8B0A5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-09-19] (NVIDIA Corporation)
Task: {0C8B514F-EC96-47CC-AD8D-F2DF1CFE82A4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-14] (Dropbox, Inc.)
Task: {140266BA-BD8F-454F-BDE0-4D5A9543EF22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-12] (Google Inc.)
Task: {3A351409-F00F-4E0E-8152-5FB09C749725} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {40B6F970-B705-4325-BF74-EEED96656225} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {492AEE5F-44DE-4B8F-919B-D3AD8AFAF731} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-09-19] (NVIDIA Corporation)
Task: {4B096427-917B-479B-82C6-2CBA080520E5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-09-19] (NVIDIA Corporation)
Task: {4CB03047-BF3B-480B-B438-A6D7D08DBC66} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {52BD1960-72AD-4539-A8C8-9B2FA672AAF7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-14] (Dropbox, Inc.)
Task: {816A0B86-F55B-4079-9080-CBA79A7FE6A6} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2018-02-19] ()
Task: {836D0642-F2F5-4402-891E-4A9600D1D6A3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-09-19] (NVIDIA Corporation)
Task: {8508C373-8D7C-4997-B97B-CA90D8B8B631} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-09-19] (NVIDIA Corporation)
Task: {8D5882BB-E78F-4C9A-B2E6-AC8FC05DDF12} - System32\Tasks\Windows Defender User Interface => C:\Users\toopr\AppData\Roaming\Intel Corporation\Windows Defender\MSASCui.exe
Task: {95ED42EB-F0D4-465B-A982-158A3544EC20} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-03-05] (Overwolf LTD)
Task: {A4BAE2FD-3AB5-46F4-89A8-563E9E20DB20} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {BFC7F894-3C50-47B4-A116-1C996192089C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-09-19] (NVIDIA Corporation)
Task: {E4B207C2-05B6-4FED-80D1-4D59F198ED9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-12] (Google Inc.)
Task: {E812DB3B-2B1A-4391-A32B-EC5D0D0F605D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-09-19] (NVIDIA Corporation)
Task: {EA70DEC9-40F3-4908-8C7C-6EDDD82201DC} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-10-25] ()
Task: {EB73FA79-28BD-4E06-904A-9DEBFA1C71DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {F5B37141-0B09-418E-BFF8-49F9902CE8C4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-09-19] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\toopr\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\toopr\Desktop\Update Empyrion Server.lnk -> C:\Users\toopr\Downloads\steamcmd\install.bat ()
 
ShortcutWithArgument: C:\Users\toopr\Desktop\Desktop\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
ShortcutWithArgument: C:\Users\toopr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\ARC Welder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=emfinbmielocnlhgmfkkmkngdoccbadn
ShortcutWithArgument: C:\Users\toopr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TwitchAlerts Stream Labels.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kgmggmdngboajiakmbpdknfpdelbjbcg
ShortcutWithArgument: C:\Users\toopr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WeatherBug.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=njkkjobcechefaoknodniidfjapgfoco
ShortcutWithArgument: C:\Users\toopr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Steam - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 10:41 - 2017-09-29 10:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-10-14 03:16 - 2016-10-22 01:22 - 000076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-10-14 03:16 - 2016-10-22 01:22 - 000189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-11-01 18:01 - 2017-09-19 04:23 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-08 08:17 - 2015-07-13 04:07 - 000179200 _____ () C:\Program Files\PostgreSQL\9.3\bin\LIBPQ.dll
2016-09-08 08:19 - 2014-02-05 06:16 - 001336832 _____ () C:\Program Files\PostgreSQL\9.3\bin\libxml2.dll
2016-11-29 19:52 - 2016-11-29 19:52 - 000529408 _____ () C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2C4.dll
2016-08-12 13:41 - 2013-10-25 06:23 - 000053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2015-09-04 08:55 - 2015-09-04 08:55 - 000406944 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-03-14 08:50 - 2018-02-21 21:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 08:50 - 2018-02-21 21:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-21 00:51 - 2016-11-16 15:52 - 000075776 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2018-03-16 07:16 - 2018-03-16 07:16 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-16 07:16 - 2018-03-16 07:16 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-16 07:16 - 2018-03-16 07:16 - 022044160 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-16 07:16 - 2018-03-16 07:16 - 002559488 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-16 07:16 - 2018-03-16 07:16 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-08-16 21:21 - 2017-08-16 21:21 - 000033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2017-08-16 21:21 - 2017-08-16 21:21 - 000103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2017-08-16 21:21 - 2017-08-16 21:21 - 000111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll
2017-08-16 21:21 - 2017-08-16 21:21 - 000041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2017-08-16 21:21 - 2017-08-16 21:21 - 000405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll
2017-08-16 21:21 - 2017-08-16 21:21 - 000173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2017-08-16 21:21 - 2017-08-16 21:21 - 001934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2017-08-16 21:21 - 2017-08-16 21:21 - 000077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2017-08-16 21:21 - 2017-08-16 21:21 - 001780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2017-08-16 21:21 - 2017-08-16 21:21 - 000505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2017-08-16 21:21 - 2017-08-16 21:21 - 003812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2016-09-12 12:50 - 2014-05-19 17:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-09-12 12:50 - 2016-06-20 14:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-11-01 18:01 - 2017-09-19 04:23 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\toopr\Downloads\ChromeSetup (1).exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\toopr\Downloads\ChromeSetup (1).exe:$CmdZnID [29]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 04:24 - 2015-10-30 04:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-651665887-602624498-1960067312-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 24.222.0.94 - 24.222.0.95
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "AdobeCS4ServiceManager"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\StartupApproved\Run: => "BraveIntelReporter"
HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_1AEB0D5DB85CCAC0F6BC7070572F1BA7"
HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-651665887-602624498-1960067312-1001\...\StartupApproved\Run: => "Resilio Sync"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{644A989E-0D16-474C-ACF7-FAAB9560E0E6}C:\users\toopr\downloads\steamcmd\steamcmd.exe] => (Allow) C:\users\toopr\downloads\steamcmd\steamcmd.exe
FirewallRules: [TCP Query User{3C2D89E7-262C-4340-A0EF-13BE01725F5B}C:\users\toopr\downloads\steamcmd\steamcmd.exe] => (Allow) C:\users\toopr\downloads\steamcmd\steamcmd.exe
FirewallRules: [UDP Query User{156EE203-08F2-48EF-A98D-2536CCEB903F}C:\users\toopr\downloads\steamcmd\steamcmd.exe] => (Allow) C:\users\toopr\downloads\steamcmd\steamcmd.exe
FirewallRules: [TCP Query User{27C8DFC0-5D98-4E31-B0F7-EA782ABA4C1B}C:\users\toopr\downloads\steamcmd\steamcmd.exe] => (Allow) C:\users\toopr\downloads\steamcmd\steamcmd.exe
FirewallRules: [UDP Query User{32383DE4-7F26-421F-9E4C-F420795CB439}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{2F1F76B7-D85D-4041-BFEF-3A1D96C3BB59}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{BEA0764A-0798-4D80-A451-F9AC4839FC12}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{80704CA3-2FDE-48FA-92B5-DC3ADEF2EE8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F3FE8555-1CF9-4862-BB26-2A6A97932854}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2066BDD1-3021-44C9-9A3A-0D5678C40421}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E9887497-6916-4115-AF33-9A65605BCC49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EF9B7FB2-F715-41A5-9DF5-C2D8F3B6A09F}] => (Block) C:\users\toopr\desktop\servers\rust\rustdedicated.exe
FirewallRules: [{8E9DD190-6DC1-4FFA-8C17-44CE949D7381}] => (Block) C:\users\toopr\desktop\servers\rust\rustdedicated.exe
FirewallRules: [UDP Query User{793E288B-2C33-4BC4-B51F-F68FF5029E7D}C:\users\toopr\desktop\servers\rust\rustdedicated.exe] => (Allow) C:\users\toopr\desktop\servers\rust\rustdedicated.exe
FirewallRules: [TCP Query User{FD97DA2B-53AD-4D67-A0D6-D19B1ACBAFCC}C:\users\toopr\desktop\servers\rust\rustdedicated.exe] => (Allow) C:\users\toopr\desktop\servers\rust\rustdedicated.exe
FirewallRules: [{0D3B4256-A9E0-46D7-9E92-172EDDAC1E0D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E2CEF162-3C01-40F3-A31B-C3B4013119D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{03E8627E-2ED4-4293-B24D-006E7A9938E4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3EBF74CA-2B78-474D-A0A0-150FD5F74224}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{882CCC0E-8255-4638-A403-C37BDA7ACE6F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{0E613083-5A71-47C8-BE1D-5872C7D436E1}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [UDP Query User{6EE98B1E-E569-4429-810D-2D00F92F4435}C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [TCP Query User{1DDFEC7C-B0B9-4849-AEAA-DA9CC4657B35}C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [{F3F591CC-ACCA-46C3-8D6E-3E62072E3457}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{D53569C6-D09A-453B-86BB-B73725E69DD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{41F70F37-2A16-453F-A358-C486EAA5A992}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{25F0096E-27AF-46FE-B579-F78D017F41D5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{698C2B83-5135-4E53-A020-FA4639FC458A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
FirewallRules: [{F238E634-D768-41BA-BCCB-DF0F71F2E9B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
FirewallRules: [UDP Query User{1C23F0AC-04BB-427B-84B7-8937104E26DC}C:\users\toopr\downloads\zerobundle-win\zerobundle\python\python.exe] => (Allow) C:\users\toopr\downloads\zerobundle-win\zerobundle\python\python.exe
FirewallRules: [TCP Query User{1D8ED3A4-F793-4042-8A79-9CB47C743AAF}C:\users\toopr\downloads\zerobundle-win\zerobundle\python\python.exe] => (Allow) C:\users\toopr\downloads\zerobundle-win\zerobundle\python\python.exe
FirewallRules: [{BFAD8EAC-E05D-41CF-AE97-3F55F1DCAE72}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{C57FBEAB-ADE2-4DC1-9EF8-C1B20C84D091}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{256F2587-734D-4520-B153-F63DB8E95E60}] => (Allow) LPort=5353
FirewallRules: [UDP Query User{EE23C734-874A-4B3B-972D-33797CDD5957}C:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe
FirewallRules: [TCP Query User{B4EB6F88-15F2-4A72-A8AC-B0F922CB0DD3}C:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe
FirewallRules: [{DC02BA56-5C89-4CAA-90F3-3D54E9838C5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe
FirewallRules: [{B7605F6C-E1AD-4BEC-863E-165BE6CFDF7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe
FirewallRules: [{F1A76496-0F64-47DD-9F64-9A1B290A2027}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C9CB9DEF-BB32-4155-BA7B-120AD8FA1C78}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6B045AF2-DC69-45C3-BBA2-45F60D956BAA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C714BBD8-FC2A-4572-90B8-41B899C27753}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{477FCC24-DB39-44A2-A0CC-307F0FDBF2F7}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{A647F9B9-14BE-4E39-B6E8-84EB05D4C12D}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{4849F0ED-1359-43BC-A9F4-5A65A910CF37}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{5430C868-10B0-469E-B3FD-28200C2E49EB}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [TCP Query User{D682F306-4AF7-43D8-A7E1-2782FF2959B3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{49805F78-F1B4-446E-9C6E-FBB506F47D72}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{87BCCD77-1DEB-4784-BCD6-C803F7B2A299}C:\users\toopr\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\toopr\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{50D9F970-706C-4DD5-9290-1A4A38DD61FD}C:\users\toopr\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\toopr\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{F6F29F68-4000-4BE8-846F-83CA66A69E77}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{AF5A97E3-FC1B-40E3-AEDB-CEB491025235}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{DF83314E-7E57-4679-93D5-6DFC8E171DA0}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{B2002C61-4658-411C-AAC4-DFDADAF86F98}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{1AD8B80F-3E1C-42AC-8969-95026E09260B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{05AE21F4-AC1C-4FC2-9205-7A245D0A4D56}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{582B7692-A5DD-413A-A719-5AF6AB4E1819}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{5BFCAF74-8FDD-4067-BDBF-296ACA9E87C2}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{3519E4D5-AE02-4597-A3F5-3D64126B95CC}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill test server\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill test server\h1z1.exe
FirewallRules: [UDP Query User{476FF9D1-ABA3-4AD0-A9A7-2BF8645F8745}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill test server\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill test server\h1z1.exe
FirewallRules: [{02AAC637-FEBF-4808-8F52-17FD611900E0}] => (Allow) C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe
FirewallRules: [{CFBAF608-747C-4D32-9053-480FA3A41B34}] => (Allow) C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe
FirewallRules: [{8E75433A-81E4-482A-ACB7-512153DF20EE}] => (Allow) C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe
FirewallRules: [{B4939F28-1A4E-41C4-BBD8-1D1866549EF3}] => (Allow) C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe
FirewallRules: [{4245A06A-6D12-4B47-BBC3-56D48166B57E}] => (Allow) C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe
FirewallRules: [{F0767D82-1321-477C-AE93-8F758CDD3D11}] => (Allow) C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe
FirewallRules: [{9D23739C-E1E9-40CD-B9F6-094C7869D5E2}] => (Allow) C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe
FirewallRules: [{0C809B9D-62AC-4BC6-B740-4238C1139BD8}] => (Allow) C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe
FirewallRules: [{961B78A0-4DE6-4990-8A95-D2BA6B6B4EDA}] => (Allow) C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe
FirewallRules: [{BADED834-E695-4516-9F52-ECB6C47B9BA2}] => (Allow) C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe
FirewallRules: [{8767E8FE-3D29-490C-A62B-D2D8D6168E7A}] => (Allow) C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe
FirewallRules: [{D80A84E2-DDB1-4B45-848F-B1CB26E8CCB7}] => (Allow) C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe
FirewallRules: [{CCE0F928-CBF7-491A-AB70-DB6C193C03C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A227F529-74B8-4BD2-A7A8-823DAC259D4A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D46E15DE-613D-4652-A98E-40D2690CBE79}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6C0E5E94-2C12-4C9F-8BB6-53F87C9F1DE9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F26728B1-78A7-4A3A-B576-DE8AAC265E5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{F6DA2E1E-815F-4DF2-86B8-0F4231342CA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{43F944CF-D982-4427-9B5F-837618251232}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{F9388D87-EDF9-4E47-8805-1DA24F0BF49C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{D6F1790E-8DC4-4860-B5B6-EC4CF973C3B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{B2241BC6-1977-4EBD-A33E-49F186678127}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{8D0E8C05-EA01-435E-9A99-88FF8CBCDD39}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{CAE9404F-40B7-4E99-B393-66FB40EE7297}] => (Allow) C:\Users\toopr\AppData\Roaming\Resilio Sync\Resilio Sync.exe
FirewallRules: [{1EA5CF2D-C334-4624-BD20-BFD4DB2770C2}] => (Allow) C:\Users\toopr\AppData\Roaming\Resilio Sync\Resilio Sync.exe
FirewallRules: [{EC608D4A-5BC2-48FD-99F6-CE31D237B0BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6BAD983E-11E0-4467-94E1-E1A5E872CF67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{43C32967-DFDC-41C6-8235-FB4A60BD2EE9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AD5D4C27-BF6B-498B-BB2C-D441F9659D64}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4BBDE26C-D25E-4DCA-AA02-99F0A1305C3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E6C710FE-3DB2-4546-A00F-7CDAECD10019}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E2F57BEA-6FB9-4310-8716-CE7DC1F71B25}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{54D3ADD4-FECA-43C1-8B0C-6F999A451311}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{77EFF935-1D88-4143-9052-54A75942E81C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{07011494-758B-469D-8078-07C8C6853E1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{C582C8E8-E1F5-4BE7-A16B-092AFE5D1491}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{EB2D2108-BBF0-4A52-B865-A09D1B5A236C}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{D06F2FDE-CA22-4B5B-BA4A-550207146D91}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{E338DCC0-B77F-4DE1-ADEF-5BCF259A998C}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{A04DD233-CF54-4401-8178-CB07B7088009}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{07B59C73-9524-4E4C-BFAF-193CDCAA034C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{3C518E65-90AD-47ED-A49F-FAE22FBF8AEF}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{8C1EAB27-2467-4BF3-8409-9DE7906EA7F5}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{24D9383E-280C-47FC-8F5D-DC5808E2EAA6}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{924A5052-1493-4778-BBA4-FE021B2D4771}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{284EEA47-308C-4FF6-91A1-E4E504FF5867}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [TCP Query User{2B1F6EF5-A133-4298-A5DA-4C110A313F0D}C:\program files (x86)\dhk\dhkserver.exe] => (Block) C:\program files (x86)\dhk\dhkserver.exe
FirewallRules: [UDP Query User{80FD6D58-D3CC-4F79-A356-15692F7FE598}C:\program files (x86)\dhk\dhkserver.exe] => (Block) C:\program files (x86)\dhk\dhkserver.exe
FirewallRules: [{E98966CD-1C75-4BF0-AC26-B77EEDBA2511}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{90927605-303F-4A21-AA8B-FEBC6F08D72D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{842FD58C-A786-4313-8081-AB5A393D23EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{F17DA735-8D48-4302-9D44-24EBA1E7D4E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{86BBA9A9-F28B-4D17-9BE0-5E22B04217D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empyrion - Dedicated Server\EmpyrionLauncher.exe
FirewallRules: [{2D83EA48-EBA5-4D46-9417-9A7071AB7FEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empyrion - Dedicated Server\EmpyrionLauncher.exe
FirewallRules: [TCP Query User{971FF40D-94E6-4071-96AA-58038D274373}C:\empyrion\empyriondedicated.exe] => (Allow) C:\empyrion\empyriondedicated.exe
FirewallRules: [UDP Query User{6CCB4546-33A0-4A95-9E25-B48EB14FA89B}C:\empyrion\empyriondedicated.exe] => (Allow) C:\empyrion\empyriondedicated.exe
FirewallRules: [TCP Query User{7B054EB1-25CC-49AE-B788-0607714B90BF}C:\servers\empyrionx\empyriondedicated.exe] => (Allow) C:\servers\empyrionx\empyriondedicated.exe
FirewallRules: [UDP Query User{9C68EE45-385C-436D-89BD-3CFF9C09A731}C:\servers\empyrionx\empyriondedicated.exe] => (Allow) C:\servers\empyrionx\empyriondedicated.exe
FirewallRules: [TCP Query User{E8CE9CA8-3937-40D1-A73B-18440E318C4F}C:\program files (x86)\dhk\dhkserver.exe] => (Block) C:\program files (x86)\dhk\dhkserver.exe
FirewallRules: [UDP Query User{E8912DC3-3029-45AF-8B5E-49EDFDA93D88}C:\program files (x86)\dhk\dhkserver.exe] => (Block) C:\program files (x86)\dhk\dhkserver.exe
FirewallRules: [{4DC7EE51-42D3-4640-9C13-3F42B64E7F16}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{6B00E3CF-1829-4741-93DF-0B6BC3DBEFD0}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{0DB8566D-F75B-4576-A141-BBDCEBEDDB1F}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{F6CCD9A9-2224-43BB-9697-B6126B7B2F3A}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{297928D4-53B1-4748-90C2-00E7F866FEE8}] => (Allow) C:\Users\toopr\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
FirewallRules: [TCP Query User{3E427CB5-1737-4206-A948-E9187CC35E60}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{9D3DA535-9C06-4E93-93E8-614DCC43CA43}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{A52BBC17-2DC6-489A-9C2A-A3FC3EA52E02}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{05D53FE7-DB8E-4819-8F41-C88046A2D880}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{7C6C241B-D05F-41E2-AE0E-F315039E9F29}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6CAA1378-E407-465F-A360-FE0E60C181DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{03C086ED-611B-4FA5-A564-51705D43D661}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{250AB999-39A9-4C29-8465-7D28B8A6DAD9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{06EC697C-D74D-4A98-AF63-117EFFEF45BE}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{08A76056-40B6-490E-B844-6667DCB53176}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C7BE2ED2-F67C-4100-AFA1-E1D1FC8EE877}] => (Allow) C:\Users\toopr\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
 
==================== Restore Points =========================
 
04-03-2018 20:45:24 Scheduled Checkpoint
14-03-2018 01:25:18 Scheduled Checkpoint
22-03-2018 02:41:40 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/25/2018 05:08:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x582c4836
Faulting module name: KERNELBASE.dll, version: 10.0.16299.309, time stamp: 0xd3aa915c
Exception code: 0xe0434352
Fault offset: 0x001008f2
Faulting process id: 0x10c0
Faulting application start time: 0x01d3c410673c4946
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: b1f3e6fa-1e44-47ed-9548-3f9d1dc8896d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/25/2018 05:08:36 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
   at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (03/25/2018 05:06:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: housecall.bin, version: 1.62.0.1195, time stamp: 0x4cc3574b
Faulting module name: tmufeng.dll_unloaded, version: 3.91.0.1016, time stamp: 0x5a278b89
Exception code: 0xc0000005
Fault offset: 0x000000000001c6b0
Faulting process id: 0x3070
Faulting application start time: 0x01d3c3d2c0f51beb
Faulting application path: C:\Users\toopr\AppData\Local\Temp\HouseCall\housecall.bin
Faulting module path: tmufeng.dll
Report Id: a6ea4dbc-752b-497b-8ef3-96c622039182
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/25/2018 05:02:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 10.0.16299.15, time stamp: 0x9c786b9a
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xcfffffff
Fault offset: 0x00000000000a1ad4
Faulting process id: 0x1120
Faulting application start time: 0x01d3c3d210f460a6
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 31e9ae62-7c28-47b5-b052-56c2498b1d73
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/24/2018 06:45:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 10.0.16299.15, time stamp: 0x9c786b9a
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xcfffffff
Fault offset: 0x00000000000a1ad4
Faulting process id: 0xebc
Faulting application start time: 0x01d3c2e645661849
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: bbde3649-598c-46ea-84f0-29af22415822
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/24/2018 06:04:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_UserDataSvc, version: 10.0.16299.15, time stamp: 0x9c786b9a
Faulting module name: MessagingDataModel2.DLL, version: 10.0.16299.15, time stamp: 0xcbdd5b81
Exception code: 0xc0000005
Fault offset: 0x000000000006edfa
Faulting process id: 0x216c
Faulting application start time: 0x01d3c2e69d0804b4
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\MessagingDataModel2.DLL
Report Id: af887513-d521-407d-be4a-0255b8cbd1bf
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/23/2018 05:35:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x582c4836
Faulting module name: KERNELBASE.dll, version: 10.0.16299.309, time stamp: 0xd3aa915c
Exception code: 0xe0434352
Fault offset: 0x001008f2
Faulting process id: 0xe34
Faulting application start time: 0x01d3c2e6456162b5
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 1ecc31f3-7529-478e-93b5-94aa9d0b08b0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/23/2018 05:35:04 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: Timed out waiting for server startup
 
 
System errors:
=============
Error: (03/25/2018 05:23:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/25/2018 05:18:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/25/2018 05:18:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/25/2018 05:13:19 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (03/25/2018 05:09:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (03/25/2018 05:09:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
 
Error: (03/25/2018 05:08:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/25/2018 05:08:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-03-24 05:35:13.029
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3A1D3B05-9980-4874-B36E-31B1E16335EB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-22 02:25:55.067
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A4E8473E-B058-4A6A-880D-411646FE8E0E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-22 01:20:04.331
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {86CCC92D-6342-405F-A138-E48D289AA35C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-22 00:37:57.304
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7F8ECBE8-5BCB-48BA-86B5-B5CF3337DA15}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-22 00:33:13.491
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8AFB091C-F571-4410-81DA-B2ECC88B2E55}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-25 05:24:14.575
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.1096.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-03-24 21:39:58.266
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2018-03-24 21:10:51.369
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2018-03-24 20:59:44.616
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2018-03-24 20:54:03.786
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8104.27 MB
Available physical RAM: 5024.02 MB
Total Virtual: 10152.27 MB
Available Virtual: 5463.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:674.55 GB) (Free:60.74 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.67 GB) NTFS
Drive e: (Lannister) (Fixed) (Total:215.28 GB) (Free:102.09 GB) NTFS
 
\\?\Volume{2b585235-dccb-4df4-be1d-c13ef8572e35}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.7 GB) NTFS
\\?\Volume{7ef19a03-6c0c-4379-8f4f-f62c28bbb839}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{f0288eef-856a-4d0d-b01f-dd9a0d8e4b12}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{3790cc0b-7c77-4f18-8fa1-1ef385ac9fd5}\ (PBR_DRV) (Fixed) (Total:13.86 GB) (Free:2.6 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3F02BD24)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:57 AM

Posted 29 March 2018 - 07:52 AM

hishighness:

 
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two, but I do hope to respond later today with an initial FRST "fixlist" script.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:57 AM

Posted 29 March 2018 - 10:23 AM

hishighness:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: I am not surprised that your Google Chrome is slow. The FRST logs show 55 extensions for the default Chrome profile, and another 12 extensions for Profile1.

You also have competing Chrome extensions: Adblock, Adblock Plus, uBlock Origin, uBlock Origin Extra, and Nano Defender.
Then there are Twitch Live, TwitchAlerts Stream Labels, and Twitch 5.

Quite frankly, I am suprised that Chrome can function at all! :busy:

This Chrome extension is no longer being maintained by the author, which poses security vulnerabilities.
 

CHR Extension: (Disable HTML5 Autoplay) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdhoaajjjgckpbkoglidkeendpkolai [2018-01-17]

Please this link for more information.

Add to that the lack of free space on your OS drive, and your computer is really going to struggle.
 

Drive c: () (Fixed) (Total:674.55 GB) (Free:60.74 GB) NTFS

 
The OS drive should have at least 15 percent free space for a mechanical hard drive; or, 25 percent for an SSD. Please see this link for more information.

You should consider removing these extensions:
 

CHR Extension: (Disable HTML5 Autoplay) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdhoaajjjgckpbkoglidkeendpkolai [2018-01-17]
CHR Extension: (RetailMeNot Coupons) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljagpkilagnnjglodjinldilnaphmeo [2016-08-21]
CHR Extension: (Boomerang for Gmail) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-05-17]
CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\toopr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2016-10-27]

Please see this link for more information about the Disable HTML5 Autoplay extension; the second extension is removed by AdwCleaner because it is classifed as adware; for the third extension, see this link for more information; and for the fourth extension, see this link for more information.

.

:step2: In going over your logs I noticed that you have qBittorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, your computer will get infected.
I would recommend that you uninstall qBittorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.

:step3: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <==== ATTENTION
VirusTotal: C:\Users\toopr\AppData\Roaming\Resilio Sync\ShellExtensionPath64_387.dll;C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2C4.dll;C:\Users\toopr\AppData\Roaming\Resilio Sync\ShellExtensionPath64_387.dll;C:\Users\toopr\AppData\Roaming\Intel Corporation\Windows Defender\MSASCui.exe;C:\program files (x86)\dhk\dhkserver.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\toopr\Downloads\ChromeSetup (1).exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\toopr\Downloads\ChromeSetup (1).exe:$CmdZnID [29]
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0573E7EF-A00F-497A-8BED-227CFD03A7E5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 hishighness

hishighness
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 31 March 2018 - 12:50 AM

Here is the log you requested, I had to run it twice because it froze the first time but it completed successfully. Also, I'm in the process of purging as many extensions for chrome as I can and I've cleaned my hard drive. It now has %22 free. (It's a mechanical drive)
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by toopr (31-03-2018 02:32:21) Run:2
Running from C:\Users\toopr\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: toopr (Available Profiles: toopr & hishi)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <==== ATTENTION
VirusTotal: C:\Users\toopr\AppData\Roaming\Resilio Sync\ShellExtensionPath64_387.dll;C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2C4.dll;C:\Users\toopr\AppData\Roaming\Resilio Sync\ShellExtensionPath64_387.dll;C:\Users\toopr\AppData\Roaming\Intel Corporation\Windows Defender\MSASCui.exe;C:\program files (x86)\dhk\dhkserver.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\toopr\Downloads\ChromeSetup (1).exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\toopr\Downloads\ChromeSetup (1).exe:$CmdZnID [29]
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0573E7EF-A00F-497A-8BED-227CFD03A7E5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found
VirusTotal: C:\Users\toopr\AppData\Roaming\Resilio Sync\ShellExtensionPath64_387.dll => https://www.virustotal.com/file/def8b52d0316089825be39b6f78c19d12b91a25ecd2a5a89744699093517849d/analysis/1497646374/
VirusTotal: C:\Users\toopr\AppData\Roaming\Resilio Sync\ShellExtensionPath64_387.dll => https://www.virustotal.com/file/def8b52d0316089825be39b6f78c19d12b91a25ecd2a5a89744699093517849d/analysis/1497646374/
"VirusTotal: C:\Users\toopr\AppData\Roaming\Intel Corporation\Windows Defender\MSASCui.exe" => not found
"VirusTotal: C:\program files (x86)\dhk\dhkserver.exe" => not found
"C:\ProgramData\Reprise" => ":wupeogjxlctlfudivq`qsp`28hfm" ADS not found.
C:\Users\toopr\Downloads\ChromeSetup (1).exe => ":$CmdTcID" ADS removed successfully
C:\Users\toopr\Downloads\ChromeSetup (1).exe => ":$CmdZnID" ADS removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BB FlashBack 2 => not found
HKLM\Software\Classes\CLSID\{A8065B9E-193F-4797-B62D-8F6321E7FCCB} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\QuickShare => not found
HKLM\Software\Classes\CLSID\{A8065B9E-193F-4797-B62D-8F6321E7FCCB} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0573E7EF-A00F-497A-8BED-227CFD03A7E5} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5333276 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 22726 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 860 B
toopr => 31943 B
hishi => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 13.9 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 31-03-2018 02:38:49)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0573E7EF-A00F-497A-8BED-227CFD03A7E5} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
 
==== End of Fixlog 02:38:50 ====


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:57 AM

Posted 31 March 2018 - 12:39 PM

hishighness:
 
Thank you for your post and for copying and pasting the contents of the FRST "fixlog.txt" file into your post.  That looks good! :thumbup2:
 
.
 
Now I want to run some standard anti-malware scans to see if there is any other malware lurking on your computer.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through Reports (double-click the appropriate scan log) or you can just double-click the "Last Scan" entry on the Dashboard. Click "Export"., and then select "Copy to Clipboard". Next, please paste the contents of the log into your next reply.

.

:step3: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining "Clean" instructions until directed to do so by me, if you have any questions about one or more of the detections.
If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:57 AM

Posted 03 April 2018 - 07:29 AM

hishighness:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to me or to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#7 hishighness

hishighness
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 03 April 2018 - 10:43 AM

ESET.txt
 

C:\Program Files (x86)\Freemake\Freemake Audio Converter\SetupUpdate.exe a variant of Win32/FusionCore.K potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe a variant of Win32/FusionCore.I potentially unwanted application cleaned by deleting
C:\Users\toopr\Desktop\Desktop\Freemake\Freemake Video Converter Gold v4.1.9.39 Setup + Serials\Setup\FreemakeVideoConverterFull.exe a variant of Win32/FusionCore.I potentially unwanted application cleaned by deleting
C:\Users\toopr\Desktop\Desktop\Freemake Video Converter Gold v4.1.9.39 Setup + Serials\Setup\FreemakeVideoConverterFull.exe a variant of Win32/FusionCore.I potentially unwanted application cleaned by deleting
C:\Users\toopr\Downloads\cdbxp_setup_4.5.7.6623.exe a variant of Win32/FusionCore.L potentially unwanted application cleaned by deleting
C:\Users\toopr\Downloads\Pre March 2017\CR_Downloader_for_i.q---intelligent-qube.exe Win32/InstallCore.Gen.A potentially unwanted application cleaned by deleting
C:\Users\toopr\Downloads\Pre March 2017\FreemakeAudioConverterFull.exe a variant of Win32/FusionCore.K potentially unwanted application cleaned by deleting
C:\Users\toopr\Downloads\Pre March 2017\FreemakeVideoConverterSetup.exe a variant of Win32/FusionCore.I potentially unwanted application cleaned by deleting
C:\Users\toopr\Downloads\Pre March 2017\Setup_FileViewPro_2016.exe Win32/Solvusoft.B potentially unwanted application cleaned by deleting
C:\Users\toopr\Downloads\Pre March 2017\zafwSetupWeb_150_653_17211.exe a variant of Win32/FusionCore.L potentially unwanted application deleted
C:\Users\toopr\Downloads\Pre March 2017\Freemake Video Converter Gold v4.1.9.28 Setup + Serials\Setup\setup.exe a variant of Win32/FusionCore.I potentially unwanted application cleaned by deleting

---------------------------------------

Malwarebytes.txt

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/3/18
Scan Time: 1:37 AM
Log File: c9ba648a-36f8-11e8-a6c1-28d2440bfb74.json
Administrator: Yes
 
-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4592
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.309)
CPU: x64
File System: NTFS
User: CMHALENOVO\toopr
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 411489
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 26 min, 35 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 3
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WINDOWS DEFENDER USER INTERFACE, Quarantined, [509], [397303],1.0.4592
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8D5882BB-E78F-4C9A-B2E6-AC8FC05DDF12}, Quarantined, [509], [397303],1.0.4592
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{8D5882BB-E78F-4C9A-B2E6-AC8FC05DDF12}, Quarantined, [509], [397303],1.0.4592
 
Registry Value: 1
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8D5882BB-E78F-4C9A-B2E6-AC8FC05DDF12}|PATH, Quarantined, [509], [397302],1.0.4592
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\TASKS\WINDOWS DEFENDER USER INTERFACE, Quarantined, [509], [397303],1.0.4592
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

------------------------------------------------

AdwCleaner[S0].txt

# AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 03 05:17:38 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-04-02.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\freemake shared
 
 
***** [ Files ] *****
 
PUP.Optional.Legacy, C:\END
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.FreeMakeConverter, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | ProductUpdater
PUP.Optional.FreeMakeConverter, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | ProductUpdater
PUP.Optional.ProductUpdater, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs | C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
PUP.Optional.ProductUpdater, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs | C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\FMUpdater.dll
PUP.Optional.ProductUpdater, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs | C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\Newtonsoft.Json.dll
PUP.Optional.ProductUpdater, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs | C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\GAnalytics.dll
PUP.Optional.ProductUpdater, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs | C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\GoCartMonad.dll
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.Legacy, Plugin found: SwagButton - 
 
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
 
*************************
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:57 AM

Posted 03 April 2018 - 11:54 AM

hishighness:
 
Thank you for your post and for the scan logs.  Your computer was definitely infested seriously enough to degrade its performance, particularly with those competing Chrome extensions that you had.
 
.
 
:step1: Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Personally, I uninstalled Java nearly two years ago on both of my computers, and I have never missed it. Some people do need Java, but most do not. Some older games will not play, except on an older version of Java.

Please follow these steps to update Java:

  • Click here.
  • Click Free Java Download button.
  • Click on the Agree and Start Free Download button.
  • Uncheck any optional offers.
  • Click on the downloaded installer file to start the installation.
  • Once completed you should be notified that You have successfully installed Java.
  • If Java notifies you older versions of the program need to be removed check each of the versions and click Uninstall.

.

:step2: Please run a System File Checker (SFC) scan to assess the integrity of the Windows file system.

  • Click on the "Start" button.
  • In the "search" box at the bottom, type cmd.
  • Look for Cmd.exe to appear at the top of the menu.
  • Right-click on cmd.exe and choose Run As Administrator.
  • Type sfc /scannow. Ensure that there is a space between "sfc" and "/scannow"
  • The scan will start and may take from 20 minutes to an hour to run.
  • Please report the results from the SFC scan in your next post. Does it report "No Resource Integrity Violations Found", "Errors Repaired", or "Unable to Repair", or words to that effect?
  • If the SFC scan reports that some errors were corrected, and some errors were not corrected, please re-run the System File Checker scan again, as it does happen that it can not fix all of the errors detected in a single run.
  • If it again reports that some errors were corrected, and some errors were not corrected, please run it a third time.

If SFC continues to report uncorrectable errors, please immediately navigate to the folder: C:\Windows\Logs\CBS, locate the file "CBS.log", and copy, not move it, to your Desktop. That file is "volatile", so we need to ensure that it is not overwritten with new results.

 

If SFC reports that "No Resource Integrity Violations Found"; or, if SFC reports that it did correct all of the errors it detected, then there is no need to save the "CBS.log" file or to take any other action. You should just report the scan results message to me.

.

:step3: Please provide me with an update as to how your computer is working now? If there are issues, please provide as much detail as possible, including any possible errors messages/numbers.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:57 AM

Posted 06 April 2018 - 11:57 AM

hishighness:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to me or to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#10 hishighness

hishighness
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 06 April 2018 - 04:15 PM

Hello, I tried to open up CMD (or Windows Powershell Admin) last night but it won't open. I click on it and it just does nothing as if I hadn't done anything.



#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:57 AM

Posted 07 April 2018 - 12:21 PM

hishighness:

 

Thank you for your post.  You can try to open the Adminstrative Command Prompt, not PowerShell, using the tips contained in this article.  Please provide me with details of any error messages or code numbers.

 

If none of those tips work, launch Windows File Explorer and navigate to the C:\Windows\System32 folder.  Is a program called CMD.exe present in that folder?

 

Good luck and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#12 hishighness

hishighness
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 08 April 2018 - 06:15 AM

I got the "No Resource Integrity Violations Found" message. My computer seems to be working much better. I've created a new fresh profile on Chrome, and sometime soon I'll have to decide what extensions I can live without from my old setup.

I have another computer on my network as well and I'm concerned this may have spread there as well. It's not running nearly as slow but I have noticed some issues with it when I'm playing certain games. I'd like to heck it out as well, is that possible?



#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:57 AM

Posted 08 April 2018 - 06:28 AM

hishighness:
 
Thank you for your post.  How did you get the Command Prompt working?  I am really happy that you did, and that the System File Checker found "No Resource Integrity Violations".   :thumbup2:
 
For your other computer, you should post a new topic in this Forum with a FRST scan logs from that computer.  If you want me to take that topic, then please wait until about 13:00 to post because I will be away this morning.  Please make the title of the post something like "garioch7 - Please Check This Computer", and send me a PM when you have posted.  That would reduce the chances of someone else taking the topic, although I can assure you that my colleagues are very proficient. :)
 
I would like to clean up the tools that we used on this computer.

.

If there are any anti-malware tools that you want to keep, please let me know, although it is always advisable to download the latest versions of those tools, since they are updated so frequently.

If you have ESET installed on your computer, you may keep it, or you can go to the Control Panel and uninstall that program. Please let me know what you decide to do.

If you have Malwarebytes installed, I would suggest that you keep it. If you don't want to keep Malwarebytes installed on your computer, please go to this link to download the latest version of MB-Clean.exe and run it to remove all traces of Malwarebytes. Please let me know if you did uninstall Malwarebytes. Once you have run the MB-Clean.exe tool successfully, you can manually delete that file as well.

:step1: Please provide me with a fresh set of FRST logs. I would like to make a final reconnaisance of your computer and I also want to identify the anti-malware scanners and cleaners that we used, so that we can delete them in the next post.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#14 hishighness

hishighness
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 10 April 2018 - 03:38 PM

Hello, after my last post I started having a far more serious issue with my laptop. I keep getting a blue screen when I turn it on with error 0xc000000f. I tried repairing it but it didn't work. It says in order to repair it I need installation media but this laptop didn't come with any. I recall there is a way to download it from Microsoft's website but I'm not sure where.

Thanks for your time.



#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:57 AM

Posted 10 April 2018 - 03:55 PM

hishighness:

 

Sorry to hear the bad news.  :(

 

I think this link might help you.  If you have questions about how to use it, visit our Windows 10 or the BSOD Forums here at Bleeping Computer.  You will find that you are not alone, unfortunately! :(

 

Good luck!  Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users