Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mail.ru consistently infecting Chrome


  • Please log in to reply
24 replies to this topic

#1 XionVonko

XionVonko

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 30 May 2018 - 02:26 PM

Hello helpers!  Thank you so much for all the hard work you do.  As I've combed through forums upon forums, I've realized how awesome you random people are at helping because official forums are useless, especially with Microsoft and windows issues. All specific issues are only fixed by you guys so thank you for your service!

 

On to the issue at hand.  Initially, I couldn't boot my computer normally because while startup programs were processing, a "rundll32.exe" would spam my processor and basically caused a Denial-of-Service.  I was working in safe mode and ran AdwCleaner, Malwarebytes, FRST, and all sorts of crap.  Eventually an important driver disappeared in that mess but I was able to reset things with a cmd prompt code from a forum.  I then came across this guy from two years ago who had the same issue.

 

https://www.bleepingcomputer.com/forums/t/623545/cant-seem-to-get-rid-of-mailru-malware-keeps-infecting-chrome/

 

It's literally the same thing so I followed the fixlog for FRST and what not.  Now the rundll32.exe DoS is gone but chrome still has Mail.ru trying to get its way in with the extension popup he talked about.  It says Mail.ru was attempting to install but I can click remove extension.

 

I no longer need safe mode to run Windows 7 so I scanned with Malwarebytes, AdwCleaner, and FRST again since they seem to be the most reliable and free.  I've attached the log files in separate txt files since its a lot.  Malwarebytes didn't come up with anything.  How do I stop Mail.ru for good?

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:39 PM

Posted 30 May 2018 - 09:32 PM

Greetings XionVonko and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please rerun a FRST scan leaving the default settings. Copy and paste the information in your reply using multiple posts if necessary.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 31 May 2018 - 01:40 AM

Hi XionVonko

 

I will work with Gary to get your issue resolved. Please give me time to take a look at your log files.


Member of the Bleeping Computer A.I.I. early response team!


#4 XionVonko

XionVonko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 31 May 2018 - 08:36 AM

Thank you Gary and Slurppa for helping me.  My name is Ben.  See my FRST and Addition logs below.  Also, Mail.ru didn't pop up trying to add itself when I turned my computer on today so perhaps it's gone?

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Bens (administrator) on BENS-PC (31-05-2018 09:28:51)
Running from C:\Users\Bens\Desktop\FRST
Loaded Profiles: Bens &  (Available Profiles: Bens)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(PreSonus) C:\Program Files\PreSonus\Universal Control\Universal Control.exe
(Spotify Ltd) C:\Users\Bens\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
() C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
() C:\DLautoR.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-11-22] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 2016-06-20] (Intel Corporation)
HKLM-x32\...\Run: [OGMgmmouseRun] => C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\ogmmon.exe [3386880 2014-05-19] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AOCrunfile] => C:\Program Files (x86)\DisplayLink\DLsetup\NoConsoleExe.exe [7168 2011-03-18] ()
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1226240 2017-10-18] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\Run: [Universal Control] => C:\Program Files\PreSonus\Universal Control\Universal Control.exe [4820480 2016-11-24] (PreSonus)
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\Run: [Spotify Web Helper] => C:\Users\Bens\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-07] (Spotify Ltd)
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\MountPoints2: {f27933c5-b080-11e5-9497-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\Run: [Universal Control] => C:\Program Files\PreSonus\Universal Control\Universal Control.exe [4820480 2016-11-24] (PreSonus)
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\Run: [Spotify Web Helper] => C:\Users\Bens\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-07] (Spotify Ltd)
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\MountPoints2: {f27933c5-b080-11e5-9497-806e6f6e6963} - D:\ASRSetup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2017-05-30]
ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\Users\Bens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2018-05-31]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{69B8AE93-3A28-41D0-80F0-8A42D8105E52}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
SearchScopes: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-05-30] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-05-30] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2018-05-30] (Microsoft Corporation)
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-22] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: l6ajqatn.default
FF ProfilePath: C:\Users\Bens\AppData\Roaming\Mozilla\Firefox\Profiles\l6ajqatn.default [2018-05-30]
FF Homepage: Mozilla\Firefox\Profiles\l6ajqatn.default -> google.com
FF NewTab: Mozilla\Firefox\Profiles\l6ajqatn.default -> about:newtab
FF Extension: (Firefox Search Test) - C:\Users\Bens\AppData\Roaming\Mozilla\Firefox\Profiles\l6ajqatn.default\Extensions\firefoxsearchtest@mozilla.com.xpi [2017-08-02] [Legacy]
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~1\SOLIDW~2\Bin\NPCOMP~1.DLL [2016-10-13] (Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-05-30] (Microsoft Corporation)
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~1\SOLIDW~2\Bin\x86\NPCOMP~1.DLL [2016-10-13] (Dassault Systemes)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-05-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-05-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4140990403-1587092264-3380911152-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2018-05-30] ()
FF Plugin HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2018-05-30] ()
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> go.mail.ru
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default [2018-05-31]
CHR Extension: (Bejeweled) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2016-01-09]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2016-01-09]
CHR Extension: (Docs) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-30]
CHR Extension: (Google Drive) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-30]
CHR Extension: (YouTube) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Adobe Acrobat) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Block Site - Website Blocker for Chrome™) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2018-03-05]
CHR Extension: (Google Docs Offline) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-06]
CHR Extension: (AdBlock) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-24]
CHR Extension: (The Avengers) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jloohjocjeoomodjakjeikefgfpedlkh [2018-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR Extension: (Chrome Media Router) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-23]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [icanjjkadceebmhanpekkofdhclnoijl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-04-28] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8652976 2018-05-24] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-15] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-05-21] (Dropbox, Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11127016 2016-04-27] (DisplayLink Corp.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2018-05-20] (EasyAntiCheat Ltd)
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [184368 2016-10-13] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372408 2017-07-06] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2158400 2018-04-25] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3028808 2018-04-25] (Electronic Arts)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [1725952 2015-06-30] (Pharos Systems International) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2017-06-09] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-06-08] ()
S3 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [239624 2016-10-13] (Mentor Graphics Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-05-30] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2017-07-06] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-04-06] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2016-01-01] (ASRock Incorporation)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.9.1589.0.sys [58640 2017-10-30] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-05-30] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-12] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31712 2016-06-16] (Intel Corporation)
R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25432 2017-07-04] ()
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-05-30] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-05-31] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-05-31] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-31] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94328 2018-05-31] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199736 2017-01-26] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsl9afe0998; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B64196B3-3D71-461A-BB42-BE36A06DE694}\MpKsl9afe0998.sys [58120 2018-05-31] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2016-01-31] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31016 2018-05-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [68112 2018-04-27] (NVIDIA Corporation)
R3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio_x64.sys [292280 2016-10-11] ()
R3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks_x64.sys [58296 2016-10-11] ()
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [213080 2018-05-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [222864 2018-05-09] (Oracle Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2017-02-28] (Cisco Systems, Inc.)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
R3 ALSysIO; \??\C:\Users\Bens\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 cpuz134; \??\C:\Users\Bens\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-30 13:57 - 2018-05-30 13:57 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-05-30 13:35 - 2018-05-31 09:20 - 000094328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-05-30 13:35 - 2018-05-31 09:19 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-05-30 13:24 - 2018-05-31 09:28 - 000000000 ____D C:\Users\Bens\Desktop\FRST
2018-05-30 13:24 - 2018-05-30 13:24 - 002413056 _____ (Farbar) C:\Users\Bens\Downloads\FRST64 (1).exe
2018-05-30 12:45 - 2018-05-30 12:46 - 000000000 ____D C:\Users\Bens\AppData\Roaming\ProductData
2018-05-30 11:56 - 2018-05-30 11:58 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-05-30 11:51 - 2018-05-30 11:51 - 001790024 _____ (Malwarebytes) C:\Users\Bens\Downloads\JRT.exe
2018-05-30 11:48 - 2018-05-30 11:48 - 000069266 _____ C:\Users\Bens\Downloads\Shortcut.txt
2018-05-30 11:47 - 2018-05-30 11:49 - 000075784 _____ C:\Users\Bens\Downloads\Addition.txt
2018-05-30 11:45 - 2018-05-30 11:49 - 000124720 _____ C:\Users\Bens\Downloads\FRST.txt
2018-05-30 11:34 - 2018-05-31 09:28 - 000000000 ____D C:\FRST
2018-05-30 10:43 - 2018-05-30 10:43 - 000001420 _____ C:\Windows\system32\.crusader
2018-05-30 10:06 - 2018-05-30 10:44 - 000000000 ____D C:\ProgramData\HitmanPro
2018-05-30 10:06 - 2018-05-30 10:06 - 011609024 _____ (SurfRight B.V.) C:\Users\Bens\Downloads\HitmanPro_x64.exe
2018-05-30 08:50 - 2018-05-30 08:50 - 007271632 _____ (Malwarebytes) C:\Users\Bens\Downloads\adwcleaner_7.1.1 (1).exe
2018-05-30 08:46 - 2018-05-31 09:19 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-05-30 08:46 - 2018-05-30 12:50 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-05-30 08:46 - 2018-05-30 08:46 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-30 08:46 - 2018-05-30 08:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-30 08:46 - 2018-05-30 08:46 - 000000000 ____D C:\ProgramData\MB2Migration
2018-05-30 08:46 - 2018-05-30 08:46 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-30 08:46 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-05-29 17:17 - 2018-05-29 17:17 - 000445215 _____ C:\Users\Bens\Desktop\Orders.pdf
2018-05-29 11:26 - 2018-05-30 13:29 - 000000286 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2018-05-29 11:22 - 2018-05-29 11:23 - 007271632 _____ (Malwarebytes) C:\Users\Bens\Desktop\adwcleaner_7.1.1.exe
2018-05-29 11:15 - 2018-05-30 12:44 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-05-29 09:06 - 2018-05-30 12:50 - 000718116 _____ C:\Windows\ntbtlog.txt
2018-05-27 23:22 - 2018-05-27 23:22 - 000000000 ____D C:\Users\Bens\Documents\My Cheat Tables
2018-05-27 22:46 - 2018-05-27 22:46 - 000094882 _____ C:\Users\Bens\Downloads\Red_Faction_Armageddon_by_Veloxin.rar
2018-05-27 22:39 - 2018-05-27 22:39 - 000168233 _____ C:\Users\Bens\Downloads\10_f_t_0_0_5_25_11_4_19_31_-1.rar
2018-05-27 18:19 - 2018-05-22 16:09 - 000132392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-05-27 18:17 - 2018-05-23 14:24 - 040089632 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-05-27 18:17 - 2018-05-23 14:24 - 032359864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 040347168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 035250536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 023298544 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 023298544 _____ (NVIDIA Corporation) C:\Windows\system32\dlumdfb11.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 023298544 _____ (NVIDIA Corporation) C:\Windows\system32\dlumdfb10.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 016997632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-05-27 18:17 - 2018-05-23 14:23 - 003964960 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 003496992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 002013784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439793.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 001562016 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 001467800 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439793.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 001418840 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 001216256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 001092000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 000626776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 000517536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 031276288 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 025990096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 020323544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 020323544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\dlumdfb11.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 020323544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\dlumdfb10.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 019080776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 019080776 _____ (NVIDIA Corporation) C:\Windows\system32\dlumdfb9.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 017782384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 015691136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 015691136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\dlumdfb9.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 015192624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 013727792 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 011273120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 004081624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 001157208 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000904904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000544472 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000462832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000420000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000182784 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000164944 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000159896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000142632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-05-27 18:17 - 2018-05-22 17:52 - 000227928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-05-27 18:17 - 2018-05-22 17:52 - 000047648 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-05-27 17:39 - 2018-05-27 17:39 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003940 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003790 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-20 13:33 - 002496296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2018-05-27 17:39 - 2018-05-20 13:33 - 002164008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2018-05-27 17:39 - 2018-05-20 13:33 - 001312040 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2018-05-27 17:37 - 2018-04-27 20:25 - 000068112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2018-05-27 17:35 - 2018-05-27 17:35 - 000000222 _____ C:\Users\Bens\Desktop\Dishonored.url
2018-05-27 16:44 - 2018-05-27 16:45 - 090998600 _____ (NVIDIA Corporation) C:\Users\Bens\Downloads\GeForce_Experience_v3.14.0.139.exe
2018-05-27 15:51 - 2018-05-27 15:51 - 000000221 _____ C:\Users\Bens\Desktop\Red Faction Armageddon.url
2018-05-26 23:35 - 2018-05-26 23:35 - 000000000 ____D C:\Users\Bens\AppData\LocalLow\Colossal Order
2018-05-26 23:25 - 2018-05-26 23:25 - 000000000 ____D C:\Users\Bens\AppData\Local\238010
2018-05-26 19:38 - 2018-05-26 19:38 - 000000222 _____ C:\Users\Bens\Desktop\Cities in Motion 2.url
2018-05-26 14:30 - 2018-05-26 14:34 - 000000479 _____ C:\Users\Bens\Desktop\LShift Script.ahk
2018-05-22 18:28 - 2018-05-22 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-22 18:17 - 2018-05-22 18:17 - 000000000 ____D C:\Users\Bens\AppData\LocalLow\Reflections, A Ubisoft Studio
2018-05-22 17:48 - 2018-05-22 17:48 - 000000222 _____ C:\Users\Bens\Desktop\ATOMEGA.url
2018-05-21 13:06 - 2018-05-21 13:06 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-05-21 13:06 - 2018-05-21 13:06 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-05-21 13:06 - 2018-05-21 13:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-05-21 13:06 - 2018-05-21 13:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-05-20 21:13 - 2018-05-20 21:13 - 000000000 ____D C:\Users\Bens\AppData\Roaming\EasyAntiCheat
2018-05-20 18:13 - 2018-05-20 18:13 - 000000234 _____ C:\Users\Bens\Desktop\Tom Clancy's Ghost Recon® Wildlands.url
2018-05-20 18:07 - 2018-05-30 22:15 - 000000000 ____D C:\Users\Bens\AppData\Local\Ubisoft Game Launcher
2018-05-20 18:07 - 2018-05-20 18:07 - 073321376 _____ (Ubisoft) C:\Users\Bens\Downloads\UplayInstaller.exe
2018-05-20 18:07 - 2018-05-20 18:07 - 000001205 _____ C:\Users\Bens\Desktop\Uplay.lnk
2018-05-20 18:07 - 2018-05-20 18:07 - 000000000 ____D C:\Users\Bens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2018-05-20 12:56 - 2018-05-20 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2018-05-20 12:55 - 2018-05-20 12:55 - 001248776 _____ (ALCPU ) C:\Users\Bens\Downloads\Core-Temp-setup (8).exe
2018-05-19 22:20 - 2018-05-19 22:20 - 000000000 ____D C:\Users\Bens\VirtualBox VMs
2018-05-19 15:10 - 2018-05-22 12:18 - 000000000 ____D C:\Users\Bens\.VirtualBox
2018-05-19 15:09 - 2018-05-19 15:09 - 000001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2018-05-19 15:09 - 2018-05-19 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2018-05-19 15:08 - 2018-05-19 15:08 - 000000000 ____D C:\Program Files\Oracle
2018-05-19 15:08 - 2018-05-09 09:27 - 000984376 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2018-05-19 15:08 - 2018-05-09 09:27 - 000168896 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2018-05-19 15:06 - 2018-05-19 15:07 - 113772032 _____ (Oracle Corporation) C:\Users\Bens\Downloads\VirtualBox-5.2.12-122591-Win.exe
2018-05-14 23:44 - 2018-05-08 17:24 - 001990688 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439764.dll
2018-05-14 23:44 - 2018-05-08 17:24 - 001467992 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439764.dll
2018-05-14 19:01 - 2018-05-14 19:01 - 000000000 ____D C:\Users\Bens\Desktop\Python Practice Files
2018-05-14 17:47 - 2018-05-14 17:47 - 009142656 _____ (Sublime HQ Pty Ltd ) C:\Users\Bens\Downloads\Sublime Text Build 3176 x64 Setup.exe
2018-05-14 17:47 - 2018-05-14 17:47 - 000000886 _____ C:\Users\Bens\Desktop\Sublime Text 3.lnk
2018-05-14 17:47 - 2018-05-14 17:47 - 000000886 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2018-05-14 17:47 - 2018-05-14 17:47 - 000000000 ____D C:\Users\Bens\AppData\Roaming\Sublime Text 3
2018-05-14 17:47 - 2018-05-14 17:47 - 000000000 ____D C:\Users\Bens\AppData\Local\Sublime Text 3
2018-05-14 17:47 - 2018-05-14 17:47 - 000000000 ____D C:\Program Files\Sublime Text 3
2018-05-14 17:41 - 2018-05-14 17:58 - 000000000 ____D C:\Users\Bens\.idlerc
2018-05-14 17:40 - 2018-05-14 17:40 - 030735232 _____ (Python Software Foundation) C:\Users\Bens\Downloads\python-3.6.5 (1).exe
2018-05-14 12:00 - 2018-05-14 12:00 - 000000019 _____ C:\test.txt
2018-05-14 11:39 - 2018-05-14 11:39 - 000001413 _____ C:\Users\Bens\Desktop\Python 3.6 (32-bit).lnk
2018-05-11 22:25 - 2018-05-11 22:26 - 274722060 _____ C:\Users\Bens\Downloads\drive-download-20180512T022517Z-001.zip
2018-05-09 09:27 - 2018-05-09 09:27 - 000222864 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2018-05-09 09:27 - 2018-05-09 09:27 - 000213080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2018-05-09 09:02 - 2018-04-23 14:57 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-09 09:02 - 2018-04-23 14:02 - 000348832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-09 09:02 - 2018-04-22 20:35 - 005583552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-09 09:02 - 2018-04-22 20:35 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-09 09:02 - 2018-04-22 20:35 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-05-09 09:02 - 2018-04-22 20:35 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-09 09:02 - 2018-04-22 20:35 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-05-09 09:02 - 2018-04-22 20:12 - 004047040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-05-09 09:02 - 2018-04-22 20:12 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-05-09 09:02 - 2018-04-22 20:10 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-05-09 09:02 - 2018-04-22 20:07 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:44 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:32 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-05-09 09:02 - 2018-04-22 19:32 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-05-09 09:02 - 2018-04-22 19:32 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-05-09 09:02 - 2018-04-22 19:31 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-05-09 09:02 - 2018-04-22 19:28 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-05-09 09:02 - 2018-04-22 19:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-05-09 09:02 - 2018-04-22 19:27 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-05-09 09:02 - 2018-04-22 19:25 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-05-09 09:02 - 2018-04-22 19:24 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-05-09 09:02 - 2018-04-22 19:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-05-09 09:02 - 2018-04-22 19:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-05-09 09:02 - 2018-04-22 19:23 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-05-09 09:02 - 2018-04-22 19:23 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-05-09 09:02 - 2018-04-22 19:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-05-09 09:02 - 2018-04-22 19:19 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-05-09 09:02 - 2018-04-22 19:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-05-09 09:02 - 2018-04-22 19:19 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-05-09 09:02 - 2018-04-22 19:19 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-05-09 09:02 - 2018-04-22 19:18 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-05-09 09:02 - 2018-04-22 19:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 04:04 - 025744896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-09 09:02 - 2018-04-22 03:53 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-05-09 09:02 - 2018-04-22 03:53 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-05-09 09:02 - 2018-04-22 03:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-09 09:02 - 2018-04-22 03:39 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-05-09 09:02 - 2018-04-22 03:38 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-09 09:02 - 2018-04-22 03:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-05-09 09:02 - 2018-04-22 03:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-05-09 09:02 - 2018-04-22 03:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-05-09 09:02 - 2018-04-22 03:32 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-09 09:02 - 2018-04-22 03:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-05-09 09:02 - 2018-04-22 03:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-05-09 09:02 - 2018-04-22 03:27 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-05-09 09:02 - 2018-04-22 03:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-09 09:02 - 2018-04-22 03:26 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-09 09:02 - 2018-04-22 03:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-05-09 09:02 - 2018-04-22 03:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-05-09 09:02 - 2018-04-22 03:24 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-09 09:02 - 2018-04-22 03:18 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-05-09 09:02 - 2018-04-22 03:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-05-09 09:02 - 2018-04-22 03:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-05-09 09:02 - 2018-04-22 03:08 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-05-09 09:02 - 2018-04-22 03:08 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-05-09 09:02 - 2018-04-22 03:07 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-05-09 09:02 - 2018-04-22 03:04 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-09 09:02 - 2018-04-22 03:04 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-05-09 09:02 - 2018-04-22 03:04 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-05-09 09:02 - 2018-04-22 03:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-05-09 09:02 - 2018-04-22 03:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-05-09 09:02 - 2018-04-22 03:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-05-09 09:02 - 2018-04-22 03:02 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-05-09 09:02 - 2018-04-22 03:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-05-09 09:02 - 2018-04-22 03:00 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-09 09:02 - 2018-04-22 03:00 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-05-09 09:02 - 2018-04-22 02:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-05-09 09:02 - 2018-04-22 02:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-05-09 09:02 - 2018-04-22 02:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-05-09 09:02 - 2018-04-22 02:54 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-09 09:02 - 2018-04-22 02:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-09 09:02 - 2018-04-22 02:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-05-09 09:02 - 2018-04-22 02:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-05-09 09:02 - 2018-04-22 02:49 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-09 09:02 - 2018-04-22 02:49 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-05-09 09:02 - 2018-04-22 02:48 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-09 09:02 - 2018-04-22 02:46 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-05-09 09:02 - 2018-04-22 02:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-05-09 09:02 - 2018-04-22 02:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-05-09 09:02 - 2018-04-22 02:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-05-09 09:02 - 2018-04-22 02:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-05-09 09:02 - 2018-04-22 02:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-05-09 09:02 - 2018-04-22 02:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-05-09 09:02 - 2018-04-22 02:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-05-09 09:02 - 2018-04-22 02:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-05-09 09:02 - 2018-04-22 02:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-05-09 09:02 - 2018-04-22 02:33 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-09 09:02 - 2018-04-22 02:31 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-09 09:02 - 2018-04-22 02:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-05-09 09:02 - 2018-04-22 02:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-09 09:02 - 2018-04-22 02:26 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-09 09:02 - 2018-04-22 02:26 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-05-09 09:02 - 2018-04-22 02:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-05-09 09:02 - 2018-04-22 02:22 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-09 09:02 - 2018-04-22 02:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-09 09:02 - 2018-04-22 02:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-09 09:02 - 2018-04-22 02:04 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-09 09:02 - 2018-04-22 02:03 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-09 09:02 - 2018-04-18 12:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-05-09 09:02 - 2018-04-18 12:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-05-09 09:02 - 2018-04-18 11:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-05-09 09:02 - 2018-04-18 11:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2018-05-09 09:02 - 2018-04-18 11:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-05-09 09:02 - 2018-04-18 11:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2018-05-09 09:02 - 2018-04-11 12:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-05-09 09:02 - 2018-04-11 12:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-05-09 09:02 - 2018-04-11 12:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-05-09 09:02 - 2018-04-11 12:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-05-09 09:02 - 2018-04-10 15:45 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-09 09:02 - 2018-04-10 12:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-05-09 09:02 - 2018-04-10 12:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-05-09 09:02 - 2018-04-10 12:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-05-09 09:02 - 2018-04-10 12:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-05-09 09:02 - 2018-04-10 12:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-05-09 09:02 - 2018-04-10 12:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-05-09 09:02 - 2018-04-10 12:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2018-05-09 09:02 - 2018-04-10 11:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-05-09 09:02 - 2018-04-10 11:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-05-09 09:02 - 2018-04-10 11:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-05-09 09:02 - 2018-04-10 11:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-05-09 09:02 - 2018-04-07 12:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-05-09 09:02 - 2018-03-18 18:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-05-09 09:02 - 2018-03-18 18:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-09 09:02 - 2018-03-14 13:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-05-09 09:02 - 2018-03-14 13:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-05-09 09:02 - 2018-03-14 13:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-05-09 09:02 - 2018-03-14 13:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-05-09 09:02 - 2018-03-14 13:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-05-09 09:02 - 2018-03-14 12:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-05-09 09:02 - 2018-03-14 12:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-05-09 09:02 - 2018-03-14 12:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-05-09 09:02 - 2018-03-14 12:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-05-09 09:02 - 2018-03-14 12:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-05-09 09:02 - 2018-03-14 12:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-05-09 09:02 - 2018-03-14 12:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-05-09 09:02 - 2018-03-14 12:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-05-09 09:02 - 2018-03-14 12:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-05-09 09:02 - 2018-03-14 12:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-05-09 09:02 - 2018-03-14 12:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-05-03 15:31 - 2018-05-03 15:32 - 000000000 ____D C:\Users\Bens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2018-05-03 15:31 - 2018-05-03 15:31 - 030735232 _____ (Python Software Foundation) C:\Users\Bens\Downloads\python-3.6.5.exe
2018-05-03 15:31 - 2018-05-03 15:31 - 000000000 ____D C:\Users\Bens\AppData\Local\Package Cache
2018-05-03 13:46 - 2018-05-03 13:47 - 002045043 _____ C:\Users\Bens\Downloads\sc2le.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-31 09:27 - 2009-07-14 00:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-31 09:27 - 2009-07-14 00:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-31 09:26 - 2017-05-15 10:15 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-31 09:22 - 2016-01-01 19:16 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-31 09:19 - 2016-03-26 01:49 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-31 09:15 - 2017-05-15 10:15 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-31 09:15 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-30 22:32 - 2016-01-09 17:53 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-30 21:41 - 2016-08-08 09:37 - 000000268 _____ C:\Windows\Tasks\{3C982554-E1B7-D216-FEC8-3E0A779A5967}.job
2018-05-30 13:59 - 2016-01-17 00:00 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-30 13:57 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-05-30 13:51 - 2016-01-16 23:57 - 000000000 ____D C:\Program Files\Microsoft Office
2018-05-30 13:27 - 2016-01-15 18:11 - 000000000 ____D C:\Users\Bens\AppData\LocalLow\Temp
2018-05-30 12:23 - 2016-05-16 15:55 - 000000000 ____D C:\Users\Bens\AppData\Local\ElevatedDiagnostics
2018-05-30 10:45 - 2016-01-16 16:12 - 000000000 ____D C:\Users\Bens\AppData\Local\CrashDumps
2018-05-30 08:46 - 2016-03-26 01:48 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-05-30 08:46 - 2016-01-09 17:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-29 11:26 - 2016-09-17 13:00 - 000000000 ____D C:\AdwCleaner
2018-05-29 11:26 - 2016-01-12 10:17 - 000000000 ____D C:\Users\Bens\AppData\Roaming\IObit
2018-05-29 11:26 - 2016-01-12 10:17 - 000000000 ____D C:\Users\Bens\AppData\LocalLow\IObit
2018-05-29 11:26 - 2016-01-12 10:17 - 000000000 ____D C:\ProgramData\IObit
2018-05-29 11:06 - 2017-05-15 10:14 - 000000000 ____D C:\Users\Bens\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
2018-05-28 10:01 - 2009-07-14 01:08 - 000032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-05-27 20:25 - 2016-10-23 14:27 - 000000000 ____D C:\Users\Bens\AppData\Roaming\DesktopOK
2018-05-27 18:20 - 2016-08-18 11:12 - 000000000 ____D C:\temp
2018-05-27 18:20 - 2016-01-01 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-27 18:20 - 2016-01-01 19:14 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-27 18:20 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-05-27 18:19 - 2016-08-06 20:45 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-27 18:18 - 2018-04-25 22:07 - 000000000 ____D C:\Windows\system32\unknown
2018-05-27 17:42 - 2009-07-14 01:13 - 000960992 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-27 17:39 - 2016-01-01 19:14 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-27 17:39 - 2016-01-01 19:11 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-27 13:19 - 2016-11-28 12:46 - 000000000 ____D C:\Users\Bens\AppData\Local\dxhr
2018-05-27 00:20 - 2017-10-21 19:59 - 000000000 ____D C:\Users\Bens\AppData\Local\Battle.net
2018-05-26 20:21 - 2016-01-09 19:34 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-05-26 19:30 - 2017-10-21 20:00 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-05-23 22:30 - 2017-10-21 20:04 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2018-05-23 14:22 - 2016-11-26 01:21 - 000505736 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-05-23 14:22 - 2016-01-01 19:12 - 004613408 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-05-22 18:29 - 2017-05-15 10:15 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-22 18:22 - 2016-01-18 19:18 - 000000000 ____D C:\Users\Bens\Documents\My Games
2018-05-22 17:52 - 2017-02-14 14:40 - 000041598 _____ C:\Windows\system32\nvinfo.pb
2018-05-22 17:52 - 2016-08-06 20:44 - 001688848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-05-22 15:58 - 2016-01-01 19:15 - 002612520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-05-22 15:57 - 2016-01-01 19:15 - 005947328 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-05-22 15:57 - 2016-01-01 19:15 - 001767360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-05-22 15:57 - 2016-01-01 19:15 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-05-22 15:57 - 2016-01-01 19:15 - 000450960 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-05-22 15:57 - 2016-01-01 19:15 - 000124200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-05-22 15:57 - 2016-01-01 19:15 - 000083240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-05-22 02:43 - 2016-01-01 19:15 - 008186102 _____ C:\Windows\system32\nvcoproc.bin
2018-05-20 21:13 - 2018-04-22 23:33 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-05-20 21:12 - 2016-01-01 17:44 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-20 12:56 - 2016-01-02 11:37 - 000000000 ____D C:\Program Files\Core Temp
2018-05-20 11:30 - 2017-04-06 18:41 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-05-19 22:20 - 2016-01-01 17:28 - 000000000 ____D C:\Users\Bens
2018-05-18 19:21 - 2017-05-15 10:15 - 000003900 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-18 19:21 - 2017-05-15 10:15 - 000003648 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-17 15:15 - 2016-11-11 15:59 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 15:15 - 2016-11-11 15:59 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 19:15 - 2016-11-11 15:59 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-15 16:44 - 2016-09-13 10:41 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-15 16:44 - 2016-09-13 10:40 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-14 12:01 - 2016-11-26 01:16 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-05-12 16:03 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2018-05-12 09:23 - 2016-10-09 20:04 - 000000000 ____D C:\Users\Bens\AppData\Local\Spotify
2018-05-12 09:18 - 2016-10-09 20:03 - 000000000 ____D C:\Users\Bens\AppData\Roaming\Spotify
2018-05-12 09:06 - 2016-08-16 16:11 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-05-10 09:38 - 2009-07-14 00:45 - 000502056 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-10 00:12 - 2016-01-01 21:29 - 000000000 ____D C:\Windows\system32\MRT
2018-05-10 00:09 - 2017-10-11 22:33 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-10 00:08 - 2016-01-01 21:29 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-10 00:07 - 2016-01-17 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-05-10 00:04 - 2016-01-01 17:42 - 000953114 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-09 08:11 - 2017-09-18 00:04 - 000000000 ____D C:\Program Files (x86)\Origin
2018-05-09 00:19 - 2009-07-13 22:34 - 000000478 _____ C:\Windows\win.ini
2018-05-08 18:07 - 2016-01-16 17:17 - 000000000 ____D C:\Users\Bens\AppData\Roaming\Skype
2018-05-08 17:54 - 2016-09-13 10:52 - 000004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-05-08 17:54 - 2016-01-09 19:34 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-08 17:54 - 2016-01-09 19:34 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-08 17:54 - 2016-01-09 19:34 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-05-08 17:54 - 2016-01-09 19:34 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-08 16:54 - 2018-03-14 08:55 - 000004458 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-07 10:29 - 2016-02-20 18:42 - 000000000 ____D C:\Users\Bens\Desktop\Clemson Academics
2018-05-02 11:10 - 2017-10-31 13:30 - 000000000 ____D C:\Users\Bens\Desktop\Utility Documents
2018-05-01 22:49 - 2016-05-15 21:26 - 000000000 ____D C:\Users\Bens\AppData\Roaming\discord
2018-05-01 22:48 - 2016-05-15 21:26 - 000002158 _____ C:\Users\Bens\Desktop\Discord.lnk
2018-05-01 22:48 - 2016-05-15 21:26 - 000000000 ____D C:\Users\Bens\AppData\Local\Discord
2018-05-01 11:32 - 2016-11-26 16:51 - 000000000 ____D C:\Users\Bens\Documents\The Witcher 3
 
==================== Files in the root of some directories =======
 
2016-01-02 11:38 - 2016-01-22 15:41 - 000000624 _____ () C:\Users\Bens\AppData\Roaming\All CPU MeterV3_Settings.ini
2016-09-25 14:29 - 2016-12-08 10:32 - 000003956 _____ () C:\Users\Bens\AppData\Roaming\LTspiceIV.ini
2016-08-08 10:37 - 2018-04-05 07:41 - 000000590 _____ () C:\Users\Bens\AppData\Roaming\WB.CFG
2017-12-16 12:41 - 2017-12-16 12:41 - 000000052 _____ () C:\Users\Bens\AppData\Local\r18fpz9gq0
2016-08-05 23:10 - 2016-08-05 23:10 - 000000000 _____ () C:\Users\Bens\AppData\Local\{6E79546E-9B95-4E0A-AD15-0FE6491F883E}
 
Files to move or delete:
====================
C:\Windows\Tasks\{3C982554-E1B7-D216-FEC8-3E0A779A5967}.job
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-28 11:18
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Bens (31-05-2018 09:30:42)
Running from C:\Users\Bens\Desktop\FRST
Windows 7 Home Premium Service Pack 1 (X64) (2016-01-01 21:28:46)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4140990403-1587092264-3380911152-500 - Administrator - Disabled)
Bens (S-1-5-21-4140990403-1587092264-3380911152-1000 - Administrator - Enabled) => C:\Users\Bens
Guest (S-1-5-21-4140990403-1587092264-3380911152-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4140990403-1587092264-3380911152-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Arena 15.00.00001  (32 Bit) (HKLM-x32\...\{BD78DE74-95DB-429D-A66F-6306BCEDA640}) (Version: 15.00.00001 - Rockwell Automation, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.5.02036 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{158B6CE6-296E-4AC9-AC51-92E9B8D39BA0}) (Version: 4.5.02036 - Cisco Systems, Inc.) Hidden
Core Temp 1.12.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12.1 - ALCPU)
Discord (HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
Discord (HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden
DisplayLink Core Software (HKLM\...\{F3B9FCD6-4E63-40B6-A38F-A38644E70629}) (Version: 7.9.1589.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{74F1A323-36B4-4A70-81E7-904CF6AD0D49}) (Version: 7.9.1625.0 - DisplayLink Corp.)
DLsetup (HKLM-x32\...\{F0B7258A-AB03-49D9-8760-9CA8E122FFD6}) (Version: 7.9.07.01 - DisplayLink)
Dropbox (HKLM-x32\...\Dropbox) (Version: 50.4.71 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Epic Games Launcher (HKLM-x32\...\{213B426C-5317-4F2D-8395-AC04B70711C4}) (Version: 1.1.133.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EW Installation Center (HKLM-x32\...\{EW Installation Center}}_is1) (Version: 1.2.1 - EastWest Sounds, Inc.)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
GDR 4213 for SQL Server 2014 (KB3070446) (64-bit) (HKLM\...\KB3070446) (Version: 12.1.4213.0 - Microsoft Corporation)
GDR 4232 for SQL Server 2014 (KB3194720) (64-bit) (HKLM\...\KB3194720) (Version: 12.1.4232.0 - Microsoft Corporation)
GDR 4237 for SQL Server 2014 (KB4019091) (64-bit) (HKLM\...\KB4019091) (Version: 12.1.4237.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hollywood Orchestra (HKLM\...\{A1C73811-D4BB-404B-B287-816172DC301C}) (Version: 1.0.0 - EastWest Sounds, Inc)
Hollywood Orchestra Diamond (HKLM-x32\...\{9BB66AC3-D0A0-44A7-9F49-DAC3CB3BC550}) (Version: 1.0.0 - EastWest Sounds, Inc.)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Chipset Device Software (HKLM-x32\...\{da2de8c3-61b9-4b3b-916d-6b2fb2b1a90c}) (Version: 10.0.21 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.6.60 - Intel Corporation)
Intel® Visual Fortran Redistributables on IA-32 (HKLM-x32\...\{F4DA0EDD-E9AC-4808-8B64-8FD33C51BD0F}) (Version: 14.0.237 - Intel Corporation)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
JTS Modern Air Power - SPV (HKLM-x32\...\{72DDEFC7-80BF-4135-961F-2DF95F6FF5EC}) (Version: 1.01 - John Tiller Software)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Macrium Reflect Free Edition (HKLM\...\{F2C3E5F6-35A4-4E9D-BD14-7A93E3EF85EF}) (Version: 6.1.1000 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Access database engine 2016 (English) (HKLM\...\{90160000-00D1-0409-1000-0000000FF1CE}) (Version: 16.0.4519.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BE00C353-3529-4C31-AED2-AE3598D2CD2B}) (Version: 12.1.4237.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9330.2087 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{EDB86AFA-B3AA-45F6-BEEB-DA14A47FC1FB}) (Version: 12.1.4237.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Minitab 18 (HKLM-x32\...\{8D24BFA4-1266-436F-9EBF-F83F5CFADD2E}) (Version: 18.1.0.0 - Minitab, Inc.) Hidden
Minitab 18 (HKLM-x32\...\Minitab 18 18.1.0.0) (Version: 18.1.0.0 - Minitab, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.2.880 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version:  - Native Instruments)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 397.93 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.2.12 (HKLM\...\{128AD467-F107-4FED-A283-F355E74DE103}) (Version: 5.2.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.18.58059 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM\...\{233E2172-6B0E-4444-8BBA-C0D2BB9D7C37}) (Version: 3.1.7.1901 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{233E2172-6B0E-4444-8BBA-C0D2BB9D7C37}) (Version: 3.1.7.1901 - PACE Anti-Piracy, Inc.)
Pharos (HKLM-x32\...\Pharos) (Version:  - )
PLAY 4.3.5 (HKLM-x32\...\EW PLAY_is1) (Version: 4.3.5 - EastWest Sounds, Inc.)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 3.6.5 (32-bit) (HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\{3346977b-49da-4095-8f4d-f56f103e52e9}) (Version: 3.6.5150.0 - Python Software Foundation)
Python 3.6.5 (32-bit) (HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\{3346977b-49da-4095-8f4d-f56f103e52e9}) (Version: 3.6.5150.0 - Python Software Foundation)
Python 3.6.5 Core Interpreter (32-bit) (HKLM-x32\...\{58E1C809-82C5-4EDF-B69B-188A6C81F21F}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Development Libraries (32-bit) (HKLM-x32\...\{21FD2EE0-8D55-49DC-A1B0-771696DDEE98}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Documentation (32-bit) (HKLM-x32\...\{5C613D87-0AED-48A9-A216-3A3783463D6C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Executables (32-bit) (HKLM-x32\...\{9107CF1A-A09C-4035-B29E-E79B4098AB8C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 pip Bootstrap (32-bit) (HKLM-x32\...\{C024F06C-0E37-4529-945F-7920A9CFFD78}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Standard Library (32-bit) (HKLM-x32\...\{8C2E8A7D-95CC-491C-AB9C-DE785A137D00}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Tcl/Tk Support (32-bit) (HKLM-x32\...\{052FD2FB-034D-4CDD-864E-798DE45C742A}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Test Suite (32-bit) (HKLM-x32\...\{86533809-919A-4858-AFC4-4226B86C5291}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Utility Scripts (32-bit) (HKLM-x32\...\{5C0C82E9-B580-4EE4-894A-4451A23B0E2C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{8A66FEC2-E443-4219-B9AC-F9B10607B57C}) (Version: 3.6.6295.0 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM-x32\...\{9D52DBF3-229A-4723-BF31-C57C9C1D2A23}) (Version: 13.0.15.1840 - SAP)
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SOLIDWORKS 2016 x64 Edition SP05 (HKLM\...\{768F3B65-1695-47B7-9002-B11400CB111D}) (Version: 24.150.58 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2016 x64 Edition SP05 (HKLM-x32\...\SolidWorks Installation Manager 20160-40500-1100-100) (Version: 24.5.0.58 - SolidWorks Corporation)
SOLIDWORKS Composer Player 2016 SP05 x64 Edition (HKLM\...\{8537E059-C18B-4DE6-AED6-CD9B90240C35}) (Version: 24.50.58 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2016 x64 Edition SP05 (HKLM\...\{12339098-76B6-47CD-B52A-52E4809108F6}) (Version: 16.5.0084 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Electrical 2016 SP05 x64 Edition (HKLM\...\{064914EF-A0D8-447D-8E5C-E888CA8FD467}) (Version: 24.50.58 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2016 SP05 x64 Edition  (HKLM\...\{0B7C2320-1D2F-42F1-9941-C88C6B7AB0D5}) (Version: 24.50.59 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2016 SP05 x64 Edition (HKLM\...\{DF6A3557-CE70-4357-81CF-E33CCB5E750D}) (Version: 24.50.58 - Dassault Systemes SolidWorks Corp) Hidden
Spotify (HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
Spotify (HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.28.7.4850 - Enigma Software Group, LLC)
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.7.64833 - Electronic Arts)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.0.15.42049 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.76421 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Tom Clancy's Ghost Recon Wildlands (HKLM-x32\...\Uplay Install 1771) (Version:  - Ubisoft)
Universal Control (HKLM\...\Universal Control) (Version: 1.8.3.40882 - PreSonus Audio Electronics, Inc)
Update for Skype for Business 2015 (KB4018377) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{148C5C88-8659-47CB-A1B2-FE4A0C0B277E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4018377) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{148C5C88-8659-47CB-A1B2-FE4A0C0B277E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4018377) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{148C5C88-8659-47CB-A1B2-FE4A0C0B277E}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 58.0 - Ubisoft)
UtechSmart 16400DPI VENUS Gaming Mouse version 1.1 (HKLM-x32\...\{5A0E98CD-3E42-4FA9-BA70-3EEFA31F67CE}_is1) (Version: 1.1 - UtechSmart)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Bens\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Bens\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-05-21] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-05-21] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-22] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04BC1A73-58EA-4EA1-88D1-0C596EA82AD2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-20] (NVIDIA Corporation)
Task: {065F977B-DB69-4BDE-B157-2004CC13A135} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {086F17E6-A04E-499B-B8FA-5011058F4196} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-15] (Dropbox, Inc.)
Task: {08A0D68F-AB9B-4518-8022-E11A80756EBA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0D5E7A1B-53EC-4E5E-BFDD-D24E697F891E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {13A06379-635F-4A6C-BEA0-BF310E4FC8C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-11] (Google Inc.)
Task: {15F21495-BAC6-4622-8E81-A972EFB74045} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {16103F81-27FB-44A2-8234-42FA60A43755} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-05-30] (Microsoft Corporation)
Task: {1CFDB844-33C7-411E-8E61-8B6A41ECA99A} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {2076FE87-3BF2-4441-A4AA-191D700E83D5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-30] (Microsoft Corporation)
Task: {21CEF63D-045D-4CD4-8B20-B0AAE1C1EDFA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {2F6806DA-DE96-41B9-A120-AEFE2DB2BF24} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {31DDD700-F937-40B6-AA00-7F6F103EC636} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {33A95106-F886-4CC4-A865-D4EE11DA2393} - System32\Tasks\{7E20CDAA-CF66-42DE-9E60-259B39BF117C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\LTC\LTspiceIV\scad3.exe" -c -uninstall
Task: {35099EA1-6157-4DFE-B902-7511418B8F47} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {387D8F26-2E36-44DC-A7DC-6A09949EC168} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {396110FD-6A47-4F03-9C70-044BCC9D302A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {486932D5-48EC-439B-B7BF-E7013C89EA26} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\osfinstaller.exe [2018-05-30] (Microsoft Corporation)
Task: {491AABA5-C148-403E-ABA1-BF7728CCF9E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-11] (Google Inc.)
Task: {4AF0A73B-92B5-4657-A5F8-CB9B7CD53A42} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4C138F82-0603-4764-824C-107E77EF9F79} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {53C75AA2-4858-4489-9C1C-8D623946FF33} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {56B145D3-30B6-4CC5-9B22-BA7F2BA608A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-05-30] (Microsoft Corporation)
Task: {60EE1F7D-3A27-4F78-964D-29A25E0981F7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {612CFD2A-23C4-4443-A83D-FFED438D869C} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {6255CDAE-BEA6-4A89-8292-B679AD8C22B9} - System32\Tasks\{27FBD241-067C-4CA2-A035-C5BEFDBE3A7A} => C:\Windows\system32\pcalua.exe -a "C:\Users\Bens\Desktop\LicenseSupportInstallerWin64_v3.0.3_r33772\Troubleshooting\Installer Cleanup.exe" -d C:\Users\Bens\Desktop\LicenseSupportInstallerWin64_v3.0.3_r33772\Troubleshooting
Task: {7EFBEC96-16AC-4502-B1AD-2FF762BBAFEB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation)
Task: {833612A2-2DA6-47D9-81F1-A7F0A9850ED6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-05-30] (Microsoft Corporation)
Task: {87915268-51A3-4BC6-A5A3-B420711ADDD0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-05-20] (NVIDIA Corporation)
Task: {8E18D60F-D006-4623-BF16-689FBB744018} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {91A6F898-93BE-4B2A-9592-145F73AFEF66} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-15] (Dropbox, Inc.)
Task: {974C4FB5-CD2F-4CB7-B963-8C3A18DB8AC5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-30] (Microsoft Corporation)
Task: {9903B30A-A11E-4554-824A-1A207D8F6EEA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {99BEA6DA-EC34-4415-8D98-D35FC598DE93} - System32\Tasks\{3C982554-E1B7-D216-FEC8-3E0A779A5967} => C:\Users\Bens\AppData\Roaming\{FFCBC~1\updater.exe <==== ATTENTION
Task: {A1F41156-E58C-43B0-B3D9-02AE851B60FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A34CE472-BA43-46DE-8496-EF0194CE1C01} - System32\Tasks\AdobeGCInvoker-1.0-Bens-PC-Bens => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {AF183CB7-6624-4B29-AC22-0E713ABF2D25} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {BF246DE6-F248-4BDB-8262-A5A448A60D17} - System32\Tasks\Core Temp Autostart Bens => C:\Program Files\Core Temp\Core Temp.exe [2018-05-20] (ALCPU)
Task: {C19D05C5-4A09-4499-9F78-FF993CA4543F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {C8DAE557-1B01-4D41-AB17-24A908DDF0C1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C901C67D-6DBC-407B-A719-C0FE338F39D5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation)
Task: {CCB9C7A9-F3B1-4578-8CB4-EEB747FA3793} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D9B99B6E-9EDA-46D8-8359-6746CBEFDA4B} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {E5DF111C-3761-4F56-BDEA-F7D1F083456F} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {E880949B-5815-4649-BB3C-67E2CF000F9D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-05-20] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Bens\Downloads\adwcleaner_7.1.1.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\{3C982554-E1B7-D216-FEC8-3E0A779A5967}.job => C:\Users\Bens\AppData\Roaming\{FFCBC~1\updater.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-28 12:58 - 2016-11-28 12:58 - 000959168 _____ () C:\Users\Bens\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-04-27 02:12 - 2016-04-27 02:12 - 001652456 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2016-01-02 11:36 - 2016-01-02 11:36 - 000012520 _____ () C:\Users\Bens\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2016-01-02 11:36 - 2016-01-02 11:36 - 000015080 _____ () C:\Users\Bens\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2016-01-02 11:36 - 2016-01-02 11:36 - 000014056 _____ () C:\Users\Bens\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2016-10-13 07:59 - 2016-10-13 07:59 - 000267672 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldBodyDiffu.dll
2016-01-11 17:56 - 2014-05-19 20:10 - 003386880 _____ () C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
2016-10-13 01:38 - 2016-10-13 01:38 - 000184368 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
2017-10-30 21:49 - 2016-08-25 11:23 - 000144896 _____ () C:\DLautoR.exe
2018-05-27 17:39 - 2018-05-20 13:33 - 001315112 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-06-09 15:18 - 2017-06-09 15:18 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2018-05-27 17:39 - 2018-05-20 13:33 - 095437608 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-05-30 08:46 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-30 08:46 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-05-16 19:15 - 2018-05-14 23:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-16 19:15 - 2018-05-14 23:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2018-05-27 17:39 - 2018-05-20 13:33 - 003029288 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-05-27 17:39 - 2018-05-20 13:33 - 000149800 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2017-10-18 09:23 - 2017-10-18 09:23 - 000033792 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_system-vc140-mt-1_59.dll
2017-10-18 09:22 - 2017-10-18 09:22 - 000062976 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_date_time-vc140-mt-1_59.dll
2017-10-18 09:24 - 2017-10-18 09:24 - 000106496 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_thread-vc140-mt-1_59.dll
2017-10-18 09:24 - 2017-10-18 09:24 - 000042496 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_chrono-vc140-mt-1_59.dll
2017-10-18 09:25 - 2017-10-18 09:25 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-11-24 11:52 - 2016-11-24 11:52 - 003551744 _____ () C:\Program Files\PreSonus\Universal Control\ipp.dll
2016-09-26 07:27 - 2016-09-26 07:27 - 017484800 _____ () C:\Program Files\PreSonus\Universal Control\SmaartFactory_Win32.dll
2016-10-11 12:57 - 2016-10-11 12:57 - 000238008 _____ () C:\Program Files\PreSonus\Universal Control\Drivers\AudioBox\paeusbaudioapi.dll
2016-10-11 12:23 - 2016-10-11 12:23 - 000238008 _____ () C:\Program Files\PreSonus\Universal Control\Drivers\Studio192\PaeStudio192api.dll
2016-10-11 12:57 - 2016-10-11 12:57 - 000238008 _____ () C:\Program Files\PreSonus\Universal Control\Drivers\StudioLiveAR\PaeStudioLiveARapi.dll
2016-01-11 17:56 - 2014-05-19 20:10 - 000028160 _____ () C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\uiHook.dll
2016-04-27 02:12 - 2016-04-27 02:12 - 001279720 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi.dll
2018-05-27 17:39 - 2018-05-20 13:33 - 001033000 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-03-20 12:43 - 2014-03-20 12:43 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [514]
AlternateDataStreams: C:\Users\Public\AppData:CSM [482]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-09-17 12:46 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bens\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100\Control Panel\Desktop\\Wallpaper -> C:\Users\Bens\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SOLIDWORKS Background Downloader.lnk => C:\Windows\pss\SOLIDWORKS Background Downloader.lnk.CommonStartup
MSCONFIG\startupreg: Advanced SystemCare 9 => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
MSCONFIG\startupreg: Discord => C:\Users\Bens\AppData\Local\Discord\app-0.0.290\Discord.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Spotify => "c:\users\bens\appdata\roaming\spotify\spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Bens\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{152CDBA7-4EC2-4EA6-A813-38108EFB7E5E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{47D2A78E-E8C8-4AC7-A724-DA6AE5F98EE8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{43B51B2A-54B9-4B61-9FC2-1A53835E5ED8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2B0ED86B-D5E8-400F-B22B-C5956E780610}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{79665373-5EEF-4656-93DC-2ECC619A1F00}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe
FirewallRules: [UDP Query User{545BA878-74AA-4378-8581-37B2B674A78A}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe
FirewallRules: [{D002BB9D-5FC0-4E6F-83E3-ADB1A9218E15}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9C121460-2D09-4B29-A64B-7025D586F09E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{34F0D14E-1423-4439-AEA9-C6CCAD56EAE1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7F27E9C0-F8CF-4E6B-BE70-CBF91A1996A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D59788A6-1FCC-4D6E-967E-8B1C7D541980}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E6A541DD-C453-480F-AA3F-423BB83944BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B8A57B0-2FE4-4053-95A0-DE7A21BA0D30}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{19F4F200-AC3B-41E6-B67A-A38D598FE6B2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{9D97E06A-D394-47D7-AE38-5B10BCA20377}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{849B7373-3BC2-4654-AB87-88043E909C54}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{C4010BC7-400B-4994-AE56-5D4943E0F8A6}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{A3AA50E4-5DB9-4E84-8193-6B7C1BC6A2FF}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [TCP Query User{BAFA3D6B-4260-46CA-B251-76B74A941768}C:\users\bens\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bens\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1EA94639-EDD6-45E9-92DD-8FE033672F94}C:\users\bens\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bens\appdata\roaming\spotify\spotify.exe
FirewallRules: [{32D074A5-628B-40D4-9D99-63D14921B823}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E62C137E-8788-41B0-9728-260023FBE3D7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{505070C4-C1EE-4083-83E1-8ADBEE888F11}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5CA6A966-ACA4-4F4D-A713-1C6BE7C88A84}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{402F1C12-5941-4221-B7CC-F89E9DDAA38B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7229205A-82CB-42AB-9C01-EF3C9AAE5AB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{02E47F2C-7958-4CB4-A9F0-0214B0F32D16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [TCP Query User{0DE19E3D-1BFD-4271-9173-96A4C4449808}C:\program files\presonus\universal control\universal control.exe] => (Allow) C:\program files\presonus\universal control\universal control.exe
FirewallRules: [UDP Query User{9D5750AB-0C28-4070-967B-8E116DC224CB}C:\program files\presonus\universal control\universal control.exe] => (Allow) C:\program files\presonus\universal control\universal control.exe
FirewallRules: [{6A208200-34BC-46C5-B817-B2EB3C3D9453}] => (Block) C:\program files\presonus\universal control\universal control.exe
FirewallRules: [{B8003529-E677-4FE8-9615-18BEDFFD2193}] => (Block) C:\program files\presonus\universal control\universal control.exe
FirewallRules: [TCP Query User{06369829-533D-48C5-B8D0-10C3C7493824}C:\program files (x86)\image-line\fl studio 12\fl.exe] => (Block) C:\program files (x86)\image-line\fl studio 12\fl.exe
FirewallRules: [UDP Query User{3A4DD665-2216-4507-9C35-0B46171C1D20}C:\program files (x86)\image-line\fl studio 12\fl.exe] => (Block) C:\program files (x86)\image-line\fl studio 12\fl.exe
FirewallRules: [{49E359C6-4E8F-4D73-9536-8FB852126842}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5AD2D8FE-5721-451D-83CB-40B35CDD3441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{8094E8A3-9880-4657-A363-D61DDEEF9083}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{7186A3B8-16CC-4A17-8634-C8BAE21359FD}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [{63C5839A-994F-4322-8538-39498F5F9552}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{FE86B5CB-C61F-42DD-961F-50074E2044B0}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{B3F96F3F-F34D-4377-BA94-A04DB02EC9FE}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{DA974EEA-DD4D-44D6-BDE5-91BC4D496849}] => (Allow) LPort=5357
FirewallRules: [{9AE41A90-EA28-4230-B6B0-C9A80A06B855}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{73984CB5-DD8D-4A8A-86A7-2D18D40D16F1}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [UDP Query User{CFF1F18F-A899-486C-98F3-09204EF18EE0}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{03C75680-25C9-4AAF-8D66-22AC6AD08E32}] => (Block) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{BD45B1AC-0443-4A52-BA92-8156CCAC96FD}] => (Block) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{EC5D7BE4-4235-43D4-A039-618598D35A69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{5395B351-981E-4C8B-9086-0E6CF4A2C2E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{A973DFFA-F982-4FA5-9393-8544D589B484}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{05F3C795-E34D-4217-87F2-8665938EE05D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5D5B3749-3C54-46FA-9D94-59D53C5D5F0C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{96CFD084-A19C-48B9-B057-8FBAEFFA871F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9B9B173B-B7FC-4C13-8AC1-898F0F7704C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{21DB6A68-BACA-4EDB-B0C2-AC00BF0D1B3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{98C23F01-F6C9-4F28-9899-03E751AD32B0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4C22B647-515C-4E10-AA15-14B54047A073}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{41FAD877-4379-4C86-8AF8-ECC9AE10ED2C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{610DE3EE-7ECE-4CC2-8C2B-E717C06066B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0DE79916-84A0-457E-A0D3-F60654960EB3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{22C04D96-A917-4BC5-95BE-2CFCB9E1FB70}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{A4DAA9BD-5F8E-4F85-A8F2-F1E2276E5737}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{8A4CEF40-C8FA-4ADC-9824-3640F0AC93C3}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{20845EE7-F8E3-411F-8D2B-FF98D615E9C9}C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [UDP Query User{4075F5DA-BAB1-4668-9684-F6ED04A6EDC4}C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [TCP Query User{4BF50D89-15F2-4FCE-8621-C50C99F278CF}C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [UDP Query User{982AA866-FB00-4C1D-A0A0-E7FE22FD9246}C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [TCP Query User{B817BF9D-9669-4306-926D-543212EB3B26}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Allow) C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [UDP Query User{624B0F82-1259-436B-B98D-1693DD8129A8}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Allow) C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [{9810D22A-084D-45E7-9D9A-CFB77F036ED6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{7E59146A-C0E0-42F0-BA74-5481935B1D4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [TCP Query User{51ADE33A-7293-4165-989B-095F0C221EE4}C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe
FirewallRules: [UDP Query User{D28363D9-1213-4D63-9BFB-2570B2B1ED56}C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe
FirewallRules: [TCP Query User{D67A72F9-15F4-4131-AEAF-1D3F6DE23598}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{60A16A4B-9F98-4259-ADA9-1388F48F14A6}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{4AB93687-F34A-4824-8781-E1E035351795}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{0CD7C42B-7BC2-4BD4-869D-BC755DA468F2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{F2456517-AAC8-4C5D-AE44-8201AF7F3DBD}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{6F28A68A-FF96-4299-A1F1-C380F71FCFE0}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{A7DD362D-28CA-4FB9-B8AD-E57CE0597812}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{CCC21F7A-BB83-450B-AE91-9D86C8116410}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{50250B48-1156-4279-83D6-7E52CF287C7E}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe
FirewallRules: [{58A65648-3E81-492B-BE8C-A7539B8D9861}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe
FirewallRules: [{09751927-1F27-484A-95AC-2AA5E19EB47B}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe
FirewallRules: [{8B837A20-2599-4369-A67B-C97E1907A306}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe
FirewallRules: [{4B890AA2-30D3-4EE4-86F3-3975F627A3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{8DD7C766-F2D9-4F73-A1B9-2FCEB1B7DF48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{1826A4AD-2A14-402E-B1B7-F0F64B79E750}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{94669C14-7B9B-4458-84AE-0D643310D4C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe
FirewallRules: [{627D07F0-D9AD-4814-AB85-A3E26A7FA21B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe
FirewallRules: [TCP Query User{71DE3503-AC68-40B3-91A8-248B0750E893}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe
FirewallRules: [UDP Query User{A834632C-71D2-4FE3-9DE7-F83B117D3FC2}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe
FirewallRules: [{A2167E4C-D77E-4553-B681-414AA277231A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{38EFB6D8-D8AD-4900-9BD4-28ADCB55698E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{01028C69-3DAD-4ED4-99DE-172347D92275}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base63507\HeroesOfTheStorm_x64.exe
FirewallRules: [{A7B84419-FB1B-4DF0-A0A5-EB83E8B7EEE9}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base63507\HeroesOfTheStorm_x64.exe
FirewallRules: [{39536DA4-68FA-4727-A6DF-14B35B60810A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{FA000D5C-1E4F-4657-BB55-C997BFCAA8C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{99472217-32E1-4C29-B444-CA4751EAC7A4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F7090A2E-1611-4E21-AFFE-BAC0EED6D61E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3D02A65E-484E-40AE-A0B7-F87F75F4EC0E}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base64657\HeroesOfTheStorm_x64.exe
FirewallRules: [{BBA159DF-1433-4A30-9246-1C08271EFC9D}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base64657\HeroesOfTheStorm_x64.exe
FirewallRules: [{38171F0E-96C8-4E20-A5A5-C0AADAA9A53D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{607915CD-5108-4B3B-8F48-6247A8D976E3}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Ghost Recon Wildlands\GRW.exe
FirewallRules: [{A31DA7B5-6055-4E52-9A54-2DB132EFA2B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ATOMEGA\ATOMEGA.exe
FirewallRules: [{B95DB367-FDD1-4830-A685-B62E43FB923E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ATOMEGA\ATOMEGA.exe
FirewallRules: [{8BD34225-00F8-4D0B-B20B-92B153AEA7CB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{4766B3AB-D053-4C48-B002-0495AC3ED353}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{BE39DB26-BC07-4BFE-86BD-5E8659026A9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{638C1B09-B00A-4BBA-9F77-A0ABAF628747}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{9FF95E6D-89FD-4DB6-B404-F6F6EB851A7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{45FAE3E9-7263-4888-B360-D268C82C78F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\rf4_launcher.exe
FirewallRules: [{DFD093C0-D7DC-405A-9DE7-EC80A3B3AE39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\rf4_launcher.exe
FirewallRules: [{47602023-3947-4E7A-B4A8-4602165EF188}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5E2E83C8-3DA2-4E4D-9CA1-F8530A432032}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5C41967A-CE0D-43AD-B8D9-C7C5014BA6DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{FEAC0FE2-31CF-49D7-A3C7-4F67416F6A60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{20ECF561-C5EA-48DF-90BA-C362A91E43B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{44834CA1-2E9F-439A-B44A-45103BF39876}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6CCCC25C-1C29-4B5E-8D3A-31889476D446}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{8A3C0F0A-6DD3-4FC0-9936-FA50FBD803A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{B069394B-1398-47B0-9C0F-E7C920FD43F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\RedFactionArmageddon.exe
FirewallRules: [{A6D44041-A8D4-48AB-836B-8B7647C5EC82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\RedFactionArmageddon.exe
FirewallRules: [{FB503D7D-82C6-4F19-8E59-C453AB9C1A61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\RedFactionArmageddon_DX11.exe
FirewallRules: [{F8771AED-0413-4AB2-9184-4153F235AC07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\RedFactionArmageddon_DX11.exe
FirewallRules: [{43D19AE8-33C0-4941-992A-A68446A63476}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{492BB272-2EF4-4B10-A665-654D2A32D999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
 
==================== Restore Points =========================
 
25-05-2018 09:04:49 Windows Update
27-05-2018 22:24:16 Installed DirectX
28-05-2018 10:14:34 Windows Update
28-05-2018 12:16:27 Installed DirectX
28-05-2018 12:19:12 Installed Microsoft Visual C++ 2005 Redistributable
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/31/2018 09:25:35 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/31/2018 09:18:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/30/2018 01:59:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/30/2018 01:43:14 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/30/2018 01:33:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3621, time stamp: 0x5376e21a
Faulting module name: igfxCUIService.exe, version: 6.15.10.3621, time stamp: 0x5376e21a
Exception code: 0xc0000005
Fault offset: 0x000000000001116c
Faulting process id: 0x4e8
Faulting application start time: 0x01d3f83be76dfea5
Faulting application path: C:\Windows\system32\igfxCUIService.exe
Faulting module path: C:\Windows\system32\igfxCUIService.exe
Report Id: 98a78d41-642f-11e8-a7ca-d05099874b47
 
Error: (05/30/2018 01:33:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/30/2018 01:28:03 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (05/30/2018 01:28:02 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
 
System errors:
=============
Error: (05/31/2018 09:21:57 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{69B8AE93-3A28-41D0-80F0-8A42D8105E52}.
The backup browser is stopping.
 
Error: (05/31/2018 09:19:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® HD Graphics Control Panel Service service terminated with the following error: 
Unspecified error
 
Error: (05/31/2018 09:17:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/31/2018 09:17:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (05/30/2018 10:32:06 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The SOLIDWORKS Electrical Collaborative Server service has reported an invalid current state 0.
 
Error: (05/30/2018 04:02:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (05/30/2018 04:02:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (05/30/2018 04:02:35 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 30%
Total physical RAM: 16335.22 MB
Available physical RAM: 11384.04 MB
Total Virtual: 32668.61 MB
Available Virtual: 26856.03 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.51 GB) (Free:247.59 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Hollywood Orchestra Win) (Fixed) (Total:931.51 GB) (Free:265.74 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C07129F2)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CC842223)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#5 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 02 June 2018 - 04:47 PM

Hi

First of all I would like to warn you against running FRST fixes that are not prepared for you as they might
cause harm to your computer. FRST is very powerful program. Using it incorrectly can lead to data loss or rendering your
PC unbootable.

Can you tell me what these are?(If not don't open them):

C:\Users\Bens\Downloads\drive-download-20180512T022517Z-001.zip
C:\Users\Bens\Downloads\10_f_t_0_0_5_25_11_4_19_31_-1.rar


We need to run a fix with FRST:

Copy the script below to your clipboard. You can do this by selecting all text, then right click and select "Copy" option.
 

CHR HomePage: Default -> go.mail.ru
2017-12-16 12:41 - 2017-12-16 12:41 - 000000052 _____ () C:\Users\Bens\AppData\Local\r18fpz9gq0
2016-08-05 23:10 - 2016-08-05 23:10 - 000000000 _____ () C:\Users\Bens\AppData\Local\{6E79546E-9B95-4E0A-AD15-0FE6491F883E}
AlternateDataStreams: C:\Users\Public\AppData:CSM [482]
SearchScopes: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
Toolbar: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
VirusTotal: C:\DLautoR.exe;C:\Users\Bens\AppData\Roaming\{FFCBC~1\updater.exe;C:\Windows\system32\.crusader
Folder: C:\Windows\system32\unknown
cmd: gpresult /v

After the script is copied open FRST and click Fix button.
You don't need to paste the script.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply along with new FRST log

Member of the Bleeping Computer A.I.I. early response team!


#6 XionVonko

XionVonko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 02 June 2018 - 09:07 PM

Hey Slurppa

 

Ya I was desperate lol since my computer couldn't stay open without an immediate DoS

 

The drive download is a set of pictures from a hiking trip and the second file is a save file that I downloaded for Red Faction Armageddon so I could skip to the end and unlock New Game Plus immediately :3 however that save file was not in the right format so I couldn't use it.  The malware came via Cheat Engine which I used to increase the money to unlock everything.

 

Anyways when I copied the text and opened up FRST64, I clicked fix and it said, "No fixlist.txt found.  The fixlist.txt should be in the same folder/directory the tool is located."  I copied via Ctrl+C and by right clicking to make sure that it wasn't an issue in getting the text to my clipboard.



#7 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 03 June 2018 - 02:26 AM

Hi

Sorry my bad. I forgot to add the tags.
Try with this:

Start::
CHR HomePage: Default -> go.mail.ru
2017-12-16 12:41 - 2017-12-16 12:41 - 000000052 _____ () C:\Users\Bens\AppData\Local\r18fpz9gq0
2016-08-05 23:10 - 2016-08-05 23:10 - 000000000 _____ () C:\Users\Bens\AppData\Local\{6E79546E-9B95-4E0A-AD15-0FE6491F883E}
AlternateDataStreams: C:\Users\Public\AppData:CSM [482]
SearchScopes: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
Toolbar: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
VirusTotal: C:\DLautoR.exe;C:\Users\Bens\AppData\Roaming\{FFCBC~1\updater.exe;C:\Windows\system32\.crusader
Folder: C:\Windows\system32\unknown
cmd: gpresult /v
End::

Member of the Bleeping Computer A.I.I. early response team!


#8 XionVonko

XionVonko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 03 June 2018 - 07:55 AM

Okay it worked this time.  Right after I did it, I loaded chrome and Mail.ru popped back up trying to add itself as an extension (obviously I clicked remove b/c chrome knew it was sketch)

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.06.2018
Ran by Bens (03-06-2018 08:52:42) Run:1
Running from C:\Users\Bens\Desktop\FRST
Loaded Profiles: Bens &  (Available Profiles: Bens)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CHR HomePage: Default -> go.mail.ru
2017-12-16 12:41 - 2017-12-16 12:41 - 000000052 _____ () C:\Users\Bens\AppData\Local\r18fpz9gq0
2016-08-05 23:10 - 2016-08-05 23:10 - 000000000 _____ () C:\Users\Bens\AppData\Local\{6E79546E-9B95-4E0A-AD15-0FE6491F883E}
AlternateDataStreams: C:\Users\Public\AppData:CSM [482]
SearchScopes: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
Toolbar: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
VirusTotal: C:\DLautoR.exe;C:\Users\Bens\AppData\Roaming\{FFCBC~1\updater.exe;C:\Windows\system32\.crusader
Folder: C:\Windows\system32\unknown
cmd: gpresult /v
 
*****************
 
"Chrome HomePage" => removed successfully
C:\Users\Bens\AppData\Local\r18fpz9gq0 => moved successfully
C:\Users\Bens\AppData\Local\{6E79546E-9B95-4E0A-AD15-0FE6491F883E} => moved successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
SearchScopes: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
Toolbar: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05312018092053100 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\Software\Classes\regfile" => removed successfully
"VirusTotal: C:\Users\Bens\AppData\Roaming\{FFCBC~1\updater.exe" => not found
 
========================= Folder: C:\Windows\system32\unknown ========================
 
2018-05-27 18:17 - 2018-05-23 14:24 - 000457248 ____A [79D14CF8177DC5D3EE304A9197D28293] (Khronos Group) C:\Windows\system32\unknown\OpenCL32.dll
2018-05-27 18:17 - 2018-05-23 14:24 - 000551968 ____A [9C19B80404690C9A59561ABCDFBE31C7] (Khronos Group) C:\Windows\system32\unknown\OpenCL64.dll
2018-05-27 18:17 - 2018-05-23 14:24 - 001231848 ____A [D02F65AC9A63F169CA29C25F932E9088] () C:\Windows\system32\unknown\VulkanRT-Installer.exe
 
====== End of Folder: ======
 
 
========= gpresult /v =========
 
 
Microsoft ® Windows ® Operating System Group Policy Result tool v2.0
Copyright © Microsoft Corp. 1981-2001
 
Created On 6/3/2018 at 8:52:52 AM
 
 
 
RSOP data for Bens-PC\Bens on BENS-PC : Logging Mode
-----------------------------------------------------
 
OS Configuration:            Standalone Workstation
OS Version:                  6.1.7601
Site Name:                   N/A
Roaming Profile:             N/A
Local Profile:               C:\Users\Bens
Connected over a slow link?: No
 
 
COMPUTER SETTINGS
------------------
    
    Last time Group Policy was applied: 6/3/2018 at 8:41:42 AM
    Group Policy was applied from:      N/A
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        BENS-PC
    Domain Type:                        <Local Computer>
 
    Applied Group Policy Objects
    -----------------------------
        Local Group Policy
 
    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        NT AUTHORITY\Authenticated Users
        System Mandatory Level
        
    Resultant Set Of Policies for Computer
    ---------------------------------------
 
        Software Installations
        ----------------------
            N/A
 
        Startup Scripts
        ---------------
            N/A
 
        Shutdown Scripts
        ----------------
            N/A
 
        Account Policies
        ----------------
            N/A
 
        Audit Policy
        ------------
            N/A
 
        User Rights
        -----------
            N/A
 
        Security Options
        ----------------
            N/A
 
            N/A
 
        Event Log Settings
        ------------------
            N/A
 
        Restricted Groups
        -----------------
            N/A
 
        System Services
        ---------------
            N/A
 
        Registry Settings
        -----------------
            N/A
 
        File System Settings
        --------------------
            N/A
 
        Public Key Policies
        -------------------
            N/A
 
        Administrative Templates
        ------------------------
            N/A
 
 
USER SETTINGS
--------------
    
    Last time Group Policy was applied: 6/3/2018 at 8:41:45 AM
    Group Policy was applied from:      N/A
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        Bens-PC
    Domain Type:                        <Local Computer>
    
    Applied Group Policy Objects
    -----------------------------
        Local Group Policy
 
    The user is a part of the following security groups
    ---------------------------------------------------
        None
        Everyone
        Local account and member of Administrators group
        HomeUsers
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        Local account
        LOCAL
        NTLM Authentication
        High Mandatory Level
        
    The user has the following security privileges
    ----------------------------------------------
 
        Bypass traverse checking
        Manage auditing and security log
        Back up files and directories
        Restore files and directories
        Change the system time
        Shut down the system
        Force shutdown from a remote system
        Take ownership of files or other objects
        Debug programs
        Modify firmware environment values
        Profile system performance
        Profile single process
        Increase scheduling priority
        Load and unload device drivers
        Create a pagefile
        Adjust memory quotas for a process
        Remove computer from docking station
        Perform volume maintenance tasks
        Impersonate a client after authentication
        Create global objects
        Change the time zone
        Create symbolic links
        Increase a process working set
 
    Resultant Set Of Policies for User
    -----------------------------------
 
        Software Installations
        ----------------------
            N/A
 
        Logon Scripts
        -------------
            N/A
 
        Logoff Scripts
        --------------
            N/A
 
        Public Key Policies
        -------------------
            N/A
 
        Administrative Templates
        ------------------------
            N/A
 
        Folder Redirection
        ------------------
            N/A
 
        Internet Explorer Browser User Interface
        ----------------------------------------
            N/A
 
        Internet Explorer Connection
        ----------------------------
            N/A
 
        Internet Explorer URLs
        ----------------------
            N/A
 
        Internet Explorer Security
        --------------------------
            N/A
 
        Internet Explorer Programs
        --------------------------
            N/A
 
========= End of CMD: =========
 
 
==== End of Fixlog 08:53:02 ====


#9 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 04 June 2018 - 12:39 AM

Hi

 

Please post new FRST log


Member of the Bleeping Computer A.I.I. early response team!


#10 XionVonko

XionVonko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 04 June 2018 - 10:10 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.06.2018
Ran by Bens (administrator) on BENS-PC (04-06-2018 11:05:56)
Running from C:\Users\Bens\Desktop\FRST
Loaded Profiles: Bens (Available Profiles: Bens)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
(PreSonus) C:\Program Files\PreSonus\Universal Control\Universal Control.exe
(Spotify Ltd) C:\Users\Bens\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\DLautoR.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
() C:\Windows\System32\PnkBstrA.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-11-22] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 2016-06-20] (Intel Corporation)
HKLM-x32\...\Run: [OGMgmmouseRun] => C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\ogmmon.exe [3386880 2014-05-19] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AOCrunfile] => C:\Program Files (x86)\DisplayLink\DLsetup\NoConsoleExe.exe [7168 2011-03-18] ()
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1226240 2017-10-18] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\Run: [Universal Control] => C:\Program Files\PreSonus\Universal Control\Universal Control.exe [4820480 2016-11-24] (PreSonus)
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\Run: [Spotify Web Helper] => C:\Users\Bens\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-07] (Spotify Ltd)
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\MountPoints2: {f27933c5-b080-11e5-9497-806e6f6e6963} - D:\ASRSetup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2017-05-30]
ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\Users\Bens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2018-06-04]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{69B8AE93-3A28-41D0-80F0-8A42D8105E52}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-05-30] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-05-30] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2018-05-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-22] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: l6ajqatn.default
FF ProfilePath: C:\Users\Bens\AppData\Roaming\Mozilla\Firefox\Profiles\l6ajqatn.default [2018-05-30]
FF Homepage: Mozilla\Firefox\Profiles\l6ajqatn.default -> google.com
FF NewTab: Mozilla\Firefox\Profiles\l6ajqatn.default -> about:newtab
FF Extension: (Firefox Search Test) - C:\Users\Bens\AppData\Roaming\Mozilla\Firefox\Profiles\l6ajqatn.default\Extensions\firefoxsearchtest@mozilla.com.xpi [2017-08-02] [Legacy]
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~1\SOLIDW~2\Bin\NPCOMP~1.DLL [2016-10-13] (Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-05-30] (Microsoft Corporation)
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~1\SOLIDW~2\Bin\x86\NPCOMP~1.DLL [2016-10-13] (Dassault Systemes)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-05-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-05-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4140990403-1587092264-3380911152-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2018-05-30] ()
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> go.mail.ru
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default [2018-06-04]
CHR Extension: (Bejeweled) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2016-01-09]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2016-01-09]
CHR Extension: (Docs) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-30]
CHR Extension: (Google Drive) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-30]
CHR Extension: (YouTube) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Adobe Acrobat) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Block Site - Website Blocker for Chrome™) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2018-03-05]
CHR Extension: (Google Docs Offline) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-06]
CHR Extension: (AdBlock) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-24]
CHR Extension: (The Avengers) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jloohjocjeoomodjakjeikefgfpedlkh [2018-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR Extension: (Chrome Media Router) - C:\Users\Bens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-23]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [icanjjkadceebmhanpekkofdhclnoijl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-04-28] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8652976 2018-05-24] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-15] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-05-21] (Dropbox, Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11127016 2016-04-27] (DisplayLink Corp.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2018-05-20] (EasyAntiCheat Ltd)
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [184368 2016-10-13] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372408 2017-07-06] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [1725952 2015-06-30] (Pharos Systems International) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2017-06-09] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-06-08] ()
S3 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [239624 2016-10-13] (Mentor Graphics Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-05-30] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2017-07-06] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-04-06] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S3 Origin Client Service; "C:\Program Files (x86)\Origin\OriginClientService.exe" [X]
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2016-01-01] (ASRock Incorporation)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.9.1589.0.sys [58640 2017-10-30] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-05-30] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-12] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31712 2016-06-16] (Intel Corporation)
R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25432 2017-07-04] ()
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-05-30] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-06-04] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-04] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94328 2018-06-04] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [199736 2017-01-26] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2016-01-31] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31016 2018-05-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [68112 2018-04-27] (NVIDIA Corporation)
R3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio_x64.sys [292280 2016-10-11] ()
R3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks_x64.sys [58296 2016-10-11] ()
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [213080 2018-05-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [222864 2018-05-09] (Oracle Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2017-02-28] (Cisco Systems, Inc.)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
R3 ALSysIO; \??\C:\Users\Bens\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 cpuz134; \??\C:\Users\Bens\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-30 13:57 - 2018-05-30 13:57 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-05-30 13:35 - 2018-06-04 11:05 - 000094328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-05-30 13:35 - 2018-06-04 07:54 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-05-30 13:24 - 2018-06-04 11:05 - 000000000 ____D C:\Users\Bens\Desktop\FRST
2018-05-30 13:24 - 2018-05-30 13:24 - 002413056 _____ (Farbar) C:\Users\Bens\Downloads\FRST64 (1).exe
2018-05-30 12:45 - 2018-05-30 12:46 - 000000000 ____D C:\Users\Bens\AppData\Roaming\ProductData
2018-05-30 11:56 - 2018-05-30 11:58 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-05-30 11:51 - 2018-05-30 11:51 - 001790024 _____ (Malwarebytes) C:\Users\Bens\Downloads\JRT.exe
2018-05-30 11:48 - 2018-05-30 11:48 - 000069266 _____ C:\Users\Bens\Downloads\Shortcut.txt
2018-05-30 11:47 - 2018-05-30 11:49 - 000075784 _____ C:\Users\Bens\Downloads\Addition.txt
2018-05-30 11:45 - 2018-05-30 11:49 - 000124720 _____ C:\Users\Bens\Downloads\FRST.txt
2018-05-30 11:34 - 2018-06-04 11:05 - 000000000 ____D C:\FRST
2018-05-30 10:43 - 2018-05-30 10:43 - 000001420 _____ C:\Windows\system32\.crusader
2018-05-30 10:06 - 2018-05-30 10:44 - 000000000 ____D C:\ProgramData\HitmanPro
2018-05-30 10:06 - 2018-05-30 10:06 - 011609024 _____ (SurfRight B.V.) C:\Users\Bens\Downloads\HitmanPro_x64.exe
2018-05-30 08:50 - 2018-05-30 08:50 - 007271632 _____ (Malwarebytes) C:\Users\Bens\Downloads\adwcleaner_7.1.1 (1).exe
2018-05-30 08:46 - 2018-06-04 07:53 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-05-30 08:46 - 2018-05-30 12:50 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-05-30 08:46 - 2018-05-30 08:46 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-30 08:46 - 2018-05-30 08:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-30 08:46 - 2018-05-30 08:46 - 000000000 ____D C:\ProgramData\MB2Migration
2018-05-30 08:46 - 2018-05-30 08:46 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-30 08:46 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-05-29 17:17 - 2018-05-29 17:17 - 000445215 _____ C:\Users\Bens\Desktop\Orders.pdf
2018-05-29 11:26 - 2018-05-30 13:29 - 000000286 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2018-05-29 11:22 - 2018-05-29 11:23 - 007271632 _____ (Malwarebytes) C:\Users\Bens\Desktop\adwcleaner_7.1.1.exe
2018-05-29 09:06 - 2018-05-30 12:50 - 000718116 _____ C:\Windows\ntbtlog.txt
2018-05-27 23:22 - 2018-05-27 23:22 - 000000000 ____D C:\Users\Bens\Documents\My Cheat Tables
2018-05-27 22:46 - 2018-05-27 22:46 - 000094882 _____ C:\Users\Bens\Downloads\Red_Faction_Armageddon_by_Veloxin.rar
2018-05-27 22:39 - 2018-05-27 22:39 - 000168233 _____ C:\Users\Bens\Downloads\10_f_t_0_0_5_25_11_4_19_31_-1.rar
2018-05-27 18:19 - 2018-05-22 16:09 - 000132392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-05-27 18:17 - 2018-05-23 14:24 - 040089632 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-05-27 18:17 - 2018-05-23 14:24 - 032359864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 040347168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 035250536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 023298544 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 023298544 _____ (NVIDIA Corporation) C:\Windows\system32\dlumdfb11.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 023298544 _____ (NVIDIA Corporation) C:\Windows\system32\dlumdfb10.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 016997632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-05-27 18:17 - 2018-05-23 14:23 - 003964960 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 003496992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 002013784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439793.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 001562016 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 001467800 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439793.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 001418840 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 001216256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 001092000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 000626776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-05-27 18:17 - 2018-05-23 14:23 - 000517536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 031276288 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 025990096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 020323544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 020323544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\dlumdfb11.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 020323544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\dlumdfb10.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 019080776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 019080776 _____ (NVIDIA Corporation) C:\Windows\system32\dlumdfb9.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 017782384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 015691136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 015691136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\dlumdfb9.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 015192624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 013727792 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 011273120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 004081624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 001157208 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000904904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000544472 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000462832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000420000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000182784 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000164944 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000159896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-05-27 18:17 - 2018-05-23 14:22 - 000142632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-05-27 18:17 - 2018-05-22 17:52 - 000227928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-05-27 18:17 - 2018-05-22 17:52 - 000047648 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-05-27 17:39 - 2018-05-27 17:39 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003940 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003790 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-27 17:39 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-27 17:39 - 2018-05-20 13:33 - 002496296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2018-05-27 17:39 - 2018-05-20 13:33 - 002164008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2018-05-27 17:39 - 2018-05-20 13:33 - 001312040 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2018-05-27 17:37 - 2018-04-27 20:25 - 000068112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2018-05-27 17:35 - 2018-05-27 17:35 - 000000222 _____ C:\Users\Bens\Desktop\Dishonored.url
2018-05-27 16:44 - 2018-05-27 16:45 - 090998600 _____ (NVIDIA Corporation) C:\Users\Bens\Downloads\GeForce_Experience_v3.14.0.139.exe
2018-05-27 15:51 - 2018-05-27 15:51 - 000000221 _____ C:\Users\Bens\Desktop\Red Faction Armageddon.url
2018-05-26 23:35 - 2018-05-26 23:35 - 000000000 ____D C:\Users\Bens\AppData\LocalLow\Colossal Order
2018-05-26 23:25 - 2018-05-26 23:25 - 000000000 ____D C:\Users\Bens\AppData\Local\238010
2018-05-26 19:38 - 2018-05-26 19:38 - 000000222 _____ C:\Users\Bens\Desktop\Cities in Motion 2.url
2018-05-26 14:30 - 2018-05-26 14:34 - 000000479 _____ C:\Users\Bens\Desktop\LShift Script.ahk
2018-05-22 18:28 - 2018-05-22 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-22 18:17 - 2018-05-22 18:17 - 000000000 ____D C:\Users\Bens\AppData\LocalLow\Reflections, A Ubisoft Studio
2018-05-22 17:48 - 2018-05-22 17:48 - 000000222 _____ C:\Users\Bens\Desktop\ATOMEGA.url
2018-05-21 13:06 - 2018-05-21 13:06 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-05-21 13:06 - 2018-05-21 13:06 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-05-21 13:06 - 2018-05-21 13:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-05-21 13:06 - 2018-05-21 13:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-05-20 21:13 - 2018-05-20 21:13 - 000000000 ____D C:\Users\Bens\AppData\Roaming\EasyAntiCheat
2018-05-20 18:13 - 2018-05-20 18:13 - 000000234 _____ C:\Users\Bens\Desktop\Tom Clancy's Ghost Recon® Wildlands.url
2018-05-20 18:07 - 2018-06-03 23:03 - 000000000 ____D C:\Users\Bens\AppData\Local\Ubisoft Game Launcher
2018-05-20 18:07 - 2018-05-20 18:07 - 073321376 _____ (Ubisoft) C:\Users\Bens\Downloads\UplayInstaller.exe
2018-05-20 18:07 - 2018-05-20 18:07 - 000001205 _____ C:\Users\Bens\Desktop\Uplay.lnk
2018-05-20 18:07 - 2018-05-20 18:07 - 000000000 ____D C:\Users\Bens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2018-05-20 12:56 - 2018-05-20 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2018-05-20 12:55 - 2018-05-20 12:55 - 001248776 _____ (ALCPU ) C:\Users\Bens\Downloads\Core-Temp-setup (8).exe
2018-05-19 22:20 - 2018-05-19 22:20 - 000000000 ____D C:\Users\Bens\VirtualBox VMs
2018-05-19 15:10 - 2018-05-22 12:18 - 000000000 ____D C:\Users\Bens\.VirtualBox
2018-05-19 15:09 - 2018-05-19 15:09 - 000001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2018-05-19 15:09 - 2018-05-19 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2018-05-19 15:08 - 2018-05-19 15:08 - 000000000 ____D C:\Program Files\Oracle
2018-05-19 15:08 - 2018-05-09 09:27 - 000984376 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2018-05-19 15:08 - 2018-05-09 09:27 - 000168896 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2018-05-19 15:06 - 2018-05-19 15:07 - 113772032 _____ (Oracle Corporation) C:\Users\Bens\Downloads\VirtualBox-5.2.12-122591-Win.exe
2018-05-14 23:44 - 2018-05-08 17:24 - 001990688 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439764.dll
2018-05-14 23:44 - 2018-05-08 17:24 - 001467992 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439764.dll
2018-05-14 19:01 - 2018-05-14 19:01 - 000000000 ____D C:\Users\Bens\Desktop\Python Practice Files
2018-05-14 17:47 - 2018-05-14 17:47 - 009142656 _____ (Sublime HQ Pty Ltd ) C:\Users\Bens\Downloads\Sublime Text Build 3176 x64 Setup.exe
2018-05-14 17:47 - 2018-05-14 17:47 - 000000886 _____ C:\Users\Bens\Desktop\Sublime Text 3.lnk
2018-05-14 17:47 - 2018-05-14 17:47 - 000000886 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2018-05-14 17:47 - 2018-05-14 17:47 - 000000000 ____D C:\Users\Bens\AppData\Roaming\Sublime Text 3
2018-05-14 17:47 - 2018-05-14 17:47 - 000000000 ____D C:\Users\Bens\AppData\Local\Sublime Text 3
2018-05-14 17:47 - 2018-05-14 17:47 - 000000000 ____D C:\Program Files\Sublime Text 3
2018-05-14 17:41 - 2018-05-14 17:58 - 000000000 ____D C:\Users\Bens\.idlerc
2018-05-14 17:40 - 2018-05-14 17:40 - 030735232 _____ (Python Software Foundation) C:\Users\Bens\Downloads\python-3.6.5 (1).exe
2018-05-14 12:00 - 2018-05-14 12:00 - 000000019 _____ C:\test.txt
2018-05-14 11:39 - 2018-05-14 11:39 - 000001413 _____ C:\Users\Bens\Desktop\Python 3.6 (32-bit).lnk
2018-05-11 22:25 - 2018-05-11 22:26 - 274722060 _____ C:\Users\Bens\Downloads\drive-download-20180512T022517Z-001.zip
2018-05-09 09:27 - 2018-05-09 09:27 - 000222864 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2018-05-09 09:27 - 2018-05-09 09:27 - 000213080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2018-05-09 09:02 - 2018-04-23 14:57 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-09 09:02 - 2018-04-23 14:02 - 000348832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-09 09:02 - 2018-04-22 20:35 - 005583552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-09 09:02 - 2018-04-22 20:35 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-09 09:02 - 2018-04-22 20:35 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-05-09 09:02 - 2018-04-22 20:35 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-09 09:02 - 2018-04-22 20:35 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-05-09 09:02 - 2018-04-22 20:12 - 004047040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-05-09 09:02 - 2018-04-22 20:12 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-05-09 09:02 - 2018-04-22 20:10 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-05-09 09:02 - 2018-04-22 20:07 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:44 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-05-09 09:02 - 2018-04-22 19:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:32 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-05-09 09:02 - 2018-04-22 19:32 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-05-09 09:02 - 2018-04-22 19:32 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-05-09 09:02 - 2018-04-22 19:31 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-05-09 09:02 - 2018-04-22 19:28 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-05-09 09:02 - 2018-04-22 19:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-05-09 09:02 - 2018-04-22 19:27 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-05-09 09:02 - 2018-04-22 19:25 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-05-09 09:02 - 2018-04-22 19:24 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-05-09 09:02 - 2018-04-22 19:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-05-09 09:02 - 2018-04-22 19:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-05-09 09:02 - 2018-04-22 19:23 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-05-09 09:02 - 2018-04-22 19:23 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-05-09 09:02 - 2018-04-22 19:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-05-09 09:02 - 2018-04-22 19:19 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-05-09 09:02 - 2018-04-22 19:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-05-09 09:02 - 2018-04-22 19:19 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-05-09 09:02 - 2018-04-22 19:19 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-05-09 09:02 - 2018-04-22 19:18 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-05-09 09:02 - 2018-04-22 19:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 19:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-09 09:02 - 2018-04-22 04:04 - 025744896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-09 09:02 - 2018-04-22 03:53 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-05-09 09:02 - 2018-04-22 03:53 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-05-09 09:02 - 2018-04-22 03:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-09 09:02 - 2018-04-22 03:39 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-05-09 09:02 - 2018-04-22 03:38 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-09 09:02 - 2018-04-22 03:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-05-09 09:02 - 2018-04-22 03:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-05-09 09:02 - 2018-04-22 03:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-05-09 09:02 - 2018-04-22 03:32 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-09 09:02 - 2018-04-22 03:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-05-09 09:02 - 2018-04-22 03:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-05-09 09:02 - 2018-04-22 03:27 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-05-09 09:02 - 2018-04-22 03:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-09 09:02 - 2018-04-22 03:26 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-09 09:02 - 2018-04-22 03:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-05-09 09:02 - 2018-04-22 03:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-05-09 09:02 - 2018-04-22 03:24 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-09 09:02 - 2018-04-22 03:18 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-05-09 09:02 - 2018-04-22 03:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-05-09 09:02 - 2018-04-22 03:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-05-09 09:02 - 2018-04-22 03:08 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-05-09 09:02 - 2018-04-22 03:08 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-05-09 09:02 - 2018-04-22 03:07 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-05-09 09:02 - 2018-04-22 03:04 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-09 09:02 - 2018-04-22 03:04 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-05-09 09:02 - 2018-04-22 03:04 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-05-09 09:02 - 2018-04-22 03:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-05-09 09:02 - 2018-04-22 03:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-05-09 09:02 - 2018-04-22 03:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-05-09 09:02 - 2018-04-22 03:02 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-05-09 09:02 - 2018-04-22 03:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-05-09 09:02 - 2018-04-22 03:00 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-09 09:02 - 2018-04-22 03:00 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-05-09 09:02 - 2018-04-22 02:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-05-09 09:02 - 2018-04-22 02:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-05-09 09:02 - 2018-04-22 02:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-05-09 09:02 - 2018-04-22 02:54 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-09 09:02 - 2018-04-22 02:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-09 09:02 - 2018-04-22 02:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-05-09 09:02 - 2018-04-22 02:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-05-09 09:02 - 2018-04-22 02:49 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-09 09:02 - 2018-04-22 02:49 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-05-09 09:02 - 2018-04-22 02:48 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-09 09:02 - 2018-04-22 02:46 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-05-09 09:02 - 2018-04-22 02:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-05-09 09:02 - 2018-04-22 02:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-05-09 09:02 - 2018-04-22 02:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-05-09 09:02 - 2018-04-22 02:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-05-09 09:02 - 2018-04-22 02:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-05-09 09:02 - 2018-04-22 02:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-05-09 09:02 - 2018-04-22 02:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-05-09 09:02 - 2018-04-22 02:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-05-09 09:02 - 2018-04-22 02:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-05-09 09:02 - 2018-04-22 02:33 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-09 09:02 - 2018-04-22 02:31 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-09 09:02 - 2018-04-22 02:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-05-09 09:02 - 2018-04-22 02:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-09 09:02 - 2018-04-22 02:26 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-09 09:02 - 2018-04-22 02:26 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-05-09 09:02 - 2018-04-22 02:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-05-09 09:02 - 2018-04-22 02:22 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-09 09:02 - 2018-04-22 02:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-09 09:02 - 2018-04-22 02:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-09 09:02 - 2018-04-22 02:04 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-09 09:02 - 2018-04-22 02:03 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-09 09:02 - 2018-04-18 12:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-05-09 09:02 - 2018-04-18 12:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-05-09 09:02 - 2018-04-18 11:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-05-09 09:02 - 2018-04-18 11:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2018-05-09 09:02 - 2018-04-18 11:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-05-09 09:02 - 2018-04-18 11:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2018-05-09 09:02 - 2018-04-11 12:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-05-09 09:02 - 2018-04-11 12:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-05-09 09:02 - 2018-04-11 12:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-05-09 09:02 - 2018-04-11 12:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-05-09 09:02 - 2018-04-10 15:45 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-09 09:02 - 2018-04-10 12:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-05-09 09:02 - 2018-04-10 12:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-05-09 09:02 - 2018-04-10 12:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-05-09 09:02 - 2018-04-10 12:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-05-09 09:02 - 2018-04-10 12:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-05-09 09:02 - 2018-04-10 12:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-05-09 09:02 - 2018-04-10 12:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2018-05-09 09:02 - 2018-04-10 11:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-05-09 09:02 - 2018-04-10 11:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-05-09 09:02 - 2018-04-10 11:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-05-09 09:02 - 2018-04-10 11:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-05-09 09:02 - 2018-04-07 12:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-05-09 09:02 - 2018-03-18 18:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-05-09 09:02 - 2018-03-18 18:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-09 09:02 - 2018-03-14 13:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-05-09 09:02 - 2018-03-14 13:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-05-09 09:02 - 2018-03-14 13:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-05-09 09:02 - 2018-03-14 13:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-05-09 09:02 - 2018-03-14 13:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-05-09 09:02 - 2018-03-14 12:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-05-09 09:02 - 2018-03-14 12:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-05-09 09:02 - 2018-03-14 12:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-05-09 09:02 - 2018-03-14 12:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-05-09 09:02 - 2018-03-14 12:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-05-09 09:02 - 2018-03-14 12:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-05-09 09:02 - 2018-03-14 12:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-05-09 09:02 - 2018-03-14 12:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-05-09 09:02 - 2018-03-14 12:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-05-09 09:02 - 2018-03-14 12:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-05-09 09:02 - 2018-03-14 12:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-04 10:26 - 2017-05-15 10:15 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-06-04 08:16 - 2009-07-14 00:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-04 08:16 - 2009-07-14 00:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-04 07:55 - 2016-01-01 19:16 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-04 07:53 - 2016-03-26 01:49 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-04 07:50 - 2017-05-15 10:15 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-06-04 07:50 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-03 23:56 - 2016-01-09 17:53 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-03 14:44 - 2016-02-15 22:18 - 000000000 ____D C:\Users\Bens\Desktop\AFROTC Docs
2018-06-02 20:21 - 2016-01-09 19:34 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-02 08:56 - 2017-09-18 00:04 - 000000000 ____D C:\Program Files (x86)\Origin
2018-06-02 08:44 - 2016-08-08 09:37 - 000000268 _____ C:\Windows\Tasks\{3C982554-E1B7-D216-FEC8-3E0A779A5967}.job
2018-05-30 13:59 - 2016-01-17 00:00 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-30 13:57 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-05-30 13:51 - 2016-01-16 23:57 - 000000000 ____D C:\Program Files\Microsoft Office
2018-05-30 13:27 - 2016-01-15 18:11 - 000000000 ____D C:\Users\Bens\AppData\LocalLow\Temp
2018-05-30 12:23 - 2016-05-16 15:55 - 000000000 ____D C:\Users\Bens\AppData\Local\ElevatedDiagnostics
2018-05-30 10:45 - 2016-01-16 16:12 - 000000000 ____D C:\Users\Bens\AppData\Local\CrashDumps
2018-05-30 08:46 - 2016-03-26 01:48 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-05-30 08:46 - 2016-01-09 17:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-29 11:26 - 2016-09-17 13:00 - 000000000 ____D C:\AdwCleaner
2018-05-29 11:26 - 2016-01-12 10:17 - 000000000 ____D C:\Users\Bens\AppData\Roaming\IObit
2018-05-29 11:26 - 2016-01-12 10:17 - 000000000 ____D C:\Users\Bens\AppData\LocalLow\IObit
2018-05-29 11:26 - 2016-01-12 10:17 - 000000000 ____D C:\ProgramData\IObit
2018-05-29 11:06 - 2017-05-15 10:14 - 000000000 ____D C:\Users\Bens\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
2018-05-28 10:01 - 2009-07-14 01:08 - 000032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-05-27 20:25 - 2016-10-23 14:27 - 000000000 ____D C:\Users\Bens\AppData\Roaming\DesktopOK
2018-05-27 18:20 - 2016-08-18 11:12 - 000000000 ____D C:\temp
2018-05-27 18:20 - 2016-01-01 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-27 18:20 - 2016-01-01 19:14 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-27 18:20 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-05-27 18:19 - 2016-08-06 20:45 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-27 18:18 - 2018-04-25 22:07 - 000000000 ____D C:\Windows\system32\unknown
2018-05-27 17:42 - 2009-07-14 01:13 - 000960992 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-27 17:39 - 2016-01-01 19:14 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-27 17:39 - 2016-01-01 19:11 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-27 13:19 - 2016-11-28 12:46 - 000000000 ____D C:\Users\Bens\AppData\Local\dxhr
2018-05-27 00:20 - 2017-10-21 19:59 - 000000000 ____D C:\Users\Bens\AppData\Local\Battle.net
2018-05-26 19:30 - 2017-10-21 20:00 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-05-23 22:30 - 2017-10-21 20:04 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2018-05-23 14:22 - 2016-11-26 01:21 - 000505736 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-05-23 14:22 - 2016-01-01 19:12 - 004613408 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-05-22 18:29 - 2017-05-15 10:15 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-22 18:22 - 2016-01-18 19:18 - 000000000 ____D C:\Users\Bens\Documents\My Games
2018-05-22 17:52 - 2017-02-14 14:40 - 000041598 _____ C:\Windows\system32\nvinfo.pb
2018-05-22 17:52 - 2016-08-06 20:44 - 001688848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-05-22 15:58 - 2016-01-01 19:15 - 002612520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-05-22 15:57 - 2016-01-01 19:15 - 005947328 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-05-22 15:57 - 2016-01-01 19:15 - 001767360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-05-22 15:57 - 2016-01-01 19:15 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-05-22 15:57 - 2016-01-01 19:15 - 000450960 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-05-22 15:57 - 2016-01-01 19:15 - 000124200 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-05-22 15:57 - 2016-01-01 19:15 - 000083240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-05-22 02:43 - 2016-01-01 19:15 - 008186102 _____ C:\Windows\system32\nvcoproc.bin
2018-05-20 21:13 - 2018-04-22 23:33 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-05-20 21:12 - 2016-01-01 17:44 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-20 12:56 - 2016-01-02 11:37 - 000000000 ____D C:\Program Files\Core Temp
2018-05-20 11:30 - 2017-04-06 18:41 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-05-19 22:20 - 2016-01-01 17:28 - 000000000 ____D C:\Users\Bens
2018-05-18 19:21 - 2017-05-15 10:15 - 000003900 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-18 19:21 - 2017-05-15 10:15 - 000003648 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-17 15:15 - 2016-11-11 15:59 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 15:15 - 2016-11-11 15:59 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 19:15 - 2016-11-11 15:59 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-15 16:44 - 2016-09-13 10:41 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-15 16:44 - 2016-09-13 10:40 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-14 12:01 - 2016-11-26 01:16 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-05-12 16:03 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2018-05-12 09:23 - 2016-10-09 20:04 - 000000000 ____D C:\Users\Bens\AppData\Local\Spotify
2018-05-12 09:18 - 2016-10-09 20:03 - 000000000 ____D C:\Users\Bens\AppData\Roaming\Spotify
2018-05-12 09:06 - 2016-08-16 16:11 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-05-10 09:38 - 2009-07-14 00:45 - 000502056 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-10 00:12 - 2016-01-01 21:29 - 000000000 ____D C:\Windows\system32\MRT
2018-05-10 00:09 - 2017-10-11 22:33 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-10 00:08 - 2016-01-01 21:29 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-10 00:07 - 2016-01-17 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-05-10 00:04 - 2016-01-01 17:42 - 000953114 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-09 00:19 - 2009-07-13 22:34 - 000000478 _____ C:\Windows\win.ini
2018-05-08 18:07 - 2016-01-16 17:17 - 000000000 ____D C:\Users\Bens\AppData\Roaming\Skype
2018-05-08 17:54 - 2016-09-13 10:52 - 000004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-05-08 17:54 - 2016-01-09 19:34 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-08 17:54 - 2016-01-09 19:34 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-08 17:54 - 2016-01-09 19:34 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-05-08 17:54 - 2016-01-09 19:34 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-08 16:54 - 2018-03-14 08:55 - 000004458 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-07 10:29 - 2016-02-20 18:42 - 000000000 ____D C:\Users\Bens\Desktop\Clemson Academics
 
==================== Files in the root of some directories =======
 
2016-01-02 11:38 - 2016-01-22 15:41 - 000000624 _____ () C:\Users\Bens\AppData\Roaming\All CPU MeterV3_Settings.ini
2016-09-25 14:29 - 2016-12-08 10:32 - 000003956 _____ () C:\Users\Bens\AppData\Roaming\LTspiceIV.ini
2016-08-08 10:37 - 2018-04-05 07:41 - 000000590 _____ () C:\Users\Bens\AppData\Roaming\WB.CFG
 
Files to move or delete:
====================
C:\Windows\Tasks\{3C982554-E1B7-D216-FEC8-3E0A779A5967}.job
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-28 11:18
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.06.2018
Ran by Bens (04-06-2018 11:07:28)
Running from C:\Users\Bens\Desktop\FRST
Windows 7 Home Premium Service Pack 1 (X64) (2016-01-01 21:28:46)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4140990403-1587092264-3380911152-500 - Administrator - Disabled)
Bens (S-1-5-21-4140990403-1587092264-3380911152-1000 - Administrator - Enabled) => C:\Users\Bens
Guest (S-1-5-21-4140990403-1587092264-3380911152-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4140990403-1587092264-3380911152-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Arena 15.00.00001  (32 Bit) (HKLM-x32\...\{BD78DE74-95DB-429D-A66F-6306BCEDA640}) (Version: 15.00.00001 - Rockwell Automation, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.5.02036 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{158B6CE6-296E-4AC9-AC51-92E9B8D39BA0}) (Version: 4.5.02036 - Cisco Systems, Inc.) Hidden
Core Temp 1.12.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12.1 - ALCPU)
Discord (HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden
DisplayLink Core Software (HKLM\...\{F3B9FCD6-4E63-40B6-A38F-A38644E70629}) (Version: 7.9.1589.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{74F1A323-36B4-4A70-81E7-904CF6AD0D49}) (Version: 7.9.1625.0 - DisplayLink Corp.)
DLsetup (HKLM-x32\...\{F0B7258A-AB03-49D9-8760-9CA8E122FFD6}) (Version: 7.9.07.01 - DisplayLink)
Dropbox (HKLM-x32\...\Dropbox) (Version: 50.4.71 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Epic Games Launcher (HKLM-x32\...\{213B426C-5317-4F2D-8395-AC04B70711C4}) (Version: 1.1.133.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EW Installation Center (HKLM-x32\...\{EW Installation Center}}_is1) (Version: 1.2.1 - EastWest Sounds, Inc.)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
GDR 4213 for SQL Server 2014 (KB3070446) (64-bit) (HKLM\...\KB3070446) (Version: 12.1.4213.0 - Microsoft Corporation)
GDR 4232 for SQL Server 2014 (KB3194720) (64-bit) (HKLM\...\KB3194720) (Version: 12.1.4232.0 - Microsoft Corporation)
GDR 4237 for SQL Server 2014 (KB4019091) (64-bit) (HKLM\...\KB4019091) (Version: 12.1.4237.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hollywood Orchestra (HKLM\...\{A1C73811-D4BB-404B-B287-816172DC301C}) (Version: 1.0.0 - EastWest Sounds, Inc)
Hollywood Orchestra Diamond (HKLM-x32\...\{9BB66AC3-D0A0-44A7-9F49-DAC3CB3BC550}) (Version: 1.0.0 - EastWest Sounds, Inc.)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Chipset Device Software (HKLM-x32\...\{da2de8c3-61b9-4b3b-916d-6b2fb2b1a90c}) (Version: 10.0.21 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.6.60 - Intel Corporation)
Intel® Visual Fortran Redistributables on IA-32 (HKLM-x32\...\{F4DA0EDD-E9AC-4808-8B64-8FD33C51BD0F}) (Version: 14.0.237 - Intel Corporation)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
JTS Modern Air Power - SPV (HKLM-x32\...\{72DDEFC7-80BF-4135-961F-2DF95F6FF5EC}) (Version: 1.01 - John Tiller Software)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Macrium Reflect Free Edition (HKLM\...\{F2C3E5F6-35A4-4E9D-BD14-7A93E3EF85EF}) (Version: 6.1.1000 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Access database engine 2016 (English) (HKLM\...\{90160000-00D1-0409-1000-0000000FF1CE}) (Version: 16.0.4519.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BE00C353-3529-4C31-AED2-AE3598D2CD2B}) (Version: 12.1.4237.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9330.2087 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{EDB86AFA-B3AA-45F6-BEEB-DA14A47FC1FB}) (Version: 12.1.4237.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Minitab 18 (HKLM-x32\...\{8D24BFA4-1266-436F-9EBF-F83F5CFADD2E}) (Version: 18.1.0.0 - Minitab, Inc.) Hidden
Minitab 18 (HKLM-x32\...\Minitab 18 18.1.0.0) (Version: 18.1.0.0 - Minitab, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.2.880 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version:  - Native Instruments)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 397.93 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.2.12 (HKLM\...\{128AD467-F107-4FED-A283-F355E74DE103}) (Version: 5.2.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.18.58059 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM\...\{233E2172-6B0E-4444-8BBA-C0D2BB9D7C37}) (Version: 3.1.7.1901 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{233E2172-6B0E-4444-8BBA-C0D2BB9D7C37}) (Version: 3.1.7.1901 - PACE Anti-Piracy, Inc.)
Pharos (HKLM-x32\...\Pharos) (Version:  - )
PLAY 4.3.5 (HKLM-x32\...\EW PLAY_is1) (Version: 4.3.5 - EastWest Sounds, Inc.)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 3.6.5 (32-bit) (HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\{3346977b-49da-4095-8f4d-f56f103e52e9}) (Version: 3.6.5150.0 - Python Software Foundation)
Python 3.6.5 Core Interpreter (32-bit) (HKLM-x32\...\{58E1C809-82C5-4EDF-B69B-188A6C81F21F}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Development Libraries (32-bit) (HKLM-x32\...\{21FD2EE0-8D55-49DC-A1B0-771696DDEE98}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Documentation (32-bit) (HKLM-x32\...\{5C613D87-0AED-48A9-A216-3A3783463D6C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Executables (32-bit) (HKLM-x32\...\{9107CF1A-A09C-4035-B29E-E79B4098AB8C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 pip Bootstrap (32-bit) (HKLM-x32\...\{C024F06C-0E37-4529-945F-7920A9CFFD78}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Standard Library (32-bit) (HKLM-x32\...\{8C2E8A7D-95CC-491C-AB9C-DE785A137D00}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Tcl/Tk Support (32-bit) (HKLM-x32\...\{052FD2FB-034D-4CDD-864E-798DE45C742A}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Test Suite (32-bit) (HKLM-x32\...\{86533809-919A-4858-AFC4-4226B86C5291}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Utility Scripts (32-bit) (HKLM-x32\...\{5C0C82E9-B580-4EE4-894A-4451A23B0E2C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{8A66FEC2-E443-4219-B9AC-F9B10607B57C}) (Version: 3.6.6295.0 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM-x32\...\{9D52DBF3-229A-4723-BF31-C57C9C1D2A23}) (Version: 13.0.15.1840 - SAP)
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SOLIDWORKS 2016 x64 Edition SP05 (HKLM\...\{768F3B65-1695-47B7-9002-B11400CB111D}) (Version: 24.150.58 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS 2016 x64 Edition SP05 (HKLM-x32\...\SolidWorks Installation Manager 20160-40500-1100-100) (Version: 24.5.0.58 - SolidWorks Corporation)
SOLIDWORKS Composer Player 2016 SP05 x64 Edition (HKLM\...\{8537E059-C18B-4DE6-AED6-CD9B90240C35}) (Version: 24.50.58 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2016 x64 Edition SP05 (HKLM\...\{12339098-76B6-47CD-B52A-52E4809108F6}) (Version: 16.5.0084 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Electrical 2016 SP05 x64 Edition (HKLM\...\{064914EF-A0D8-447D-8E5C-E888CA8FD467}) (Version: 24.50.58 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2016 SP05 x64 Edition  (HKLM\...\{0B7C2320-1D2F-42F1-9941-C88C6B7AB0D5}) (Version: 24.50.59 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2016 SP05 x64 Edition (HKLM\...\{DF6A3557-CE70-4357-81CF-E33CCB5E750D}) (Version: 24.50.58 - Dassault Systemes SolidWorks Corp) Hidden
Spotify (HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.28.7.4850 - Enigma Software Group, LLC)
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.7.64833 - Electronic Arts)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.0.15.42049 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.76421 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Tom Clancy's Ghost Recon Wildlands (HKLM-x32\...\Uplay Install 1771) (Version:  - Ubisoft)
Universal Control (HKLM\...\Universal Control) (Version: 1.8.3.40882 - PreSonus Audio Electronics, Inc)
Update for Skype for Business 2015 (KB4018377) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{148C5C88-8659-47CB-A1B2-FE4A0C0B277E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4018377) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{148C5C88-8659-47CB-A1B2-FE4A0C0B277E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4018377) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{148C5C88-8659-47CB-A1B2-FE4A0C0B277E}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 58.0 - Ubisoft)
UtechSmart 16400DPI VENUS Gaming Mouse version 1.1 (HKLM-x32\...\{5A0E98CD-3E42-4FA9-BA70-3EEFA31F67CE}_is1) (Version: 1.1 - UtechSmart)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Bens\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-05-21] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-05-21] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-22] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04BC1A73-58EA-4EA1-88D1-0C596EA82AD2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-20] (NVIDIA Corporation)
Task: {065F977B-DB69-4BDE-B157-2004CC13A135} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {086F17E6-A04E-499B-B8FA-5011058F4196} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-15] (Dropbox, Inc.)
Task: {08A0D68F-AB9B-4518-8022-E11A80756EBA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0D5E7A1B-53EC-4E5E-BFDD-D24E697F891E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {13A06379-635F-4A6C-BEA0-BF310E4FC8C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-11] (Google Inc.)
Task: {15F21495-BAC6-4622-8E81-A972EFB74045} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {16103F81-27FB-44A2-8234-42FA60A43755} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-05-30] (Microsoft Corporation)
Task: {2076FE87-3BF2-4441-A4AA-191D700E83D5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-30] (Microsoft Corporation)
Task: {21CEF63D-045D-4CD4-8B20-B0AAE1C1EDFA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {2F6806DA-DE96-41B9-A120-AEFE2DB2BF24} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {31DDD700-F937-40B6-AA00-7F6F103EC636} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {33A95106-F886-4CC4-A865-D4EE11DA2393} - System32\Tasks\{7E20CDAA-CF66-42DE-9E60-259B39BF117C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\LTC\LTspiceIV\scad3.exe" -c -uninstall
Task: {35099EA1-6157-4DFE-B902-7511418B8F47} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {387D8F26-2E36-44DC-A7DC-6A09949EC168} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {396110FD-6A47-4F03-9C70-044BCC9D302A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {486932D5-48EC-439B-B7BF-E7013C89EA26} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\osfinstaller.exe [2018-05-30] (Microsoft Corporation)
Task: {491AABA5-C148-403E-ABA1-BF7728CCF9E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-11] (Google Inc.)
Task: {4AF0A73B-92B5-4657-A5F8-CB9B7CD53A42} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4C138F82-0603-4764-824C-107E77EF9F79} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {53C75AA2-4858-4489-9C1C-8D623946FF33} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {56B145D3-30B6-4CC5-9B22-BA7F2BA608A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-05-30] (Microsoft Corporation)
Task: {60EE1F7D-3A27-4F78-964D-29A25E0981F7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {612CFD2A-23C4-4443-A83D-FFED438D869C} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {6255CDAE-BEA6-4A89-8292-B679AD8C22B9} - System32\Tasks\{27FBD241-067C-4CA2-A035-C5BEFDBE3A7A} => C:\Windows\system32\pcalua.exe -a "C:\Users\Bens\Desktop\LicenseSupportInstallerWin64_v3.0.3_r33772\Troubleshooting\Installer Cleanup.exe" -d C:\Users\Bens\Desktop\LicenseSupportInstallerWin64_v3.0.3_r33772\Troubleshooting
Task: {7EFBEC96-16AC-4502-B1AD-2FF762BBAFEB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation)
Task: {833612A2-2DA6-47D9-81F1-A7F0A9850ED6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-05-30] (Microsoft Corporation)
Task: {87915268-51A3-4BC6-A5A3-B420711ADDD0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-05-20] (NVIDIA Corporation)
Task: {8E18D60F-D006-4623-BF16-689FBB744018} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {91A6F898-93BE-4B2A-9592-145F73AFEF66} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-15] (Dropbox, Inc.)
Task: {974C4FB5-CD2F-4CB7-B963-8C3A18DB8AC5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-30] (Microsoft Corporation)
Task: {9903B30A-A11E-4554-824A-1A207D8F6EEA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {A1F41156-E58C-43B0-B3D9-02AE851B60FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A34CE472-BA43-46DE-8496-EF0194CE1C01} - System32\Tasks\AdobeGCInvoker-1.0-Bens-PC-Bens => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {AF183CB7-6624-4B29-AC22-0E713ABF2D25} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {BF246DE6-F248-4BDB-8262-A5A448A60D17} - System32\Tasks\Core Temp Autostart Bens => C:\Program Files\Core Temp\Core Temp.exe [2018-05-20] (ALCPU)
Task: {C19D05C5-4A09-4499-9F78-FF993CA4543F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {C8DAE557-1B01-4D41-AB17-24A908DDF0C1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C901C67D-6DBC-407B-A719-C0FE338F39D5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation)
Task: {CCB9C7A9-F3B1-4578-8CB4-EEB747FA3793} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {CFA66B7A-ABEC-42E3-BC95-71F6D178DEF0} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {D9B99B6E-9EDA-46D8-8359-6746CBEFDA4B} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {E5DF111C-3761-4F56-BDEA-F7D1F083456F} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {E880949B-5815-4649-BB3C-67E2CF000F9D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-05-20] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Bens\Downloads\adwcleaner_7.1.1.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\{3C982554-E1B7-D216-FEC8-3E0A779A5967}.job => C:\Users\Bens\AppData\Roaming\{FFCBC~1\updater.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-28 12:58 - 2016-11-28 12:58 - 000959168 _____ () C:\Users\Bens\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-04-27 02:12 - 2016-04-27 02:12 - 001652456 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-01-22 04:15 - 2018-01-22 04:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2016-01-02 11:36 - 2016-01-02 11:36 - 000012520 _____ () C:\Users\Bens\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2016-01-02 11:36 - 2016-01-02 11:36 - 000015080 _____ () C:\Users\Bens\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2016-01-02 11:36 - 2016-01-02 11:36 - 000014056 _____ () C:\Users\Bens\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2016-10-13 01:38 - 2016-10-13 01:38 - 000184368 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
2016-01-11 17:56 - 2014-05-19 20:10 - 003386880 _____ () C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
2016-10-13 07:59 - 2016-10-13 07:59 - 000267672 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldBodyDiffu.dll
2017-10-30 21:49 - 2016-08-25 11:23 - 000144896 _____ () C:\DLautoR.exe
2018-05-27 17:39 - 2018-05-20 13:33 - 001315112 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-06-09 15:18 - 2017-06-09 15:18 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2018-05-30 08:46 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-30 08:46 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-05-27 17:39 - 2018-05-20 13:33 - 095437608 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-05-27 17:39 - 2018-05-20 13:33 - 003029288 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-05-27 17:39 - 2018-05-20 13:33 - 000149800 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-05-16 19:15 - 2018-05-14 23:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-16 19:15 - 2018-05-14 23:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2017-10-18 09:23 - 2017-10-18 09:23 - 000033792 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_system-vc140-mt-1_59.dll
2017-10-18 09:22 - 2017-10-18 09:22 - 000062976 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_date_time-vc140-mt-1_59.dll
2017-10-18 09:24 - 2017-10-18 09:24 - 000106496 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_thread-vc140-mt-1_59.dll
2017-10-18 09:24 - 2017-10-18 09:24 - 000042496 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_chrono-vc140-mt-1_59.dll
2017-10-18 09:25 - 2017-10-18 09:25 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-11-24 11:52 - 2016-11-24 11:52 - 003551744 _____ () C:\Program Files\PreSonus\Universal Control\ipp.dll
2016-09-26 07:27 - 2016-09-26 07:27 - 017484800 _____ () C:\Program Files\PreSonus\Universal Control\SmaartFactory_Win32.dll
2016-10-11 12:57 - 2016-10-11 12:57 - 000238008 _____ () C:\Program Files\PreSonus\Universal Control\Drivers\AudioBox\paeusbaudioapi.dll
2016-10-11 12:23 - 2016-10-11 12:23 - 000238008 _____ () C:\Program Files\PreSonus\Universal Control\Drivers\Studio192\PaeStudio192api.dll
2016-10-11 12:57 - 2016-10-11 12:57 - 000238008 _____ () C:\Program Files\PreSonus\Universal Control\Drivers\StudioLiveAR\PaeStudioLiveARapi.dll
2016-01-11 17:56 - 2014-05-19 20:10 - 000028160 _____ () C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\uiHook.dll
2018-05-27 17:39 - 2018-05-20 13:33 - 001033000 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-04-27 02:12 - 2016-04-27 02:12 - 001279720 _____ () C:\Program Files\DisplayLink Core Software\AddOnApi.dll
2014-03-20 12:43 - 2014-03-20 12:43 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [514]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-09-17 12:46 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4140990403-1587092264-3380911152-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bens\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SOLIDWORKS Background Downloader.lnk => C:\Windows\pss\SOLIDWORKS Background Downloader.lnk.CommonStartup
MSCONFIG\startupreg: Advanced SystemCare 9 => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
MSCONFIG\startupreg: Discord => C:\Users\Bens\AppData\Local\Discord\app-0.0.290\Discord.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Spotify => "c:\users\bens\appdata\roaming\spotify\spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Bens\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{152CDBA7-4EC2-4EA6-A813-38108EFB7E5E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{47D2A78E-E8C8-4AC7-A724-DA6AE5F98EE8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{43B51B2A-54B9-4B61-9FC2-1A53835E5ED8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2B0ED86B-D5E8-400F-B22B-C5956E780610}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{79665373-5EEF-4656-93DC-2ECC619A1F00}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe
FirewallRules: [UDP Query User{545BA878-74AA-4378-8581-37B2B674A78A}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe
FirewallRules: [{D002BB9D-5FC0-4E6F-83E3-ADB1A9218E15}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9C121460-2D09-4B29-A64B-7025D586F09E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{34F0D14E-1423-4439-AEA9-C6CCAD56EAE1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7F27E9C0-F8CF-4E6B-BE70-CBF91A1996A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D59788A6-1FCC-4D6E-967E-8B1C7D541980}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E6A541DD-C453-480F-AA3F-423BB83944BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B8A57B0-2FE4-4053-95A0-DE7A21BA0D30}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{19F4F200-AC3B-41E6-B67A-A38D598FE6B2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{9D97E06A-D394-47D7-AE38-5B10BCA20377}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{849B7373-3BC2-4654-AB87-88043E909C54}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{C4010BC7-400B-4994-AE56-5D4943E0F8A6}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{A3AA50E4-5DB9-4E84-8193-6B7C1BC6A2FF}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [TCP Query User{BAFA3D6B-4260-46CA-B251-76B74A941768}C:\users\bens\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bens\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1EA94639-EDD6-45E9-92DD-8FE033672F94}C:\users\bens\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bens\appdata\roaming\spotify\spotify.exe
FirewallRules: [{32D074A5-628B-40D4-9D99-63D14921B823}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E62C137E-8788-41B0-9728-260023FBE3D7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{505070C4-C1EE-4083-83E1-8ADBEE888F11}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5CA6A966-ACA4-4F4D-A713-1C6BE7C88A84}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{402F1C12-5941-4221-B7CC-F89E9DDAA38B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7229205A-82CB-42AB-9C01-EF3C9AAE5AB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{02E47F2C-7958-4CB4-A9F0-0214B0F32D16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [TCP Query User{0DE19E3D-1BFD-4271-9173-96A4C4449808}C:\program files\presonus\universal control\universal control.exe] => (Allow) C:\program files\presonus\universal control\universal control.exe
FirewallRules: [UDP Query User{9D5750AB-0C28-4070-967B-8E116DC224CB}C:\program files\presonus\universal control\universal control.exe] => (Allow) C:\program files\presonus\universal control\universal control.exe
FirewallRules: [{6A208200-34BC-46C5-B817-B2EB3C3D9453}] => (Block) C:\program files\presonus\universal control\universal control.exe
FirewallRules: [{B8003529-E677-4FE8-9615-18BEDFFD2193}] => (Block) C:\program files\presonus\universal control\universal control.exe
FirewallRules: [TCP Query User{06369829-533D-48C5-B8D0-10C3C7493824}C:\program files (x86)\image-line\fl studio 12\fl.exe] => (Block) C:\program files (x86)\image-line\fl studio 12\fl.exe
FirewallRules: [UDP Query User{3A4DD665-2216-4507-9C35-0B46171C1D20}C:\program files (x86)\image-line\fl studio 12\fl.exe] => (Block) C:\program files (x86)\image-line\fl studio 12\fl.exe
FirewallRules: [{49E359C6-4E8F-4D73-9536-8FB852126842}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5AD2D8FE-5721-451D-83CB-40B35CDD3441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{8094E8A3-9880-4657-A363-D61DDEEF9083}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [UDP Query User{7186A3B8-16CC-4A17-8634-C8BAE21359FD}C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3_x64.exe
FirewallRules: [{63C5839A-994F-4322-8538-39498F5F9552}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{FE86B5CB-C61F-42DD-961F-50074E2044B0}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{B3F96F3F-F34D-4377-BA94-A04DB02EC9FE}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{DA974EEA-DD4D-44D6-BDE5-91BC4D496849}] => (Allow) LPort=5357
FirewallRules: [{9AE41A90-EA28-4230-B6B0-C9A80A06B855}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{73984CB5-DD8D-4A8A-86A7-2D18D40D16F1}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [UDP Query User{CFF1F18F-A899-486C-98F3-09204EF18EE0}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{03C75680-25C9-4AAF-8D66-22AC6AD08E32}] => (Block) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{BD45B1AC-0443-4A52-BA92-8156CCAC96FD}] => (Block) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{EC5D7BE4-4235-43D4-A039-618598D35A69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{5395B351-981E-4C8B-9086-0E6CF4A2C2E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{A973DFFA-F982-4FA5-9393-8544D589B484}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{05F3C795-E34D-4217-87F2-8665938EE05D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5D5B3749-3C54-46FA-9D94-59D53C5D5F0C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{96CFD084-A19C-48B9-B057-8FBAEFFA871F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9B9B173B-B7FC-4C13-8AC1-898F0F7704C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{21DB6A68-BACA-4EDB-B0C2-AC00BF0D1B3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{98C23F01-F6C9-4F28-9899-03E751AD32B0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4C22B647-515C-4E10-AA15-14B54047A073}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{41FAD877-4379-4C86-8AF8-ECC9AE10ED2C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{610DE3EE-7ECE-4CC2-8C2B-E717C06066B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0DE79916-84A0-457E-A0D3-F60654960EB3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{22C04D96-A917-4BC5-95BE-2CFCB9E1FB70}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{A4DAA9BD-5F8E-4F85-A8F2-F1E2276E5737}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{8A4CEF40-C8FA-4ADC-9824-3640F0AC93C3}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{20845EE7-F8E3-411F-8D2B-FF98D615E9C9}C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [UDP Query User{4075F5DA-BAB1-4668-9684-F6ED04A6EDC4}C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [TCP Query User{4BF50D89-15F2-4FCE-8621-C50C99F278CF}C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [UDP Query User{982AA866-FB00-4C1D-A0A0-E7FE22FD9246}C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [TCP Query User{B817BF9D-9669-4306-926D-543212EB3B26}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Allow) C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [UDP Query User{624B0F82-1259-436B-B98D-1693DD8129A8}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Allow) C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [{9810D22A-084D-45E7-9D9A-CFB77F036ED6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{7E59146A-C0E0-42F0-BA74-5481935B1D4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [TCP Query User{51ADE33A-7293-4165-989B-095F0C221EE4}C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe
FirewallRules: [UDP Query User{D28363D9-1213-4D63-9BFB-2570B2B1ED56}C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe
FirewallRules: [TCP Query User{D67A72F9-15F4-4131-AEAF-1D3F6DE23598}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{60A16A4B-9F98-4259-ADA9-1388F48F14A6}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{4AB93687-F34A-4824-8781-E1E035351795}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{0CD7C42B-7BC2-4BD4-869D-BC755DA468F2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{F2456517-AAC8-4C5D-AE44-8201AF7F3DBD}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{6F28A68A-FF96-4299-A1F1-C380F71FCFE0}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{A7DD362D-28CA-4FB9-B8AD-E57CE0597812}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{CCC21F7A-BB83-450B-AE91-9D86C8116410}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{50250B48-1156-4279-83D6-7E52CF287C7E}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe
FirewallRules: [{58A65648-3E81-492B-BE8C-A7539B8D9861}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe
FirewallRules: [{09751927-1F27-484A-95AC-2AA5E19EB47B}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe
FirewallRules: [{8B837A20-2599-4369-A67B-C97E1907A306}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe
FirewallRules: [{4B890AA2-30D3-4EE4-86F3-3975F627A3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{8DD7C766-F2D9-4F73-A1B9-2FCEB1B7DF48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{1826A4AD-2A14-402E-B1B7-F0F64B79E750}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{94669C14-7B9B-4458-84AE-0D643310D4C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe
FirewallRules: [{627D07F0-D9AD-4814-AB85-A3E26A7FA21B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe
FirewallRules: [TCP Query User{71DE3503-AC68-40B3-91A8-248B0750E893}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe
FirewallRules: [UDP Query User{A834632C-71D2-4FE3-9DE7-F83B117D3FC2}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe
FirewallRules: [{A2167E4C-D77E-4553-B681-414AA277231A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{38EFB6D8-D8AD-4900-9BD4-28ADCB55698E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{01028C69-3DAD-4ED4-99DE-172347D92275}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base63507\HeroesOfTheStorm_x64.exe
FirewallRules: [{A7B84419-FB1B-4DF0-A0A5-EB83E8B7EEE9}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base63507\HeroesOfTheStorm_x64.exe
FirewallRules: [{39536DA4-68FA-4727-A6DF-14B35B60810A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{FA000D5C-1E4F-4657-BB55-C997BFCAA8C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{99472217-32E1-4C29-B444-CA4751EAC7A4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F7090A2E-1611-4E21-AFFE-BAC0EED6D61E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3D02A65E-484E-40AE-A0B7-F87F75F4EC0E}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base64657\HeroesOfTheStorm_x64.exe
FirewallRules: [{BBA159DF-1433-4A30-9246-1C08271EFC9D}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Versions\Base64657\HeroesOfTheStorm_x64.exe
FirewallRules: [{38171F0E-96C8-4E20-A5A5-C0AADAA9A53D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{607915CD-5108-4B3B-8F48-6247A8D976E3}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Ghost Recon Wildlands\GRW.exe
FirewallRules: [{A31DA7B5-6055-4E52-9A54-2DB132EFA2B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ATOMEGA\ATOMEGA.exe
FirewallRules: [{B95DB367-FDD1-4830-A685-B62E43FB923E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ATOMEGA\ATOMEGA.exe
FirewallRules: [{8BD34225-00F8-4D0B-B20B-92B153AEA7CB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{4766B3AB-D053-4C48-B002-0495AC3ED353}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{BE39DB26-BC07-4BFE-86BD-5E8659026A9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{638C1B09-B00A-4BBA-9F77-A0ABAF628747}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{9FF95E6D-89FD-4DB6-B404-F6F6EB851A7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{45FAE3E9-7263-4888-B360-D268C82C78F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\rf4_launcher.exe
FirewallRules: [{DFD093C0-D7DC-405A-9DE7-EC80A3B3AE39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\rf4_launcher.exe
FirewallRules: [{47602023-3947-4E7A-B4A8-4602165EF188}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5E2E83C8-3DA2-4E4D-9CA1-F8530A432032}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5C41967A-CE0D-43AD-B8D9-C7C5014BA6DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{FEAC0FE2-31CF-49D7-A3C7-4F67416F6A60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{20ECF561-C5EA-48DF-90BA-C362A91E43B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{44834CA1-2E9F-439A-B44A-45103BF39876}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6CCCC25C-1C29-4B5E-8D3A-31889476D446}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{8A3C0F0A-6DD3-4FC0-9936-FA50FBD803A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{B069394B-1398-47B0-9C0F-E7C920FD43F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\RedFactionArmageddon.exe
FirewallRules: [{A6D44041-A8D4-48AB-836B-8B7647C5EC82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\RedFactionArmageddon.exe
FirewallRules: [{FB503D7D-82C6-4F19-8E59-C453AB9C1A61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\RedFactionArmageddon_DX11.exe
FirewallRules: [{F8771AED-0413-4AB2-9184-4153F235AC07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\red faction armageddon\RedFactionArmageddon_DX11.exe
FirewallRules: [{43D19AE8-33C0-4941-992A-A68446A63476}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{492BB272-2EF4-4B10-A665-654D2A32D999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
 
==================== Restore Points =========================
 
01-06-2018 08:32:18 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/04/2018 07:53:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3621, time stamp: 0x5376e21a
Faulting module name: igfxCUIService.exe, version: 6.15.10.3621, time stamp: 0x5376e21a
Exception code: 0xc0000005
Fault offset: 0x000000000001116c
Faulting process id: 0x4f8
Faulting application start time: 0x01d3fbfa3b61f863
Faulting application path: C:\Windows\system32\igfxCUIService.exe
Faulting module path: C:\Windows\system32\igfxCUIService.exe
Report Id: f2c18156-67ed-11e8-b767-d05099874b47
 
Error: (06/04/2018 07:52:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/03/2018 11:47:44 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (06/03/2018 08:43:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/02/2018 11:47:44 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (06/02/2018 08:55:08 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (06/02/2018 08:47:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3621, time stamp: 0x5376e21a
Faulting module name: igfxCUIService.exe, version: 6.15.10.3621, time stamp: 0x5376e21a
Exception code: 0xc0000005
Fault offset: 0x000000000001116c
Faulting process id: 0x4d0
Faulting application start time: 0x01d3fa6f62e44147
Faulting application path: C:\Windows\system32\igfxCUIService.exe
Faulting module path: C:\Windows\system32\igfxCUIService.exe
Report Id: 26d3380f-6663-11e8-bb03-d05099874b47
 
Error: (06/02/2018 08:47:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (06/04/2018 07:56:28 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{69B8AE93-3A28-41D0-80F0-8A42D8105E52}.
The backup browser is stopping.
 
Error: (06/04/2018 07:53:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® HD Graphics Control Panel Service service terminated with the following error: 
Unspecified error
 
Error: (06/03/2018 11:56:38 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The SOLIDWORKS Electrical Collaborative Server service has reported an invalid current state 0.
 
Error: (06/03/2018 08:44:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® HD Graphics Control Panel Service service terminated with the following error: 
Unspecified error
 
Error: (06/02/2018 11:59:43 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The SOLIDWORKS Electrical Collaborative Server service has reported an invalid current state 0.
 
Error: (06/02/2018 08:47:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® HD Graphics Control Panel Service service terminated with the following error: 
Unspecified error
 
Error: (06/02/2018 08:45:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/02/2018 08:45:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 24%
Total physical RAM: 16335.22 MB
Available physical RAM: 12309.68 MB
Total Virtual: 32668.61 MB
Available Virtual: 27647.24 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.51 GB) (Free:253.63 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Hollywood Orchestra Win) (Fixed) (Total:931.51 GB) (Free:265.74 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C07129F2)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CC842223)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#11 XionVonko

XionVonko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 04 June 2018 - 11:37 AM

FYI I will be gone the next two weeks and will not have access to my desktop so hopefully it's all clean now.



#12 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 05 June 2018 - 05:15 AM

Hi

 

Unfortunately we are not done yet. If you wish we can continue this after you get back.


Member of the Bleeping Computer A.I.I. early response team!


#13 XionVonko

XionVonko
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 05 June 2018 - 08:44 PM

Okay, let me know the next set of instructions and I will try to get back to you June 21 when I am back.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:39 PM

Posted 08 June 2018 - 11:27 AM

This topic is being temporarily closed pending the return of Topic started who will be gone for an extended period of time.

Edited by Oh My!, 08 June 2018 - 11:29 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:39 PM

Posted 21 June 2018 - 09:25 PM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users