Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unremovable wmcagent folder with malware inside


  • This topic is locked This topic is locked
38 replies to this topic

#1 zack466

zack466

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 10 June 2018 - 07:52 PM

In my user/appdata/local folder, there is a folder called wmcagent, and it is detected by Malwarebytes as malware, but isn't ever removed. When I try to delete it manually, it doesn't let me, even when I use the admin password. In the Windows File Manager, the folder is Read Only and apparently "0 bytes." Even after using the admin password, it says "You require permission from the computer's administrator to make changes to this folder." I've tried to force delete it with an admin CMD window, but it still says "Access is denied." I used the Malwarebytes Rootkit Remover, and it showed me the insides of the folder, all of which were marked "Trojan Yelloader." In the Windows User Manager, the built in admin is disabled, and any attempts to enable it are met with an error message that says "Access is denied." All malware removers I've used other than Malwarebytes' softwares do not even detect this folder.

 

Any help will be appreciated.

 

Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Zack (ATTENTION: The user is not administrator) on NEWTHINKCENTER (10-06-2018 20:35:32)
Running from C:\Users\zack4\Desktop\fixfix
Loaded Profiles: Zack & Zack_2 (Available Profiles: Zack & Zack_2 & Albert & Cathy Zhang & huang & DefaultAppPool)
Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> sbencrwsvc.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> NVDisplay.Container.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> NVDisplay.Container.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> wlanext.exe
Failed to access process -> svchost.exe
Failed to access process -> conhost.exe
Failed to access process -> svchost.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> armsvc.exe
Failed to access process -> EvtEng.exe
Failed to access process -> AdobeUpdateService.exe
Failed to access process -> svchost.exe
Failed to access process -> ibtsiva.exe
Failed to access process -> svchost.exe
Failed to access process -> OfficeClickToRun.exe
Failed to access process -> Lenovo.Modern.ImController.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> HiPatchService.exe
Failed to access process -> nvcontainer.exe
Failed to access process -> IpOverUsbSvc.exe
Failed to access process -> MBAMService.exe
Failed to access process -> LBAEvent.exe
Failed to access process -> PnkBstrA.exe
Failed to access process -> LegacyCsLoaderService.exe
Failed to access process -> IntelTechnologyAccessService.exe
Failed to access process -> LDSvc.exe
Failed to access process -> RegSrvc.exe
Failed to access process -> CptService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> Locator.exe
Failed to access process -> SecurityHealthService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> NvTelemetryContainer.exe
Failed to access process -> ZeroConfigService.exe
Failed to access process -> WindscribeService.exe
Failed to access process -> WmiApSrv.exe
Failed to access process -> svchost.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> BtLockerService.exe
Failed to access process -> unsecapp.exe
Failed to access process -> dasHost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
Failed to access process -> SearchIndexer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> GoogleCrashHandler.exe
Failed to access process -> GoogleCrashHandler64.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
Failed to access process -> svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Failed to access process -> NisSrv.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe
() C:\Program Files (x86)\Lenovo Y Gaming Precision Mouse\hid.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
() C:\Program Files (x86)\Lenovo Y Gaming Precision Mouse\Tray.exe
Failed to access process -> PWMDBSVC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
Failed to access process -> ioc.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
Failed to access process -> jhi_service.exe
Failed to access process -> HPSupportSolutionsFrameworkService.exe
Failed to access process -> IntuitUpdateService.exe
Failed to access process -> LMS.exe
Failed to access process -> svchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Failed to access process -> isa.exe
Failed to access process -> dllhost.exe
(Python Software Foundation) C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python36_64\pythonw.exe
(Python Software Foundation) C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python36_64\pythonw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\backgroundTaskHost.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [4018976 2015-12-23] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [26880 2015-09-18] ()
HKLM-x32\...\Run: [Lenovo Y Gaming Precision Mouse] => C:\Program Files (x86)\Lenovo Y Gaming Precision Mouse\hid.exe [376320 2015-08-18] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-01-05] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1203488 2016-10-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Rootkit (cleanup)] => "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe" "C:\ProgramData\Malwarebytes' Anti-Malware (portable)"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\Run: [gflauncher] => "C:\Program Files (x86)\Crytek\GFACE Launcher\live\gflauncher.exe" --autostart
HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\Run: [Ubisoft Game Launcher] => D:\zack4\Ubisoft Game Launcher\Uplay.exe [445784 2018-05-31] (Ubisoft)
HKU\S-1-5-21-1800343915-2228852833-2782316146-1007\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [612336 2017-07-04] (NETGEAR Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\fcbd.bat [2016-12-02] ()
Startup: C:\Users\zack4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2018-06-06]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{00d357c7-19d0-4a03-ae39-dd225f02a39f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{175e8bf5-a47a-4107-9477-0cb51eb4f9cf}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
URLSearchHook: [S-1-5-21-1800343915-2228852833-2782316146-1007] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-1800343915-2228852833-2782316146-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1800343915-2228852833-2782316146-1001 -> {9047947C-F389-4D62-BED9-41262E70A0E2} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-05-30] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-20] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-20] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-28] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 8mkdiaby.default
FF ProfilePath: C:\Users\zack4\AppData\Roaming\Mozilla\Firefox\Profiles\8mkdiaby.default [2018-06-10]
FF Homepage: Mozilla\Firefox\Profiles\8mkdiaby.default -> google.com
FF Extension: (Test Pilot) - C:\Users\zack4\AppData\Roaming\Mozilla\Firefox\Profiles\8mkdiaby.default\Extensions\@testpilot-addon.xpi [2017-11-16] [Legacy]
FF Extension: (Enhancer for YouTube™) - C:\Users\zack4\AppData\Roaming\Mozilla\Firefox\Profiles\8mkdiaby.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2017-07-19]
FF Extension: (uBlock Origin) - C:\Users\zack4\AppData\Roaming\Mozilla\Firefox\Profiles\8mkdiaby.default\Extensions\uBlock0@raymondhill.net.xpi [2018-03-14]
FF Extension: (No More 404s) - C:\Users\zack4\AppData\Roaming\Mozilla\Firefox\Profiles\8mkdiaby.default\Extensions\wayback_machine@mozilla.org.xpi [2016-10-07]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\zack4\AppData\Roaming\Mozilla\Firefox\Profiles\8mkdiaby.default\features\{66250ab9-8968-47fe-94d3-02aad2928a50}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-07] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-15] ()
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-05-30] (Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-15] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\11.1.1.5716941\npmathplugin.dll [2017-04-18] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1800343915-2228852833-2782316146-1001: @my.com/Games -> C:\Users\zack4\AppData\Local\MyComGames\NPMyComDetector.dll [No File]
FF Plugin HKU\S-1-5-21-1800343915-2228852833-2782316146-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\zack4\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1800343915-2228852833-2782316146-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\zack4\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-10-13] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://matthewbauer.us
CHR Profile: C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default [2018-06-10]
CHR Extension: (Slides) - C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-14]
CHR Extension: (AdGuard AdBlocker) - C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-04-10]
CHR Extension: (YouTube) - C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-14]
CHR Extension: (uBlock Origin) - C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-05-26]
CHR Extension: (Sheets) - C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-22]
CHR Extension: (Matthew Bauer) - C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhficiigpnhhaojldmanflihieepanbb [2016-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Spotify ✪ Deezer Music Downloader) - C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefdcdmhklplgdmendjfnjeiijgcmabi [2018-05-29]
CHR Extension: (uBlock Origin Extra) - C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgdnlhfefecpicbbihgmbmffkjpaplco [2018-06-10]
CHR Extension: (Gmail) - C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\zack4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2018-04-05] ()
R2 BtLockerService; C:\Program Files (x86)\Lenovo\BluetoothLock\BtLockerService.exe [44432 2016-01-22] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8652976 2018-05-24] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-08] (EasyAntiCheat Ltd)
U2 HiPatchService; F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-10-15] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71408 2018-04-24] (Lenovo Group Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
R3 Intel® Online Connect; C:\Program Files\Intel\Intel® Online Connect\ioc.exe [25824 2016-10-04] (Intel Corporation)
S2 Intel® Online Connect Helper; C:\Program Files\Intel\Intel® Online Connect\iocHelperService.exe [22752 2016-10-04] (Intel Corporation)
S3 Intel® Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-09-29] (Intel Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 Intel® TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-05] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-05] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-10-20] (Intel Corporation)
R2 LBAEvent; C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe [27392 2015-11-03] (Lenovo)
R3 lmhosts; C:\WINDOWS\System32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2017-11-30] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [233456 2017-07-04] (NETGEAR)
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [48688 2017-09-29] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [44520 2017-09-29] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 Origin Client Service; F:\Zack's Stuff\Origin\OriginClientService.exe [2122248 2016-09-02] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2017-01-17] ()
R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [61696 2015-09-18] (Lenovo)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-13] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [187904 2017-09-28] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142432 2017-11-09] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-30] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-30] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [466096 2018-03-29] (Windscribe Limited)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2017-11-30] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X] <==== ATTENTION
R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path C:\Users\Zack_2\AppData\Roaming\Zoom

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 6451BCC7; C:\WINDOWS\system32\drivers\6451BCC7.sys [255928 2018-06-06] (Malwarebytes)
S3 65241375; C:\WINDOWS\system32\drivers\65241375.sys [255928 2018-06-10] (Malwarebytes)
S3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [732416 2016-10-15] (Intel Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [66824 2017-06-15] (IObit)
R3 LBAI; C:\WINDOWS\System32\Drivers\LBAI.sys [30432 2017-04-29] (Lenovo)
R3 LenovoYMouse; C:\WINDOWS\system32\drivers\LenovoYMouse.sys [32776 2015-06-17] ( )
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-10] (Malwarebytes)
R1 MpKsl53f78dff; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{232E7C55-6DD9-4CC4-8E58-5F0102C39E7A}\MpKsl53f78dff.sys [58120 2018-06-10] (Microsoft Corporation)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2015-11-05] (Apple Inc.) [File not signed]
S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 Netwtw06; C:\WINDOWS\system32\DRIVERS\Netwtw06.sys [8623552 2017-12-20] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2018-01-26] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys [17493824 2018-01-24] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57928 2018-01-23] (NVIDIA Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-18] (Realsil Semiconductor Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-06-04] ()
S3 USBTINSP; C:\WINDOWS\System32\drivers\tinspusb.sys [142848 2016-12-15] (Texas Instruments)
R3 VBAudioVMAUXVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2018-06-04] (Windows ® Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2018-06-04] (Windows ® Win 7 DDK provider)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [207840 2018-05-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [218136 2018-05-09] (Oracle Corporation)
S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2018-01-23] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-05-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-05-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-30] (Microsoft Corporation)
S3 WiseUnlock; C:\WINDOWS\WiseUnlock64.sys [33864 2018-06-06] (WiseCleaner.com)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-05-07] (Wellbia.com Co., Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-04-03] (Zemana Ltd.)
S4 auolmke; System32\drivers\atmlbgru.sys [X]
R3 eilorv; system32\drivers\lorvyb.sys [X]
S3 rrruuu; system32\drivers\lllooo.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-10 20:32 - 2018-06-10 20:35 - 000000000 ____D C:\Users\zack4\Desktop\fixfix
2018-06-10 19:16 - 2018-06-10 19:17 - 000000000 ____D C:\Users\zack4\Desktop\adobestuff
2018-06-10 19:16 - 2018-06-10 19:16 - 000000000 ____D C:\Users\zack4\Desktop\calcstuff
2018-06-10 19:13 - 2018-06-10 19:17 - 000000000 ____D C:\Users\zack4\Desktop\pystuff
2018-06-10 18:41 - 2018-06-10 18:42 - 000000000 ____D C:\Users\zack4\Desktop\helpkit
2018-06-10 18:14 - 2018-06-10 18:14 - 000000000 ____D C:\Users\zack4\AppData\Local\psmbdoa
2018-06-10 18:11 - 2018-06-10 18:11 - 000142672 ____N C:\WINDOWS\system32\Drivers\cscaehkn.sys
2018-06-10 17:48 - 2018-06-10 17:48 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\65241375.sys
2018-06-10 17:48 - 2018-06-10 17:48 - 000000000 ____D C:\Users\zack4\AppData\Local\sedtngb
2018-06-10 17:47 - 2018-06-10 17:48 - 000000000 ____D C:\MBARd
2018-06-10 17:47 - 2018-06-10 17:47 - 000029116 _____ C:\TDSSKiller.3.1.0.17_10.06.2018_17.47.18_log.txt
2018-06-10 17:40 - 2018-06-10 17:40 - 010933264 _____ C:\Users\zack4\Desktop\bitdefender_windows_6cf1ad94-e618-40d3-98ef-9ee07a42361a.exe
2018-06-09 12:07 - 2018-06-10 18:12 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-09 12:06 - 2018-06-09 12:06 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-09 12:06 - 2018-06-09 12:06 - 000000000 ____D C:\Users\zack4\AppData\Local\wirvxde
2018-06-09 12:06 - 2018-06-09 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-09 12:04 - 2018-06-09 12:04 - 1100035185 ____N C:\WINDOWS\MEMORY.DMP
2018-06-08 10:13 - 2018-06-08 10:14 - 000000000 ____D C:\Users\zack4\AppData\Local\containersvc
2018-06-08 10:11 - 2018-06-08 10:11 - 000000000 ____D C:\Users\zack4\AppData\Local\tisadwv
2018-06-07 21:20 - 2018-06-07 21:20 - 001743057 _____ C:\Users\zack4\Desktop\wordlist.txt
2018-06-07 21:14 - 2018-06-07 21:18 - 000000448 _____ C:\Users\zack4\Desktop\wk1p2.py
2018-06-07 20:30 - 2018-06-07 20:30 - 000000000 ____D C:\Users\zack4\Documents\Voicemeeter
2018-06-07 10:51 - 2018-06-07 10:51 - 000000000 ____D C:\Users\zack4\AppData\Local\wirkeds
2018-06-06 18:34 - 2018-06-06 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2018-06-06 18:34 - 2018-06-06 18:34 - 000000000 ____D C:\Program Files\Oracle
2018-06-06 12:39 - 2018-06-06 12:40 - 000000000 ____D C:\Users\Zack_2\AppData\Roaming\Wise Force Deleter
2018-06-06 12:39 - 2018-06-06 12:39 - 000033864 _____ (WiseCleaner.com) C:\WINDOWS\WiseUnlock64.sys
2018-06-06 12:39 - 2018-06-06 12:39 - 000001275 _____ C:\Users\Public\Desktop\Wise Force Deleter.lnk
2018-06-06 12:39 - 2018-06-06 12:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Force Deleter
2018-06-06 12:39 - 2018-06-06 12:39 - 000000000 ____D C:\Program Files (x86)\Wise
2018-06-06 12:21 - 2018-06-06 12:21 - 000002666 _____ C:\Users\Zack_2\Desktop\Rkill.txt
2018-06-06 12:13 - 2018-06-06 12:13 - 007372496 _____ (Malwarebytes) C:\Users\zack4\Desktop\adwcleaner_7.2.0.exe
2018-06-06 11:48 - 2018-06-06 11:48 - 000000000 ____D C:\Users\zack4\AppData\Local\nismulh
2018-06-06 11:27 - 2018-06-06 11:27 - 000000000 ____D C:\Users\zack4\AppData\Local\nvkubgs
2018-06-06 10:19 - 2018-06-10 18:11 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-06-06 10:19 - 2018-06-06 11:27 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6451BCC7.sys
2018-06-06 10:18 - 2018-06-06 10:18 - 000000000 ____D C:\Users\zack4\AppData\Local\scnbghe
2018-06-05 10:43 - 2018-06-05 10:43 - 000000000 ____D C:\Users\zack4\AppData\Local\pwoklcd
2018-06-04 17:34 - 2018-06-10 18:11 - 000034166 _____ C:\Users\zack4\AppData\Roaming\VoiceMeeterDefault.xml
2018-06-04 17:33 - 2018-06-04 17:33 - 000000000 ____D C:\Users\zack4\AppData\Local\pcczgwn
2018-06-04 16:40 - 2018-06-04 16:40 - 000000000 ____D C:\Users\Zack_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2018-06-04 16:40 - 2018-06-04 16:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2018-06-04 16:40 - 2018-06-04 16:40 - 000000000 ____D C:\Program Files\VB
2018-06-04 16:39 - 2018-06-04 16:39 - 000041192 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_vmvaio64_win7.sys
2018-06-04 16:39 - 2018-06-04 16:39 - 000041192 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_vmauxvaio64_win7.sys
2018-06-04 16:39 - 2018-06-04 16:39 - 000000000 ____D C:\Program Files (x86)\VB
2018-06-03 17:17 - 2018-06-03 17:17 - 000062692 _____ C:\Users\zack4\Desktop\aime12018.html
2018-06-03 17:17 - 2018-06-03 17:17 - 000000000 ____D C:\Users\zack4\Desktop\aime12018_files
2018-06-03 15:07 - 2018-06-03 15:07 - 000001264 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
2018-06-03 15:07 - 2018-06-03 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2018-06-03 15:07 - 2018-06-03 15:07 - 000000000 ____D C:\ProgramData\IObit
2018-06-03 15:07 - 2018-06-03 15:07 - 000000000 ____D C:\Program Files (x86)\IObit
2018-06-03 15:06 - 2018-06-03 15:07 - 002498288 _____ (IObit ) C:\Users\Zack_2\Downloads\unlocker-setup.exe
2018-06-03 14:58 - 2018-06-03 14:58 - 000000000 ____D C:\Users\Zack_2\AppData\Local\Lenovo
2018-06-03 14:54 - 2018-06-03 14:54 - 000000000 ____D C:\Users\Zack_2\AppData\Local\PlaceholderTileLogoFolder
2018-06-03 14:53 - 2018-06-03 14:53 - 000000000 ___RD C:\Users\Zack_2\3D Objects
2018-06-03 14:53 - 2018-06-03 14:53 - 000000000 ____D C:\Users\Zack_2\ansel
2018-06-03 14:12 - 2018-06-03 14:12 - 000000000 ____D C:\Users\zack4\AppData\Local\snmwdlb
2018-06-03 14:08 - 2018-06-03 14:08 - 000564245 _____ C:\Users\zack4\Downloads\Imagine Dragons - Whatever It Takes (Studio Acapella).mp3.asd
2018-06-03 12:38 - 2018-06-03 12:38 - 000000000 ____D C:\Users\zack4\AppData\Local\cwehumb
2018-06-01 20:48 - 2018-06-01 20:48 - 000000000 ____D C:\Users\zack4\AppData\Local\spcibtn
2018-06-01 15:54 - 2018-06-01 15:54 - 000000000 ____D C:\Users\zack4\AppData\Local\cwoitep
2018-05-31 20:26 - 2018-05-31 20:26 - 000000000 ____D C:\Users\zack4\AppData\Local\dtskbvu
2018-05-31 16:43 - 2018-05-31 16:43 - 000000739 _____ C:\Users\zack4\AppData\Local\recently-used.xbel
2018-05-31 16:24 - 2018-05-31 16:24 - 000000000 ____D C:\Users\zack4\AppData\Local\raosvkh
2018-05-30 19:45 - 2018-05-30 19:45 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-05-30 19:45 - 2018-05-30 19:45 - 000000000 ____D C:\Program Files (x86)\Cisco
2018-05-30 19:17 - 2018-05-30 19:17 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_01009.Wdf
2018-05-30 13:39 - 2018-05-30 13:39 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-05-30 13:34 - 2018-05-30 13:34 - 000000000 ____D C:\Users\zack4\AppData\Local\sbboutk
2018-05-28 21:56 - 2018-05-28 21:56 - 000000000 ____D C:\Users\zack4\AppData\Local\cgemwsp
2018-05-28 20:31 - 2018-05-28 20:38 - 000000000 ____D C:\Users\zack4\AppData\Local\Python Tools
2018-05-28 19:35 - 2018-05-28 19:35 - 000001783 _____ C:\Users\Public\Desktop\Dauntless.lnk
2018-05-28 19:35 - 2018-05-28 19:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoenix Labs
2018-05-28 19:27 - 2018-05-28 19:27 - 000000000 ____D C:\Program Files\Phoenix Labs
2018-05-27 17:11 - 2018-05-27 17:11 - 000000000 ____D C:\Users\zack4\AppData\Local\UnrealHeaderTool
2018-05-27 17:00 - 2018-05-27 17:00 - 000000000 ____D C:\Users\zack4\AppData\Roaming\NuGet
2018-05-27 16:58 - 2018-05-27 16:58 - 000000000 ____D C:\Users\Zack_2\AppData\Roaming\Microsoft Visual Studio
2018-05-27 16:29 - 2018-05-27 16:29 - 000000000 ____D C:\Users\Zack_2\AppData\Local\Package Cache
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\SysWOW64\3082
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\SysWOW64\2052
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\SysWOW64\1055
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\SysWOW64\1049
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\SysWOW64\1046
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\SysWOW64\1045
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\SysWOW64\1042
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\SysWOW64\1041
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\SysWOW64\1040
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\SysWOW64\1036
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\SysWOW64\1031
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\SysWOW64\1029
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\SysWOW64\1028
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\system32\3082
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\system32\2052
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\system32\1055
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\system32\1049
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\system32\1046
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\system32\1045
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\system32\1042
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\system32\1041
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\system32\1040
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\system32\1036
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\system32\1033
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\system32\1031
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\system32\1029
2018-05-27 16:24 - 2018-05-27 16:24 - 000000000 ____D C:\WINDOWS\system32\1028
2018-05-27 16:16 - 2018-05-27 16:16 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2018-05-27 16:16 - 2018-05-27 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2018-05-27 16:16 - 2018-05-27 16:16 - 000000000 ____D C:\Program Files\Application Verifier
2018-05-27 16:16 - 2018-05-27 16:16 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2018-05-27 15:49 - 2018-05-27 15:49 - 000000664 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2018-05-27 15:40 - 2018-05-27 15:40 - 000000000 ____D C:\Users\zack4\AppData\Local\niagdvs
2018-05-26 15:03 - 2018-05-26 15:03 - 000000000 ____D C:\Users\zack4\AppData\Local\upnkcds
2018-05-25 14:49 - 2018-05-25 14:49 - 000000000 ____D C:\Users\zack4\AppData\Local\iaauxvm
2018-05-25 00:18 - 2018-05-25 00:18 - 000000000 ____D C:\Users\zack4\AppData\Local\pwdgxvh
2018-05-24 21:59 - 2018-06-04 20:09 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-05-24 21:59 - 2018-06-04 20:09 - 000000000 ____D C:\Users\zack4\Desktop\MStuff
2018-05-24 21:58 - 2018-05-24 23:04 - 000000000 ____D C:\ProgramData\RogueKiller
2018-05-24 21:58 - 2018-05-24 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-05-24 21:58 - 2018-05-24 21:58 - 000000000 ____D C:\Program Files\RogueKiller
2018-05-24 15:12 - 2018-05-24 15:12 - 000000000 ____D C:\Users\zack4\AppData\Local\lsoxzdi
2018-05-23 15:00 - 2018-05-23 15:00 - 000000000 ____D C:\Users\zack4\AppData\Local\rtdsnue
2018-05-22 15:00 - 2018-05-22 15:00 - 000000000 ____D C:\Users\zack4\AppData\Local\mbkuter
2018-05-21 20:44 - 2018-05-21 20:44 - 000001456 _____ C:\Users\zack4\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-05-21 16:34 - 2018-05-21 16:34 - 000000000 ____D C:\Users\zack4\AppData\Local\mbivhpw
2018-05-21 16:30 - 2018-05-21 16:30 - 000000000 ____D C:\Users\zack4\AppData\Local\mbhinea
2018-05-20 10:56 - 2018-05-20 10:56 - 000000000 ____D C:\Users\zack4\AppData\Local\sprklbv
2018-05-19 15:52 - 2018-05-19 15:52 - 000000000 ____D C:\Users\zack4\AppData\Local\spemvao
2018-05-18 22:50 - 2018-05-18 22:50 - 000000000 ____D C:\Users\zack4\AppData\Local\scceapl
2018-05-18 19:49 - 2018-05-18 19:49 - 000000000 ____D C:\Users\zack4\AppData\Local\lshczxk
2018-05-17 17:46 - 2018-05-20 18:09 - 000000000 ____D C:\Users\zack4\AppData\Local\wmcagent
2018-05-16 15:56 - 2018-05-04 05:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2018-05-15 19:29 - 2018-05-15 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-10 20:35 - 2018-04-03 16:17 - 000000000 ____D C:\FRST
2018-06-10 20:26 - 2017-12-26 13:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-10 19:15 - 2018-04-19 22:38 - 000000000 ____D C:\Users\zack4\Desktop\atlanta music
2018-06-10 19:13 - 2016-12-24 18:58 - 000000000 ____D C:\Users\zack4\Desktop\Stuff of Zack
2018-06-10 19:08 - 2018-01-06 11:36 - 000000000 ____D C:\Users\zack4\AppData\Roaming\vlc
2018-06-10 19:07 - 2017-12-26 13:49 - 000000000 ____D C:\Users\zack4\AppData\Local\Packages
2018-06-10 18:38 - 2018-03-18 16:17 - 000000000 ____D C:\Program Files\Common Files\VST3
2018-06-10 18:18 - 2018-03-19 17:03 - 001520896 _____ C:\WINDOWS\system32\prfh0804.dat
2018-06-10 18:18 - 2018-03-19 17:03 - 000473516 _____ C:\WINDOWS\system32\prfc0804.dat
2018-06-10 18:18 - 2017-12-26 13:48 - 004742774 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-10 18:17 - 2016-11-17 17:23 - 000543536 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-06-10 18:15 - 2016-11-18 17:42 - 000000000 ____D C:\Users\zack4\AppData\LocalLow\Mozilla
2018-06-10 18:13 - 2018-04-03 15:06 - 000052572 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-06-10 18:13 - 2016-08-04 09:21 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-10 18:12 - 2018-04-02 23:23 - 002888704 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\sbencrwsvc.exe
2018-06-10 18:12 - 2017-12-26 13:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-10 17:53 - 2018-04-04 20:49 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-10 17:36 - 2017-11-20 16:16 - 000000000 ____D C:\Users\zack4\AppData\Local\Battle.net
2018-06-10 17:09 - 2017-12-26 13:57 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AA0C38DE-29FA-4F4D-86F7-FFE8C2297E2D}
2018-06-09 23:34 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-09 22:50 - 2016-07-21 12:47 - 000000000 ____D C:\Users\zack4\AppData\Local\CrashDumps
2018-06-09 22:20 - 2016-07-12 16:37 - 000000000 ____D C:\Users\zack4\AppData\Roaming\.minecraft
2018-06-09 12:31 - 2016-12-01 20:49 - 000000000 ____D C:\Users\zack4\AppData\Local\Ubisoft Game Launcher
2018-06-09 12:09 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-09 12:09 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-09 12:06 - 2018-01-01 11:22 - 000000000 ____D C:\WINDOWS\Minidump
2018-06-08 10:15 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-08 10:15 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-08 10:09 - 2017-08-26 13:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-08 10:09 - 2016-08-16 21:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-07 21:09 - 2018-04-06 22:59 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-07 21:09 - 2018-04-06 22:59 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-07 20:37 - 2018-03-02 22:05 - 000000000 ____D C:\Users\zack4\Documents\Visual Studio 2017
2018-06-07 20:01 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-06-07 14:18 - 2016-08-16 21:39 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-06 18:34 - 2018-03-17 18:59 - 000000000 ____D C:\Users\zack4\.VirtualBox
2018-06-06 18:34 - 2017-09-30 16:45 - 000001156 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2018-06-06 12:09 - 2017-10-10 15:21 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-06 12:09 - 2016-07-16 15:04 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-06 10:19 - 2017-12-11 22:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-05 19:24 - 2017-09-29 09:49 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 19:24 - 2017-09-29 09:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-03 15:07 - 2018-04-02 23:24 - 000000000 ____D C:\Users\zack4\AppData\Local\pwsmnhx
2018-06-03 15:01 - 2017-06-15 08:42 - 000000000 ____D C:\Users\Zack_2\AppData\LocalLow\Mozilla
2018-06-03 14:57 - 2017-05-29 14:17 - 000000000 ____D C:\Users\Zack_2\AppData\Roaming\Mozilla
2018-06-03 14:54 - 2018-01-26 23:19 - 000000000 ____D C:\Users\Zack_2\AppData\Local\NETGEARGenie
2018-06-03 14:54 - 2017-12-26 13:57 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1800343915-2228852833-2782316146-1007
2018-06-03 14:54 - 2017-12-26 13:49 - 000000000 ____D C:\Users\Zack_2\AppData\Local\Packages
2018-06-03 14:54 - 2017-07-18 17:26 - 000002377 _____ C:\Users\Zack_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-03 14:54 - 2017-07-18 17:26 - 000000000 ___RD C:\Users\Zack_2\OneDrive
2018-06-03 14:54 - 2017-07-18 17:25 - 000000000 ____D C:\Users\Zack_2\AppData\Local\VirtualStore
2018-06-03 14:53 - 2017-12-26 13:48 - 000000000 ____D C:\Users\Zack_2
2018-06-03 14:53 - 2017-07-18 17:25 - 000000000 ____D C:\Users\Zack_2\AppData\Local\TileDataLayer
2018-06-03 14:53 - 2015-11-03 15:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-03 12:47 - 2016-10-06 18:50 - 000000000 ____D C:\Users\zack4\AppData\Roaming\discord
2018-06-01 21:03 - 2016-10-09 00:12 - 000000000 ____D C:\Users\zack4\Desktop\Albert middle school stuff
2018-06-01 21:03 - 2016-08-28 20:50 - 000000000 ____D C:\Users\zack4\Desktop\Albert College
2018-05-31 22:01 - 2017-12-26 13:48 - 000000000 ____D C:\Users\zack4
2018-05-30 21:26 - 2018-02-13 23:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-30 20:08 - 2017-07-19 19:00 - 000001270 _____ C:\Users\zack4\Desktop\nativelog.txt
2018-05-30 19:45 - 2016-07-05 21:42 - 000000000 ____D C:\ProgramData\Intel
2018-05-30 19:45 - 2016-07-05 21:41 - 000000000 ____D C:\Intel
2018-05-30 19:45 - 2016-07-05 21:31 - 000000000 ____D C:\Program Files (x86)\Intel
2018-05-30 19:45 - 2016-07-05 21:30 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-30 19:45 - 2015-10-30 02:28 - 000000000 ____D C:\Users\Default.migrated
2018-05-30 19:42 - 2016-07-05 21:31 - 000000000 ____D C:\Program Files\Intel
2018-05-30 19:17 - 2016-07-05 21:21 - 000000000 ____D C:\ProgramData\Lenovo
2018-05-30 13:39 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-30 13:39 - 2017-09-29 09:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-30 13:39 - 2016-09-20 20:34 - 000000000 ____D C:\Program Files\Microsoft Office
2018-05-28 20:47 - 2018-02-28 21:20 - 000000000 ____D C:\Users\Zack_2\AppData\Roaming\Visual Studio Setup
2018-05-27 22:47 - 2017-11-20 17:40 - 000000000 ____D C:\Users\zack4\Documents\Overwatch
2018-05-27 16:58 - 2018-02-28 21:20 - 000001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2018-05-27 16:58 - 2018-02-28 21:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2018-05-27 16:33 - 2018-03-02 22:05 - 000000000 ____D C:\Users\zack4\AppData\Local\.IdentityService
2018-05-27 16:30 - 2017-06-05 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6
2018-05-27 16:30 - 2017-06-05 20:12 - 000000000 ____D C:\Program Files\Python36
2018-05-27 16:18 - 2016-09-18 20:28 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2018-05-27 16:17 - 2017-09-07 15:54 - 000000000 ____D C:\Users\zack4\AppData\Local\UnrealEngine
2018-05-27 15:53 - 2016-09-18 20:30 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2018-05-27 15:52 - 2018-02-28 21:01 - 000000000 ____D C:\Users\zack4\Documents\Unreal Projects
2018-05-27 15:52 - 2016-09-18 20:28 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2018-05-27 15:51 - 2017-12-26 16:39 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-27 15:42 - 2016-09-18 20:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2018-05-26 15:52 - 2017-09-30 20:05 - 000000000 ____D C:\ProgramData\Epic
2018-05-25 00:17 - 2016-07-12 16:28 - 000000000 ____D C:\Program Files (x86)\Minecraft
2018-05-24 22:01 - 2018-01-21 16:22 - 000001163 _____ C:\Users\zack4\Desktop\Action Essentials.lnk
2018-05-20 11:02 - 2016-07-18 11:25 - 000000000 ____D C:\Program Files\Java
2018-05-20 11:02 - 2016-07-12 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-20 11:01 - 2016-07-18 11:26 - 000111048 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-05-18 18:07 - 2016-09-08 16:09 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2018-05-17 18:46 - 2017-08-08 22:39 - 000000529 _____ C:\Users\zack4\Documents\ClownfishVoiceChanger.ini
2018-05-17 18:33 - 2018-01-06 19:28 - 000002173 _____ C:\Users\Public\Desktop\ClownfishVoiceChanger.lnk
2018-05-17 18:32 - 2018-01-11 17:54 - 000000317 _____ C:\Users\Zack_2\Documents\ClownfishVoiceChanger.ini
2018-05-17 18:32 - 2017-08-08 22:39 - 000000000 ____D C:\Users\zack4\Documents\ClownfishSoundTemp
2018-05-17 17:46 - 2018-04-04 18:06 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-05-16 21:04 - 2018-04-06 22:58 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-16 21:04 - 2018-04-06 22:58 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 16:11 - 2017-07-18 17:25 - 000000000 ____D C:\Users\Zack_2\AppData\Local\CrashDumps
2018-05-15 19:29 - 2017-05-16 12:15 - 000000000 ____D C:\Users\zack4\AppData\Roaming\Texas Instruments
2018-05-15 19:29 - 2017-05-16 12:13 - 000000000 ____D C:\Program Files (x86)\TI Education
2018-05-15 12:48 - 2016-09-12 19:33 - 000000000 ____D C:\Users\zack4\AppData\Roaming\Audacity
2018-05-15 09:39 - 2017-12-26 13:57 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-05-15 09:39 - 2017-01-03 23:13 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2018-03-21 15:31 - 2018-03-21 15:31 - 003934720 _____ (XLN Audio AB) C:\Program Files (x86)\Addictive Keys.dll
2018-03-18 16:29 - 2018-05-05 15:30 - 000000064 _____ () C:\Users\zack4\AppData\Roaming\msregsvv.dll
2018-06-04 17:34 - 2018-06-10 18:11 - 000034166 _____ () C:\Users\zack4\AppData\Roaming\VoiceMeeterDefault.xml
2018-05-21 20:44 - 2018-05-21 20:44 - 000001456 _____ () C:\Users\zack4\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-07-20 22:18 - 2018-03-28 17:33 - 001649664 _____ () C:\Users\zack4\AppData\Local\file__0.localstorage
2018-04-04 20:29 - 2018-04-04 20:29 - 000140800 _____ () C:\Users\zack4\AppData\Local\installer.dat
2018-05-31 16:43 - 2018-05-31 16:43 - 000000739 _____ () C:\Users\zack4\AppData\Local\recently-used.xbel
2016-07-19 10:59 - 2016-07-28 13:23 - 000007599 _____ () C:\Users\zack4\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-05-24 21:58 - 2018-02-10 02:15 - 001954048 _____ (Microsoft Corporation) C:\Users\Zack_2\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\cscaehkn.sys -> Access Denied <======= ATTENTION


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Zack (10-06-2018 20:36:02)
Running from C:\Users\zack4\Desktop\fixfix
Windows 10 Pro Version 1709 16299.309 (X64) (2017-12-26 17:58:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1800343915-2228852833-2782316146-500 - Administrator - Disabled)
Albert (S-1-5-21-1800343915-2228852833-2782316146-1008 - Limited - Enabled) => C:\Users\Albert
Cathy Zhang (S-1-5-21-1800343915-2228852833-2782316146-1009 - Limited - Enabled) => C:\Users\Cathy Zhang
DefaultAccount (S-1-5-21-1800343915-2228852833-2782316146-503 - Limited - Disabled)
Guest (S-1-5-21-1800343915-2228852833-2782316146-501 - Limited - Disabled)
huang (S-1-5-21-1800343915-2228852833-2782316146-1010 - Limited - Enabled) => C:\Users\huang
WDAGUtilityAccount (S-1-5-21-1800343915-2228852833-2782316146-504 - Limited - Disabled)
Zack (S-1-5-21-1800343915-2228852833-2782316146-1001 - Limited - Enabled) => C:\Users\zack4
Zack_2 (S-1-5-21-1800343915-2228852833-2782316146-1007 - Administrator - Enabled) => C:\Users\Zack_2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Ableton Live 10 Suite (HKLM\...\{FE06C730-0296-42D9-B869-4E819D7F47A3}) (Version: 10.0.0.0 - Ableton)
ActiveState Komodo Edit 11.0.1 (HKLM-x32\...\{C0C305D4-1D83-46A3-9DEE-EF836E8C7C30}) (Version: 11.0.1 - ActiveState Software Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe Audition CC 2018 (HKLM-x32\...\AUDT_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_1) (Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0_1) (Version: 19.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\Amazon Kindle) (Version: 1.19.2.46095 - Amazon)
AmpliTube 4 version 4.3.0 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.3.0 - IK Multimedia)
Analyzed (HKLM-x32\...\Analyzed_is1) (Version:  - Marko Mihovilic)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{D9908CED-5ABB-FEE9-FC84-743F4D38637C}) (Version: 10.1.16299.15 - Microsoft) Hidden
ARIA Engine v1.9.1.6 (HKLM\...\ARIA Engine_is1) (Version: v1.9.1.6 - Plogue Art et Technologie, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
asiomulti (HKLM-x32\...\{84DDEB49-F50B-4C47-BD93-8DDCC5B5C642}) (Version: 1.0.0 - vidance)
Bass Station 2.2 (HKLM\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.2 - Novation)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blender (HKLM\...\{6B32721F-EA02-40BB-B781-92404BA3485C}) (Version: 2.79.1 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Boris Continuum Complete 9 for Adobe CS5, CS6, CC (HKLM\...\{19B70A89-E5F5-4867-83BD-6C909162F3DA}) (Version: 9.0.2001 - Boris FX, Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Celemony Melodyne version 2.1 (HKLM\...\Celemony Melodyne_is1) (Version:  - Copyright © 2001-2012 Celemony Software GmbH)
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version:  - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Custom Shop version 1.8.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.8.0 - IK Multimedia)
CWClient version 1.0 (HKLM-x32\...\{4D64BA0F-CF7B-4A53-AA81-6E5F33510B04}_is1) (Version: 1.0 - AbsolutSoft)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.)
Dauntless (HKLM\...\{03AFDFA7-7A23-41B1-AAC2-3898591127D3}) (Version: 1.00.0000 - Phoenix Labs)
DiagnosticsHub_CollectionService (HKLM\...\{A5DD0731-C724-4037-B35B-B80782AACE00}) (Version: 15.0.27128 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 390.77 - NVIDIA Corporation) Hidden
Electric Sheep 3.0 (HKLM-x32\...\Electric Sheep) (Version: 3.0 - Electricsheep)
Epic Games Launcher (HKLM-x32\...\{9F55B4DA-23ED-44FA-910E-BDDBD6D942CF}) (Version: 1.1.123.0 - Epic Games, Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FabFilter Total Bundle (HKLM\...\Total Bundle_is1) (Version: 2018.02.22 - FabFilter)
Far Cry 3 Blood Dragon (HKLM-x32\...\Uplay Install 205) (Version:  - Ubisoft)
FluxCenter-64-bit (HKLM\...\{BCB70ED5-D335-405B-8628-6569C95B552D}) (Version: 1.2.13.47658 - Flux:: sound and picture development)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GCFScape 1.8.6 (HKLM\...\GCFScape_is1) (Version:  - Ryan Gregg)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Git version 2.12.2.2 (HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\Git_is1) (Version: 2.12.2.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.79 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.8.3 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.292 - SurfRight B.V.)
HP LaserJet Professional M1530 MFP Series (HKLM-x32\...\{74280B5D-A0AF-46c5-9C85-D9EA078262F1}) (Version: 15.0.15188.928 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.32.203 - HP)
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{B2AA0F22-E167-4C4A-BAE2-E0025028E61B}) (Version: 1.02.0000 - Hewlett-Packard)
hppLaserJetService (HKLM-x32\...\{0C4C3664-157A-4D69-B474-31EBF2EE1AE3}) (Version: 009.033.00926 - Hewlett-Packard) Hidden
hppM1530LaserJetService (HKLM-x32\...\{A1D53426-D6F3-4886-A72B-E1A8C82259E9}) (Version: 001.008.00477 - Hewlett-Packard) Hidden
icecap_collection_neutral (HKLM-x32\...\{9149432D-3BEE-4869-B6F5-7A5CF843A612}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{D0C9796E-CB35-4440-885D-9630A0153D1E}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{B96B62E4-2EE4-45EC-8082-246FFC1B12E3}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{262EE643-72FF-406D-9776-C6B65443DA5B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Ignite Express 2017 (HKLM\...\{20DC5244-F0E4-4F7A-A8BA-77953E9EBFF9}) (Version: 1.0.7110.12602 - FXHOME)
IK Multimedia Authorization Manager version 1.0.19 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.19 - IK Multimedia)
Inkscape 0.92.2 (HKLM-x32\...\Inkscape) (Version: 0.92.2 - Inkscape Project)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1036 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 20.2 - Intel)
Intel® Online Connect Software Asset Manager (HKLM-x32\...\{AE956AB9-CD98-4F1E-8B9E-C3C66E290D64}) (Version: 3.4.2072 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{588DA478-D4FF-48E3-8290-49F8C4B21283}) (Version: 18.1.1527.1551 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{babec7ff-057a-4dec-8a71-bf73b4e1312d}) (Version: 20.20.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Unite™ (HKLM-x32\...\{ED8800CE-3CD7-4A03-A28E-18AB8BDA4D39}) (Version: 1.0.0.0 - Intel Corporation)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit)
Jack (HKLM-x32\...\Jack) (Version:  - )
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Kodi (HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\Kodi) (Version:  - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LBAI (HKLM-x32\...\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}_is1) (Version: 1.0.0.9 - Lenovo Group Limited)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lenovo Bluetooth Lock (HKLM\...\{77A3D1F8-B521-40E6-9A51-E53C2FDBA2A9}_is1) (Version: 2.0.1.0407 - Lenovo)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo Y Gaming Precision Mouse (HKLM-x32\...\{B8C29C6B-49AE-438A-8544-DF0534AE666B}}_is1) (Version: 1.19 - Lenovo Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
MAGIX Independence Libraries Common Files (HKLM\...\{34563DEE-79CD-4E2B-B41B-41A81B8188F0}) (Version: 3.2.0.0 - MAGIX AG) Hidden
MAGIX Independence Libraries Common Files (HKLM\...\MX.{34563DEE-79CD-4E2B-B41B-41A81B8188F0}) (Version: 3.2.0.0 - MAGIX AG)
MAGIX Independence Pro 3.2 VST-Plugins (HKLM\...\{CE4E2B9B-9D8C-4857-8BD5-230CE6E24A3B}) (Version: 3.2.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro 3.2 VST-Plugins (HKLM\...\MX.{CE4E2B9B-9D8C-4857-8BD5-230CE6E24A3B}) (Version: 3.2.0.0 - MAGIX AG)
MAGIX Independence Pro Software Suite 3.2 (HKLM\...\{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.2.0.91 - MAGIX AG) Hidden
MAGIX Independence Pro Software Suite 3.2 (HKLM-x32\...\MX.{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.2.0.91 - MAGIX AG)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
MeldaProduction Audio Plugins 11 (HKLM-x32\...\MeldaProduction Audio Plugins 11) (Version:  - MeldaProduction)
Microsoft .NET Core SDK - 2.1.4 (x64) (HKLM-x32\...\{9e732e8f-9e57-467d-a425-6f2387bdabd0}) (Version: 2.1.4 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.9330.2087 - Microsoft Corporation)
Microsoft Office 专业增强版 2016  - zh-cn (HKLM\...\ProPlusRetail - zh-cn) (Version: 16.0.9330.2087 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.16.1247.518 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{65C71B09-C33D-4F60-93EA-DF3AD1D40600}) (Version: 10.0.1981 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.2.6730 - Mozilla)
MSI Afterburner 4.4.2 (HKLM-x32\...\Afterburner) (Version: 4.4.2 - MSI Co., LTD)
MSI Development Tools (HKLM-x32\...\{973CACA2-E018-065B-0580-F2784802E299}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MultiWall version 1.0.31 (HKLM-x32\...\{54384F46-6346-4BDC-A137-4D4037D362D3}_is1) (Version: 1.0.31 - MultiWall)
Muon Tau Bassline VSTi (HKLM-x32\...\{DE6E154C-640F-48D0-BB0E-747E22D48053}) (Version: 2.0.0 - Muon Software Ltd)
My.com Game Center (HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\MyComGames) (Version: 3.194 - My.com B.V.)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.48.00 - NETGEAR Inc.)
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM-x32\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 -  Microsoft)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.13 - Black Tree Gaming)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 390.77 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0804-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 5.1.38 (HKLM\...\{9E37A2F6-2495-46D2-B71B-703971F30A46}) (Version: 5.1.38 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PACE License Support Win64 (HKLM\...\{57949989-8D95-4628-BAB1-6DE84EA48C9F}) (Version: 3.1.6.1793 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{57949989-8D95-4628-BAB1-6DE84EA48C9F}) (Version: 3.1.6.1793 - PACE Anti-Piracy, Inc.)
Plogue AlterEgo v1.516 (HKLM\...\__ARIA_1019___is1) (Version: v1.516 - Plogue)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 4.00.0008 - Lenovo Group Limited)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (HKLM-x32\...\{D6E853EC-8960-4D44-AF03-7361BB93227C}) (Version: 10.0.1.5529 - CyberLink Corp.) Hidden
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
proDAD Vitascene 2.0 (64bit) (HKLM\...\proDAD-Vitascene-2.0) (Version: 2.0.237 - proDAD GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Python 3.6.1 (64-bit) (HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\{5984d629-979e-4439-b893-accde1a00a68}) (Version: 3.6.1150.0 - Python Software Foundation)
Python 3.6.1 Add to Path (64-bit) (HKLM\...\{079FEF6F-9E83-4694-897D-69C30389B772}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.3 Core Interpreter (64-bit symbols) (HKLM\...\{4F41E9C9-3079-4BB0-806E-EA74F6E218AC}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Core Interpreter (64-bit) (HKLM\...\{5CAB3F9C-AC0C-4796-984C-292FF82FB112}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Development Libraries (64-bit) (HKLM\...\{B6B221CE-20AA-46D6-8156-911613216968}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Documentation (64-bit) (HKLM\...\{404A8C42-6B82-4B32-AC7F-0583644A04F2}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Executables (64-bit symbols) (HKLM\...\{B6C96BF6-D381-4011-B65D-44FC4A7CFC9E}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Executables (64-bit) (HKLM\...\{D3ABC2C4-85AF-4AFD-94D4-F2B84F49BFEA}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 pip Bootstrap (64-bit) (HKLM\...\{48EC8399-294B-40F5-8274-E2AFBF0CFCBE}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Standard Library (64-bit symbols) (HKLM\...\{28FDA5E7-4FD1-4659-96D0-E6D2FD756DDD}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Standard Library (64-bit) (HKLM\...\{60B3332C-989F-4609-8D4F-7B1FD1DB0A5D}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Tcl/Tk Support (64-bit symbols) (HKLM\...\{50A4B450-4499-4AF7-8AC9-5125DA32153A}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Tcl/Tk Support (64-bit) (HKLM\...\{8FE3FFD1-2F7E-4EBB-A4B7-627E279DA70E}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Test Suite (64-bit symbols) (HKLM\...\{43BEECFA-E1E7-4124-B3EC-124B7D35C170}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Test Suite (64-bit) (HKLM\...\{2C6B5217-ACF4-4082-B19C-3463C9340E41}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python 3.6.3 Utility Scripts (64-bit) (HKLM\...\{E3F016B8-A524-4F97-9095-944C31A971E0}) (Version: 3.6.3150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C093353B-F9EE-4A06-923D-C1B340B82886}) (Version: 3.6.6119.0 - Python Software Foundation)
Radio 1.1.4 (HKLM-x32\...\Radio 1.1.4) (Version: 1.1.4 - RCompany)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Reveal Sound Spire (HKLM\...\Spire_is1) (Version: 1.1.12 - Reveal Sound)
RivaTuner Statistics Server 7.0.2 (HKLM-x32\...\RTSS) (Version: 7.0.2 - Unwinder)
RogueKiller version 12.12.18.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.18.0 - Adlice Software)
Rowbyte TV Distortion 2.0.7 CE (HKLM\...\TV Distortion Bundle_is1) (Version: 2.0.7 - Team V.R)
SampleTank 3 version 3.7.1 (HKLM\...\{4A5CE684-33A5-4EE6-AB22-4B92D92D37D8}_is1) (Version: 3.7.1 - IK Multimedia)
SDK ARM Additions (HKLM-x32\...\{7922BB77-0B59-840A-AC80-D560A34D75C5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{C87DF65C-A672-7E08-A083-E7D48FE8DB70}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steinberg VST Classics 1 64bit (HKLM\...\{AA322103-FC2B-4D86-BA6C-67D4DDB4209C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
SuperLuminal StarDust v1.1.2 CE for After Effects (HKLM\...\StarDust_is1) (Version: 1.1.2 - Team V.R)
Sylenth1 version 2.2.1 (HKLM-x32\...\{32854748-931C-47FB-BDE7-95401A9542BD}_is1) (Version: 2.2.1 - Lennar Digital)
Syntronik version 1.1.0 (HKLM\...\{F4F8EE56-65A3-480C-A0CD-5CCA567A5673}_is1) (Version: 1.1.0 - IK Multimedia)
TI Connect™ CE (HKLM-x32\...\{8B1F3A89-E195-48CD-8487-A37BA5308E76}) (Version: 5.3.0.384 - Texas Instruments Inc.)
TI-Nspire™ CX CAS Student Software (HKLM-x32\...\{C78AB881-6CE6-43FA-BE60-3B32EE5410C1}) (Version: 4.4.0.532 - Texas Instruments Inc.)
T-RackS 5 version 5.0.1 (HKLM\...\{7609F15A-5EF0-49B8-A6B4-4BBB5FFB9021}_is1) (Version: 5.0.1 - IK Multimedia)
Trapcode Suite 14 (HKLM\...\Trapcode Suite 14 v14.0.3) (Version:  - Red Giant LLC)
TreeSize Free V4.1.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.1.2 - JAM Software)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
Twixtor v6 for After Effects and Premiere Pro (HKLM\...\Twixtor v6 for After Effects and Premiere Pro 6.2.8) (Version: 6.2.8 - RE:Vision Effects)
TypeScript SDK (HKLM-x32\...\{B08D05BC-7897-4616-B34C-95B58D07650C}) (Version: 2.5.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Unity (HKLM-x32\...\Unity) (Version: 2017.2.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{A5FA2886-1925-133F-0D41-B9A8ECEA0A2D}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{B739B4C5-EEEC-8E70-0276-38C4779AF398}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{E053089E-7953-3219-814F-F485FC151C54}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B9424F08-0617-C4F6-A798-5A9250C1A738}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{D261CEA1-AB8D-9CFA-4407-BCEFC78661AC}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Unreal Development Kit: 2015-01 (HKLM\...\UDK-70157bbd-df5a-4527-a2c0-1126d9cbec17) (Version:  - Epic Games, Inc.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 26.0 - Ubisoft)
USB Enhanced Performance Keyboard (HKLM\...\{989DC5D9-A776-430D-9E16-D36E5B81CD86}) (Version: 2.0.2.6 - Lenovo)
UVI Workstation x64 2.6.15 (HKLM\...\UVI Workstation x64_is1) (Version: 2.6.15 - UVI)
ValhallaFreqEcho version 1.0.5 (HKLM-x32\...\{86164718-6457-42DE-8DB6-EA05F7045F2C}_is1) (Version: 1.0.5 - Valhalla DSP, LLC)
vcpp_crt.redist.clickonce (HKLM-x32\...\{0074562E-F896-4994-9086-79F8BC8DE02C}) (Version: 14.12.25830 - Microsoft Corporation) Hidden
Visual Studio Community 2017 (HKLM\...\ffa7b55e) (Version: 15.5.27130.2036 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
VS Script Debugging Common (HKLM\...\{0EE5749D-2DC0-460F-AB1C-06B3EDB42426}) (Version: 16.0.76.0 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{595F5D63-8773-4182-A1E0-EC9ECF4B6EA4}) (Version: 15.0.27102 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{9414C260-D479-49EB-B0BF-01C1F5076EA0}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{A57BD1C0-42AD-42F8-AFEB-FAC7E6ABB005}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{70F69B4F-7950-4841-8139-5D0C7EDD2FE6}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B11D79C6-332C-47B6-B58C-2F88A4911C7C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{2497054A-0269-4F45-98AE-F469F89CC45F}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{231C8ADB-BF59-458E-A909-CFA825F46388}) (Version: 15.0.27102 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{9CDD69A2-765A-4970-AB6B-595A740C614F}) (Version: 15.0.27019 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
V-Station 2.4 (HKLM\...\{842C6AFC-7856-4fd9-99AF-8900554ACAA2}_is1) (Version: 2.4 - Novation)
VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version:  - Neil Jedrzejewski & Ryan Gregg)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Warface My.Com (HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\Warface My.Com) (Version: 1.27 - My.com B.V.)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 6.7.1 - SoundSpectrum)
WinAppDeploy (HKLM-x32\...\{9690D51C-4435-1C20-7819-66CCAB0F03F9}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.81 Build 42 - Windscribe Limited)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{385A1387-A488-9E90-3635-086129610034}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{D7DD3171-DA58-52A1-95B2-4769640855AF}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7336279F-8F8F-5530-A543-3BE963846C0A}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E414A474-0A87-4F66-C409-A4D9857CFD34}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{CE760B86-975B-F514-5673-0ED4332B801B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{5E67F8BE-D8D2-257F-CE19-419A2D5125C7}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A2AA063E-AF50-A1F5-8925-A06EB1556644}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{7D4C7F4A-02A9-E434-6451-C8787DF28C1F}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{BC467065-9374-5345-DA3F-FCF073304A25}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Wise Force Deleter 1.4.6 (HKLM-x32\...\Wise Force Deleter_is1) (Version: 1.4.6 - WiseCleaner.com, Inc.)
Wolfram Extras 11.1.1 (A-WIN-Extras 11.1.1 5716941) (HKLM\...\A-WIN-Extras 11.1.1 5716941_is1) (Version: 11.1.1 - Wolfram Research, Inc.)
XLN Online Installer (HKLM\...\XLN Online Installer Inno Setup ID_is1) (Version:  - )
Zoom (HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1800343915-2228852833-2782316146-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0C66298B803A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1800343915-2228852833-2782316146-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\zack4\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\zack4\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\zack4\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\zack4\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\zack4\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\zack4\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-06-18] ()
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\zack4\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\zack4\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\zack4\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\zack4\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-01-23] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2015-07-15] (IObit)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\zack4\Desktop\pystuff\CornellExtensionsInstall\install.lnk -> C:\Users\zack4\Desktop\CornellExtensionsInstall\data\script.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2015-09-28 17:09 - 2015-09-28 17:09 - 000043976 _____ () C:\Program Files\Lenovo\QuickOptimizer\LNBPrismAssistInf.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-10-18 17:51 - 2017-10-18 17:51 - 000598528 _____ () C:\Users\zack4\AppData\Local\MEGAsync\ShellExtX64.dll
2017-09-26 03:52 - 2018-02-10 02:12 - 000614856 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-03-13 15:27 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 15:27 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-21 16:31 - 2018-05-21 16:34 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-21 16:31 - 2018-05-21 16:34 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-21 16:31 - 2018-05-21 16:34 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-21 16:31 - 2018-05-21 16:34 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-21 16:31 - 2018-05-21 16:34 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-07-12 21:35 - 2015-08-18 12:19 - 000376320 _____ () C:\Program Files (x86)\Lenovo Y Gaming Precision Mouse\hid.exe
2016-07-12 21:35 - 2015-07-28 11:43 - 000388096 _____ () C:\Program Files (x86)\Lenovo Y Gaming Precision Mouse\Tray.exe
2016-07-05 21:29 - 2015-09-18 17:08 - 000035584 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
2018-06-07 21:09 - 2018-06-05 21:25 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.79\libglesv2.dll
2018-06-07 21:09 - 2018-06-05 21:25 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.79\libegl.dll
2017-06-16 20:46 - 2017-06-16 20:46 - 000022528 _____ () C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python36_64\tcl\reg1.3\tclreg13.dll
2018-05-19 15:55 - 2018-05-19 15:55 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-05-08 12:02 - 2018-05-08 12:02 - 001873120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-31 16:27 - 2018-05-31 16:27 - 001280176 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2018-05-26 15:03 - 2018-05-26 15:03 - 027118080 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-05-23 15:02 - 2018-05-23 15:02 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-05-23 15:02 - 2018-05-23 15:02 - 006748672 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 15:18 - 2017-09-26 15:18 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\avvgnkew.sys:changelist [1458]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fkdstmip.sys:changelist [1150]
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-05-16 17:54 - 2018-06-10 19:25 - 000000799 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\zack4\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\StartupApproved\Run: => "gflauncher"
HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-1800343915-2228852833-2782316146-1001\...\StartupApproved\Run: => "Ubisoft Game Launcher"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A31FE7C1-6396-4628-B201-B80441EA987E}] => (Allow) D:\SL2\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{20D7B90B-625A-4946-BF5D-AEDA731CB19E}] => (Allow) D:\SL2\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{3BF7F1A3-421E-40E9-A5BF-43CA77D480A6}] => (Allow) D:\SL2\steamapps\common\Wildlands\GRW.exe
FirewallRules: [{C7A8285A-AB00-412E-A6D1-7D16F39C7673}] => (Allow) D:\SL2\steamapps\common\Wildlands\GRW.exe
FirewallRules: [{CA751509-8048-43C6-821C-E1599F21AC31}] => (Allow) D:\SL2\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{BBAC4B8B-A351-4C1D-98C7-B4E5F121B438}] => (Allow) D:\SL2\steamapps\common\Terraria\Terraria.exe
FirewallRules: [UDP Query User{16598C2A-C7D3-4528-AC7F-03F5C864B47B}C:\programdata\oracle\java\javapath_target_1357705625\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_1357705625\java.exe
FirewallRules: [TCP Query User{D29E76C2-9245-4576-8937-00D7F274C05F}C:\programdata\oracle\java\javapath_target_1357705625\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_1357705625\java.exe
FirewallRules: [UDP Query User{73F94F58-7CB3-4CF3-B1B9-A7F35B9B7253}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{BDCF1E08-8CE9-4183-AF69-CAB98BDE458D}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{DB3B3B7F-FC01-4B79-8B60-DA5E50F53FAB}C:\program files\adobe\adobe media encoder cc 2018\adobe media encoder.exe] => (Allow) C:\program files\adobe\adobe media encoder cc 2018\adobe media encoder.exe
FirewallRules: [TCP Query User{A0157AD3-1D11-46B2-9C78-D4FF7D4E25A8}C:\program files\adobe\adobe media encoder cc 2018\adobe media encoder.exe] => (Allow) C:\program files\adobe\adobe media encoder cc 2018\adobe media encoder.exe
FirewallRules: [UDP Query User{EE034B16-3521-4A9A-92AD-9CC72657056E}C:\program files\adobe\adobe premiere pro cc 2018\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2018\adobe premiere pro.exe
FirewallRules: [TCP Query User{FB3130CF-058E-4EF5-AF2B-9A4599C9A8A2}C:\program files\adobe\adobe premiere pro cc 2018\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2018\adobe premiere pro.exe
FirewallRules: [{5313C825-5C49-475D-BF06-C56339AB0807}] => (Allow) C:\Users\Zack_2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CC0CF585-C30F-4C1F-9223-5DC54269C1B5}] => (Allow) C:\Users\Zack_2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{BDCEF2B9-3260-4250-B8EC-8108146DC979}C:\program files\adobe\adobe after effects cc 2018\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2018\support files\afterfx.exe
FirewallRules: [TCP Query User{2AF49153-BC19-4F6D-9032-E054D482F9C5}C:\program files\adobe\adobe after effects cc 2018\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2018\support files\afterfx.exe
FirewallRules: [UDP Query User{0E1CAE0A-4F2F-461A-9F6A-186EEB553CC6}D:\zack4\ovw\game\overwatch\overwatch.exe] => (Allow) D:\zack4\ovw\game\overwatch\overwatch.exe
FirewallRules: [TCP Query User{47196B3B-8589-4D19-8B7C-6F50178668A4}D:\zack4\ovw\game\overwatch\overwatch.exe] => (Allow) D:\zack4\ovw\game\overwatch\overwatch.exe
FirewallRules: [{46125128-8D05-41DC-A5DF-DB6DFAAADBED}] => (Allow) D:\SL2\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D164131A-6BC6-4588-AE3C-5261271A8226}] => (Allow) D:\SL2\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FD6F130B-2025-4051-A641-AE3E57AA9A6B}] => (Allow) D:\SL2\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{AB9D8E3A-1460-4357-9F6D-A73F7F9F33E1}] => (Allow) D:\SL2\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{92B8E438-6D30-4BD3-8341-BF7B6F4456EE}] => (Allow) D:\SL2\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{E2DF4347-A965-4523-977E-516D9E390CD3}] => (Allow) D:\SL2\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [UDP Query User{83FC218F-D94F-4890-9871-31B9A97F3A12}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{CF5C9A20-BF31-46A5-8725-3318B291AB58}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{67EE540E-C356-4804-A147-A6DCCF9E6AC6}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{EBD60CCD-9ED3-4FB3-9243-8C0BBDE848CF}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{85C7D3AA-3C71-458E-9C03-D918DF34809C}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{ACE9F141-63E9-4AF0-B5B7-615955699039}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{347133F8-AC6B-423C-8D3C-C695DAF61F1C}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{6ECF89AD-2E00-4FE7-A3AA-BD2D95F8CDAB}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [UDP Query User{BFEB57D8-CB8F-4ABE-9781-0577AEF0583E}F:\zack's stuff\s\steamapps\common\mirage arcane warfare\tbl\binaries\win64\tbl-win64-shipping.exe] => (Allow) F:\zack's stuff\s\steamapps\common\mirage arcane warfare\tbl\binaries\win64\tbl-win64-shipping.exe
FirewallRules: [TCP Query User{11CF7921-73F0-45CA-AABA-E5CCBA4E67F0}F:\zack's stuff\s\steamapps\common\mirage arcane warfare\tbl\binaries\win64\tbl-win64-shipping.exe] => (Allow) F:\zack's stuff\s\steamapps\common\mirage arcane warfare\tbl\binaries\win64\tbl-win64-shipping.exe
FirewallRules: [{41C50297-0335-4315-8BE5-F746C345B500}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{AE2556FE-8EDD-4A2E-8202-7FE3EBFC6E6C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C263D534-4D85-4E1D-AFB1-7CA949C279AE}] => (Allow) C:\SL3\steamapps\common\V\V.exe
FirewallRules: [{911F9A78-844A-409C-B9B3-D36DACB3809B}] => (Allow) C:\SL3\steamapps\common\V\V.exe
FirewallRules: [UDP Query User{2EEC710F-63F8-4F35-8C59-F1A292C9936C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{7891CA4E-177B-4596-B8EA-C18EBF69C15F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{D3FE7428-8A78-4EC8-868A-0EFD89CBC12E}C:\users\zack4\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\zack4\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{01A1788D-414F-4914-8639-93464C909CD6}C:\users\zack4\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\zack4\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{686F011E-098E-44DF-9684-791FAE1EFB9F}] => (Allow) D:\SL2\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{5063B9AD-2EC6-41A3-88A6-4ED0408695BA}] => (Allow) D:\SL2\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{F9A674EE-0FEE-4836-94EE-13D2022184A4}] => (Allow) D:\SL2\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{FD57D0F8-2F2D-4E01-8CC8-73303E46AD71}] => (Allow) D:\SL2\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{7B67F925-53DA-42D0-AE7B-7A2181CCD638}] => (Allow) D:\SL2\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{9ADFD06B-1A7C-4B28-84F5-84ED37D7FB36}] => (Allow) D:\SL2\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{573F0DC5-CC0A-4F03-9E3E-FB01E2246D3F}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{2F162C05-B336-4566-8BAA-7D6085F118D3}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [UDP Query User{C7C3D85B-5F51-4E34-A900-78828C17A6BC}C:\program files (x86)\ti education\ti-nspire cx cas student software\jre\bin\java.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire cx cas student software\jre\bin\java.exe
FirewallRules: [TCP Query User{AEC26D57-0303-4BBD-90B5-9F3917D6CC6F}C:\program files (x86)\ti education\ti-nspire cx cas student software\jre\bin\java.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire cx cas student software\jre\bin\java.exe
FirewallRules: [UDP Query User{162C0597-FF92-4FD2-9D39-EFD2282D2159}C:\program files (x86)\ti education\ti-nspire cx cas student software\ti-nspire cx cas student software.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire cx cas student software\ti-nspire cx cas student software.exe
FirewallRules: [TCP Query User{124A0CBC-EA08-4BBA-8165-2EE9BC737B90}C:\program files (x86)\ti education\ti-nspire cx cas student software\ti-nspire cx cas student software.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire cx cas student software\ti-nspire cx cas student software.exe
FirewallRules: [{3886B564-ED7E-44C0-AC20-24590B38CAF2}] => (Allow) F:\Zack's Stuff\S\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{6CBB7DD8-0D77-44D7-9E3E-C90D45FAF050}] => (Allow) F:\Zack's Stuff\S\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [UDP Query User{FAFD3F73-2337-4428-83E7-F3774296B3BE}F:\zack's stuff\s\steamapps\common\lms\lms.exe] => (Allow) F:\zack's stuff\s\steamapps\common\lms\lms.exe
FirewallRules: [TCP Query User{6E9A6310-DFDF-446E-809C-48D5CF71FB1A}F:\zack's stuff\s\steamapps\common\lms\lms.exe] => (Allow) F:\zack's stuff\s\steamapps\common\lms\lms.exe
FirewallRules: [UDP Query User{17534646-57D5-4186-9437-143E61118B6C}F:\zack's stuff\s\steamapps\common\lms\launcher.exe.new.exe] => (Allow) F:\zack's stuff\s\steamapps\common\lms\launcher.exe.new.exe
FirewallRules: [TCP Query User{7C57680B-9F48-4ABC-870D-FAFF0BFC9C81}F:\zack's stuff\s\steamapps\common\lms\launcher.exe.new.exe] => (Allow) F:\zack's stuff\s\steamapps\common\lms\launcher.exe.new.exe
FirewallRules: [UDP Query User{54E86C26-C144-4AB7-9A59-5C2AE62E91A6}F:\zack's stuff\s\steamapps\common\insurgency2\insurgency.exe] => (Allow) F:\zack's stuff\s\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [TCP Query User{A4B1B00A-179D-4F1A-8C31-C79B0876CB0C}F:\zack's stuff\s\steamapps\common\insurgency2\insurgency.exe] => (Allow) F:\zack's stuff\s\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [UDP Query User{ECCC8D8C-9C27-4362-BCF4-AF09D18F2FD9}C:\program files (x86)\gog galaxy\games\saints row 2\sr2_pc.exe] => (Allow) C:\program files (x86)\gog galaxy\games\saints row 2\sr2_pc.exe
FirewallRules: [TCP Query User{AF751793-771B-432C-85A4-306DA4114B9E}C:\program files (x86)\gog galaxy\games\saints row 2\sr2_pc.exe] => (Allow) C:\program files (x86)\gog galaxy\games\saints row 2\sr2_pc.exe
FirewallRules: [{070F3594-1E98-4AA3-887F-21B98E252D5C}] => (Allow) C:\Users\zack4\AppData\Roaming\Zoom\bin\airhost.exe
FirewallRules: [{9DF85DCA-6DA8-44CC-9F66-90DFE4898B66}] => (Allow) C:\Users\zack4\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{EBB722DE-0001-4FFD-B67D-6EDE6663AAF5}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{ACEF7706-0CC0-414C-BCFA-CDA4106F281B}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [UDP Query User{B51F58E6-E1BB-4224-B371-FDD456DE12F3}C:\program files\java\jre1.8.0_121\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe
FirewallRules: [TCP Query User{6C91CDD9-0335-4E32-A35B-5A7DA595A5B6}C:\program files\java\jre1.8.0_121\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe
FirewallRules: [UDP Query User{72CB2697-57A6-4D56-A856-BE72A9F3C9FE}C:\users\zack4\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\zack4\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{5F8A95F0-064A-45F5-82E9-98EE7837ABC9}C:\users\zack4\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\zack4\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{055FE095-80E3-4986-9E6A-2791C3F08B28}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{66B91A53-F1F8-4997-A76B-EAFF45347D49}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{D6E4E617-8060-4C86-9C20-CFCA4C528794}] => (Allow) F:\Zack's Stuff\S\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{F876C655-14F2-489E-BCF7-5EB77966AA67}] => (Allow) F:\Zack's Stuff\S\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [UDP Query User{EA45A7B2-C09B-474A-8FE8-29220F805A2C}C:\users\zack4\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\zack4\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{3F57C396-7C48-4CA2-BB94-53041AC33E67}C:\users\zack4\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\zack4\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{73EE2E3A-8E86-4396-AE2F-5B1AFCA1DB79}] => (Allow) D:\SL2\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{19B721C7-2D8A-4FB3-82BB-FE92B02D4608}] => (Allow) D:\SL2\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{DF75C3DA-2C50-4474-9750-7F9E3EA16409}] => (Allow) F:\Zack's Stuff\S\steamapps\common\America's Army\AAPG\Binaries\Win32\AALauncher32.exe
FirewallRules: [{6E6F6179-5B49-47F8-A0F8-43E8B075D6B9}] => (Allow) F:\Zack's Stuff\S\steamapps\common\America's Army\AAPG\Binaries\Win32\AALauncher32.exe
FirewallRules: [{E739F94D-4593-40A7-94C6-72B0B858935C}] => (Allow) F:\Zack's Stuff\S\steamapps\common\America's Army\AAPG\Binaries\Win32\AAGame.exe
FirewallRules: [{D101A8C9-8920-4BEE-A046-78A0B3571A74}] => (Allow) F:\Zack's Stuff\S\steamapps\common\America's Army\AAPG\Binaries\Win32\AAGame.exe
FirewallRules: [{EA6E0547-EEDF-40EE-B853-A8C181E320FD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{532ABCBE-9E10-4C4B-B172-E95E6DFE1B33}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A96AA0D5-D2A4-407C-AA97-3A54A629F419}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{308CA092-9CEE-4EA4-A205-9C8397160BEC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{AEFD8F0F-EEB5-41AA-8DF2-3B14FCD9031B}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warface\live\gflauncher.exe
FirewallRules: [{59ED512F-E3FA-46FE-8EC0-576E57C05E57}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warface\live\gflauncher.exe
FirewallRules: [UDP Query User{4D3894C1-5FB1-4CF0-996E-948215992D99}D:\sl2\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\sl2\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [TCP Query User{12FE7912-10D7-4935-9257-F615DB07DDB0}D:\sl2\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\sl2\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{9CE0DB07-0B08-4D53-8F39-612ABA44DB9A}] => (Allow) D:\SL2\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{D55D5F9B-ABE3-4AE6-B595-71F1F280ED8C}] => (Allow) D:\SL2\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [UDP Query User{DBC1E571-3E2C-498F-AAFA-FE5DA26B8A6D}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{439B3390-BC72-4D6F-ACB7-DF062BB45667}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{403C7545-E580-4706-B270-EFFBC406E709}] => (Allow) D:\zack4\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{2A156808-BFA0-41C7-BDA7-85C83A4DA6F6}] => (Allow) D:\zack4\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{B2BEE31A-CBFA-49FF-9EFF-5FB5453CED94}] => (Allow) D:\zack4\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{74509C68-C2C5-428D-AFF9-51CB543EAAD6}] => (Allow) D:\zack4\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{B00B7968-B69E-43F5-A9C7-DFC73C4DD689}] => (Allow) F:\Zack's Stuff\S\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0E5E79AF-90BF-4F53-A51E-B9A9066F688A}] => (Allow) F:\Zack's Stuff\S\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8F548402-D975-423B-85F6-0298972628F8}] => (Allow) F:\Zack's Stuff\S\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{C9030A2C-0604-4DCF-B0FA-BB9BA5EF0FEF}] => (Allow) F:\Zack's Stuff\S\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{2B0965D6-CD0A-4CD8-A999-0C1B17E92E32}] => (Allow) D:\zack4\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{54C7907E-6AC3-42A5-B214-A91999753FEC}] => (Allow) D:\zack4\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{85135F35-4BF1-4D3B-A0AF-8E6D7CF9BDED}] => (Allow) D:\zack4\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11_b.exe
FirewallRules: [{AE74D702-8F11-416F-A77F-8B771CCB6737}] => (Allow) D:\zack4\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11_b.exe
FirewallRules: [{DCF87003-9DDD-42AC-AB9F-9864D7070DA9}] => (Allow) D:\zack4\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{C53E3414-96BE-4FF5-828B-03A78D62F835}] => (Allow) D:\zack4\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{EB9EBA9E-1231-4D95-B098-6162F1EAF483}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{B177BB41-5BFF-4C04-BFC1-CBF8B778FCAE}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{F97DFDC8-96C7-4949-9F6D-A0776C99DF85}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{56DFA39C-A9E3-4FC4-A4C8-C44D40AEC314}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{7B48558B-F6F2-42A0-95F9-74EFC1D8B91C}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{A30C1308-8750-4DBF-B855-FB28FCE44A7B}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{C2D07F58-BBD2-42B1-81F8-0CAFB65F6F48}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{216EC2E0-3FAB-41CE-B5FA-28823D3F9361}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{223E3BB6-9987-4AB7-83A8-DD52078879EA}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{305B3721-BEE6-45DE-94DA-B479FC243A2A}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{00751D06-076A-494F-8493-D2923C679B53}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4DBDFD44-997A-4868-B8A3-7AD4CE05D1E6}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warframe\Warframe.exe
FirewallRules: [UDP Query User{B7CC7691-1741-461A-928E-A4CA1B4FD069}F:\zack's stuff\s\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) F:\zack's stuff\s\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{7B327CCB-EE51-403D-A2DF-171770181DAB}F:\zack's stuff\s\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) F:\zack's stuff\s\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{8D7AB49A-DEE4-4D9C-9E9D-F04E27D4CDE0}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warface\live\nw.exe
FirewallRules: [{4F922F55-3BC5-4D3B-8339-665AECEA0442}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Warface\live\nw.exe
FirewallRules: [{661B8C0B-ED6A-4CFF-90F3-0446152C222B}] => (Allow) F:\Zack's Stuff\S\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{5A645A23-89AD-49C4-80BC-7EF78E94326F}] => (Allow) F:\Zack's Stuff\S\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{CF312F74-7DF6-4600-B792-D2CF5D09C9A0}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Iron Snout\IronSnout.exe
FirewallRules: [{E7A427B1-092E-4671-8CBD-534FAAF66711}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Iron Snout\IronSnout.exe
FirewallRules: [{83668125-6C7D-4BA7-A394-26AF1B921A46}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F22CFC7E-CBF7-41D7-ADB6-DC6A26306FF8}] => (Allow) F:\Zack's Stuff\S\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{935926D6-BC5E-4661-8429-AB7274402609}] => (Allow) F:\Zack's Stuff\S\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{4DE24F27-01B7-48E5-A511-9C6F9888D58B}] => (Allow) F:\Zack's Stuff\S\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{5927EF02-1C30-42FB-9779-B0AAD216EA67}] => (Allow) F:\Zack's Stuff\S\Steam.exe
FirewallRules: [{D61DF526-D7D0-4464-8D73-0EBAA2257785}] => (Allow) F:\Zack's Stuff\S\Steam.exe
FirewallRules: [{E2C29C42-E52B-4E63-B828-976F967F9977}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{44FF697A-A7F8-4BAA-BFBA-91A657C956AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9947BA7F-16B2-4252-849D-FA187F248776}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{40B05693-B89F-4CF8-9629-FB851E758A00}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [TCP Query User{A03DE42B-44A6-46DF-AEA5-3C745ABEF203}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [UDP Query User{7B8E3A7B-D40B-4A39-8FA8-72529053F708}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{9F4DBDC6-0BC2-47AE-B379-5A5829061B23}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{95F21149-D9C5-40CD-A22D-646AD04CA1A9}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [TCP Query User{4DA0DE5C-B40F-4995-817A-49A8476CDD54}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{49F1AEAE-0ED0-4FA3-B8F4-71F46B6D3009}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{597FEBBA-200C-417D-98BF-200C1FDDCBCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{DDF38E5D-D92C-4DDD-9097-AE8DB51380AD}] => (Allow) C:\Program Files (x86)\Intel\Intel Unite\Hub\Intel Unite.exe
FirewallRules: [{203B8D2E-E8C5-4BE3-9D9A-5692EB94E0F9}] => (Allow) LPort=80
FirewallRules: [{FB237C1C-C5B4-4679-9EFD-0E706FDDCFD7}] => (Allow) LPort=443
FirewallRules: [{E7D5356F-3EF0-4721-8A0D-A949490B2C1D}] => (Allow) C:\Program Files (x86)\Lenovo\BluetoothLock\Lenovo Bluetooth Lock.exe
FirewallRules: [{A0D703C5-BAC8-4DF5-88E4-90B304F09B3C}] => (Allow) C:\Program Files (x86)\Lenovo\BluetoothLock\Lenovo Bluetooth Lock.exe
FirewallRules: [{E166345E-FC3C-4C58-94F2-0BF34354F192}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1281783E-E1C6-40F4-AD01-7C674A7A320E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9FE923C3-1937-4D5A-9738-796B33542D6A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{91D62120-56A8-4FE8-B8F6-FCDC4799A8C5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{488C2DBC-C126-49BB-8934-D7CB00CB3AB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{E95388F6-7662-4C00-8F0E-C4BFD5D85C29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{B24F7481-5DF9-43AB-BA1D-F6948FFE0957}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{C2FBDCE1-ADF1-44B1-B63D-AE3CF5118906}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShellShock Live\ShellShockLive.exe
FirewallRules: [{EB062C76-4FF7-4769-A824-4669BE902864}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{552B8A7E-6FE9-4E76-B688-D15D6D1C7179}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{D77484B2-22D1-4E66-BA98-578A738A3101}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{90B3D83B-B2F4-4A70-B8A6-152F55129FF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{01322F80-5998-4C17-80BA-2DD5322CB58B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{7ED4EAF8-C6FA-45FA-B28A-75BE4DF087C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{9555BE31-4AFC-4FAC-8CDE-054C4AD6F559}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{88ED773B-512A-47C6-9034-01DC0C968F62}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BB77860B-4A57-4DBB-AD64-DEF05333C7AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D60A202B-C8FB-41CF-8919-88DF1EF9E815}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{225EB48D-5FF4-4288-8ECB-CD3F2FA7B5DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C00DCBB9-38B9-4344-B961-5DADAED71FCC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD20D773-E258-45BB-A40A-1E9006DBDB7E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{091F7251-14D0-4CB3-8E1D-16D2772E5F9F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CB201CD9-45D5-4E14-B139-CA8DADBC3152}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B63F2B39-F322-40E6-973B-837AAB781984}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iron Snout\IronSnout.exe
FirewallRules: [{C9169D29-24A2-4F8E-A4CF-A11101370467}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iron Snout\IronSnout.exe
FirewallRules: [{887ECCBB-0F72-44FF-8DE2-36BC76848A89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Double Action\bin\hammer.exe
FirewallRules: [{6B04BF9C-6005-4F2F-BAD1-9C00F7F68355}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Double Action\bin\hammer.exe
FirewallRules: [{0630754B-F9BC-4252-84FF-D51C71F421D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{C8D1FA5C-8CA8-4F91-9261-74DEAEE0778B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [TCP Query User{C54507B3-C1D6-4A91-9038-1DFBCC86A323}D:\sl2\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\sl2\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{D8E94B3A-7538-43B1-B542-4A42F93AF0AA}D:\sl2\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\sl2\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{FDAF0C9D-F582-4A09-AECE-8CADE04B1BA0}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{647C0F30-B9C0-42FE-90FE-64142A76B070}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{113F0094-5021-4391-B121-B95AD5F617C3}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{ECAC7C34-4934-430A-87A4-E58D1CA83010}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{7AF46E78-A1C6-45BD-89D3-8684E3E727E0}C:\program files\adobe\adobe after effects cc 2018\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2018\support files\afterfx.exe
FirewallRules: [UDP Query User{80027550-5CCE-4F62-BF2D-D2858266BAE0}C:\program files\adobe\adobe after effects cc 2018\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2018\support files\afterfx.exe
FirewallRules: [{8819F8FF-4CB9-4CC3-8ED2-A3319B00BA87}] => (Allow) D:\SL2\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{49BB6E18-4815-4E75-B498-F1B91543A0D6}] => (Allow) D:\SL2\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{706B75FD-55DD-468A-BA8A-A1676543B870}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E1F966B7-5B0E-46D6-BC18-14D829234230}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{CD99839A-B779-4B4B-AB34-A0E6EC3BDDFD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{89AD24C5-AF5C-451D-AF3B-65A83B169BD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{32FF15D3-EC3F-4191-B7FA-7DC4695A52CE}] => (Allow) D:\SL2\steamapps\common\Deceit\bin\win_x64\Deceit.exe
FirewallRules: [{D59EECBD-CEFE-4A11-B2DC-7C9A7CD3D9CD}] => (Allow) D:\SL2\steamapps\common\Deceit\bin\win_x64\Deceit.exe
FirewallRules: [{1B17CFBB-23D9-493B-83A6-190384F46BD9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{4ADE9EB1-645B-466C-B3C7-7B6746E8DBB3}D:\ue\ue_4.17\engine\binaries\win64\ue4editor.exe] => (Allow) D:\ue\ue_4.17\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{49D13DC9-7890-4DF6-BF09-BCEC68849B68}D:\ue\ue_4.17\engine\binaries\win64\ue4editor.exe] => (Allow) D:\ue\ue_4.17\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{56BE2CDB-5E94-48C7-B25B-E16295D75A70}D:\ue\ue_4.17\engine\binaries\dotnet\swarmagent.exe] => (Allow) D:\ue\ue_4.17\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{E1049D61-B11B-4CEA-BCCC-45ACE486CB03}D:\ue\ue_4.17\engine\binaries\dotnet\swarmagent.exe] => (Allow) D:\ue\ue_4.17\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [{2EC2A747-42DF-4B4A-B155-5F4B7EE7525A}] => (Allow) C:\Program Files\Unity\Editor\Unity.exe
FirewallRules: [{AB91917D-57D0-4674-8A31-927DDABB7C63}] => (Block) C:\Program Files\Unity\Editor\Unity.exe
FirewallRules: [{3CB72BDE-0995-4980-9869-7F6A5D7C23A7}] => (Allow) C:\Program Files\Unity\Editor\Data\Tools\nodejs\node.exe
FirewallRules: [{57907704-D6DD-421D-839C-17AB75E48E1A}] => (Block) C:\Program Files\Unity\Editor\Data\Tools\nodejs\node.exe
FirewallRules: [{40931CC9-D7DE-47CA-B6A9-97CCD90971C5}] => (Allow) D:\SL2\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{AEE4A4C3-0D66-4B9E-BF68-E272E3FEBCA9}] => (Allow) D:\SL2\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [TCP Query User{ABA60FD4-93ED-4B0A-B4E4-482E054016DB}D:\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{4E9F06A5-89FF-4522-BCF8-D5E256902F6F}D:\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{01B2AE38-D1EA-434B-81C3-31DAC155E6EC}] => (Allow) F:\Zack's Stuff\S\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{20ABE554-9670-40C9-B4F3-F857634EDC89}] => (Allow) F:\Zack's Stuff\S\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{2AFFB63B-54FA-4876-B3E3-BE32EFBC3BD4}] => (Allow) F:\Zack's Stuff\S\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{A4CE2657-D008-447C-8AC0-3FFF04D64550}] => (Allow) F:\Zack's Stuff\S\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{415A6A4D-3B00-4010-8A55-8EB92D68C743}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{5C5C15B9-69E6-45FF-8BEE-CF759C0B494D}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe
FirewallRules: [{49F3F916-E8B5-4A9E-933F-B9A343742EC4}] => (Allow) C:\WINDOWS\mjoEUYYEgajZ.exe
FirewallRules: [{180CFB9E-428D-4A5B-8967-0CDBEC912A0E}] => (Allow) C:\WINDOWS\kOEOU.exe
FirewallRules: [{A076ED20-4F54-4B7C-AC1F-146A05B04F35}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{09A8664C-6C15-49B5-AD1D-04A35DBDDABD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F6E0C79D-B13B-4226-8A16-907EDAD749FA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9D6F8D2E-D03A-4218-AC1D-B295A1089143}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6DC34642-0165-480E-983C-485E03095915}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{96C4385A-F4DC-435A-A850-2098649F4FC0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [TCP Query User{7F8DE907-6E66-4CD2-B96E-3829EC5691AF}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [UDP Query User{6614D121-D02B-4793-AAB5-FCAE90BCC70A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [{4E18236F-CEED-4080-914B-6D414DE08D2E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F01708FC-3380-4E08-BDA1-F314EC1A6872}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{CD74627F-4F81-4F1A-AF32-9BB78C0EBD2A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{744DA6BF-9AEF-4DFA-A037-5A25F3619B39}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{9F6192C8-1532-4B2D-9713-6F9AE021B6E1}] => (Allow) D:\SL2\steamapps\common\Deceit\bin\win_x64\Deceit.exe
FirewallRules: [{38BEB494-E6C3-459D-A71D-BDA4D0F5D826}] => (Allow) D:\SL2\steamapps\common\Deceit\bin\win_x64\Deceit.exe
FirewallRules: [TCP Query User{60BB0022-19F1-4797-A88B-D9DC6E1F0AAF}D:\ue\ue_4.19\engine\binaries\win64\ue4editor.exe] => (Allow) D:\ue\ue_4.19\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{175E4CDE-5CF4-44DD-857B-C6C096B0CD54}D:\ue\ue_4.19\engine\binaries\win64\ue4editor.exe] => (Allow) D:\ue\ue_4.19\engine\binaries\win64\ue4editor.exe
FirewallRules: [{1AE278D8-D96E-4BC5-9F5F-82DFC5114CAF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{78516EDB-07E1-428D-858B-9C4054FB31B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D86D6117-7154-4A0F-96B9-76E018CB72E7}] => (Allow) F:\Zack's Stuff\S\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{59ABA678-FC86-4891-A549-CE1DDBAA26F5}] => (Allow) F:\Zack's Stuff\S\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{0EC8A961-E4FE-46BA-8CD6-11937D4D1DFD}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{9A8E6989-45D9-403C-8B74-60EB7DAEBCC8}] => (Allow) C:\Users\Zack_2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1B046205-41B2-4361-8D93-4A5D904CF61C}] => (Allow) C:\Users\Zack_2\AppData\Roaming\uTorrent\uTorrent.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2018 07:34:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "F:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (06/10/2018 07:34:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "F:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (06/10/2018 07:00:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "F:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (06/10/2018 06:19:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "F:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (06/10/2018 06:19:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "F:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (06/10/2018 06:12:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "F:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (06/10/2018 06:12:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "F:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (06/10/2018 05:46:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "F:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.


System errors:
=============
Error: (06/10/2018 08:34:30 PM) (Source: DCOM) (EventID: 10010) (User: NEWTHINKCENTER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (06/10/2018 08:32:30 PM) (Source: DCOM) (EventID: 10010) (User: NEWTHINKCENTER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (06/10/2018 08:30:30 PM) (Source: DCOM) (EventID: 10010) (User: NEWTHINKCENTER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (06/10/2018 08:28:30 PM) (Source: DCOM) (EventID: 10010) (User: NEWTHINKCENTER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (06/10/2018 08:26:30 PM) (Source: DCOM) (EventID: 10010) (User: NEWTHINKCENTER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (06/10/2018 08:24:30 PM) (Source: DCOM) (EventID: 10010) (User: NEWTHINKCENTER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (06/10/2018 08:22:30 PM) (Source: DCOM) (EventID: 10010) (User: NEWTHINKCENTER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (06/10/2018 08:20:30 PM) (Source: DCOM) (EventID: 10010) (User: NEWTHINKCENTER)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2018-06-08 12:12:27.654
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B813818E-B4D3-49E7-9671-C67459A9BD37}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-04 18:09:31.129
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C2C7D224-C1B2-49BC-B5B2-4B94DC97DA09}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-03 15:08:42.483
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {067426D6-BD56-4BBC-9A3A-6474CC92AE7A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-01 16:06:37.335
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {79B200AA-82FB-43F1-846C-331647087706}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-26 21:00:48.209
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C0C7DF00-51CF-4A71-9C09-24F24104C95F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-24 15:20:22.314
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1906.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-04-02 23:32:54.503
Description:
Windows Defender Antivirus engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception code: 0xc0000005
Resource: file:C:\WINDOWS\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6

CodeIntegrity:
===================================

Date: 2018-06-10 20:21:11.596
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-10 20:21:11.595
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-10 20:15:01.150
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-10 20:15:01.149
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-10 20:12:51.078
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-10 20:12:51.076
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-10 20:06:11.211
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-10 20:06:11.210
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 16313.98 MB
Available physical RAM: 10223.49 MB
Total Virtual: 32697.98 MB
Available Virtual: 25877.27 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.23 GB) (Free:56.66 GB) NTFS
Drive d: (Data) (Fixed) (Total:469.03 GB) (Free:61.8 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:292.97 GB) (Free:98.78 GB) NTFS

\\?\Volume{cc6b1053-c5a5-4f58-a06d-607398547ccf}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{b596f26c-2585-4148-89d4-d1a142cd0868}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.57 GB) NTFS
\\?\Volume{d789decb-8cb1-4aa3-97c6-5049a318c428}\ () (Fixed) (Total:0.5 GB) (Free:0.5 GB) FAT32

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted 10 June 2018 - 08:29 PM

Greetings zack466 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

SmartService Removal With Recovery Environment Installed

--------------------
  • On a clean computer download Farbar Recover Scan Tool for 64 bit systems and save it to a USB device
  • Remove the USB device
  • On your compromised computer click on Start, type command, right click on Command Prompt above and select Run as administrator
  • Type bcdedit /set recoveryenabled Yes and hit Enter
  • Confirm The operation completed successfully
  • Close the Command window
  • Hold down the Shift Key, click Start, click on the power icon just above Start, then select Restart
  • Select Troubleshoot
  • Select Advanced options
  • Select Command Prompt
  • Select your User Account
  • Type your password, if necessary
  • Insert the USB drive containing FRST into the compromised computer
  • In the command window type in Notepad and press Enter
  • Click File then Open
  • In the lower right hand corner change Text Documents (*.txt) to All Files (*.*)
  • On the left side locate and double click on the USB device containing FRST
  • Right click on the FRST icon and select Run as administrator
  • Click Yes on the Disclaimer
  • Press Scan button.
  • When completed a (FRST.txt) file will be created on the flash drive. Please copy and paste the contents in your reply.
  • Reboot your computer into Normal Boot and run a new FRST scan
  • Copy and post both reports in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FRST.txt
  • Addition.txt

Edited by Oh My!, 10 June 2018 - 09:19 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 zack466

zack466
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 10 June 2018 - 10:02 PM

Thanks for your help! I'll try this ASAP tomorrow.



#4 zack466

zack466
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 11 June 2018 - 09:00 AM

I did the bcdedit command on an admin CMD window, and it says "the operation completed successfully," but I'm having trouble entering safe mode. When I hold shift and then press restart, the computer restarts, but then it just goes straight to the user login page.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted 11 June 2018 - 10:10 AM

Greetings.

Do you have a Windows 10 Pro 64 bit installation disk?

Please run this.

===================================================

ListParts by Farbar for 64 bit Systems

--------------------
  • Please download ListParts.exe (for 64 bit systems) and save it to your desktop
  • Right click on the icon and select Run as administrator
  • Place a check mark in List BCD
  • Click Scan
  • When completed copy and paste the Result.txt report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Windows disk?
  • Result.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 zack466

zack466
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 11 June 2018 - 11:26 AM

I don't have a Windows Installation disk. I bought my PC with custom parts(it's a prebuilt Lenovo PC) and as far as I can remember, Windows 10 was already installed and I just had to set it up. On the about page of settings, it says that Windows 10 Pro is activated with a digital license linked to my Microsoft account.

 

Here is result.txt

 

ListParts by Farbar Version: 31-07-2014
Ran by Zack on 11-06-2018 at 12:21:31
WIN_81 (X64)
Running From: C:\Users\zack4\Downloads
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 25%
Total physical RAM: 16313.98 MB
Available physical RAM: 12088.96 MB
Total Pagefile: 32697.98 MB
Available Pagefile: 27429.98 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:237.23 GB) (Free:58.04 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:469.03 GB) (Free:61.89 GB) NTFS
3 Drive f: (New Volume) (Fixed) (Total:292.97 GB) (Free:98.77 GB) NTFS

============================== MBR Partition Table ==================

The boot configuration data store could not be opened.
Access is denied.


****** End Of Log ******



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted 11 June 2018 - 03:13 PM

Thank you for the information.

Please create a Windows Installation Disk as outlined here in the below link. If you use a USB you will need to have another USB device in order to complete the steps we need to take.

Using the tool to create installation media (USB flash drive, DVD, or ISO file) to install Windows 10 on a different PC (click to show more or less information)

Let me know when the media has been created.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 zack466

zack466
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 11 June 2018 - 05:36 PM

I tried to use the program, but I keep getting an error code: 0x80070005 - 0xA001A, at 50% completion. I also used the program with Rufus to try and create the usb boot stick with a windows 10 ISO image made with the media creation tool, but that failed because of an "ISO image extraction failure."



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted 11 June 2018 - 07:40 PM

Please disable any running antivirus program. If that doesn't help use the Windows Download Tool found here.


Edited by Oh My!, 11 June 2018 - 07:49 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 zack466

zack466
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 12 June 2018 - 08:00 PM

Thanks, will try again tomorrow.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted 12 June 2018 - 08:07 PM

:thumbsup2:

I was having issues creating a USB on one of my computers but it worked just fine on another computer so it doesn't shock me you ran into an issue.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 zack466

zack466
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 15 June 2018 - 04:48 PM

I disabled malwarebytes and windows defender, but I still keep getting the same error, 0x80070005 - 0xA001A.



#13 zack466

zack466
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 15 June 2018 - 04:51 PM

I am currently using the windows download tool to try and download the iso file.



#14 zack466

zack466
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 15 June 2018 - 05:19 PM

I've got the ISO file, but each time I try to put it on the USB with Rufus, it gives me an error, ISO Image Extraction failure.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted 15 June 2018 - 07:00 PM

OK,

Please attempt to use the Microsoft Windows and Office ISO Download Tool 6.10 method.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users