Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsure If I am infected. Context Menu Disappears


  • This topic is locked This topic is locked
3 replies to this topic

#1 Matt3D

Matt3D

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 17 July 2018 - 03:46 AM

Hello, I am running Windows 10 Pro 64bit and I am experiencing an unusual problem. Whenever I navigate to This Computer and Right click on any folder or hard drive the context menu disappears rather quickly. On the other hand, once I move into a deeper directory in any drive I do not experience a disappearing context menu. I'm not sure if I am infected. Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.07.2018
Ran by Matt (administrator) on XXXX-PC (17-07-2018 01:32:31)
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt (Available Profiles: Matt)
Platform: Windows 10 Pro Version 1709 16299.547 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
( ) C:\Windows\System32\lxdxcoms.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessus-service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Electronic Arts) D:\programs\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Tenable, Inc.) C:\Program Files\Tenable\Nessus\nessusd.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_18_5\mcapexe.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(f.lux Software LLC) C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1067024 2018-01-03] (The Eraser Project)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3754168 2018-07-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [115688 2017-09-18] (VMware, Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3054529609-2227142601-4056631604-1000\...\Run: [f.lux] => C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-3054529609-2227142601-4056631604-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [36864 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-01-15]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-03-19]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{54f5316c-c553-432e-833e-5c944d091940}: [DhcpNameServer] 10.111.114.1
Tcpip\..\Interfaces\{e3d7d355-98da-4ca5-b83f-41e0c1445b09}: [NameServer] 172.16.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3054529609-2227142601-4056631604-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-05-23] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-12-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-23] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-23] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2018-05-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-23] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-06-15] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-06-15] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: sqoyh4rw.default
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\sqoyh4rw.default [2018-07-17]
FF Homepage: Mozilla\Firefox\Profiles\sqoyh4rw.default -> www.google.com
FF Extension: (HTTPS Everywhere) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\sqoyh4rw.default\Extensions\https-everywhere-eff@eff.org.xpi [2018-06-25]
FF Extension: (AdBlock) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\sqoyh4rw.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-07-10]
FF Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\sqoyh4rw.default\Extensions\{f73df109-8fb4-453e-8373-f59e61ca4da3}.xpi [2018-02-15]
FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-08] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-17] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-17] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default [2018-06-09]
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-04-20]
CHR Extension: (Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-02]
CHR Extension: (Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-05]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-05]
CHR Extension: (Adblock Plus) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-20]
CHR Extension: (Adobe Acrobat) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-20]
CHR Extension: (Google Docs Offline) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-05]
CHR Extension: (Chrome Media Router) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-20]
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atiesrxx.exe [481144 2018-02-06] (AMD)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc.)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51392 2018-07-12] (Dropbox, Inc.)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4346320 2017-02-08] (SecureMix LLC)
S2 lxdxCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
R2 lxdx_device; C:\Windows\SysWOW64\lxdxcoms.exe [589824 2009-10-16] ( )
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-06-05] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_5\McApExe.exe [728808 2018-06-12] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-04-24] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [519120 2018-04-24] (McAfee, LLC)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [473552 2018-04-24] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1689952 2018-06-05] (McAfee, Inc.)
S3 Origin Client Service; D:\programs\Origin\OriginClientService.exe [2123104 2017-11-02] (Electronic Arts)
R2 Origin Web Helper Service; D:\programs\Origin\OriginWebHelperService.exe [3002728 2017-11-02] (Electronic Arts)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1047448 2018-05-29] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-05-08] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-08] ()
R2 sedsvc; C:\Program Files\rempl\sedsvc.exe [135816 2018-06-28] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-14] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945264 2017-11-24] (TeamViewer GmbH)
R2 Tenable Nessus; C:\Program Files\Tenable\Nessus\nessus-service.exe [17376 2017-04-10] (Tenable Network Security, Inc)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14344168 2017-09-18] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\NisSrv.exe [4633248 2018-04-20] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MsMpEng.exe [104680 2018-04-20] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [490672 2018-06-28] (Windscribe Limited)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atikmdag.sys [41578872 2018-02-06] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atikmpag.sys [545656 2018-02-06] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-20] (Advanced Micro Devices)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-05-16] (McAfee, LLC)
R1 FNETURPX; C:\WINDOWS\System32\drivers\FNETURPX.SYS [15936 2015-04-27] (FNet Co., Ltd.)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-12-12] (REALiX™)
S3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16896 2017-09-29] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-07-17] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-05-16] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [361888 2018-05-16] (McAfee, LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-05-16] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [533408 2018-05-16] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [954784 2018-05-16] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [550288 2018-05-03] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108944 2018-05-03] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-05-16] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-05-16] (McAfee, LLC)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [81736 2017-08-29] (Insecure.Com LLC.)
S4 npcap_wifi; C:\WINDOWS\system32\DRIVERS\npcap.sys [81736 2017-08-29] (Insecure.Com LLC.)
S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46896 2017-12-15] ()
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [47944 2018-01-10] (SteelSeries ApS)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [200832 2017-11-22] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [211704 2017-11-22] (Oracle Corporation)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [631200 2018-02-01] (IDRIX)
S3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [57976 2017-03-09] (Shaul Eizikovich)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-04-20] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [311848 2018-04-20] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60456 2018-04-20] (Microsoft Corporation)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2016-07-07] (Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2016-07-07] (Nicomsoft Ltd.) [File not signed]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-17 01:32 - 2018-07-17 01:32 - 000025895 _____ C:\Users\Matt\Downloads\FRST.txt
2018-07-17 01:32 - 2018-07-17 01:32 - 000000000 ____D C:\FRST
2018-07-17 01:32 - 2018-07-17 01:32 - 000000000 _____ C:\WINDOWS\erunt.exe
2018-07-17 01:32 - 2018-07-17 01:32 - 000000000 _____ C:\WINDOWS\erdntwin.loc
2018-07-17 01:32 - 2018-07-17 01:32 - 000000000 _____ C:\WINDOWS\erdntdos.loc
2018-07-17 01:32 - 2018-07-17 01:32 - 000000000 _____ C:\WINDOWS\erdnt.e_e
2018-07-17 01:31 - 2018-07-17 01:31 - 002412544 _____ (Farbar) C:\Users\Matt\Downloads\FRST64.exe
2018-07-17 01:19 - 2018-07-17 01:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-07-17 01:09 - 2018-07-17 01:09 - 000388608 _____ (Trend Micro Inc.) C:\Users\Matt\Downloads\HijackThis.exe
2018-07-17 01:08 - 2018-07-17 01:08 - 007395536 _____ (Malwarebytes) C:\Users\Matt\Downloads\AdwCleaner.exe
2018-07-17 01:08 - 2018-07-17 01:08 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-13 15:37 - 2018-07-13 15:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-12 19:01 - 2018-07-12 19:01 - 000051392 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-07-12 19:01 - 2018-07-12 19:01 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-07-12 19:01 - 2018-07-12 19:01 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-07-12 19:01 - 2018-07-12 19:01 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-07-10 15:22 - 2018-07-10 15:22 - 000000000 ____D C:\Program Files\rempl
2018-07-10 15:08 - 2018-07-10 15:08 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\Matt\Downloads\flashplayer30au_ha_install.exe
2018-07-10 13:20 - 2018-07-16 23:50 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test
2018-07-10 12:30 - 2018-06-29 02:34 - 000022392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-07-10 12:30 - 2018-06-29 02:25 - 000248224 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-10 12:30 - 2018-06-29 01:53 - 001614144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-10 12:30 - 2018-06-29 01:20 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-10 12:30 - 2018-06-29 01:19 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-10 12:30 - 2018-06-29 01:19 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-07-10 12:30 - 2018-06-29 01:17 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-10 12:30 - 2018-06-29 01:17 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll
2018-07-10 12:30 - 2018-06-29 01:16 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-07-10 12:30 - 2018-06-29 01:15 - 018933760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-10 12:30 - 2018-06-29 01:15 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-10 12:30 - 2018-06-29 01:13 - 019358720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-10 12:30 - 2018-06-29 01:12 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-07-10 12:30 - 2018-06-29 01:11 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-10 12:30 - 2018-06-29 01:09 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-07-10 12:30 - 2018-06-29 01:09 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-07-10 12:30 - 2018-06-29 01:08 - 003663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-10 12:30 - 2018-06-29 01:08 - 001565696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-10 12:30 - 2018-06-29 01:04 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-10 12:30 - 2018-06-13 15:31 - 000979864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-07-10 12:30 - 2018-06-13 15:28 - 000555928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-07-10 12:30 - 2018-06-13 14:44 - 000747928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-07-10 12:30 - 2018-06-13 14:14 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-07-10 12:30 - 2018-06-13 14:13 - 007812608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-10 12:30 - 2018-06-13 14:13 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-10 12:30 - 2018-06-13 14:12 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-07-10 12:30 - 2018-06-13 14:01 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-10 12:30 - 2018-06-13 14:01 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-07-10 12:29 - 2018-06-29 02:39 - 000309656 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-10 12:29 - 2018-06-29 02:39 - 000144800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-10 12:29 - 2018-06-29 02:38 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-10 12:29 - 2018-06-29 02:38 - 001056160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-10 12:29 - 2018-06-29 02:37 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-10 12:29 - 2018-06-29 02:37 - 000452000 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-10 12:29 - 2018-06-29 02:37 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-10 12:29 - 2018-06-29 02:36 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-10 12:29 - 2018-06-29 02:36 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-10 12:29 - 2018-06-29 02:36 - 000612256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-10 12:29 - 2018-06-29 02:36 - 000445856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-10 12:29 - 2018-06-29 02:35 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-10 12:29 - 2018-06-29 02:35 - 000480664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-10 12:29 - 2018-06-29 02:35 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-10 12:29 - 2018-06-29 02:34 - 008629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-10 12:29 - 2018-06-29 02:34 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-10 12:29 - 2018-06-29 02:34 - 001953536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-10 12:29 - 2018-06-29 02:34 - 000739184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-10 12:29 - 2018-06-29 02:34 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-07-10 12:29 - 2018-06-29 02:34 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-10 12:29 - 2018-06-29 02:32 - 001849752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-10 12:29 - 2018-06-29 02:29 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-10 12:29 - 2018-06-29 02:23 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-10 12:29 - 2018-06-29 02:19 - 002767768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-10 12:29 - 2018-06-29 01:53 - 001931248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-10 12:29 - 2018-06-29 01:52 - 000367512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-10 12:29 - 2018-06-29 01:51 - 000596648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-10 12:29 - 2018-06-29 01:25 - 025258496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-10 12:29 - 2018-06-29 01:19 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-10 12:29 - 2018-06-29 01:17 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-07-10 12:29 - 2018-06-29 01:16 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-10 12:29 - 2018-06-29 01:14 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-10 12:29 - 2018-06-29 01:13 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-10 12:29 - 2018-06-29 01:13 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-10 12:29 - 2018-06-29 01:12 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-10 12:29 - 2018-06-29 01:12 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-10 12:29 - 2018-06-29 01:12 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-10 12:29 - 2018-06-29 01:11 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-07-10 12:29 - 2018-06-29 01:10 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-07-10 12:29 - 2018-06-29 01:09 - 011925504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-10 12:29 - 2018-06-29 01:09 - 006018560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-10 12:29 - 2018-06-29 01:09 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2018-07-10 12:29 - 2018-06-29 01:09 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-10 12:29 - 2018-06-29 01:09 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-10 12:29 - 2018-06-29 01:09 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-10 12:29 - 2018-06-29 01:09 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-07-10 12:29 - 2018-06-29 01:08 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-10 12:29 - 2018-06-29 01:08 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-10 12:29 - 2018-06-29 01:07 - 000955392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-07-10 12:29 - 2018-06-29 01:07 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-10 12:29 - 2018-06-29 01:06 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-10 12:29 - 2018-06-29 01:05 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-07-10 12:29 - 2018-06-29 01:04 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-10 12:29 - 2018-06-29 01:04 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-10 12:29 - 2018-06-29 01:04 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-07-10 12:29 - 2018-06-29 01:03 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-10 12:29 - 2018-06-29 01:03 - 000945152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-10 12:29 - 2018-06-29 01:00 - 013712896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-07-10 12:29 - 2018-06-29 01:00 - 004724736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-10 12:29 - 2018-06-29 01:00 - 001238016 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-07-10 12:29 - 2018-06-29 00:59 - 012832768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-10 12:29 - 2018-06-29 00:59 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-10 12:29 - 2018-06-29 00:58 - 008069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-10 12:29 - 2018-06-29 00:58 - 001812992 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-10 12:29 - 2018-06-29 00:58 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-10 12:29 - 2018-06-29 00:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-07-10 12:29 - 2018-06-29 00:53 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-07-10 12:29 - 2018-06-29 00:53 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-07-10 12:29 - 2018-06-29 00:53 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2018-07-10 12:29 - 2018-06-28 22:11 - 004876800 _____ (Gracenote, Inc.) C:\WINDOWS\system32\gnsdk_fp.dll
2018-07-10 12:29 - 2018-06-28 22:11 - 004171264 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2018-07-10 12:29 - 2018-06-13 15:41 - 001093040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-10 12:29 - 2018-06-13 15:41 - 000925672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-10 12:29 - 2018-06-13 15:38 - 005859248 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-07-10 12:29 - 2018-06-13 15:38 - 001133880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-10 12:29 - 2018-06-13 15:38 - 000479920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-10 12:29 - 2018-06-13 15:36 - 000137624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-10 12:29 - 2018-06-13 15:35 - 002395544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-10 12:29 - 2018-06-13 15:35 - 001416864 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-10 12:29 - 2018-06-13 15:35 - 001210784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-10 12:29 - 2018-06-13 15:35 - 001002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-10 12:29 - 2018-06-13 15:35 - 000453024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2018-07-10 12:29 - 2018-06-13 15:32 - 000130600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2018-07-10 12:29 - 2018-06-13 15:31 - 007671696 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-10 12:29 - 2018-06-13 15:31 - 000525728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-07-10 12:29 - 2018-06-13 15:31 - 000491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-10 12:29 - 2018-06-13 15:29 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-07-10 12:29 - 2018-06-13 15:29 - 000671024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-07-10 12:29 - 2018-06-13 15:29 - 000225696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-07-10 12:29 - 2018-06-13 15:28 - 000688576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-07-10 12:29 - 2018-06-13 15:28 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-07-10 12:29 - 2018-06-13 15:27 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-10 12:29 - 2018-06-13 15:26 - 001084736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-07-10 12:29 - 2018-06-13 15:26 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2018-07-10 12:29 - 2018-06-13 15:25 - 002220448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-07-10 12:29 - 2018-06-13 15:25 - 000628632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-07-10 12:29 - 2018-06-13 15:25 - 000040344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClientPS.dll
2018-07-10 12:29 - 2018-06-13 15:24 - 000057464 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-07-10 12:29 - 2018-06-13 14:54 - 001383784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-10 12:29 - 2018-06-13 14:50 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-10 12:29 - 2018-06-13 14:46 - 000422592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-10 12:29 - 2018-06-13 14:44 - 006086960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-10 12:29 - 2018-06-13 14:44 - 000592800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-07-10 12:29 - 2018-06-13 14:44 - 000550176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-07-10 12:29 - 2018-06-13 14:42 - 000544432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-07-10 12:29 - 2018-06-13 14:41 - 001525288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-10 12:29 - 2018-06-13 14:41 - 001033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-07-10 12:29 - 2018-06-13 14:40 - 001490840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-07-10 12:29 - 2018-06-13 14:40 - 000027040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVClientPS.dll
2018-07-10 12:29 - 2018-06-13 14:39 - 000505160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2018-07-10 12:29 - 2018-06-13 14:39 - 000251096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2018-07-10 12:29 - 2018-06-13 14:39 - 000148376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mavinject.exe
2018-07-10 12:29 - 2018-06-13 14:24 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-10 12:29 - 2018-06-13 14:21 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSOpusDecoder.dll
2018-07-10 12:29 - 2018-06-13 14:19 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2018-07-10 12:29 - 2018-06-13 14:17 - 000098304 _____ C:\WINDOWS\system32\runexehelper.exe
2018-07-10 12:29 - 2018-06-13 14:16 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-10 12:29 - 2018-06-13 14:16 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-07-10 12:29 - 2018-06-13 14:15 - 001508864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2018-07-10 12:29 - 2018-06-13 14:14 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-10 12:29 - 2018-06-13 14:14 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-07-10 12:29 - 2018-06-13 14:12 - 002577920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-07-10 12:29 - 2018-06-13 14:12 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-07-10 12:29 - 2018-06-13 14:12 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-10 12:29 - 2018-06-13 14:12 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSOpusDecoder.dll
2018-07-10 12:29 - 2018-06-13 14:11 - 000975360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-07-10 12:29 - 2018-06-13 14:11 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-07-10 12:29 - 2018-06-13 14:10 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-10 12:29 - 2018-06-13 14:09 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2018-07-10 12:29 - 2018-06-13 14:07 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-10 12:29 - 2018-06-13 14:07 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-10 12:29 - 2018-06-13 14:06 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-10 12:29 - 2018-06-13 14:04 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-10 12:29 - 2018-06-13 14:04 - 003180544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-10 12:29 - 2018-06-13 14:04 - 002212352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-10 12:29 - 2018-06-13 14:03 - 003161088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-07-10 12:29 - 2018-06-13 14:03 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-10 12:29 - 2018-06-13 14:03 - 001607168 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2018-07-10 12:29 - 2018-06-13 14:02 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-07-10 12:29 - 2018-06-13 14:02 - 002786304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-10 12:29 - 2018-06-13 14:02 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-07-10 12:29 - 2018-06-13 14:02 - 002528768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-10 12:29 - 2018-06-13 14:01 - 001249792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-07-10 12:29 - 2018-06-13 14:01 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-07-10 12:29 - 2018-06-13 14:01 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2018-07-10 12:29 - 2018-06-13 14:00 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-10 12:29 - 2018-06-13 13:59 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2018-07-10 12:29 - 2018-06-13 13:58 - 001570304 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-07-08 14:29 - 2018-07-08 14:29 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
2018-07-08 14:29 - 2018-07-08 14:29 - 000000000 ____D C:\Users\Matt\AppData\Roaming\MusicBrainz
2018-07-08 14:29 - 2018-07-08 14:29 - 000000000 ____D C:\Users\Matt\AppData\Local\MusicBrainz
2018-07-08 14:29 - 2018-07-08 14:29 - 000000000 ____D C:\Program Files (x86)\MusicBrainz Picard
2018-07-08 14:27 - 2018-07-08 14:27 - 009946225 _____ (MusicBrainz) C:\Users\Matt\Downloads\picard-setup-1.4.2.exe
2018-07-08 13:34 - 2018-07-08 14:08 - 031613646 _____ C:\Users\Matt\Downloads\Be On You - Flo Rida_ Ne-Yo [Lossless_FLAC].flac
2018-07-08 13:21 - 2018-07-08 13:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-17 01:28 - 2017-03-20 12:55 - 000000000 ____D C:\Users\Matt\AppData\Local\ClassicShell
2018-07-17 01:22 - 2017-12-14 01:04 - 001506948 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-17 01:20 - 2018-04-21 13:42 - 000004570 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-17 01:20 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-17 01:20 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-17 01:20 - 2015-04-27 01:51 - 000000000 ____D C:\Users\Matt\AppData\Local\Adobe
2018-07-17 01:20 - 2015-04-27 01:17 - 000000000 ____D C:\Users\Matt\AppData\Local\VirtualStore
2018-07-17 01:16 - 2017-12-14 01:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-17 01:16 - 2017-11-16 13:53 - 000000000 ____D C:\ProgramData\VMware
2018-07-17 01:16 - 2017-09-29 01:45 - 000131072 _____ C:\WINDOWS\system32\config\BBI
2018-07-17 01:16 - 2017-05-17 22:13 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-07-17 01:16 - 2017-05-16 11:46 - 000001024 _____ C:\.rnd
2018-07-17 01:16 - 2016-11-15 22:50 - 000000000 ____D C:\Users\Matt\AppData\LocalLow\Mozilla
2018-07-17 01:13 - 2015-05-10 22:39 - 000000000 ____D C:\AdwCleaner
2018-07-17 01:06 - 2017-05-17 20:58 - 000000000 ____D C:\AMD
2018-07-17 01:01 - 2015-05-05 20:16 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Azureus
2018-07-17 01:00 - 2017-12-14 01:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-17 00:55 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-07-16 23:42 - 2018-03-22 20:44 - 000000000 ____D C:\Users\Matt\AppData\Roaming\SpeedCrunch
2018-07-16 21:36 - 2018-03-09 21:15 - 000062848 _____ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000000-00001102-0000000B-00621102}.rfx
2018-07-16 21:36 - 2018-03-09 21:15 - 000000900 _____ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000000-00001102-0000000B-00621102}.rfx
2018-07-16 21:36 - 2017-05-17 22:14 - 000062848 _____ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00621102}.rfx
2018-07-16 13:17 - 2017-01-09 15:19 - 000000000 ____D C:\Users\Matt\AppData\Roaming\KeePass
2018-07-16 13:09 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
2018-07-13 15:41 - 2017-12-14 01:14 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-13 15:40 - 2015-04-27 01:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-13 15:37 - 2015-07-12 20:42 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-07-11 00:51 - 2015-07-21 20:57 - 000000600 _____ C:\Users\Matt\AppData\Local\PUTTY.RND
2018-07-10 15:23 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-07-10 15:07 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-10 15:04 - 2018-04-20 11:33 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-07-10 15:04 - 2017-12-14 01:03 - 005020104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-10 15:04 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-10 15:04 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-10 15:04 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-07-10 15:04 - 2017-09-29 01:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-07-10 15:04 - 2017-01-09 14:39 - 000000000 ____D C:\Program Files (x86)\Windscribe
2018-07-10 15:04 - 2016-11-15 20:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-07-10 15:04 - 2015-04-27 01:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-10 12:34 - 2015-04-27 01:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-10 12:32 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-10 12:32 - 2015-04-27 01:58 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-10 12:24 - 2017-12-10 19:27 - 000002155 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-07-08 14:43 - 2017-07-24 17:06 - 000000000 ____D C:\Users\Matt\AppData\Roaming\foobar2000
2018-07-08 14:21 - 2015-04-27 02:04 - 000000000 ____D C:\Users\Matt\AppData\Roaming\vlc
2018-07-08 13:47 - 2018-04-21 14:10 - 000009044 _____ C:\Users\Matt\Downloads\Triumph service.xlsx
2018-07-08 13:26 - 2018-04-20 11:33 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-07-08 12:36 - 2015-04-27 01:47 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-08 12:29 - 2018-04-20 11:44 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-07-08 12:29 - 2018-04-20 11:33 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-07-08 12:28 - 2018-04-20 11:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-07-08 12:28 - 2017-09-29 06:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-06-29 02:02 - 2015-04-27 02:13 - 000398144 __RSH C:\bootmgr
2018-06-28 17:46 - 2017-09-29 06:49 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-28 17:46 - 2017-09-29 06:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-27 14:48 - 2017-12-14 01:14 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3054529609-2227142601-4056631604-1000
2018-06-27 14:48 - 2017-02-28 15:03 - 000002364 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-27 14:48 - 2017-02-28 15:03 - 000000000 ___RD C:\Users\Matt\OneDrive
2018-06-26 00:36 - 2017-01-09 14:18 - 000000000 ____D C:\Users\Matt\Documents\Pass
2018-06-25 17:44 - 2015-05-10 22:37 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-25 17:44 - 2015-05-10 22:37 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-17 13:52 - 2017-03-20 12:58 - 000000000 ___RD C:\Users\Matt\3D Objects
2018-06-17 13:52 - 2017-02-28 15:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-17 13:49 - 2016-11-29 19:04 - 000000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d24aaee6fb1d6.job
2018-06-17 13:49 - 2016-11-29 19:04 - 000000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d24aaee688db5.job

==================== Files in the root of some directories =======

2015-06-08 19:51 - 2015-06-08 19:51 - 000000132 _____ () C:\Users\Matt\AppData\Roaming\Adobe BMP Format CS6 Prefs
2018-04-20 11:31 - 2018-04-20 11:31 - 000000000 _____ () C:\Users\Matt\AppData\Roaming\MCVi2UserDetail.ini
2016-02-12 00:04 - 2017-04-04 01:03 - 000000600 _____ () C:\Users\Matt\AppData\Roaming\winscp.rnd
2017-09-10 11:55 - 2017-09-10 11:55 - 000005632 _____ () C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-25 22:59 - 2015-07-25 23:24 - 001065984 _____ () C:\Users\Matt\AppData\Local\file__0.localstorage
2015-07-21 20:57 - 2018-07-11 00:51 - 000000600 _____ () C:\Users\Matt\AppData\Local\PUTTY.RND
2015-05-08 19:47 - 2015-05-08 19:47 - 000000017 _____ () C:\Users\Matt\AppData\Local\resmon.resmoncfg
2016-12-03 22:48 - 2017-01-24 01:07 - 000000286 _____ () C:\Users\Matt\AppData\Local\zenmap.exe.log
2016-02-27 03:56 - 2016-02-27 03:56 - 000000000 _____ () C:\Users\Matt\AppData\Local\{325CC430-C6A8-4BD1-AE1A-B8674C7FD1CC}
2016-02-27 03:56 - 2016-02-27 03:56 - 000000000 _____ () C:\Users\Matt\AppData\Local\{6856FBF1-1619-43BA-9DC4-ED589ABE7C81}
2016-02-27 03:59 - 2016-02-27 03:59 - 000000000 _____ () C:\Users\Matt\AppData\Local\{98538D9E-B1F2-4B88-8B49-8E2B20D53132}
2016-02-27 03:56 - 2016-02-27 03:56 - 000000000 _____ () C:\Users\Matt\AppData\Local\{A29A1009-99B8-426A-82E5-D3425F9DA86D}
2016-02-27 03:56 - 2016-02-27 03:56 - 000000000 _____ () C:\Users\Matt\AppData\Local\{D63CA659-29AF-4419-92EE-416BCDEF016E}
2016-02-27 03:57 - 2016-02-27 03:57 - 000000000 _____ () C:\Users\Matt\AppData\Local\{D8672A89-46CE-497C-A363-771B5984E465}
2015-07-24 10:09 - 2015-07-24 10:09 - 000000000 _____ () C:\Users\Matt\AppData\Local\{F9C0AF35-445B-4CA2-9E9B-F0D4729265C1}

Some files in TEMP:
====================
2018-07-10 14:37 - 2018-07-17 01:01 - 000079904 _____ () C:\Users\Matt\AppData\Local\Temp\i4jdel0.exe

Some zero byte size files/folders:
==========================
C:\Windows\erunt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-16 13:09

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by Matt (17-07-2018 01:32:58)
Running from C:\Users\Matt\Downloads
Windows 10 Pro Version 1709 16299.547 (X64) (2017-12-14 08:17:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3054529609-2227142601-4056631604-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3054529609-2227142601-4056631604-503 - Limited - Disabled)
Guest (S-1-5-21-3054529609-2227142601-4056631604-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3054529609-2227142601-4056631604-1002 - Limited - Enabled)
Matt (S-1-5-21-3054529609-2227142601-4056631604-1000 - Administrator - Enabled) => C:\Users\Matt
WDAGUtilityAccount (S-1-5-21-3054529609-2227142601-4056631604-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Amazon Drive (HKU\S-1-5-21-3054529609-2227142601-4056631604-1000\...\Amazon Drive) (Version: 4.0.16 - Amazon.com, Inc.)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Cisco Packet Tracer 5.3.3 (HKLM-x32\...\Cisco Packet Tracer 5.3.3_is1) (Version:  - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
dBpoweramp Batch Ripper (HKLM-x32\...\dBpoweramp Batch Ripper) (Version: Release 1.3 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 13.5 - Illustrate)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dropbox (HKLM-x32\...\Dropbox) (Version: 53.4.67 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Eraser 6.2.0.2982 (HKLM\...\{DFCF78CC-3DAD-4C1E-8BC6-94DC5B73461E}) (Version: 6.2.2982 - The Eraser Project)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
f.lux (HKU\S-1-5-21-3054529609-2227142601-4056631604-1000\...\Flux) (Version:  - f.lux Software LLC)
foobar2000 v1.3.16 (HKLM-x32\...\foobar2000) (Version: 1.3.16 - Peter Pawlowski)
Geeks3D FurMark 1.15.2.2 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.96 - SecureMix LLC)
GNS3 2.1.0 (HKLM-x32\...\GNS3) (Version: 2.1.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
HWiNFO64 Version 5.40 (HKLM\...\HWiNFO64_is1) (Version: 5.40 - Martin Malík - REALiX)
Intel® Chipset Device Software (HKLM-x32\...\{5a6a5d15-d5af-417c-b08f-f7e5eb1f98af}) (Version: 10.0.26 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
KeePass Password Safe 2.35 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.35 - Dominik Reichl)
Lexmark 3600-4600 Series (HKLM\...\Lexmark 3600-4600 Series) (Version:  - Lexmark International, Inc.)
Litecoin Core (64-bit) (HKU\S-1-5-21-3054529609-2227142601-4056631604-1000\...\Litecoin Core (64-bit)) (Version: 0.14.2 - Litecoin Core project)
MakeMKV v1.9.9 (HKLM-x32\...\MakeMKV) (Version: v1.9.9 - GuinpinSoft inc)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R13 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.203 - McAfee, Inc.)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.5031.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3054529609-2227142601-4056631604-1000\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.4.2 - MusicBrainz)
Nmap 7.31 (HKLM-x32\...\Nmap) (Version: 7.31 - )
Npcap 0.97 (HKLM-x32\...\NpcapInst) (Version: 0.97 - Nmap Project)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.2 - OBS Project)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5031.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5031.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5031.1000 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 5.2.2 (HKLM\...\{9F5D10F9-A372-4B1E-BEB3-001B47E0C325}) (Version: 5.2.2 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.5.6040 - Electronic Arts, Inc.)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PuTTY release 0.64 (HKLM-x32\...\PuTTY_is1) (Version: 0.64 - Simon Tatham)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3.1 r2602 - )
RealFlight 8 R/C Simulator (HKLM-x32\...\RealFlight8Pro) (Version:  - )
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\RollerCoaster Tycoon 2 Triple Thrill Pack_is1) (Version:  - GOG.com)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
SolarWinds Response Time Viewer (HKLM-x32\...\{5B415E10-D1C1-4E54-9061-AE0FB3D7F2B2}) (Version: 1.0.0.162 - SolarWinds)
SpeedCrunch (HKLM-x32\...\SpeedCrunch) (Version: 0.12 - SpeedCrunch)
Spotify (HKU\S-1-5-21-3054529609-2227142601-4056631604-1000\...\Spotify) (Version: 1.0.73.345.g6c9971ef - Spotify AB)
SteelSeries Engine 3.11.10 (HKLM\...\SteelSeries Engine 3) (Version: 3.11.10 - SteelSeries ApS)
TakeOwnershipEx (HKLM-x32\...\TakeOwnershipEx) (Version: 1.2.0.1 - hxxp://winaero.com)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.5058 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Tenable Nessus (x64) (HKLM\...\{A8A37B1A-368E-494F-8382-C84C02C7C75B}) (Version: 6.10.5.20090 - Tenable Network Security, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{8CFAB044-7D2E-4655-B86D-99932E988980}) (Version: 2.45.0.0 - Microsoft Corporation)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.21 - IDRIX)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VirtViewer 5.0-256 (64-bit) (HKLM\...\{6E998B6D-DDD5-4BB9-BC83-C86F76D9E0CE}) (Version: 5.0.256 - Virt Manager Project)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Workstation (HKLM\...\{E374BA09-9CD0-4F58-90EE-F8C1488BC81E}) (Version: 14.0.0 - VMware, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
Windows Driver Package - Microsoft (xusb21) XnaComposite  (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.82 Build 17 - Windscribe Limited)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl)
Wireshark 2.4.1 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.1 - The Wireshark developer community, hxxps://www.wireshark.org)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.30 - ASRock Inc.)
XnView 2.39 (HKLM-x32\...\XnView_is1) (Version: 2.39 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY Production LLC.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2017-09-18] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2017-09-18] (VMware, Inc.)
ContextMenuHandlers3: [STKContextMenu] -> {90DD7445-E924-4c6e-92AC-01F8C3A7E0C7} => C:\Program Files (x86)\Amazon\SendToKindle\stkContextMenu_243.dll [2017-01-22] (Amazon.com, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-31] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY Production LLC.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {070EA7AB-F5C9-4258-A53F-0ABF0AE7686C} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {077501BE-B5ED-4041-AC5B-C666C88F5D65} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {07B1AEBE-B2B8-4D1F-B0FE-2D375918A28F} - System32\Tasks\GoogleUpdateTaskMachineCore1d15e3e62bfe0fd => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {082D7B80-029D-4352-88EB-676BD17FFE1B} - System32\Tasks\DropboxUpdateTaskMachineCore1d24aaee688db5 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {09F17705-E374-4C20-A235-0A019D7D862E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0DD9972B-F99D-4A07-BDCF-08E80D2A254D} - System32\Tasks\S-1-5-21-3054529609-2227142601-4056631604-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {0EC6CE07-770B-4A65-A8E8-AD37DEA984BE} - System32\Tasks\GoogleUpdateTaskMachineUA1d1eae6cf2dd557 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {10D4725A-32CF-44C0-8A83-61281BA82451} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {132941C2-599B-4996-AC66-39423EA6E95C} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {1A7B1B8F-9E3D-4BCF-A83E-2E7D8FE37901} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {1CD77E1C-EF77-40E5-9E97-65E24524DC70} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
Task: {22D4322D-FCA1-4569-98CF-BB4FF0C61B18} - System32\Tasks\GoogleUpdateTaskMachineCore1d09380a3aa0dd7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {2680B8F3-87B6-46EA-83ED-8A4BCDE03AC6} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab2fb6bd8824 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {29CDDB27-E6CF-45F9-8EB3-ADF03EA605B5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {2A89C0E9-76B1-42A6-A8E0-904AEA479C16} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2E754C7B-B0BB-4624-8F74-8E177A80EB72} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2EE03DA6-7F1C-496F-A135-90E6D8071D12} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf82bf00fe4e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {31692A7F-3085-457A-A59F-EC58EBD0591D} - System32\Tasks\GoogleUpdateTaskMachineCore1d1eae6cf160794 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {39E62470-748E-4613-906C-DF8D3C14BC4D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-17] (Adobe Systems Incorporated)
Task: {4027DA4D-33C0-40A6-9A24-D0153786AAAD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {43189C81-6412-4BF3-806D-C35E93AF1591} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe
Task: {4333A0D7-4852-4547-8083-77580A53540C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {44036012-513B-4C90-84A4-9A04ABC79516} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {44B3D208-E060-49C9-BD93-300EABF1539F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {47A8C814-CBBC-4245-9214-A336F82170DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {4CB87D02-1AEF-4185-B612-C14038800164} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-04-20] (McAfee, LLC.)
Task: {4D2682EF-57AC-401A-8417-55A7DCBC54EF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {5282D352-E5FF-47F4-9ABB-F1DC05FE4B9A} - System32\Tasks\GoogleUpdateTaskMachineUA1d12ed55fa390f3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {560E3F4C-ACBF-49C2-8C79-810001F49B21} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {655ED3A8-3DFA-4D11-A82C-0B961993BEF6} - System32\Tasks\GoogleUpdateTaskMachineCore1d12ed55f818983 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {68DF43B8-AC70-44BE-9B7A-0ED7BC803CBE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6C7CBF9F-9BC5-4A65-9E21-8BB76094AD8D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {71601087-B85E-4088-AAAE-0B3BA1FFE5C1} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {796EE332-C35E-4F2E-BEF0-306C119CEADF} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf82bee7345d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {79BB3460-6035-49EA-87A1-2EB95F3E6DF9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {85F7BA78-DCCD-48D1-BC0A-AE0FEBEA308A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-17] (Adobe Systems Incorporated)
Task: {8A7A965E-3CD4-4395-ABB0-71BA8D5A1EDA} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe [2018-06-28] (Microsoft Corporation)
Task: {9092519E-0A48-40A7-BA23-230050AFDF9D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {934B824C-83CA-4AE3-BD84-33688C0BD6E5} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe [2010-02-04] ()
Task: {938A2C01-7075-450C-8971-7DD32E9A531E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9AAE8E68-C8C9-4D2C-AD1A-AE736A08468F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {AED88C86-52EA-46D9-B49E-F23100F9C8CD} - System32\Tasks\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA} => C:\Users\Matt\AppData\Local\Temp\is-JAQEK.tmp\XRD Manager.exe <==== ATTENTION
Task: {B1653AF1-0AA0-4549-8325-736E2BB255F2} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2018-06-06] (McAfee, Inc.)
Task: {B53A8602-9B3C-45DB-AAD3-368B021C0BD9} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {BA0E79F5-CA3E-4DA5-A1CF-CF4D845E6B82} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {BBB20476-4420-4E1C-8680-B62BED38DC16} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BC0AA028-89CD-4EC2-9819-26394CD9103D} - System32\Tasks\GoogleUpdateTaskMachineUA1d09380a3c907fb => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {BD3B9A6B-2D5C-4233-A7A7-327D86F2D9A2} - System32\Tasks\DropboxUpdateTaskMachineUA1d24aaee6fb1d6 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {BED3DA25-CB48-4131-BD45-A87F015C2066} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {C18937A2-B16F-4389-8225-26B99AD6A7B5} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C203EFF2-E1BD-4649-921A-973603EFBCCE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CBEAEA8D-9484-4886-85F6-9C54730E5822} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CC0437A2-D300-47E5-9077-573F004521FC} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-21] ()
Task: {D052195F-0106-4292-B04F-5B84B017CC68} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D2FBD652-1F92-4277-B48E-1DD70D46714A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D5CC2E96-CC36-4FB8-8DBA-9BA01685AC44} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {D86303CF-E656-41B7-980E-017EC7C20CA0} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f10436525bfc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {DA2D6E8F-1C93-4447-948B-9A8147E87370} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DB7C77ED-8812-4A3C-9A17-7756BF0595AD} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DE94E758-F7FA-44FB-A9B9-F15F4DD5F5B2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DECB4783-3BED-4727-87B2-06E6A5C0B6CF} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e2053e5842f3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {E34BFDFE-26D3-40B2-BB0A-73FC2C66944F} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {E5A9CB25-7728-4CC0-90E6-FEC4A82E321A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E7319BA3-DD7C-4D5B-B872-22194D74CC1A} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f10436362102 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {E77B2654-72C0-4020-92D6-098596563A50} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E7F115BF-CC60-4DBF-8F93-2DF237215EE5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ECA982BB-3832-4EB2-9B7A-5EA620BC0853} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e2053e73ba9a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {EF221F0D-794D-49C8-BFB4-ADDC34F278A1} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-05-22] (McAfee, Inc.)
Task: {F7328227-2CF0-43EE-A08A-41A0838B5709} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab2fb6dbe606 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {F9E34B1C-B4EA-469F-A164-33BB5175B261} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {F9F4564A-654B-44A5-995A-CCFC4C5ADDD7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FD0041A4-674E-4509-8796-C1B05855656A} - System32\Tasks\GoogleUpdateTaskMachineUA1d15e3e62dc7180 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {FEF39B48-62D1-4F0E-8BBD-A05D4F12B0EE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d24aaee688db5.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d24aaee6fb1d6.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d09380a3aa0dd7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf82bee7345d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e2053e5842f3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0f10436362102.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12ed55f818983.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15e3e62bfe0fd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1ab2fb6bd8824.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d09380a3c907fb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf82bf00fe4e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0e2053e73ba9a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0f10436525bfc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d12ed55fa390f3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d15e3e62dc7180.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d1ab2fb6dbe606.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-04-27 02:05 - 2009-10-16 13:12 - 000177664 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
2015-04-27 01:55 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-08 19:01 - 2015-05-08 19:04 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2017-09-18 07:33 - 2017-09-18 07:33 - 014344168 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2018-04-06 04:05 - 2018-04-06 04:05 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPMsgBusDLL.dll
2017-03-21 10:49 - 2017-01-31 05:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2018-07-10 12:29 - 2018-06-29 01:00 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-07-10 12:29 - 2018-06-29 00:57 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-03-18 13:10 - 2016-03-18 13:10 - 000037008 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2016-03-18 13:10 - 2016-03-18 13:10 - 001410192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2017-07-12 14:22 - 2017-07-12 14:22 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-12 14:22 - 2017-07-12 14:22 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-02-08 08:19 - 2017-02-08 08:19 - 000178128 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2017-09-18 07:24 - 2017-09-18 07:24 - 000084456 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
2017-09-18 07:33 - 2017-09-18 07:33 - 000126952 _____ () C:\Program Files (x86)\VMware\VMware Workstation\expat.dll
2015-12-19 00:49 - 2015-12-19 00:49 - 000002560 _____ () C:\WINDOWS\System32\CTXFIRES.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:A9967A61 [113]
AlternateDataStreams: C:\ProgramData\TEMP:F4C624DE [121]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-07-08 22:37 - 2018-07-08 22:37 - 000001597 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3054529609-2227142601-4056631604-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 172.16.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ColorMunki Display Tray.lnk => C:\Windows\pss\ColorMunki Display Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^XRGamma.lnk => C:\Windows\pss\XRGamma.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AMDDVR => "C:\Program Files\AMD\CNext\CNext\amddvr.exe"
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: itype => "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: lxdxamon => "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe"
MSCONFIG\startupreg: lxdxmon.exe => "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: XFastUSB => "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-3054529609-2227142601-4056631604-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3054529609-2227142601-4056631604-1000\...\StartupApproved\Run: => "Plex Media Server"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{64F79D92-3F16-4F64-AA4F-22324730353A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{060382CD-4B41-4D43-8D71-48A4A8F1D61B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{48EAF0BA-1AAA-4CC0-8772-450C214B4E87}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B03D696F-0B1E-46FF-93CB-6B0194938D63}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9611781C-DA2B-497E-993E-3C200D3266A0}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe
FirewallRules: [{55A90467-02E4-47C9-BF2C-0B42C0C0F492}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe
FirewallRules: [{6F18BC14-7D02-43AA-A89D-F8C43D460DE8}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{E1C708A6-BB73-4618-8F3B-C09BD9ED47BB}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{087F3009-81F1-469D-8BDB-0F832C3DC266}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{ABE40A38-BB0C-4B87-9D4C-5C88AB85149B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{F1364BAC-6D3D-48BA-B7F6-8A89E47E33E3}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe
FirewallRules: [{056337D0-BC9B-4AEF-A19F-8EE5DB9856A5}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe
FirewallRules: [{FAFEA602-93AD-4019-B057-AD4F9D63D803}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe
FirewallRules: [{1A369AF6-47D3-4E9B-8083-0DCCDC9ECEB3}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe
FirewallRules: [{DC4763C2-D234-42CE-9C30-9C72E4EB0B39}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe
FirewallRules: [{80A3C71F-0510-400D-8852-C1C861350184}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe
FirewallRules: [{44892E27-5A10-4562-8CAA-6BE7660BF3C9}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe
FirewallRules: [{9969E30D-2B8E-4116-8F4B-4F93BC1A1732}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe
FirewallRules: [{37DD6AAC-7732-4B98-924E-BA30826BA60B}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe
FirewallRules: [{F4E2EE89-6331-4CCF-8746-0C2BE2AF0578}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe
FirewallRules: [{58E02D37-993C-4790-A6DF-C625FA1871C2}] => (Allow) C:\Program Files\GNS3\ubridge.exe
FirewallRules: [{C92BC1AF-C032-4038-B7A8-1E718FF30902}] => (Allow) C:\Program Files\GNS3\ubridge.exe
FirewallRules: [{525304BD-8E85-4D44-9108-A0B5E38EC6E2}] => (Allow) C:\Program Files\GNS3\gns3server.exe
FirewallRules: [{BFD38F5F-7FAA-48A5-A45C-E5CD2931C69C}] => (Allow) C:\Program Files\GNS3\gns3server.exe
FirewallRules: [{6E75CB64-4488-406D-85C8-1B8F1969BF20}] => (Allow) D:\programs\vuze\Azureus.exe
FirewallRules: [{45EB69B3-32EF-4FEC-9C33-E1B1A652346F}] => (Allow) D:\programs\vuze\Azureus.exe
FirewallRules: [UDP Query User{2CD87F08-47AB-4C38-93F9-221A7425AD3A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{42F3CDE4-C6E1-4342-9C9F-627F87AF39B6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{D3022C93-F88F-4193-B7CA-523A240EF705}] => (Block) C:\users\matt\desktop\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [{2B457FE3-9D86-4FFA-88B4-332456E95AB9}] => (Block) C:\users\matt\desktop\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [UDP Query User{70C1BEA0-80A5-4335-97C9-00C277D3B9DA}C:\users\matt\desktop\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:\users\matt\desktop\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [TCP Query User{1FB6CCB2-068A-47D9-9778-FA9FF7AA8717}C:\users\matt\desktop\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:\users\matt\desktop\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [{5CB2656D-AD1B-47AF-B15F-0200B401305A}] => (Allow) D:\programs\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{AF40AF52-7565-4259-96F9-85C30D6EBEB5}] => (Allow) D:\programs\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [UDP Query User{2322EF0D-9E2F-4AFD-BEF2-FE4FC148BCAB}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe] => (Allow) C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe
FirewallRules: [TCP Query User{8BD63400-B0CD-4CC3-84E2-DCF53046D41A}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe] => (Allow) C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe
FirewallRules: [{2785C892-1225-4F29-ACF1-57F4FBC2A365}] => (Allow) D:\programs\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{D0C826E6-AC0A-4C05-B75F-9487098803BE}] => (Allow) D:\programs\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [UDP Query User{9A5C3342-5C2B-4CB0-B7F9-BCB191D40C15}C:\users\matt\downloads\hfs.exe] => (Allow) C:\users\matt\downloads\hfs.exe
FirewallRules: [TCP Query User{E891E00E-4357-45F1-952F-0E436AD35091}C:\users\matt\downloads\hfs.exe] => (Allow) C:\users\matt\downloads\hfs.exe
FirewallRules: [{F143B238-AEFE-4CA9-9A88-68314FC000F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D17DDC2-9371-424E-B280-7AD26469523D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C977E27B-1A4A-485A-96DA-08A9CC080E26}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{BDF39152-E3A2-43A3-8093-A20F89CF8EFD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F5423227-6520-4EE6-B62A-994DD04B33F6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6763782E-F3E4-4235-8791-14C4622AF5F1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CFC5947D-9572-49E5-953B-C78EE0026EEE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{693B44EC-3BDE-430D-8E6C-9D3395637AE1}] => (Block) D:\programs\vuze\azureus.exe
FirewallRules: [{A619EB18-823A-4F6A-80EC-AEFB2B634288}] => (Block) D:\programs\vuze\azureus.exe
FirewallRules: [{72B84497-95DC-41AF-8380-20C2D2F0F11B}] => (Block) D:\programs\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [{46F17286-98EB-44B8-A494-C230B4A6D0A9}] => (Block) D:\programs\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{329D3183-5D53-4F85-A3E9-2B4188CF1136}D:\programs\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\programs\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{7919FF4B-7823-4D53-BB2E-73B8EFEB743A}D:\programs\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\programs\steam\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [{8C9A50EB-01DE-482F-BD1A-A0733DF7EFA0}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{99FA9A7C-4DCD-4B25-9DD7-05391A84982C}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{2AB9821A-1C52-4B61-AE22-9CC1868CAE73}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{D5D8A35C-F905-495F-9BEA-6704E570B3D3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{9F684B3B-0D71-4119-88DF-FF96B5214A36}] => (Block) C:\users\matt\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E22FF0F8-A2B7-4769-A136-6F85466A1C52}] => (Block) C:\users\matt\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{39575043-89D9-4A97-B459-0DBD2DEAA0C1}C:\users\matt\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\matt\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{05DCFD07-1149-4E75-A7C0-69C0125F6932}C:\users\matt\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\matt\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2F2B37D9-F3AF-4BB7-A11A-9128C705B89B}] => (Allow) D:\programs\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{71A5FE26-1B06-4FC0-A0C8-2214EE4372F3}] => (Allow) D:\programs\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7DB1C121-1A18-4504-A141-3A37E6A0F954}] => (Allow) D:\programs\Steam\SteamApps\common\RollerCoaster Tycoon World\RollerCoaster Tycoon World.exe
FirewallRules: [{422765C7-2EE4-422D-8C10-E222CE2492BD}] => (Allow) D:\programs\Steam\SteamApps\common\RollerCoaster Tycoon World\RollerCoaster Tycoon World.exe
FirewallRules: [{26B1D241-4643-4B46-9D14-C6EB6ABD7B96}] => (Allow) D:\programs\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{5A90441B-BB9F-4B37-9E8D-0D50B2F18A0F}] => (Allow) D:\programs\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{D3BEEBB0-6410-44A3-91EC-C761813F7479}] => (Allow) D:\programs\Steam\Steam.exe
FirewallRules: [{8E0503C0-364A-4C58-B36C-E6E2DD7D69A4}] => (Allow) D:\programs\Steam\Steam.exe
FirewallRules: [{F5A6C857-07E4-4352-8ACD-EA21B2CF4445}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{AB9B00E1-D4CF-40E1-9132-AD7D60A6EFA9}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{D5E224E0-34A6-40B7-8571-5C1B29B93A3A}] => (Allow) D:\programs\Steam\Steam.exe
FirewallRules: [{9BE6C702-0CC9-468D-85DD-ABCED48E793E}] => (Allow) D:\programs\Steam\Steam.exe
FirewallRules: [{89ED0105-0BD2-4856-86D8-D6DEC2536596}] => (Allow) D:\programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{34A832A4-5CA7-4F86-9827-ED8F823D0714}] => (Allow) D:\programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A4C7AFDA-6424-40D6-92BA-FA7F84FF9E50}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe
FirewallRules: [{D53DC253-51A2-4FF6-8473-064E2A090E26}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe
FirewallRules: [{B5DF01E0-F3FB-4904-B980-33F4FA0EAF9D}] => (Allow) C:\Users\Matt\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{2DD3794D-2685-4F5A-8E94-2BEB0B9635A3}] => (Allow) C:\Users\Matt\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [TCP Query User{B9C36422-FAAC-4DD0-8779-082C2BAA4CAF}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{E62E1DC2-CE9A-4EC9-8EB5-2E60BCA56F17}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{76F0F9A4-5F82-4E51-8008-72448C335955}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{05F1A9F4-3C8F-4983-B0B7-E5BCE8C22AD4}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{6EA30D1A-4055-4B33-8A24-D2FFCBF99245}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{598D5E6E-7267-4B9B-8824-1385AB876C1D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{F724B281-F0F4-4805-9C49-8E6C0DA712E0}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [UDP Query User{42FD708A-10A4-4276-B28F-9D2CE52DE3FA}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [TCP Query User{C30105E9-45D3-45AD-AEB9-B1FB6D90AC01}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{F52EA9C3-D16A-4AEC-961F-5743AFC8B027}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{3BFEB057-B485-4BD6-90B8-A35793C13162}C:\program files\feathercoin\feathercoin-qt.exe] => (Allow) C:\program files\feathercoin\feathercoin-qt.exe
FirewallRules: [UDP Query User{13397AA7-CFC0-4933-A3A7-8CF8BC3CA40B}C:\program files\feathercoin\feathercoin-qt.exe] => (Allow) C:\program files\feathercoin\feathercoin-qt.exe
FirewallRules: [TCP Query User{19DD64DE-135F-48A9-9771-5921BB640367}C:\users\matt\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\matt\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [UDP Query User{D71B8C66-2174-4866-91EB-DF70FC1D741C}C:\users\matt\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\matt\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [TCP Query User{B9F3B92A-F1F4-4198-AE3A-03C054E4B1AC}C:\users\matt\documents\eth\geth.exe] => (Allow) C:\users\matt\documents\eth\geth.exe
FirewallRules: [UDP Query User{ED2BCD98-B119-4E71-86F0-B7CDEBF275B3}C:\users\matt\documents\eth\geth.exe] => (Allow) C:\users\matt\documents\eth\geth.exe
FirewallRules: [TCP Query User{9228DF4F-6603-4BA5-94C5-C871DF7E4895}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [UDP Query User{F6BAD70F-4CB2-4137-A7CC-2921BE6162A9}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe
FirewallRules: [{BA415EA1-F812-4F98-BF49-3A6B4F4760C9}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{C10F8753-AB7B-45EE-9DC6-BEF7D87EA182}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{73AF0000-E6B5-4BF4-8993-FD32E29450CA}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{22A13368-189B-4AD5-9CFC-D893340D08A4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B95BA3E6-1E32-4120-9634-1479E978101C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

01-07-2018 17:20:21 Scheduled Checkpoint
08-07-2018 13:51:49 Windows Update
16-07-2018 21:36:13 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Npcap Loopback Adapter
Description: Microsoft KM-TEST Loopback Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kmloop
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2018 12:34:16 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/08/2018 10:37:10 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={3335CCC1-2A96-4911-A3E7-99B75F67282B}: The user Matt-PC\Matt dialed a connection named Windscribe IKEv2 which has failed. The error code returned on failure is 809.

Error: (07/08/2018 10:37:05 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: Matt-PC)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (07/08/2018 10:37:01 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={094D830D-08A0-4CE7-87EE-5513D4E5B300}: The user Matt-PC\Matt dialed a connection named Windscribe IKEv2 which has failed. The error code returned on failure is 809.

Error: (07/08/2018 10:36:56 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: Matt-PC)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (07/08/2018 02:14:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.16299.492, time stamp: 0x721b1ba3
Faulting module name: explorerframe.dll, version: 10.0.16299.492, time stamp: 0x46d8c1ad
Exception code: 0xc0000005
Fault offset: 0x0000000000044e7d
Faulting process id: 0x1620
Faulting application start time: 0x01d416f0dfc4a39f
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\explorerframe.dll
Report Id: 3ffce4f8-a12e-4a8e-96b2-b4579d09f09f
Faulting package full name:
Faulting package-relative application ID:

Error: (07/08/2018 01:22:55 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={D2EA5800-52E2-4A4C-A09A-5A173CC2D020}: The user Matt-PC\Matt dialed a connection named Windscribe IKEv2 which has failed. The error code returned on failure is 809.

Error: (07/08/2018 01:22:50 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: Matt-PC)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1


System errors:
=============
Error: (07/17/2018 01:16:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the WAS service which failed to start because of the following error:
The data is invalid.

Error: (07/17/2018 01:16:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetPipeActivator service depends on the WAS service which failed to start because of the following error:
The data is invalid.

Error: (07/17/2018 01:16:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetMsmqActivator service depends on the WAS service which failed to start because of the following error:
The data is invalid.

Error: (07/17/2018 01:16:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WAS service terminated with the following error:
The data is invalid.

Error: (07/17/2018 01:16:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdxCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/17/2018 01:16:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxdxCATSCustConnectService service to connect.

Error: (07/17/2018 01:16:25 AM) (Source: WAS) (EventID: 5005) (User: )
Description: Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.

Error: (07/17/2018 01:16:25 AM) (Source: WAS) (EventID: 5215) (User: )
Description: The Windows Process Activation Service (WAS) failed to execute initialization for offline setup. The data field contains the error number.


Windows Defender:
===================================
Date: 2018-04-20 11:52:36.687
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {66E0B7BA-34A7-4EA8-85AB-0A27FECC5975}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-01-12 00:07:16.926
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.251.42.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80072efd
Error description: A connection with the server could not be established

Date: 2018-01-12 00:07:16.926
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 116.1.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.13804.0
Error code: 0x80072efd
Error description: A connection with the server could not be established

Date: 2018-01-12 00:07:16.922
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.251.42.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80072efd
Error description: A connection with the server could not be established

Date: 2018-01-12 00:07:16.922
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.251.42.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80072efd
Error description: A connection with the server could not be established

Date: 2018-01-12 00:07:16.922
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.251.42.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80072efd
Error description: A connection with the server could not be established

CodeIntegrity:
===================================

Date: 2018-07-17 01:19:30.816
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-17 01:19:30.814
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-17 01:19:29.691
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-17 01:19:29.689
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-17 01:19:27.975
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-17 01:19:27.974
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-17 01:19:26.165
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-17 01:19:26.164
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-2700K CPU @ 3.50GHz
Percentage of memory in use: 26%
Total physical RAM: 16264.16 MB
Available physical RAM: 11923.55 MB
Total Virtual: 32648.16 MB
Available Virtual: 27170.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:463.37 GB) (Free:255.5 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Samsung F3) (Fixed) (Total:711.01 GB) (Free:391.93 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Music) (Fixed) (Total:220.5 GB) (Free:132.61 GB) NTFS

\\?\Volume{2b76b614-0000-0000-0000-805474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2B76B614)
Partition 1: (Active) - (Size=463.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C96F25CC)
Partition 1: (Active) - (Size=711 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by Matt3D, 17 July 2018 - 03:51 AM.

Thanks bleeping computer for the forums!

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 17 July 2018 - 08:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
This copy of the program is not signed and may be compromised.
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
---

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

Task: {09F17705-E374-4C20-A235-0A019D7D862E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1A7B1B8F-9E3D-4BCF-A83E-2E7D8FE37901} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {29CDDB27-E6CF-45F9-8EB3-ADF03EA605B5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {2E754C7B-B0BB-4624-8F74-8E177A80EB72} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4027DA4D-33C0-40A6-9A24-D0153786AAAD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {44036012-513B-4C90-84A4-9A04ABC79516} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {938A2C01-7075-450C-8971-7DD32E9A531E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D2FBD652-1F92-4277-B48E-1DD70D46714A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:A9967A61 [113]
AlternateDataStreams: C:\ProgramData\TEMP:F4C624DE [121]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know if the problem persists.

#3 Matt3D

Matt3D
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 17 July 2018 - 04:28 PM

Hi Nasdaq,

Thank you for your help. The issue is gone. Here is the Fixlog.txt file:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by Matt (17-07-2018 14:21:17) Run:1
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt (Available Profiles: Matt)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

Task: {09F17705-E374-4C20-A235-0A019D7D862E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1A7B1B8F-9E3D-4BCF-A83E-2E7D8FE37901} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {29CDDB27-E6CF-45F9-8EB3-ADF03EA605B5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {2E754C7B-B0BB-4624-8F74-8E177A80EB72} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task:
{4027DA4D-33C0-40A6-9A24-D0153786AAAD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {44036012-513B-4C90-84A4-9A04ABC79516} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {938A2C01-7075-450C-8971-7DD32E9A531E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D2FBD652-1F92-4277-B48E-1DD70D46714A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:A9967A61 [113]
AlternateDataStreams: C:\ProgramData\TEMP:F4C624DE [121]

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09F17705-E374-4C20-A235-0A019D7D862E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09F17705-E374-4C20-A235-0A019D7D862E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A7B1B8F-9E3D-4BCF-A83E-2E7D8FE37901}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A7B1B8F-9E3D-4BCF-A83E-2E7D8FE37901}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29CDDB27-E6CF-45F9-8EB3-ADF03EA605B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29CDDB27-E6CF-45F9-8EB3-ADF03EA605B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E754C7B-B0BB-4624-8F74-8E177A80EB72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E754C7B-B0BB-4624-8F74-8E177A80EB72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
Task: => Error: No automatic fix found for this entry.
{4027DA4D-33C0-40A6-9A24-D0153786AAAD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44036012-513B-4C90-84A4-9A04ABC79516}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44036012-513B-4C90-84A4-9A04ABC79516}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{938A2C01-7075-450C-8971-7DD32E9A531E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{938A2C01-7075-450C-8971-7DD32E9A531E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2FBD652-1F92-4277-B48E-1DD70D46714A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2FBD652-1F92-4277-B48E-1DD70D46714A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
C:\ProgramData\TEMP => ":A9967A61" ADS removed successfully
C:\ProgramData\TEMP => ":F4C624DE" ADS removed successfully


The system needed a reboot.

==== End of Fixlog 14:21:24 ====

 

Thanks,

Matthew


Thanks bleeping computer for the forums!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 18 July 2018 - 06:24 AM

Hi,

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users