Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slower than normal PC - found several possible threats, need help analyzing them


  • This topic is locked This topic is locked
28 replies to this topic

#1 terpy

terpy

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 09 August 2018 - 11:23 PM

Hello, this is my first time posting here so I hope I hit all of the points. Lately my computer has been running slower than usual (especially my internet, using ATT 100mpbs fiber and usually getting 10-50 down/up, strangely my upload is usually higher than download which I haven't seen in my past internet plans) and for some reason my search function is acting strangely (seems to be only searching for files/folders but not applications, might not be related), so over the past few days I've been running some scans and attempting to fix it myself but am unsure about these threats that Roguekiller recently picked up (PUM.Dns and Hidden.ADS). I'll attach my FRST, addition and roguekiller logs here. I've also included a malwarebytes log that I ran a few days ago, upon hindsight I should have asked about the threat it picked up before removing it, but what's done is done, I suppose. 
 
I usually run several virus scans each week using Bitdefender, ESET, and IOLO's malware killer. For system optimization tools I generally run Avira and Iolo System Mechanic every couple days. I've also tried using UnhackMe, Emsisoft Anti-Malware, HitmanPro, Housecall, and adwcleaner, among a few others I'm probably forgetting. I was doing a lot of googling the past week or so and wanted to see what the different programs would pick up. I ran an ESET scan earlier today that came back with clean. UnhackMe found a few unwanted services/files, but I can't seem to find any logs for it. Again, upon hindsight I should have saved those, because I know it makes your job more difficult not knowing what they may have found.
 
[edit] Not sure how I forgot to mention it initially, but it's also worth noting that a few weeks ago a fraudulent charge was made on a credit card that I had thought was deactivated (Got a new one in the mail to replace my chip, called customer service to have the old one deactivated but apparently there must have been a glitch in the system or something, because it remained active). This is what initially sparked my flux of anti-virus scans. It's hard to pinpoint the problem to my PC though, it could easily be my phone, an RFID reader or a number of things. Strangely, all the thief bought was two tickets to Universal Studios. Weird.
 
Some notes regarding my FRST logs:
  • Upon reviewing them myself, the last two entries in the installed programs section in the additions.txt seem pretty suspect, with them being in other characters.
  • Any idea why Avast is still showing up in my security center, even though I uninstalled it quite a while ago? It's not listed in the installed programs section and Revo Uninstaller can't find it either, so I'm not sure what data is still on my PC from them.
  • My bitdefender firewall is normally turned on, I just turned it off temporarily for the scan to run. 
  • I'm unsure of what the first account listed under "accounts" on the additions.txt file is or when it was even created.
  • In the FRST.txt drivers section, I'm not entirely sure how the CYREN Inc. drivers got there. I googled the company and it seems they work in cloud security, but I don't remember installing that. Could it have come bundled with something?
  • Same as above but with the GrdKey (Aktiv Co.) and netfilter2 entries

 

If there's anything else you need, just let me know. Again, sorry for running all these scans before coming here first. I hope that doesn't mess things up too badly.

 

[edit #2] Just realized that I must have glossed over the section saying to copy and paste the FRST/addition logs into the post, rather than attach them, so here they are:

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Shane (administrator) on SHANES_PC (09-08-2018 19:37:50)
Running from C:\Users\Shane\Desktop\Security  Tools
Loaded Profiles: Shane (Available Profiles: Shane & Administrator)
Platform: Windows 10 Home Version 1803 17134.191 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Copyright 2018.) C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(iolo technologies, LLC) C:\Program Files (x86)\Phoenix360\System Mechanic\ioloGovernor64.exe
(iolo technologies, LLC) C:\Program Files (x86)\Phoenix360\PrivacyGuardian\PrivacyGuardianApplication.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
() C:\Program Files (x86)\HV-MS732 Gaming mouse\rsmon.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIPAE.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
() C:\Program Files (x86)\REALTEK\REALTEK USB Wireless LAN Driver\WPSService20.exe
(iolo.com) C:\Program Files (x86)\Phoenix360\PrivacyGuardian\NetFilter\PrivacyGuardianFilter.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe.old
(Adlice Software) C:\Users\Shane\Downloads\RogueKiller_portable64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\dmiface.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\downloader.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\seccenter.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [BdVpnApp] => C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe [87352 2018-06-13] (Bitdefender)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [64096 2018-03-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-07-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
BootExecute: autocheck autochk * Partizan
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{449234d4-39cb-4a01-8a84-852ce7f9f3d0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d922699d-3f62-4dda-95db-cd0339f0d366}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e15fa8a2-da66-4941-a1a6-bf8885abb41a}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{f9447a42-403d-498e-8f23-f462e8222b89}: [DhcpNameServer] 10.204.0.1
Tcpip\..\Interfaces\{f9fef2cd-d98e-47d6-bd23-5c2099baf510}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2018-05-16] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-10.0.2\bin\ssv.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-19] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.2\bin\jp2ssv.dll [2018-08-01] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2018-05-16] (Bitdefender)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-19] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-07-19] (Microsoft Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2018-05-16] (Bitdefender)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2018-05-16] (Bitdefender)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 9rtzq1ov.default
FF ProfilePath: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default [2018-08-09]
FF Extension: (No Name) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\@react-devtools.xpi [2018-05-28]
FF Extension: (Avira Browser Safety) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\abs@avira.com [2016-11-29]
FF Extension: (Redux DevTools) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\extension@redux.devtools.xpi [2018-05-27]
FF Extension: (Firefox Hotfix) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-13] [Legacy]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff
FF Extension: (No Name) - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff [2017-09-06]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2016-12-09] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-11-16] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @java.com/DTPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\dtplugin\npDeployJava1.dll [2018-08-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\plugin2\npjp2.dll [2018-08-01] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-07-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-07-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2243521789-936282867-848371492-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default [2018-08-09]
CHR Extension: (Slides) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-01]
CHR Extension: (Docs) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-01]
CHR Extension: (Google Drive) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-02]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-08-01]
CHR Extension: (YouTube) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-08-01]
CHR Extension: (Sheets) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-01]
CHR Extension: (React Developer Tools) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2018-08-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-08-07]
CHR Extension: (Google Docs Offline) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-08-09]
CHR Extension: (Privacy Guardian™ Online Privacy Protection) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\higopmjdpgolhfdefeicklcmgifipcbh [2018-08-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-08-07]
CHR Extension: (The Great Suspender) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2018-08-02]
CHR Extension: (Redux DevTools) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmhkpmbekcpmknklioeibfkpmmfibljd [2018-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-01]
CHR Extension: (Gmail) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-01]
CHR Extension: (Chrome Media Router) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-01]
CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\45837EB55DEAE840 <==== ATTENTION (Rootkit!)
 
U2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9435736 2018-08-08] (Emsisoft Ltd)
S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated)
S3 AfVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\vpnservice.exe [321920 2018-06-18] (AnchorFree Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [429096 2018-07-20] (Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2938504 2018-02-15] (Avira Operations GmbH & Co. KG)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2137280 2018-04-17] (Bitdefender)
S3 BdVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [108072 2018-05-30] (Bitdefender)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Corporation)
S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\69.0.3497.7\remoting_host.exe [72024 2018-07-23] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522928 2018-06-30] (Microsoft Corporation)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [105936 2018-05-08] (Bitdefender)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-19] (EasyAntiCheat Ltd)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [674768 2018-03-11] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S4 ETGMGlcsSrv; C:\Program Files (x86)\HV-MS732 Gaming mouse\ETGMSrv.exe [1181544 2012-04-24] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 MySQL80; C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe [44932096 2018-04-08] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
S3 RunSwUSB; C:\Windows\runSW.exe [44104 2014-01-16] ()
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] ()
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [286208 2018-07-13] (Microsoft Corporation)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [112712 2018-05-16] (Bitdefender)
S4 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [293704 2018-03-13] (KeepSolid Inc.)
S3 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2016-10-11] (CYREN Inc.)
S3 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2016-10-11] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2016-10-11] (CYREN Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1001072 2018-05-16] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [522624 2018-05-16] (Bitdefender)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-06-19] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-06-19] (Microsoft Corporation)
R2 WPSService20; C:\Program Files (x86)\REALTEK\REALTEK USB Wireless LAN Driver\WPSService20.exe [96768 2013-05-07] () [File not signed]
R2 ZAMSvc; C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAM.exe [15814392 2018-02-14] (Copyright 2018.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S4 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-29] (The OpenVPN Project)
R2 AMP; C:\WINDOWS\system32\Drivers\amp.sys [181512 2016-10-11] (CYREN Inc.)
R2 AMPSE; C:\WINDOWS\system32\Drivers\ampse.sys [1793288 2016-10-11] (CYREN Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1177008 2018-05-16] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1723552 2018-05-16] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-05-16] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [130840 2018-05-16] (BitDefender LLC)
R2 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [45104 2018-05-16] (© Bitdefender SRL)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96448 2018-05-16] (BitDefender)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [142952 2018-05-16] (Emsisoft Ltd)
S0 eppdisk; C:\WINDOWS\System32\drivers\eppdisk.sys [37064 2018-04-02] (Emsisoft Ltd)
R3 GrdKey; C:\WINDOWS\system32\DRIVERS\grdkey.sys [1211136 2017-12-27] (Aktiv Co.)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [189544 2018-05-16] (BitDefender LLC)
R0 ignis; C:\WINDOWS\System32\DRIVERS\ignis.sys [191592 2018-05-16] (Bitdefender)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-07] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52ac7eb8f32780d5\nvlddmkm.sys [17211376 2018-08-01] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31200 2018-05-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-07-30] (NVIDIA Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2018-08-01] (Greatis Software)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1106256 2018-06-24] (Realtek )
R3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [8228688 2018-05-03] (Realtek Semiconductor Corporation )
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-11] (Microsoft Corporation)
S3 tapvyprvpn; C:\WINDOWS\System32\drivers\tapvyprvpn.sys [44896 2015-09-28] (The OpenVPN Project)
R1 tmcomm; C:\WINDOWS\system32\DRIVERS\tmcomm.sys [334488 2017-10-17] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-08-08] ()
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [609576 2018-08-02] (Bitdefender)
R3 usbglcs1100302; C:\WINDOWS\system32\drivers\usbglcs1100302.sys [25600 2014-06-11] (Windows ® Win 7 DDK provider)
R3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [213080 2018-07-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [222864 2018-07-16] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-06-19] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313384 2018-06-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-06-19] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2017-12-21] (Wellbia.com Co., Ltd.)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [250024 2018-03-08] (Copyright 2017.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [250024 2018-03-08] (Copyright 2017.)
S1 netfilter2; system32\drivers\netfilter2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-08 23:43 - 2018-08-08 23:43 - 000001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-08-08 20:13 - 2018-08-08 20:13 - 000027509 _____ C:\Users\Shane\Downloads\luckyproject.aup
2018-08-08 20:11 - 2018-08-08 20:11 - 000000000 ____D C:\Users\Shane\Downloads\luckyproject_data
2018-08-08 00:44 - 2018-08-08 00:44 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-08-08 00:42 - 2018-08-08 00:42 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-08 00:39 - 2018-08-08 00:40 - 027093048 _____ (Adlice Software) C:\Users\Shane\Downloads\RogueKiller_portable64.exe
2018-08-08 00:37 - 2018-08-08 00:37 - 000000000 ____D C:\ProgramData\Emsisoft
2018-08-08 00:35 - 2018-08-08 00:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2018-08-08 00:35 - 2018-04-02 20:18 - 000037064 _____ (Emsisoft Ltd) C:\WINDOWS\system32\Drivers\eppdisk.sys
2018-08-08 00:33 - 2018-08-08 00:43 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-08-08 00:21 - 2018-08-08 00:21 - 000000000 ____D C:\Users\Shane\Doctor Web
2018-08-08 00:21 - 2018-08-08 00:21 - 000000000 ____D C:\ProgramData\Doctor Web
2018-08-08 00:19 - 2018-08-08 00:19 - 000000010 _____ C:\Users\Shane\AppData\Local\sponge.last.runtime.cache
2018-08-08 00:19 - 2018-08-08 00:04 - 002527376 _____ (Trend Micro Inc.) C:\Users\Shane\Desktop\HousecallLauncher64.exe
2018-08-08 00:15 - 2018-08-08 00:15 - 000000000 ____D C:\WINDOWS\Trend Micro
2018-08-08 00:15 - 2018-08-08 00:15 - 000000000 ____D C:\ProgramData\Trend Micro
2018-08-08 00:08 - 2018-08-08 00:15 - 325974784 _____ (Emsisoft Ltd. ) C:\Users\Shane\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2018-08-08 00:07 - 2017-10-17 09:40 - 000334488 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2018-08-08 00:06 - 2018-08-08 00:06 - 000000036 _____ C:\Users\Shane\AppData\Local\housecall.guid.cache
2018-08-08 00:04 - 2018-08-08 00:21 - 000094660 _____ C:\Users\Shane\Downloads\Addition.txt
2018-08-08 00:04 - 2018-08-08 00:04 - 002527376 _____ (Trend Micro Inc.) C:\Users\Shane\Downloads\HousecallLauncher64.exe
2018-08-07 23:57 - 2018-08-08 00:21 - 000110409 _____ C:\Users\Shane\Downloads\FRST.txt
2018-08-07 23:56 - 2018-08-09 19:37 - 000000000 ____D C:\FRST
2018-08-07 16:53 - 2018-08-07 16:53 - 001786768 _____ (GridinSoft LLC) C:\Users\Shane\Downloads\TrojanKiller-Setup.exe
2018-08-07 16:31 - 2018-08-09 15:03 - 000000000 ____D C:\ProgramData\TEMP
2018-08-07 16:14 - 2018-08-07 16:14 - 000000000 ____D C:\Users\Shane\Documents\Simply Super Software
2018-08-07 16:01 - 2018-08-07 23:28 - 000001627 _____ C:\bdlog.txt
2018-08-07 15:41 - 2018-08-07 15:41 - 000000022 _____ C:\Users\Shane\Downloads\ESETPoweliksCleaner.exe_20180807.154101.70292.zip
2018-08-07 15:38 - 2018-08-07 15:38 - 000549504 _____ (ESET) C:\Users\Shane\Downloads\ESETPoweliksCleaner.exe
2018-08-07 13:59 - 2018-08-07 14:00 - 3293432832 _____ C:\Users\Shane\Downloads\ShaneCalerFinalSparkVideo(backup).avi
2018-08-07 13:56 - 2018-08-07 13:56 - 000193018 _____ C:\Users\Shane\Downloads\2018-08-05_BAK1.MV_
2018-08-07 13:55 - 2018-08-07 13:56 - 055185649 _____ C:\Users\Shane\Downloads\ShaneCalerFinalSparkVideo.mp4
2018-08-07 13:45 - 2018-08-07 13:45 - 000193804 _____ C:\Users\Shane\Downloads\2018-08-05_BAK0.MV_
2018-08-07 13:42 - 2018-08-07 14:03 - 000115968 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community_mp4.H0
2018-08-06 16:49 - 2018-08-06 16:49 - 000002080 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-08-06 16:49 - 2018-08-06 16:49 - 000002078 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-08-06 16:49 - 2018-08-06 16:49 - 000002068 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-08-06 16:49 - 2018-08-06 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-08-06 16:49 - 2018-08-06 16:49 - 000000000 ____D C:\Program Files\Google
2018-08-06 16:44 - 2018-08-06 16:44 - 001130840 _____ (Google Inc.) C:\Users\Shane\Downloads\installbackupandsync.exe
2018-08-05 15:05 - 2018-08-07 14:03 - 000194224 _____ C:\Users\Shane\Downloads\2018-08-05.MVP
2018-08-05 15:05 - 2018-08-05 15:06 - 062233124 _____ C:\Users\Shane\ES1022-final-spark-video.mp4
2018-08-05 15:04 - 2018-08-07 14:03 - 000002604 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community_mp4.HDP
2018-08-05 14:21 - 2018-08-05 14:23 - 038190148 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community.mp4
2018-08-05 13:56 - 2018-08-05 13:57 - 023950701 _____ C:\Users\Shane\Downloads\videoplayback (3).mp4
2018-08-05 13:43 - 2018-08-05 13:44 - 037051109 _____ C:\Users\Shane\Downloads\videoplayback (2).mp4
2018-08-05 13:17 - 2018-08-05 13:18 - 009093906 _____ C:\Users\Shane\Downloads\videoplayback (1).mp4
2018-08-05 13:14 - 2018-08-05 13:14 - 003348413 _____ C:\Users\Shane\Downloads\videoplayback.mp4
2018-08-05 13:13 - 2018-08-05 13:13 - 002167977 _____ C:\Users\Shane\Downloads\videoplayback.3gp
2018-08-05 11:53 - 2018-08-05 12:00 - 000000200 _____ C:\Users\Shane\_netrc
2018-08-05 11:53 - 2018-08-05 11:53 - 000000000 ____D C:\Users\Shane\AppData\Local\heroku
2018-08-04 21:47 - 2018-08-04 21:47 - 000000000 ____D C:\Users\Shane\AppData\Local\ElDewrito
2018-08-04 21:19 - 2018-08-09 16:55 - 000000000 ____D C:\Users\Shane\Downloads\Halo Online 0.6
2018-08-04 15:32 - 2018-08-04 15:32 - 000316722 _____ C:\Users\Shane\Downloads\current.musicology.89.bothwell.95-102.pdf
2018-08-04 15:07 - 2018-08-04 15:08 - 002089612 _____ C:\Users\Shane\Downloads\9781134845712_googlepreview.pdf
2018-08-04 14:59 - 2018-08-04 14:59 - 000508262 _____ C:\Users\Shane\Downloads\9781134243648_preview.pdf
2018-08-04 14:59 - 2018-08-04 14:59 - 000508262 _____ C:\Users\Shane\Downloads\9781134243648_preview (1).pdf
2018-08-03 22:38 - 2018-08-03 22:38 - 002130484 _____ C:\Users\Shane\Downloads\css-grid-master.zip
2018-08-03 11:53 - 2018-08-04 04:04 - 000029748 _____ C:\WINDOWS\SysWOW64\MyDefrag.dat
2018-08-03 00:13 - 2018-07-30 10:50 - 000132488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-08-03 00:10 - 2018-08-03 00:10 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-08-03 00:09 - 2018-08-03 00:09 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-03 00:09 - 2018-08-03 00:09 - 000002290 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-03 00:06 - 2018-08-01 02:50 - 004352880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 003769016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 002002448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439882.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001565048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001467920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439882.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001420576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001218528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001094128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000749936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000628920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000608544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000518488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 040346808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 035250008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 031250184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 025966552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 013728728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 011273816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 001159120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000906808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000816392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000654760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000635968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 017756224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 015170808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 001349384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 001065688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-08-03 00:06 - 2018-08-01 02:47 - 004128280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-08-02 23:13 - 2018-08-02 23:13 - 000000000 ____D C:\Users\Shane\AppData\Roaming\VS Revo Group
2018-08-02 11:07 - 2018-08-02 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reanimator
2018-08-02 00:57 - 2018-08-02 00:58 - 000004016 _____ C:\Users\Shane\Downloads\netadapter-log-2018-08-02-0-57-04.txt
2018-08-02 00:56 - 2018-08-02 00:56 - 000003392 _____ C:\Users\Shane\Downloads\netadapter-log-2018-08-02-0-56-43.txt
2018-08-02 00:15 - 2018-08-02 00:15 - 002091520 _____ (Conner Bernhard) C:\Users\Shane\Downloads\NetAdapterRepair1.2.exe
2018-08-01 23:52 - 2018-08-07 23:46 - 000002592 _____ C:\Users\Shane\Desktop\Rkill.txt
2018-08-01 23:50 - 2018-08-01 23:50 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Shane\Downloads\rkill (1).exe
2018-08-01 23:29 - 2018-08-07 23:29 - 000000250 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2018-08-01 23:26 - 2018-08-07 16:01 - 000000000 ____D C:\@RestoreQuarantine
2018-08-01 22:47 - 2018-08-01 22:47 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-08-01 21:40 - 2018-08-07 15:53 - 000000000 ____D C:\ProgramData\RegRun
2018-08-01 21:21 - 2018-08-01 21:21 - 000040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2018-08-01 21:21 - 2018-08-01 20:56 - 000000985 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-08-01 21:20 - 2018-08-08 00:02 - 000000000 ____D C:\Users\Shane\Documents\RegRun2
2018-08-01 21:20 - 2018-08-08 00:02 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2018-08-01 21:20 - 2018-08-04 10:18 - 000003408 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2018-08-01 21:20 - 2018-08-04 10:18 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-08-01 21:20 - 2018-08-01 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2018-08-01 21:20 - 2018-06-13 15:51 - 000014984 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2018-08-01 21:20 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2018-08-01 21:17 - 2018-06-13 05:51 - 019073856 _____ (Greatis Software, LLC. ) C:\Users\Shane\Downloads\unhackme_setup.exe
2018-08-01 16:16 - 2018-08-01 16:16 - 000002500 _____ C:\Users\Shane\Desktop\Word.lnk
2018-08-01 13:46 - 2018-08-01 13:46 - 000002308 _____ C:\Users\Shane\Desktop\Google Chrome.lnk
2018-08-01 13:22 - 2018-08-03 22:37 - 000000000 ____D C:\Users\Shane\Desktop\IDE's
2018-08-01 13:21 - 2018-08-01 13:45 - 000000000 ____D C:\Users\Shane\Desktop\Browsers
2018-08-01 13:21 - 2018-08-01 13:24 - 000000000 ____D C:\Users\Shane\Desktop\Games
2018-08-01 13:20 - 2018-08-09 19:37 - 000000000 ____D C:\Users\Shane\Desktop\Security  Tools
2018-07-31 01:46 - 2018-07-31 01:46 - 000000000 ____D C:\WINDOWS\Panther
2018-07-30 20:22 - 2018-07-30 20:22 - 001293777 _____ C:\Users\Shane\Downloads\minidumper.zip
2018-07-30 19:16 - 2018-07-30 19:16 - 000000000 ____D C:\Users\Shane\Apple
2018-07-30 17:34 - 2018-07-30 17:34 - 000000000 ____D C:\ProgramData\Apple Computer
2018-07-30 15:00 - 2018-07-30 15:00 - 000001400 _____ C:\Users\Shane\Downloads\dhcp.pcap
2018-07-30 14:58 - 2018-07-30 14:58 - 000125201 _____ C:\Users\Shane\Downloads\samples.zip
2018-07-30 11:12 - 2018-07-30 11:12 - 192962560 ____N C:\WINDOWS\system32\config\software.amg
2018-07-30 11:09 - 2018-07-30 11:09 - 000000000 ____D C:\Users\Shane\AppData\Local\ESET
2018-07-30 07:25 - 2018-07-30 07:25 - 005414064 _____ (Avira Operations GmbH & Co. KG) C:\Users\Shane\Downloads\avira_en_asu60_3080799118_egg2xi2885693g28gcnb_wd.exe
2018-07-30 06:46 - 2018-07-30 06:46 - 003001296 _____ C:\Users\Shane\Downloads\SecurityTaskManager_Setup.exe
2018-07-30 00:27 - 2018-07-30 00:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-07-30 00:27 - 2018-07-30 00:27 - 000000000 ____D C:\Program Files\VS Revo Group
2018-07-29 23:38 - 2018-07-14 17:58 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-29 23:38 - 2018-07-14 17:56 - 001523240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-07-29 23:38 - 2018-07-14 17:44 - 006587392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-07-29 23:38 - 2018-07-14 17:44 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-29 23:38 - 2018-07-14 17:43 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-29 23:38 - 2018-07-14 17:42 - 008624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-29 23:38 - 2018-07-14 17:42 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-29 23:38 - 2018-07-14 17:41 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-07-29 23:38 - 2018-07-14 17:41 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2018-07-29 23:38 - 2018-07-14 17:39 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-29 23:38 - 2018-07-14 17:39 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-29 23:38 - 2018-07-14 17:38 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-29 23:38 - 2018-07-14 17:36 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-29 23:38 - 2018-07-14 16:28 - 001327424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-07-29 23:38 - 2018-07-14 16:18 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-07-29 23:38 - 2018-07-14 16:17 - 011901440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-29 23:38 - 2018-07-14 16:15 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-29 23:38 - 2018-07-14 16:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-29 23:38 - 2018-07-14 16:13 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-29 23:38 - 2018-07-14 16:11 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-29 23:38 - 2018-07-13 23:46 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-29 23:38 - 2018-07-13 23:42 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-29 23:38 - 2018-07-13 21:37 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-07-29 23:38 - 2018-07-13 21:37 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-07-29 23:38 - 2018-07-13 21:30 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-29 23:38 - 2018-07-13 21:24 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-29 23:38 - 2018-07-13 21:23 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-29 23:38 - 2018-07-13 21:23 - 000760888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-29 23:38 - 2018-07-13 21:23 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-29 23:38 - 2018-07-13 21:22 - 006813744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-29 23:38 - 2018-07-13 21:22 - 001144664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-29 23:38 - 2018-07-13 21:22 - 000510392 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-29 23:38 - 2018-07-13 21:22 - 000203560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-07-29 23:38 - 2018-07-13 21:21 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-29 23:38 - 2018-07-13 21:21 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-29 23:38 - 2018-07-13 21:21 - 000722824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-07-29 23:38 - 2018-07-13 21:21 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-07-29 23:38 - 2018-07-13 21:20 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-29 23:38 - 2018-07-13 21:20 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-29 23:38 - 2018-07-13 21:20 - 000184472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-07-29 23:38 - 2018-07-13 21:20 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-29 23:38 - 2018-07-13 21:19 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-29 23:38 - 2018-07-13 21:19 - 000981920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 000636944 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-07-29 23:38 - 2018-07-13 21:19 - 000483024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 007436112 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 002563984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 002371416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 001017584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 000930712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-29 23:38 - 2018-07-13 21:18 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 000443216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 000376216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-07-29 23:38 - 2018-07-13 21:17 - 006527056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-29 23:38 - 2018-07-13 21:17 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-29 23:38 - 2018-07-13 21:17 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-29 23:38 - 2018-07-13 21:17 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-29 23:38 - 2018-07-13 21:17 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-29 23:38 - 2018-07-13 21:17 - 000743320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-07-29 23:38 - 2018-07-13 21:16 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-29 23:38 - 2018-07-13 21:16 - 001143096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-29 23:38 - 2018-07-13 21:16 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 006044112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-29 23:38 - 2018-07-13 21:15 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-29 23:38 - 2018-07-13 21:08 - 022006784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-29 23:38 - 2018-07-13 21:03 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-29 23:38 - 2018-07-13 21:03 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-07-29 23:38 - 2018-07-13 21:01 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-29 23:38 - 2018-07-13 21:01 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-29 23:38 - 2018-07-13 21:00 - 022714368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-29 23:38 - 2018-07-13 20:59 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-29 23:38 - 2018-07-13 20:59 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-29 23:38 - 2018-07-13 20:59 - 003553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 008188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 007057920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 004331008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 004559872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 002697216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Controls.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 001703936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Controls.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 001558016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdPinAuthLsa.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe
2018-07-29 23:38 - 2018-07-13 20:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe
2018-07-29 23:38 - 2018-07-13 20:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-07-29 23:38 - 2018-07-13 20:55 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdBroker.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-07-29 23:38 - 2018-07-13 20:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2018-07-29 23:38 - 2018-07-13 20:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 003319808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-07-29 23:38 - 2018-07-13 20:54 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 004770816 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 002904576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 001747968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 001304064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-29 23:38 - 2018-07-13 20:50 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 001359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-07-29 23:38 - 2018-07-13 20:49 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-29 23:38 - 2018-07-13 19:35 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-29 18:48 - 2018-07-29 18:48 - 000002196 _____ C:\Users\Shane\Downloads\Demons - Inspired Tory Lanez x Travis Scott Type Beat Instrumental ( Prod. dannyebtracks).aup
2018-07-29 18:22 - 2018-07-29 18:22 - 001353240 _____ (Microsoft Corporation) C:\Users\Shane\Downloads\winsdksetup.exe
2018-07-29 16:57 - 2018-07-29 16:57 - 002159149 _____ C:\Users\Shane\Downloads\volatility-2.3.1.win32.exe
2018-07-29 16:56 - 2018-07-29 16:56 - 000000000 ____D C:\ProgramData\Guardant
2018-07-29 16:50 - 2018-07-29 16:50 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Passware
2018-07-29 16:49 - 2018-07-29 16:49 - 010021892 _____ C:\volatility-2.3.1.standalone.exe
2018-07-29 16:49 - 2018-07-29 16:49 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Belkasoft
2018-07-29 16:49 - 2018-07-29 16:49 - 000000000 ____D C:\Users\Shane\AppData\Local\Belkasoft
2018-07-29 16:48 - 2018-07-29 16:48 - 000000000 ____D C:\ProgramData\Belkasoft
2018-07-29 16:47 - 2018-07-29 16:47 - 000000000 ____D C:\Program Files\Common Files\Guardant
2018-07-29 16:47 - 2017-12-27 13:58 - 000680760 _____ (Aktiv Co.) C:\WINDOWS\system32\grddrv.cpl
2018-07-29 16:47 - 2017-12-27 13:58 - 000657208 _____ (Aktiv Co.) C:\WINDOWS\SysWOW64\grddiag.exe
2018-07-29 16:47 - 2017-12-27 13:58 - 000394552 _____ (Aktiv Co.) C:\WINDOWS\system32\grddrv.dll
2018-07-29 16:46 - 2018-07-03 13:04 - 000011024 ____N C:\Users\Shane\Downloads\README.txt
2018-07-29 16:46 - 2018-07-03 13:04 - 000000639 ____N C:\Users\Shane\Downloads\File_id.diz
2018-07-29 16:12 - 2018-07-29 16:12 - 000000000 ____D C:\Users\Shane\lucky_data
2018-07-25 17:09 - 2018-07-25 17:09 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Giegerich & Partner GmbH
2018-07-25 17:08 - 2018-07-25 17:08 - 000000000 ____D C:\Program Files (x86)\Giegerich und Partner GmbH
2018-07-25 17:00 - 2018-07-25 17:00 - 003749353 _____ C:\Users\Shane\Downloads\gnupg-1.4.23.tar.bz2
2018-07-25 16:38 - 2018-08-07 14:53 - 000000000 ____D C:\Users\Shane\AppData\Local\Microsoft_Corporation
2018-07-25 16:38 - 2018-07-30 10:40 - 000000000 ____D C:\Users\Shane\AppData\Roaming\OutlookPrivacyPlugin
2018-07-25 16:36 - 2018-07-25 17:03 - 000000000 ____D C:\Users\Shane\AppData\Local\Deployment
2018-07-25 16:36 - 2018-07-25 16:36 - 000000000 ____D C:\Program Files (x86)\Outlook Privacy Plugin
2018-07-25 16:27 - 2018-07-25 16:27 - 000002751 _____ C:\Users\Shane\Downloads\Untitled (1)
2018-07-25 16:27 - 2018-07-25 16:27 - 000000011 _____ C:\Users\Shane\Downloads\Untitled
2018-07-25 16:23 - 2018-07-25 16:23 - 000013951 _____ C:\Users\Shane\Downloads\smime.p7m
2018-07-24 22:05 - 2018-07-24 22:05 - 000003145 _____ C:\Users\Shane\Downloads\Testy_McTest_pub.asc
2018-07-24 21:46 - 2018-07-24 21:46 - 000000000 ____D C:\Users\Shane\AppData\Local\pEp
2018-07-24 21:41 - 2018-07-30 15:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-07-24 21:41 - 2018-07-24 21:48 - 000000000 ____D C:\Users\Shane\AppData\Local\Thunderbird
2018-07-24 21:41 - 2018-07-24 21:41 - 000001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-07-24 21:41 - 2018-07-24 21:41 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Thunderbird
2018-07-24 21:40 - 2018-07-24 21:40 - 002848262 _____ C:\Users\Shane\Downloads\enigmail-2.0.7-sm+tb.xpi
2018-07-24 19:31 - 2018-07-24 22:16 - 000000000 ____D C:\Users\Shane\AppData\Roaming\kleopatra
2018-07-24 19:30 - 2018-08-06 22:23 - 000000000 ____D C:\Users\Shane\AppData\Roaming\gnupg
2018-07-24 19:30 - 2018-07-24 19:30 - 000002123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk
2018-07-24 19:30 - 2018-07-24 19:30 - 000001225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPA.lnk
2018-07-24 19:30 - 2018-07-24 19:30 - 000000000 ____D C:\Program Files (x86)\Gpg4win
2018-07-24 19:30 - 2018-07-24 19:30 - 000000000 ____D C:\Program Files (x86)\GnuPG
2018-07-23 23:33 - 2018-07-23 23:33 - 000312869 _____ C:\Users\Shane\Downloads\ZAPGettingStartedGuide-2.6.pdf
2018-07-23 20:49 - 2018-07-12 21:34 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-23 20:49 - 2018-07-12 21:32 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-23 20:49 - 2018-07-12 21:30 - 002718624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-23 20:49 - 2018-07-12 20:59 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-23 20:49 - 2018-07-11 03:23 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-23 20:49 - 2018-07-11 02:24 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-23 19:53 - 2018-07-23 19:53 - 000000000 ____D C:\Program Files\MySQL
2018-07-23 19:46 - 2018-07-23 19:49 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
2018-07-23 19:42 - 2018-07-23 19:53 - 000000000 ____D C:\ProgramData\MySQL
2018-07-23 19:42 - 2018-07-23 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2018-07-23 19:42 - 2018-07-23 19:42 - 000000000 ____D C:\WINDOWS\System32\Tasks\MySQL
2018-07-23 19:42 - 2018-07-23 19:42 - 000000000 ____D C:\Program Files (x86)\MySQL
2018-07-23 19:30 - 2018-07-23 19:56 - 503031808 ____N C:\Users\Shane\Downloads\DVWA-1.0.7.iso
2018-07-23 19:13 - 2018-07-23 19:14 - 000000000 ____D C:\DVWA-master
2018-07-22 17:38 - 2018-07-22 17:38 - 000001156 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2018-07-22 17:38 - 2018-07-22 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2018-07-22 12:07 - 2018-07-23 21:01 - 000000939 _____ C:\WINDOWS\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749}.job
2018-07-22 12:07 - 2018-07-22 12:07 - 000004136 _____ C:\WINDOWS\System32\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749}
2018-07-19 09:57 - 2018-07-19 12:23 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-17 20:37 - 2018-07-17 20:37 - 000001005 _____ C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
2018-07-16 12:35 - 2018-07-16 12:35 - 000222864 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys
2018-07-16 12:35 - 2018-07-16 12:35 - 000213080 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys
2018-07-10 14:30 - 2018-07-05 23:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-10 14:29 - 2018-07-06 07:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-10 14:29 - 2018-07-06 07:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-10 14:29 - 2018-07-06 07:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-10 14:29 - 2018-07-06 07:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-10 14:29 - 2018-07-06 07:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-10 14:29 - 2018-07-06 07:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-10 14:29 - 2018-07-06 07:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-10 14:29 - 2018-07-06 07:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-10 14:29 - 2018-07-06 07:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-10 14:29 - 2018-07-06 07:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-10 14:29 - 2018-07-06 07:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-10 14:29 - 2018-07-06 06:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-10 14:29 - 2018-07-06 06:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-10 14:29 - 2018-07-06 06:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-10 14:29 - 2018-07-06 06:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-10 14:29 - 2018-07-06 05:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-10 14:29 - 2018-07-06 04:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-10 14:29 - 2018-07-06 04:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-10 14:29 - 2018-07-06 00:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-10 14:29 - 2018-07-06 00:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-10 14:29 - 2018-07-06 00:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-10 14:29 - 2018-07-06 00:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-10 14:29 - 2018-07-06 00:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-10 14:29 - 2018-07-06 00:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-10 14:29 - 2018-07-06 00:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-10 14:29 - 2018-07-06 00:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-10 14:29 - 2018-07-06 00:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-10 14:29 - 2018-07-06 00:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-10 14:29 - 2018-07-06 00:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-10 14:29 - 2018-07-06 00:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-10 14:29 - 2018-07-06 00:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-10 14:29 - 2018-07-06 00:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-10 14:29 - 2018-07-06 00:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-10 14:29 - 2018-07-06 00:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-10 14:29 - 2018-07-06 00:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-10 14:29 - 2018-07-06 00:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-10 14:29 - 2018-07-06 00:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-10 14:29 - 2018-07-06 00:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-10 14:29 - 2018-07-06 00:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-10 14:29 - 2018-07-06 00:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-10 14:29 - 2018-07-06 00:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-10 14:29 - 2018-07-06 00:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-10 14:29 - 2018-07-06 00:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-10 14:29 - 2018-07-06 00:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-10 14:29 - 2018-07-06 00:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-10 14:29 - 2018-07-05 23:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-10 14:29 - 2018-07-05 23:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-10 14:29 - 2018-07-05 23:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-10 14:29 - 2018-07-05 23:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-10 14:29 - 2018-07-05 23:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-10 14:29 - 2018-07-05 23:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-10 14:29 - 2018-07-05 23:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-10 14:29 - 2018-07-05 23:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-10 14:29 - 2018-07-05 23:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-10 14:29 - 2018-07-05 23:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-10 14:29 - 2018-07-05 23:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-10 14:29 - 2018-07-05 23:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-10 14:29 - 2018-07-05 23:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-10 14:29 - 2018-07-05 23:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-10 14:29 - 2018-07-05 23:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-10 14:29 - 2018-07-05 23:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-10 14:29 - 2018-07-05 23:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-10 14:29 - 2018-07-05 23:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-10 14:29 - 2018-07-05 23:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-10 14:29 - 2018-07-05 23:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-10 14:29 - 2018-07-05 23:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-10 14:29 - 2018-07-05 23:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-10 14:29 - 2018-07-05 23:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-10 14:29 - 2018-07-05 23:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-10 14:29 - 2018-07-05 23:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-10 14:29 - 2018-07-05 23:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-10 14:29 - 2018-07-05 23:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-10 14:29 - 2018-07-05 23:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-10 14:29 - 2018-07-05 23:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-10 14:29 - 2018-07-05 23:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-10 14:29 - 2018-07-05 23:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-10 14:29 - 2018-07-05 23:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-10 14:29 - 2018-07-05 23:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-10 14:29 - 2018-07-05 23:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-10 14:29 - 2018-07-05 23:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-10 14:29 - 2018-07-05 23:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-10 14:29 - 2018-07-05 23:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-10 14:29 - 2018-07-05 23:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-10 14:29 - 2018-07-05 23:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-10 14:29 - 2018-07-05 23:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-10 14:29 - 2018-07-05 23:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-10 14:29 - 2018-07-05 23:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-10 14:29 - 2018-07-05 23:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-10 14:29 - 2018-07-05 23:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-09 19:40 - 2018-03-08 12:13 - 001745554 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-08-09 19:40 - 2018-03-08 12:13 - 001718404 _____ C:\WINDOWS\ZAM.krnl.trace
2018-08-09 19:34 - 2014-12-16 16:37 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-08-09 19:31 - 2014-12-16 16:37 - 000000000 ____D C:\Users\Shane\AppData\Local\Battle.net
2018-08-09 18:59 - 2015-09-10 12:37 - 000000000 ____D C:\Program Files (x86)\DebugMode
2018-08-09 18:56 - 2017-12-18 13:51 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Audacity
2018-08-09 18:41 - 2018-05-18 13:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-09 17:44 - 2016-12-10 18:11 - 000000000 ____D C:\Program Files (x86)\Overwatch Test
2018-08-09 16:55 - 2014-12-17 11:05 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-08-09 15:03 - 2015-03-04 22:53 - 000000000 ____D C:\Users\Shane\AppData\Local\CrashDumps
2018-08-09 14:12 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-09 12:25 - 2017-05-19 01:10 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-09 08:27 - 2018-04-11 14:04 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2018-08-08 23:43 - 2018-05-18 14:21 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1487318455
2018-08-08 23:43 - 2015-07-31 10:20 - 000000000 ____D C:\Program Files (x86)\Opera
2018-08-08 22:01 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-08 22:01 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-08 13:51 - 2014-12-17 12:19 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 10:03 - 2013-08-22 08:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-08-08 08:18 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-08 00:39 - 2018-03-14 21:41 - 000000000 ____D C:\Users\Public\Speedup Sessions
2018-08-08 00:21 - 2018-05-18 13:40 - 000000000 ____D C:\Users\Shane
2018-08-07 23:43 - 2014-12-16 16:16 - 000000000 ____D C:\Users\Shane\AppData\Local\NVIDIA Corporation
2018-08-07 23:36 - 2018-05-18 13:39 - 000936252 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-07 23:36 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-07 23:29 - 2018-05-18 14:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-07 23:28 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-08-07 22:09 - 2018-06-07 00:59 - 000000000 ____D C:\Users\Shane\Desktop\ReactProjects
2018-08-07 21:04 - 2018-05-30 18:31 - 000000000 ____D C:\Users\Shane\AppData\Local\D3DSCache
2018-08-07 16:59 - 2018-07-07 20:51 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-07 14:04 - 2018-06-25 14:11 - 000003208 _____ C:\WINDOWS\System32\Tasks\iolo Process Governor
2018-08-07 13:56 - 2018-05-27 02:02 - 000000000 ____D C:\Users\Shane\AppData\LocalLow\Mozilla
2018-08-06 22:05 - 2018-04-26 14:07 - 000000000 ____D C:\Users\Shane\AppData\Roaming\npm
2018-08-06 21:47 - 2016-09-09 11:11 - 000000000 ____D C:\Users\Shane\AppData\Roaming\discord
2018-08-06 16:49 - 2014-12-17 12:09 - 000000000 ____D C:\Users\Shane\AppData\Local\Google
2018-08-06 00:21 - 2014-12-17 12:09 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-05 15:07 - 2016-09-24 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2018-08-04 04:38 - 2016-09-09 11:11 - 000000000 ____D C:\Users\Shane\AppData\Local\Discord
2018-08-04 04:04 - 2016-11-29 16:03 - 000056998 _____ C:\WINDOWS\SysWOW64\Defrag.debuglog
2018-08-03 16:17 - 2017-12-01 03:27 - 000000000 ____D C:\Users\Shane\AppData\Local\Packages
2018-08-03 11:08 - 2018-06-11 22:54 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-08-03 11:08 - 2017-05-19 01:10 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-08-03 00:14 - 2015-12-22 23:05 - 000000000 ____D C:\Temp
2018-08-03 00:14 - 2014-12-13 02:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-08-03 00:12 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\Help
2018-08-03 00:11 - 2014-12-16 16:16 - 000000000 ____D C:\Users\Shane\AppData\Local\NVIDIA
2018-08-02 23:39 - 2017-12-05 16:42 - 000000000 ____D C:\Users\Public\Games
2018-08-02 11:35 - 2016-12-11 14:18 - 000609576 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2018-08-02 02:08 - 2018-05-18 13:40 - 000000000 ____D C:\Users\Administrator
2018-08-02 01:49 - 2015-07-31 11:46 - 000000000 ____D C:\AdwCleaner
2018-08-01 23:48 - 2018-06-30 18:34 - 000003734 _____ C:\WINDOWS\System32\Tasks\JavaUpdateSched
2018-08-01 23:48 - 2018-06-30 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-08-01 23:48 - 2015-01-11 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-08-01 23:48 - 2015-01-11 15:30 - 000000000 ____D C:\Program Files\Java
2018-08-01 23:47 - 2018-06-30 18:33 - 000145272 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-08-01 23:09 - 2016-11-29 13:29 - 000000000 ____D C:\Users\Shane\Desktop\OldDesktopStuff 11-29-2016
2018-08-01 22:46 - 2018-05-18 07:59 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-08-01 22:44 - 2018-01-05 12:48 - 000000000 ____D C:\netfilter2
2018-08-01 21:01 - 2016-12-12 15:02 - 000000000 ____D C:\Users\Shane\Desktop\class work
2018-08-01 02:47 - 2018-04-03 09:00 - 004858224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-07-31 11:24 - 2015-12-05 20:10 - 000000000 ____D C:\NVIDIA
2018-07-31 11:23 - 2015-09-16 19:47 - 000000000 ____D C:\Users\Shane\.VirtualBox
2018-07-30 19:05 - 2018-06-13 00:25 - 000000000 ____D C:\ProgramData\Packages
2018-07-30 17:34 - 2018-06-03 18:38 - 000000000 ____D C:\ProgramData\Apple
2018-07-30 16:40 - 2015-04-12 17:52 - 000000000 ____D C:\Users\Shane\AppData\Local\Downloaded Installations
2018-07-30 16:31 - 2017-12-22 17:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-07-30 16:22 - 2014-12-31 13:26 - 000000000 ____D C:\ProgramData\Norton
2018-07-30 16:18 - 2015-10-20 21:16 - 000000000 ____D C:\Users\Shane\.thumbnails
2018-07-30 16:18 - 2015-07-31 10:48 - 000000000 ____D C:\ProgramData\MFAData
2018-07-30 16:17 - 2017-05-08 10:30 - 000000000 ____D C:\Users\Shane\.idlerc
2018-07-30 16:17 - 2015-12-05 19:41 - 000000000 ____D C:\Users\Shane\.oracle_jre_usage
2018-07-30 16:17 - 2015-03-05 13:34 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Mumble
2018-07-30 16:17 - 2015-01-27 23:42 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Skype
2018-07-30 16:07 - 2015-08-24 22:00 - 000000000 ____D C:\Users\Shane\AppData\LocalLow\Temp
2018-07-30 16:07 - 2015-08-21 23:31 - 000000000 ____D C:\Intel
2018-07-30 15:49 - 2018-05-12 16:30 - 000000000 ____D C:\xampp
2018-07-30 15:48 - 2016-09-15 12:32 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-07-30 15:48 - 2016-09-15 12:26 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-07-30 15:48 - 2016-06-17 11:47 - 000000000 ____D C:\adbLink
2018-07-30 15:47 - 2016-11-13 02:07 - 000000000 ____D C:\Program Files (x86)\InnerSpace
2018-07-30 15:47 - 2016-09-09 11:11 - 000000000 ____D C:\Users\Shane\AppData\Local\SquirrelTemp
2018-07-30 15:47 - 2016-06-03 13:32 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Sony
2018-07-30 15:47 - 2015-09-02 17:17 - 000000000 ____D C:\Users\Shane\Documents\Add-in Express
2018-07-30 15:46 - 2018-05-09 01:32 - 000000000 ____D C:\Program Files\Sublime Text 3
2018-07-30 15:46 - 2017-12-16 18:35 - 000000000 ____D C:\Program Files (x86)\VPN Unlimited
2018-07-30 15:46 - 2016-09-22 19:09 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2018-07-30 15:46 - 2015-04-20 11:46 - 000000000 ____D C:\Program Files (x86)\CarbonPoker Odds Calculator
2018-07-30 15:46 - 2015-04-05 22:35 - 000000000 ____D C:\AmericasCardroom
2018-07-30 15:46 - 2015-02-03 14:40 - 000000000 ____D C:\Users\Shane\AppData\LocalLow\raidcall
2018-07-30 15:45 - 2018-05-25 18:21 - 000000000 ____D C:\Users\Shane\AppData\Roaming\TeamViewer
2018-07-30 15:45 - 2016-11-29 12:12 - 000000000 ____D C:\Windows10Upgrade
2018-07-30 15:45 - 2015-12-05 15:40 - 000000000 ____D C:\Users\Shane\Documents\The Witcher 3
2018-07-30 15:45 - 2015-04-20 11:46 - 000000000 ____D C:\Program Files (x86)\CarbonPoker
2018-07-30 15:45 - 2015-01-31 22:42 - 000000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2018-07-30 15:44 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-07-30 15:44 - 2015-07-31 17:57 - 000000000 ____D C:\Users\Shane\Documents\Adobe
2018-07-30 15:43 - 2018-06-19 18:16 - 000000000 ____D C:\Users\Shane\AppData\Roaming\EasyAntiCheat
2018-07-30 15:43 - 2018-05-31 14:26 - 000000000 ____D C:\Users\Shane\AppData\Local\GitHubDesktop
2018-07-30 15:43 - 2018-05-22 01:12 - 000000000 ____D C:\Users\Shane\AppData\Local\Postman
2018-07-30 15:43 - 2018-05-09 01:47 - 000000000 ____D C:\Users\Shane\AppData\Local\clink
2018-07-30 15:43 - 2017-10-17 17:18 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Twitch
2018-07-30 15:43 - 2017-04-16 18:37 - 000000000 ____D C:\Users\Shane\boost_1_63_0
2018-07-30 15:43 - 2016-09-09 02:05 - 000000000 ____D C:\Users\Shane\AppData\Local\ConnectedDevicesPlatform
2018-07-30 15:43 - 2015-12-09 19:52 - 000000000 ____D C:\Users\Shane\AppData\Roaming\codelite
2018-07-30 15:43 - 2015-08-18 21:37 - 000000000 ____D C:\Users\Shane\AppData\Local\GameMaker-Studio
2018-07-30 15:43 - 2015-01-27 23:07 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Ventrilo
2018-07-30 15:42 - 2018-07-02 14:15 - 000000000 ____D C:\Users\Shane\AppData\Local\PlaceholderTileLogoFolder
2018-07-30 15:42 - 2017-12-22 17:01 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\TeamViewer
2018-07-30 15:42 - 2017-12-20 15:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\discord
2018-07-30 15:41 - 2014-12-16 16:27 - 000000000 ____D C:\Program Files (x86)\Steam
2018-07-30 12:14 - 2018-04-03 09:01 - 000065792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-07-30 12:14 - 2018-04-03 09:00 - 000044271 _____ C:\WINDOWS\system32\nvinfo.pb
2018-07-30 11:58 - 2016-08-04 13:52 - 000000000 ____D C:\Users\Shane\AppData\Roaming\MassPlanner2
2018-07-30 11:16 - 2015-09-02 17:17 - 000000000 ____D C:\ProgramData\WinZip
2018-07-30 10:55 - 2017-12-08 12:05 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
2018-07-30 10:43 - 2016-11-29 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-07-30 10:43 - 2014-12-13 02:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-30 10:41 - 2017-05-19 01:10 - 005947600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 002612264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 001767632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000634352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000450768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000124216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-07-30 10:40 - 2018-05-27 02:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-30 10:40 - 2015-12-05 00:05 - 000000000 ____D C:\Program Files (x86)\VyprVPN
2018-07-30 07:42 - 2018-06-03 18:53 - 000000000 ____D C:\Users\Public\Documents\Avid Video Engine
2018-07-30 07:42 - 2018-06-03 18:46 - 000000000 ____D C:\Program Files\Avid
2018-07-30 01:18 - 2018-05-18 13:33 - 005615080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-30 01:13 - 2018-04-11 16:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-07-30 01:13 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-30 01:13 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-07-30 01:08 - 2016-06-09 23:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-30 01:00 - 2017-12-11 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2018-07-29 23:47 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-29 19:44 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-29 18:48 - 2015-03-06 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2018-07-29 18:43 - 2015-03-06 11:11 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2018-07-29 08:00 - 2016-10-29 14:11 - 000000000 ____D C:\Program Files (x86)\TradeSkillMaster Application
2018-07-28 21:36 - 2015-03-15 11:18 - 000000000 ____D C:\Users\Shane\Documents\Outlook Files
2018-07-28 02:13 - 2016-06-23 23:04 - 000000000 ____D C:\Users\Shane\AppData\Local\ElevatedDiagnostics
2018-07-25 16:35 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-07-24 02:03 - 2017-05-19 01:10 - 008253772 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-07-23 21:16 - 2015-07-31 17:05 - 000000000 ____D C:\Users\Shane\AppData\Local\Adobe
2018-07-23 21:15 - 2018-07-07 14:02 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-23 21:15 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-23 21:15 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-23 19:46 - 2017-05-02 15:50 - 000000000 ____D C:\Users\Shane\AppData\Local\Package Cache
2018-07-22 23:09 - 2015-09-16 19:47 - 000000000 ____D C:\Users\Shane\VirtualBox VMs
2018-07-22 12:58 - 2016-09-24 14:36 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2018-07-20 10:33 - 2016-10-29 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application
2018-07-20 06:05 - 2018-06-02 13:54 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-19 12:23 - 2016-12-03 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-07-19 12:23 - 2013-09-30 12:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-19 11:56 - 2018-01-05 11:14 - 000000000 ____D C:\ProgramData\Phoenix360
2018-07-18 19:16 - 2016-04-15 13:43 - 000000000 ____D C:\Users\Shane\Documents\Sound recordings
2018-07-18 14:48 - 2018-05-18 14:21 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2243521789-936282867-848371492-1001
2018-07-18 14:48 - 2018-05-18 13:40 - 000002410 _____ C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-18 14:48 - 2015-05-08 06:03 - 000000000 ___RD C:\Users\Shane\OneDrive
2018-07-17 20:53 - 2015-01-24 17:44 - 000000000 ____D C:\Program Files (x86)\World of Warcraft Public Test
2018-07-16 21:47 - 2017-05-19 01:10 - 000950592 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-07-16 12:35 - 2018-03-08 20:12 - 000984376 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2018-07-16 12:35 - 2018-03-08 20:12 - 000168896 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-10 17:40 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-10 17:39 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-10 17:39 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-10 17:39 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-10 14:47 - 2014-12-18 11:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-10 14:40 - 2014-12-18 11:45 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-09-09 17:52 - 2015-09-09 17:54 - 000163219 _____ () C:\Users\Shane\maxout_10028.dat
2015-09-24 13:49 - 2015-09-24 13:51 - 000013121 _____ () C:\Users\Shane\maxout_13044.dat
2015-08-25 15:27 - 2015-08-25 15:29 - 000004907 _____ () C:\Users\Shane\maxout_13796.dat
2015-11-13 21:35 - 2015-11-13 21:36 - 000014342 _____ () C:\Users\Shane\maxout_15904.dat
2015-11-13 21:21 - 2015-11-13 21:24 - 000014342 _____ () C:\Users\Shane\maxout_19172.dat
2015-08-25 15:38 - 2015-08-25 15:45 - 000004907 _____ () C:\Users\Shane\maxout_7140.dat
2018-06-12 00:09 - 2018-06-24 23:15 - 000000033 _____ () C:\Users\Shane\AppData\Roaming\AdobeWLCMCache.dat
2015-08-13 11:45 - 2015-08-13 11:45 - 000000112 _____ () C:\Users\Shane\AppData\Roaming\JP2K CS6 Prefs
2018-06-24 23:22 - 2018-06-24 23:22 - 000000028 _____ () C:\Users\Shane\AppData\Roaming\kulerdata.json
2018-08-08 00:06 - 2018-08-08 00:06 - 000000036 _____ () C:\Users\Shane\AppData\Local\housecall.guid.cache
2018-08-08 00:19 - 2018-08-08 00:19 - 000000010 _____ () C:\Users\Shane\AppData\Local\sponge.last.runtime.cache
2018-04-10 12:52 - 2018-04-10 12:52 - 000000000 ____N () C:\Users\Shane\AppData\Local\{59745BC6-AB93-47AE-A3E3-ACEDF246D979}
2017-12-02 10:16 - 2017-12-02 10:16 - 000000000 ____N () C:\Users\Shane\AppData\Local\{944BCD73-00FD-4536-B994-737E9BF5959A}
 
Some files in TEMP:
====================
2018-08-09 18:58 - 2015-09-10 12:37 - 000034778 _____ () C:\Users\Shane\AppData\Local\Temp\A~NSISu_.exe
2018-08-08 00:42 - 2018-07-06 00:25 - 001945784 _____ (Microsoft Corporation) C:\Users\Shane\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-18 13:33
 
==================== End of FRST.txt ============================

Attached Files


Edited by terpy, 10 August 2018 - 03:03 PM.


BC AdBot (Login to Remove)

 


#2 terpy

terpy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 10 August 2018 - 03:03 PM

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Shane (09-08-2018 19:41:55)
Running from C:\Users\Shane\Desktop\Security  Tools
Windows 10 Home Version 1803 17134.191 (X64) (2018-05-18 21:38:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
12FA1BE483FC47BA9482 (S-1-5-21-2243521789-936282867-848371492-1009 - Limited - Enabled)
Administrator (S-1-5-21-2243521789-936282867-848371492-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2243521789-936282867-848371492-503 - Limited - Disabled)
Guest (S-1-5-21-2243521789-936282867-848371492-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2243521789-936282867-848371492-1005 - Limited - Enabled)
Shane (S-1-5-21-2243521789-936282867-848371492-1001 - Administrator - Enabled) => C:\Users\Shane
WDAGUtilityAccount (S-1-5-21-2243521789-936282867-848371492-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Emsisoft Anti-Malware (Enabled - Up to date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {DC16DD39-CCB9-A216-985D-0316186C71B0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
FW: Bitdefender Firewall (Disabled) {362C5A58-E860-6396-9204-BEEEF20CA463}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.08 beta (x64) (HKLM\...\7-Zip) (Version: 15.08 - Igor Pavlov)
7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_2_1) (Version: 14.2.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_6) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.6 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2018 (HKLM-x32\...\DRWV_18_1) (Version: 18.1 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_1) (Version: 22.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_1_0) (Version: 12.1.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_1_2) (Version: 11.1.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_3) (Version: 19.1.3 - Adobe Systems Incorporated)
AmericasCardroom (HKLM-x32\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.6 - IGSoft)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apache Tomcat 8.0.27 (HKLM\...\nbi-tomcat-8.0.27.0.0) (Version:  - )
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{9F429DF7-F8DD-4980-9673-E6DACA012F6C}) (Version: 3.3 - Microsoft Corporation) Hidden
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AVG PC TuneUp 2015 (en-US) (HKLM-x32\...\{4AC74ED1-719B-46DA-8B8A-340FBF892291}) (Version: 15.0.1001.604 - AVG Technologies) Hidden
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 11.3.0 - Avid Technology, Inc.)
Avira (HKLM-x32\...\{B5B610D2-992E-45B8-A888-0BC163C539C9}) (Version: 1.2.117.17323 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{fcfe3cca-17f1-49fe-8deb-729b45d9c923}) (Version: 1.2.117.17323 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.7.1.7268 - Avira Operations GmbH & Co. KG)
AVSDK5 (HKLM\...\{D5A6E342-907C-4CEF-96CC-FC2F4990DC9C}) (Version: 5.4.30 - CYREN Inc.) Hidden
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.2.1195 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{E719AF7A-FBD9-45F8-AD4F-EBD1EFD985BB}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
BetOnline Client (remove only) (HKLM-x32\...\BetOnLine Client) (Version: 1.0 - BetOnlineDevelopment)
BetOnline Poker 8.2 (HKLM-x32\...\BetOnline Poker 8.2) (Version: 8.2.12.201411270900 - Hero Poker Network)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.21.970 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.22.1050 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.1.1 - Bitdefender)
Bitdefender VPN (HKLM\...\Bitdefender VPN) (Version: 22.0.7.565 - Bitdefender)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.7 - Kakao Games Europe B.V.)
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (HKLM-x32\...\{403759F5-1D77-49F4-812D-AF43196E8C74}) (Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\{87E4F4E2-99A4-44C6-9175-9FF2773E46CF}) (Version: 2.76.0 - Blender Foundation)
Brackets (HKLM-x32\...\{73C9B88C-61DF-4DC1-9F38-8FBB2AF45816}) (Version: 1.12.1 - brackets.io)
Build Tools - amd64 (HKLM\...\{4926C378-8A39-4273-AF6F-726F899F9F74}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{BB543516-F37F-46A4-BED1-C5146A6D9892}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{5DF74EA2-A660-446F-93B3-B19823435C30}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{FCB384E7-0E3F-431E-A510-2458E1FF21ED}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
CarbonPoker (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\CarbonPoker) (Version: 6.0 - )
Chrome Remote Desktop Host (HKLM-x32\...\{67971EAD-F5D1-45A6-B281-A09D3193DB3F}) (Version: 69.0.3497.7 - Google Inc.)
Complemento do Microsoft Report Viewer para Visual Studio 2013 (HKLM-x32\...\{1B5ABBBD-3808-403D-A224-F1ACB0A00EB1}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Complemento Microsoft Report Viewer para Visual Studio 2013 (HKLM-x32\...\{56A47015-095E-48CA-819F-15D0B52C274B}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (HKLM-x32\...\{44AEF1F7-C770-471C-AA62-4145A4F2C517}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
CrypTool 1.4.41 (HKLM-x32\...\CrypTool) (Version: 1.4.41 - CrypTool Team)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.82 - NVIDIA Corporation) Hidden
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition 5.18.1 (HKLM-x32\...\{9890DF1A-10E9-4236-94B1-1EFAA4099F13}) (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Easy Photo Scan (HKLM-x32\...\{93AEF2AF-86FB-42AD-8392-5DAEC0638B1A}) (Version: 1.00.0012 - Seiko Epson Corporation)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2018.5 - Emsisoft Ltd.)
Entity Framework 6.1.0 Tools  for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson Printer Connection Checker (HKLM-x32\...\{9A09FA7F-C756-4B47-98D0-6C8482980A46}) (Version: 2.1.0.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EPSON XP-430 Series Printer Uninstall (HKLM\...\EPSON XP-430 Series) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Git version 2.16.2 (HKLM\...\Git_is1) (Version: 2.16.2 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\GitHubDesktop) (Version: 1.2.2 - GitHub, Inc.)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.8 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
gpg4o - GPG for Outlook 5.3.201.9100 (MSI) (HKLM-x32\...\{BC7DF0B9-330B-4B59-8455-700000009100}) (Version: 5.3.201 - Giegerich und Partner GmbH) Hidden
gpg4o - GPG for Outlook v5.3.201.9100 (HKLM-x32\...\{545f18f7-e593-4e38-b994-5d0aedfd3dce}) (Version: 5.3.201.9100 - Giegerich und Partner GmbH)
Gpg4win (3.1.2) (HKLM-x32\...\Gpg4win) (Version: 3.1.2 - The Gpg4win Project)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Haskell Platform 8.0.2 (HKLM\...\HaskellPlatform-8.0.2) (Version:  - Haskell.org)
Haskell Stack (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\Haskell Stack) (Version:  - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}) (Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
IntelliJ IDEA 2018.1.3 (HKLM-x32\...\IntelliJ IDEA 2018.1.3) (Version: 181.4892.42 - JetBrains s.r.o.)
Java 10.0.2 (64-bit) (HKLM\...\{EECB2736-D013-5AC5-9917-7656712F6931}) (Version: 10.0.2.0 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java SE Development Kit 8 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.26 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
Java™ SE Development Kit 10.0.1 (64-bit) (HKLM\...\{398EFBE6-18DB-5E47-8E12-481F95602239}) (Version: 10.0.1.0 - Oracle Corporation)
Java™ SE Development Kit 9.0.1 (64-bit) (HKLM\...\{4AC8DBB2-1AE5-5156-83F9-D4E2E6DD564B}) (Version: 9.0.1.0 - Oracle Corporation)
Kanto Player version 10.0.0.0 (HKLM-x32\...\{39E3D7C6-0677-49C8-905B-4D1874A17DE1}_is1) (Version: 10.0.0.0 - Globosoft S.R.L.)
Kits Configuration Installer (HKLM-x32\...\{6F502640-B753-C101-FFA5-B38C3FA5B29A}) (Version: 10.1.17134.12 - Microsoft) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
LocalESPC (HKLM-x32\...\{62910715-63E3-0AB0-0B29-99140DE1C15E}) (Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us (HKLM-x32\...\{326A5052-061C-F656-31E3-3B73842ABD46}) (Version: 8.59.29989 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH) Hidden
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\MX.{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (HKLM\...\{EFF38464-ED43-451C-9117-F910728B3FF8}) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{EFF38464-ED43-451C-9117-F910728B3FF8}) (Version: 7.0.1.27 - MAGIX Software GmbH)
Malware Killer (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.427 - Iolo Technologies, LLC)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Memory Profiler (HKLM-x32\...\{4A037836-B224-4890-9631-341F759AD703}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{68DA3B27-2C18-4366-93B0-6B97F5E9B309}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{229FC339-A2DE-46C7-8AB7-E64BD2FD9592}) (Version: 4.7.03056 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{90FBABBB-0CFC-469F-971F-0A1F11F5AF2E}) (Version: 4.7.03056 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9126.2259 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9126.2259 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{4B2B6F4B-9B09-46ED-935E-A84A669D2DC9}) (Version: 2.8.2.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{84e72603-1a6a-4c51-81b3-de36aabcc4f8}) (Version: 12.0.30501 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Module Microsoft Report Viewer pour Visual Studio 2013 (HKLM-x32\...\{607562A3-7BD3-4EDE-BDEA-4F1A8D7E84AA}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.9.1 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
MySQL Installer - Community (HKLM-x32\...\{E893209B-DB26-475E-ABE3-900812CBDF9A}) (Version: 1.4.25.0 - Oracle Corporation)
MySQL Server 8.0 (HKLM\...\{11CF35A6-DF56-426A-8FEF-BAA039D8FF31}) (Version: 8.0.11 - Oracle Corporation)
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Node.js (HKLM\...\{F69C1A4C-0402-462C-B95D-6BEAED881FA1}) (Version: 8.11.1 - Node.js Foundation)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.82 - NVIDIA Corporation)
NVIDIA Graphics Driver 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Oculus Rift Sensor Driver (HKLM\...\{4FC053C6-9DF5-45EC-B478-979398DA5E3F}) (Version: 1.0.14.0 - Oculus VR, LLC)
Oculus Runtime (HKLM-x32\...\Oculus Runtime 0.8.0.0-public-release-117061) (Version: 0.8.0.0-public-release-117061 - Oculus VR, LLC)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Opera Stable 54.0.2952.71 (HKLM-x32\...\Opera 54.0.2952.71) (Version: 54.0.2952.71 - Opera Software)
Oracle VM VirtualBox 5.2.16 (HKLM\...\{9BDE6621-5201-47E9-8394-FF44CBD66A1E}) (Version: 5.2.16 - Oracle Corporation)
Outlook Privacy Plugin (HKLM-x32\...\{68E34B9C-F9B5-4346-B394-F22B2A726306}) (Version: 2.0.5627.23349 - Deja vu Security)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.3.0756 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.3.0756 - PACE Anti-Piracy, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 2.5.1.4585 - Grinding Gear Games) Hidden
Path of Exile (HKLM-x32\...\{e4bece34-29a4-49b4-9517-941948cdb429}) (Version: 2.5.1.4585 - Grinding Gear Games)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
Postman-win64-6.1.2 (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\Postman) (Version: 6.1.2 - Postman)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Privacy Guardian (HKLM-x32\...\PrivacyGuardian) (Version: 1.0.7.0 - iolo technologies, LLC)
Python 3.6.0 (32-bit) (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{e11344b8-2f53-4139-aacd-cb4176efbc4c}) (Version: 3.6.150.0 - Python Software Foundation)
Python 3.6.0 Core Interpreter (32-bit) (HKLM-x32\...\{FC638B75-E969-4496-A546-9D78EA7D8F35}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Development Libraries (32-bit) (HKLM-x32\...\{F2A430F2-A7AC-4B46-808A-FC6E8419ABDE}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Documentation (32-bit) (HKLM-x32\...\{A66771E3-430A-40A7-B00C-94A239396BEE}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (32-bit) (HKLM-x32\...\{3C182441-3C75-4113-A28D-D3AEAD85B320}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 pip Bootstrap (32-bit) (HKLM-x32\...\{1D427483-31FE-4ED4-AD39-AB78BBF7D22D}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (32-bit) (HKLM-x32\...\{4CB36E4F-EC00-479B-AA25-0B9EC5385B0C}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C7D63030-7738-499A-A0D2-8549174D2B70}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (32-bit) (HKLM-x32\...\{6EAD5F85-97EC-4AFB-84D2-D52AC41D3C66}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Utility Scripts (32-bit) (HKLM-x32\...\{7C3DAC9E-E229-415C-A600-5974B5D9DE7F}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.1 (64-bit) (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{5984d629-979e-4439-b893-accde1a00a68}) (Version: 3.6.1150.0 - Python Software Foundation)
Python 3.6.1 Add to Path (64-bit) (HKLM\...\{079FEF6F-9E83-4694-897D-69C30389B772}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Core Interpreter (64-bit) (HKLM\...\{27133190-078A-4A46-81B0-FF476EAEBF2A}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Development Libraries (64-bit) (HKLM\...\{953B4007-8312-48CA-817E-29B43988EB35}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Documentation (64-bit) (HKLM\...\{41626EAD-257F-401F-8531-51C5A7D4CA6C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (64-bit) (HKLM\...\{9139037B-B991-4022-946F-DAA9A9FDC7EE}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 pip Bootstrap (64-bit) (HKLM\...\{5F9A36CA-767E-4922-84AB-73E61264FE5C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (64-bit) (HKLM\...\{B7A716F0-78C1-4CB9-8756-0E51C5DD7622}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (64-bit) (HKLM\...\{AC60D963-1CE4-429B-AB29-F973DC55A918}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (64-bit) (HKLM\...\{A298B2DB-1F21-476D-9BD7-4ECC23101C90}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Utility Scripts (64-bit) (HKLM\...\{7CB8460F-55AD-4C70-8D04-72947C46C85E}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.7 volatility-2.3.1 (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\volatility-py3.7) (Version:  - )
Python 3.7.0 (32-bit) (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{ece37911-ffeb-4f29-95d6-abcf555d7364}) (Version: 3.7.150.0 - Python Software Foundation)
Python 3.7.0 Core Interpreter (32-bit) (HKLM-x32\...\{13BB06D9-FD38-47E5-946E-C2606C554030}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Development Libraries (32-bit) (HKLM-x32\...\{B424BE74-3C96-4974-8754-9D6442286112}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Documentation (32-bit) (HKLM-x32\...\{ABEE159E-FE5B-4E58-BDD7-1DED2F10AAEB}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Executables (32-bit) (HKLM-x32\...\{4642A126-F999-4407-801B-C1C89BDA58C5}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 pip Bootstrap (32-bit) (HKLM-x32\...\{69CFC76B-3434-4919-8885-BA7960725137}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Standard Library (32-bit) (HKLM-x32\...\{09160A5D-8B99-4A89-9E9D-8A6D8E9C7EC1}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{8A09EA6B-C86C-4ECA-8742-C4C1BCA96845}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Test Suite (32-bit) (HKLM-x32\...\{717DB3B4-C457-447B-A8A6-6921A4D917EF}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Utility Scripts (32-bit) (HKLM-x32\...\{FC756D1E-1252-406E-8414-E11FAF97F3C7}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{D6BDDB48-938A-4384-A7BE-2B4E4931B111}) (Version: 3.7.6386.0 - Python Software Foundation)
Python Tools 2.2 for Visual Studio 2013 (HKLM-x32\...\{6D689B7E-ADDB-48F4-90C4-0B9888375688}) (Version: 2.2.30718.00 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.27.511.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0218.1 - REALTEK Semiconductor Corp.)
RegRun Reanimator (HKLM-x32\...\UnHackMe Update - Reanimator_is1) (Version:  - Greatis Software, LLC.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Riftcat (HKLM-x32\...\{482d58be-fe71-4dae-835c-0950729ac3de}) (Version: 1.0.0 - Riftcat)
Riftcat Client (HKLM-x32\...\{B2C26ED3-33A6-4A0E-98EE-6ACEC22C5793}) (Version: 1.0.0.3 - Riftcat) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
SDK Debuggers (HKLM-x32\...\{8238CD59-617A-FE41-8AB4-A88AF3160849}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95150002-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text Build 3170 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
System Mechanic (HKLM-x32\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 17.5.0.116 - iolo technologies, LLC)
System Mechanic Pro (HKLM\...\{1E5E7177-5156-4541-B8D5-B0C7E9064329}) (Version:  - ) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{791295AE-3B0A-3222-9E69-26C8C106E8D1}) (Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TI-Nspire™ Computer Link (HKLM-x32\...\{6C5AC088-3136-4043-8985-8B0772A9580E}) (Version: 3.9.0.455 - Texas Instruments Inc.)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Twitch (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
TypeScript Power Tool (HKLM-x32\...\{8A8A0C13-A9B3-45AF-9A4C-4D351E0DFC8A}) (Version: 1.0.1.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{83499F62-B5EC-4F40-A28C-1297241E4D1D}) (Version: 1.0.1.0 - Microsoft Corporation) Hidden
UnHackMe 9.90 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Unity (HKLM-x32\...\Unity) (Version: 2017.3.0f3 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2013 Update 2 (KB2829760) (HKLM-x32\...\{3c348532-c3bd-4bae-a928-7b555f8c808f}) (Version: 12.0.30501 - Microsoft Corporation)
VPN Unlimited 4.18 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 4.18 - KeepSolid Inc.)
VS Update core components (HKLM-x32\...\{39D9555C-47A7-38F6-AEB9-9E7CAE1C6AF5}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
VyprVPN (HKLM\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.7.8.6317 - Golden Frog, GmbH.)
Warcraft Logs Uploader (HKLM-x32\...\{F1010B8C-12DA-C61A-7C32-3AC420F37756}) (Version: 4.15 - UNKNOWN) Hidden
Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 4.15 - UNKNOWN)
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation)
Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
WPT Redistributables (HKLM-x32\...\{F28E1B8B-1F92-80AF-710B-3E0191A25917}) (Version: 10.1.17134.12 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{711802CA-302C-6805-6D1F-D5CEF535F15E}) (Version: 10.1.17134.12 - Microsoft) Hidden
XAMPP (HKLM-x32\...\xampp) (Version: 7.2.5-0 - Bitnami)
Надстройка Microsoft Report Viewer для Visual Studio 2013 (HKLM-x32\...\{30BCD3B4-F753-451F-B8F7-86E115A9AE72}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (HKLM-x32\...\{EA754818-DB87-42B6-9753-E668B9186434}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-FCB919FC5A94}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{92776d32-cf7d-4db1-835e-621c281033ed}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAMShellExt64.dll [2018-03-08] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-06-17] (g10 Code GmbH)
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\Incinerator.dll [2017-12-08] (iolo technologies, LLC)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll -> No File
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll -> No File
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-06-17] (g10 Code GmbH)
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\Incinerator.dll [2017-12-08] (iolo technologies, LLC)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-07-30] (NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAMShellExt64.dll [2018-03-08] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6-x32: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6-x32: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {025E5424-1A2F-4F8E-BB74-E61A8D5A7785} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {02B519A6-CD10-40E2-BEE9-0A4BD8A36DD6} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2018-03-14] (Avira Operations GmbH & Co. KG )
Task: {05D1A8A2-5F83-48D8-A422-6B6E6F2ECDEE} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-05-20] (NVIDIA Corporation)
Task: {0A298F3C-D339-4659-9408-67A7A893DB97} - System32\Tasks\Opera scheduled Autoupdate 1487318455 => C:\Program Files (x86)\Opera\launcher.exe [2018-08-06] (Opera Software)
Task: {0BE58DB4-DF01-4A4E-8F65-7A0F7FCA79CA} - System32\Tasks\S-1-5-21-2243521789-936282867-848371492-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {165C2229-E2D0-42F8-AB6A-D88972258BCB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-05-20] (NVIDIA Corporation)
Task: {1759ADD2-8467-4B13-9C65-5700B28AC6ED} - System32\Tasks\ActiveMessenger-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveMessenger.exe [2018-02-12] (iolo technologies, LLC)
Task: {224E7899-EB03-460F-91EC-69845FC2961B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {26742BF6-9E81-42B7-A9A9-716601EEFC51} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2018-03-08] (Avira Operations GmbH & Co. KG)
Task: {26BFE09B-2652-4099-8C5D-554F1CF03BC3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2AA8339D-DAC7-4B69-A3C0-C0B6EE3F2AEB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2D274120-6073-472E-9BD2-28DC7EFEEFC1} - System32\Tasks\ioloActiveCare => C:\Program Files (x86)\Phoenix360\System Mechanic\systemmechanic.exe [2017-12-08] (iolo technologies, LLC)
Task: {31FCF4E6-A89F-4074-8D8F-29EA1E7BD9E7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {342B725D-C774-4595-AB87-5881DEF29A4C} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2018-06-13] (Greatis Software)
Task: {34DA9A29-CD88-4765-9B47-B404018B8F31} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37D70374-79FD-48D4-8B50-6DB91696C663} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2018-05-16] (Bitdefender)
Task: {3B953EA6-5B73-4E1D-8854-1D54E00BE664} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\4 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {3F29EAE7-DDFB-4F6D-B1A0-CBD24EDA65D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-19] (Microsoft Corporation)
Task: {412463C0-F98D-4EAC-9B64-3F143CB79676} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {45D361C0-0597-4190-BC65-83778E11E355} - System32\Tasks\ActiveMessenger-PrivacyGuardian => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveMessenger.exe [2018-02-12] (iolo technologies, LLC)
Task: {47BA98D9-E95B-44DB-8EE8-A1D4C136BE4D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {47F42AE0-8169-4539-B3E6-502F5F9BE80C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {4BBC445F-42FC-49E8-AE67-B3DD92EAE2A5} - System32\Tasks\ioloSystemShield => C:\Program Files (x86)\Phoenix360\System Mechanic\ioloSSTray.exe [2017-12-08] (iolo technologies, LLC)
Task: {52DD4392-CFF7-4DE1-B96D-15D3650419B3} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\Phoenix360\System Mechanic\iologovernor64.exe [2017-12-08] (iolo technologies, LLC)
Task: {52E5E37E-DC50-4CFB-A465-8CE42107F5F4} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {597C80A1-953E-4EA8-BDF2-CA7BC1C301A5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {5CAEA5DC-0D0C-490A-8B35-8D4B8DBF25DF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {5E81EC25-B9BD-44BE-A96A-46A9FA1A3C54} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-19] (Microsoft Corporation)
Task: {5F40BB7E-0A88-46CA-84C4-619432837F36} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {613474AB-E7BE-41BF-960F-6D8B1529A19F} - System32\Tasks\EPSON XP-430 Series Update {DB1B0FE6-AAE3-4FBA-A97A-0857C28977C5} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {62927EA4-D4AC-4D03-AA36-B321D260B727} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {650C1CF4-DC08-4A34-AFE9-9E360B79C17D} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAM.exe [2018-02-14] (Copyright 2018.)
Task: {658A70B7-0D89-40E1-A57B-FCCBC4A1A0FA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {698583E4-8871-438E-9993-A00E760E749E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {6A9B33B9-F556-4CE7-8553-6FD76CA0136C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7602F030-CF62-4737-A60A-34C5039531FD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7D8AED93-DB12-4EC5-BEC0-6DBDB01C4928} - System32\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {809E4633-6A4C-422E-BC1E-E0F4A1FEBB96} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {82C8AF72-2E5E-4A2D-92AC-F9A8B20741D5} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-06-27] (Oracle Corporation)
Task: {84349628-9B9C-4237-BD18-443A30BFE476} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8964255C-720C-4D9E-8A0C-8A46EAE5C348} - System32\Tasks\ioloAVDefsDownloader => C:\Program Files (x86)\Phoenix360\System Mechanic\SSDefs.exe [2017-12-08] (iolo technologies, LLC)
Task: {8ADF35AA-6F55-4C3E-8E07-1846FCB3C38B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {8F8BE353-F6F3-437F-8D41-5BF5A2CE2B36} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\7 => C:\Program Files (x86)\HV-MS732 Gaming mouse\rsmon.exe [2015-10-20] ()
Task: {90249B6B-A88D-4EC9-A590-324DF0FDD2E2} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-06-27] (Oracle Corporation)
Task: {9462E1CE-F001-4B66-A89B-802E1ECE0781} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-05-16] (Bitdefender)
Task: {9565C9E8-F3FC-4288-BDBA-24BB75D5A0D3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-19] (Microsoft Corporation)
Task: {9624946F-8E36-470C-BABB-8613A61C2172} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9A28ECF0-EDA0-4704-95BF-4801DB01DCFA} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2018-03-08] (Avira Operations GmbH & Co. KG)
Task: {9AD632C4-92D8-4BC3-902F-139F6E2DF5C6} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-scaler0222@gmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {A11D705C-B93D-4989-BBCB-E8D59A1C7604} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-19] (Microsoft Corporation)
Task: {A46F2AC5-80D2-4683-B4E2-833F3976957A} - System32\Tasks\ioloTUDsDownloader => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activesync.exe [2018-02-12] (iolo technologies, LLC)
Task: {A715D800-3509-4539-8247-DB238EA45CA6} - System32\Tasks\ActiveSync-PrivacyGuardian => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activesync.exe [2018-02-12] (iolo technologies, LLC)
Task: {A781CBBB-2B3D-4D0F-B12B-3E66BA26E8A4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {A7959D96-159B-4B9A-8731-E6E87357BB66} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-scaler0222@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {ACD0393C-DAB9-4F23-AEDE-0A4CDDC6D81C} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2018-03-17] (Oracle Corporation)
Task: {AE900A0E-B3FF-4165-AFBD-C6B5855F67C6} - System32\Tasks\ActiveSync-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activesync.exe [2018-02-12] (iolo technologies, LLC)
Task: {B8FCFA90-9CE2-44C3-8946-41DE8DCD2470} - System32\Tasks\ActiveSync-MalwareKiller => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activesync.exe [2018-02-12] (iolo technologies, LLC)
Task: {BA0BEBFF-A0C5-48C4-9B6C-817C070FA8CD} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {BA25FEB6-A769-4E46-ADFB-7BF60B8D5D4A} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {BEF13E71-67BA-41F0-B442-E714F4012847} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\5 => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2018-04-24] (Adobe Systems Incorporated)
Task: {BF5F15C5-C45A-4405-A43C-3FB04F4D050B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-20] (NVIDIA Corporation)
Task: {C46ADB6E-007F-4643-BA82-4E26F10D9812} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CB21B67D-38A2-4EE2-862A-F6FB1068465F} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\9 => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Task: {CDB8AF6E-2F32-4C47-8927-38A1676F535E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {D1402DE7-8516-4341-B93C-31D9AA988E29} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-07-10] (Microsoft Corporation)
Task: {D77AF38A-A5D8-4104-9AD7-ABA6718596ED} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\6 => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {DAAA6167-B7FC-47E3-97D8-9CB0B73E72F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-19] (Microsoft Corporation)
Task: {EA80B604-0490-4D11-AB4D-FD998E97F32C} - System32\Tasks\Avira\System Speedup\Delayed Startup\Shane\1 => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIPAE.EXE [2014-11-13] (SEIKO EPSON CORPORATION) <==== ATTENTION
Task: {EBE73E2E-F79F-486E-A98E-2F3451EF096D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EE829BF7-7ED7-4687-A389-3A8C42837B9D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {F1147C63-F453-4FC0-A027-BCDC28C4832A} - System32\Tasks\Microsoft\Windows\PrivacyGuardian\PrivacyGuardianStart => C:\Program Files (x86)\Phoenix360\PrivacyGuardian\PrivacyGuardianApplication.exe [2017-11-16] (iolo technologies, LLC)
Task: {F537DE93-FF46-4EE0-95AE-9F555252273F} - System32\Tasks\Avira\System Speedup\Delayed Startup\Shane\3 => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28] (Safer-Networking Ltd.) <==== ATTENTION
Task: {F70AF660-CABA-4669-9EC2-44A2DE7F05E0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-23] (Adobe Systems Incorporated)
Task: {F76F20D9-4D68-4BE7-A8BF-EEF35C838E7F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {FD6BE568-B641-4953-B42E-E66A80C454E7} - System32\Tasks\ActiveMessenger-MalwareKiller => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveMessenger.exe [2018-02-12] (iolo technologies, LLC)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE:/EXE:{CDB9B9D7-847A-4014-88C7-DD2F2D5E4749} /F:UpdateWORKGROUP\SHANES_PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-430 Series Update {DB1B0FE6-AAE3-4FBA-A97A-0857C28977C5}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE:/EXE:{DB1B0FE6-AAE3-4FBA-A97A-0857C28977C5} /F:UpdateWORKGROUP\SHANES_PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.1.5-p273\Interactive Ruby.lnk -> C:\Ruby21\bin\irb.bat ()
 
ShortcutWithArgument: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www.khanacademy.org\https_80\(6) Chemistry _ Khan Academy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.khanacademy.org/science/chemistry
ShortcutWithArgument: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.1.5-p273\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby21\bin\setrbvars.bat
ShortcutWithArgument: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-07-18 02:20 - 2018-07-18 02:20 - 000993728 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02751_004\ashttpbr.mdl
2018-07-18 02:20 - 2018-07-18 02:20 - 000544880 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02751_004\ashttpdsp.mdl
2018-07-18 02:20 - 2018-07-18 02:20 - 003232216 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02751_004\ashttpph.mdl
2018-07-18 02:20 - 2018-07-18 02:20 - 001528320 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02751_004\ashttprbl.mdl
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-06-02 13:55 - 2018-07-20 06:05 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-27 20:08 - 2018-02-27 20:08 - 000614856 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2016-05-08 12:17 - 2018-07-19 12:19 - 008936112 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-03-08 12:13 - 2018-03-08 12:13 - 000156560 _____ () C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAMShellExt64.dll
2018-07-10 14:29 - 2018-07-05 23:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 13:07 - 2018-07-17 13:07 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-30 14:38 - 2018-07-30 15:30 - 000088888 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\zlib1.dll
2018-07-30 14:38 - 2018-07-30 15:29 - 001356088 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\libxml2.dll
2016-09-18 19:26 - 2015-10-20 13:07 - 003341824 _____ () C:\Program Files (x86)\HV-MS732 Gaming mouse\rsmon.exe
2017-05-19 01:09 - 2014-01-28 12:16 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2018-05-24 21:36 - 2018-05-20 10:36 - 001315296 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-12-13 02:49 - 2013-05-07 16:06 - 000096768 ____N () C:\Program Files (x86)\REALTEK\REALTEK USB Wireless LAN Driver\WPSService20.exe
2018-07-26 04:16 - 2018-07-26 04:16 - 035195392 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-07-26 04:16 - 2018-07-26 04:16 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-07-26 04:16 - 2018-07-26 04:16 - 006373376 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-25 17:40 - 2017-09-25 17:40 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-26 04:16 - 2018-07-26 04:16 - 008903168 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002068480 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 001465856 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2018-06-12 21:10 - 2018-06-08 01:55 - 003037184 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000580608 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.QueryClient.dll
2018-07-30 19:05 - 2018-07-30 19:05 - 000199168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-07-30 19:05 - 2018-07-30 19:05 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-30 19:05 - 2018-07-30 19:05 - 007814144 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-09-18 19:26 - 2011-01-27 00:53 - 000028160 _____ () C:\Program Files (x86)\HV-MS732 Gaming mouse\uiHook.dll
2017-05-19 01:09 - 2018-08-07 23:32 - 000029696 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2017-05-19 01:09 - 2014-01-28 12:16 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-03-20 12:43 - 2014-03-20 12:43 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-05-24 21:36 - 2018-05-20 10:36 - 001033184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-15 12:32 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-09-15 12:32 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-09-15 12:32 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-09-15 12:32 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-09-15 12:32 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-07-19 07:32 - 2017-07-19 07:32 - 000368000 _____ () C:\Program Files (x86)\Phoenix360\PrivacyGuardian\NetFilter\ProtocolFilters.DLL
2017-07-19 07:32 - 2017-07-19 07:32 - 000134528 _____ () C:\Program Files (x86)\Phoenix360\PrivacyGuardian\NetFilter\nfapi.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData:F92137B1307D3B14 [217]
AlternateDataStreams: C:\WINDOWS\SwUSB.exe:AGC [0]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:F92137B1307D3B14 [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:F92137B1307D3B14 [217]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [286]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\sharepoint.com -> hxxps://appslosrios.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2018-08-09 19:19 - 000000852 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2243521789-936282867-848371492-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shane\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\yddnbvy.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: chromoting => 2
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: EasyAntiCheat => 2
MSCONFIG\Services: OVRService => 2
MSCONFIG\Services: PaceLicenseDServices => 2
MSCONFIG\Services: PandaAgent => 2
MSCONFIG\Services: RunSwUSB => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpeedupService => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: VPNUnlimitedService => 2
MSCONFIG\Services: VyprVPN => 2
MSCONFIG\Services: ZAMSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "OculusConfigUtil.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Cybergenic Shade Home Edition.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "BdVpnApp"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\StartupFolder: => "MassPlanner2.lnk"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\Run: => "VPN Unlimited"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe
FirewallRules: [TCP Query User{18A11324-CB55-48C4-8261-52B6A3BF2E90}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{2E21D9C0-75C8-4B23-92F5-400D6CACBF5E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7CCA553C-353A-4728-AC9A-1F3AB0FA2774}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\69.0.3497.7\remoting_host.exe
FirewallRules: [{DBC82562-F866-4112-961F-B0EAF59A5F61}] => (Allow) C:\Users\Shane\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe
FirewallRules: [{B1261ED1-3EF5-4B69-B78B-ABF7BAE02DE3}] => (Allow) C:\Users\Shane\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
FirewallRules: [TCP Query User{119E05DB-D1DA-409A-A773-488FEA204F74}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{82CA6415-A108-4ECF-8F29-5A47927554BC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7365C72F-A194-4874-88BF-006FA5C5C5B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3283EF4B-1872-4E22-ADCC-A006BE792210}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E489A62A-17FB-4E4C-8E8E-DF09AAF1DD73}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{737E6130-F051-45B1-917F-12FE06A260D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B42BCC49-054C-48BC-B317-AE85764F2FB3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8082E4BE-78E5-43EA-8EF2-15F14FB4F468}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{77E2EE56-F7C6-48CE-A880-2E216CEE6628}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{C5D10574-FE01-4E39-BD40-AAD35D84B631}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4CCC893B-304D-47BF-9C74-18EC7559683C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6686D933-EB05-4D6A-9FCF-B89916DB7BBD}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
FirewallRules: [TCP Query User{788167AC-C4AC-496C-8ED1-3CF84D160336}C:\users\shane\downloads\halo online 0.6\eldorado.exe] => (Allow) C:\users\shane\downloads\halo online 0.6\eldorado.exe
FirewallRules: [UDP Query User{48015A1D-772B-474A-BC5B-15C5EFD76397}C:\users\shane\downloads\halo online 0.6\eldorado.exe] => (Allow) C:\users\shane\downloads\halo online 0.6\eldorado.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
07-08-2018 16:00:02 UnHackMe Malware Removal
09-08-2018 19:14:17 Removed HitLeap Viewer 2.8
 
==================== Faulty Device Manager Devices =============
 
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Realtek PCIe GbE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/09/2018 07:35:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/09/2018 07:28:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/09/2018 07:22:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/09/2018 07:20:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/09/2018 07:15:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/09/2018 07:00:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/09/2018 06:57:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d9aa3b1f-cc4b-48f4-9c10-ce64cd72b2ac}
 
Error: (08/09/2018 02:02:13 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (08/09/2018 08:00:07 PM) (Source: DCOM) (EventID: 10016) (User: SHANES_PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Shanes_PC\Shane SID (S-1-5-21-2243521789-936282867-848371492-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/09/2018 06:25:12 PM) (Source: DCOM) (EventID: 10016) (User: SHANES_PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Shanes_PC\Shane SID (S-1-5-21-2243521789-936282867-848371492-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/09/2018 05:44:59 PM) (Source: Schannel) (EventID: 4116) (User: SHANES_PC)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is telemetry-in.battle.net. The TLS connection request has failed. The attached data contains the server certificate.
 
Error: (08/09/2018 05:44:54 PM) (Source: DCOM) (EventID: 10016) (User: SHANES_PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Shanes_PC\Shane SID (S-1-5-21-2243521789-936282867-848371492-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/09/2018 05:44:41 PM) (Source: Schannel) (EventID: 4116) (User: SHANES_PC)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is telemetry-in.battle.net. The TLS connection request has failed. The attached data contains the server certificate.
 
Error: (08/09/2018 05:44:26 PM) (Source: Schannel) (EventID: 4116) (User: SHANES_PC)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is telemetry-in.battle.net. The TLS connection request has failed. The attached data contains the server certificate.
 
Error: (08/09/2018 05:44:18 PM) (Source: Schannel) (EventID: 4116) (User: SHANES_PC)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is telemetry-in.battle.net. The TLS connection request has failed. The attached data contains the server certificate.
 
Error: (08/09/2018 05:44:16 PM) (Source: Schannel) (EventID: 4116) (User: SHANES_PC)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is cache-us.battle.net. The TLS connection request has failed. The attached data contains the server certificate.
 
 
Windows Defender:
===================================
Date: 2018-06-21 00:21:30.316
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3C035A5D-F034-4534-91E9-DF19380F2458}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-20 23:17:14.511
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {078EFA11-3AF3-4EB0-B42A-F78BA9AA142A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-20 23:01:51.540
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6EAFB811-D5A3-4AB2-AD02-25995AE1BFAF}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-20 22:47:03.826
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {48248A17-8CED-4B35-A776-31005ADC10A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-20 22:25:17.791
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {AB099F7D-74CF-45AA-85F8-5BF5790231B8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
CodeIntegrity:
===================================
 
Date: 2018-08-09 19:40:06.590
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-09 19:40:06.588
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-09 19:40:06.555
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-09 19:40:06.553
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-09 17:39:00.916
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-09 17:39:00.912
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-09 14:45:30.697
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-09 14:45:30.694
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 45%
Total physical RAM: 16327.28 MB
Available physical RAM: 8898.74 MB
Total Virtual: 17770.52 MB
Available Virtual: 7820.15 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1862.23 GB) (Free:1006.87 GB) NTFS
Drive d: (XP-430_XP-434) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS
 
\\?\Volume{75a111c8-85f5-11e4-8254-806e6f6e6963}\ (System) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS
\\?\Volume{d27788f8-0000-0000-0000-e0a4d1010000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 

 

==================== End of Addition.txt ============================


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:39 AM

Posted 12 August 2018 - 10:13 PM

Greetings terpy and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Please run a new FRST scan and copy/paste both reports in your reply. If necessary use multiple posts. Please do not make any further changes or run any tools or scans unless I request them.

I am logging off for the evening but if you post the reports tonight I will review them first thing in the morning,


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 terpy

terpy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 13 August 2018 - 02:49 AM

Hey Gary, I'm Shane. Thanks for the response! Just as a note: My main concern right now is just making sure my system isn't compromised after my credit card information being stolen. I've also been experiencing drastically slower internet speeds on my PC when compared to my laptop or phone (My ISP doesn't seem to know what's wrong with it). Here are my new FRST and addition logs, I did make a few changes like removing Avast, Spybot and a few other things, but I won't run anything else that you don't recommend from this point forward:

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Shane (administrator) on SHANES_PC (12-08-2018 22:42:30)
Running from C:\Users\Shane\Desktop\Security  Tools
Loaded Profiles: Shane & Administrator (Available Profiles: Shane & Administrator)
Platform: Windows 10 Home Version 1803 17134.191 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(iolo technologies, LLC) C:\Program Files (x86)\Phoenix360\PrivacyGuardian\PrivacyGuardianApplication.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
() C:\Program Files (x86)\HV-MS732 Gaming mouse\rsmon.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIPAE.EXE
() C:\Program Files (x86)\REALTEK\REALTEK USB Wireless LAN Driver\WPSService20.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(iolo.com) C:\Program Files (x86)\Phoenix360\PrivacyGuardian\NetFilter\PrivacyGuardianFilter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10325.20091.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10325.20091.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [BdVpnApp] => C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe [87344 2018-07-05] (Bitdefender)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [64096 2018-03-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-07-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2243521789-936282867-848371492-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
BootExecute: autocheck autochk * Partizan
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{449234d4-39cb-4a01-8a84-852ce7f9f3d0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d922699d-3f62-4dda-95db-cd0339f0d366}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e15fa8a2-da66-4941-a1a6-bf8885abb41a}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{f9447a42-403d-498e-8f23-f462e8222b89}: [DhcpNameServer] 10.204.0.1
Tcpip\..\Interfaces\{f9fef2cd-d98e-47d6-bd23-5c2099baf510}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2243521789-936282867-848371492-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2018-05-16] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-19] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.2\bin\jp2ssv.dll [2018-08-01] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2018-05-16] (Bitdefender)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-19] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-07-19] (Microsoft Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2018-05-16] (Bitdefender)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2018-05-16] (Bitdefender)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 9rtzq1ov.default
FF ProfilePath: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default [2018-08-12]
FF Extension: (No Name) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\@react-devtools.xpi [2018-05-28]
FF Extension: (Avira Browser Safety) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\abs@avira.com [2016-11-29]
FF Extension: (Redux DevTools) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\extension@redux.devtools.xpi [2018-05-27]
FF Extension: (Firefox Hotfix) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-13] [Legacy]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff
FF Extension: (No Name) - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff [2017-09-06]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2016-12-09] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-11-16] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @java.com/DTPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\dtplugin\npDeployJava1.dll [2018-08-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\plugin2\npjp2.dll [2018-08-01] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-07-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-07-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2243521789-936282867-848371492-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
CHR Extension: (Slides) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-01]
CHR Extension: (Docs) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-01]
CHR Extension: (Google Drive) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-02]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-08-01]
CHR Extension: (YouTube) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-08-01]
CHR Extension: (Sheets) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-01]
CHR Extension: (React Developer Tools) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2018-08-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-08-12]
CHR Extension: (Google Docs Offline) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-08-09]
CHR Extension: (Privacy Guardian™ Online Privacy Protection) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\higopmjdpgolhfdefeicklcmgifipcbh [2018-08-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-08-07]
CHR Extension: (The Great Suspender) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2018-08-02]
CHR Extension: (Redux DevTools) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmhkpmbekcpmknklioeibfkpmmfibljd [2018-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-01]
CHR Extension: (Gmail) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-01]
CHR Extension: (Chrome Media Router) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-01]
CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9436760 2018-08-12] (Emsisoft Ltd)
S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated)
S3 AfVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\vpnservice.exe [321920 2018-06-28] (AnchorFree Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [429096 2018-07-20] (Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2938504 2018-02-15] (Avira Operations GmbH & Co. KG)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2137280 2018-04-17] (Bitdefender)
R2 BdVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [108064 2018-07-05] (Bitdefender)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Corporation)
S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\69.0.3497.7\remoting_host.exe [72024 2018-07-23] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522928 2018-06-30] (Microsoft Corporation)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [105936 2018-05-08] (Bitdefender)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-19] (EasyAntiCheat Ltd)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [674768 2018-03-11] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S4 ETGMGlcsSrv; C:\Program Files (x86)\HV-MS732 Gaming mouse\ETGMSrv.exe [1181544 2012-04-24] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 MySQL80; C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe [44932096 2018-04-08] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
S3 RunSwUSB; C:\Windows\runSW.exe [44104 2014-01-16] ()
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] ()
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [286208 2018-07-13] (Microsoft Corporation)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R2 unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-08-10] (Reason Software Company Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [112712 2018-05-16] (Bitdefender)
S4 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [293704 2018-03-13] (KeepSolid Inc.)
R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2016-10-11] (CYREN Inc.)
R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2016-10-11] (CYREN Inc.)
R2 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2016-10-11] (CYREN Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1001072 2018-05-16] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [522624 2018-05-16] (Bitdefender)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-06-19] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-06-19] (Microsoft Corporation)
R2 WPSService20; C:\Program Files (x86)\REALTEK\REALTEK USB Wireless LAN Driver\WPSService20.exe [96768 2013-05-07] () [File not signed]
S2 ZAMSvc; C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAM.exe [15814392 2018-02-14] (Copyright 2018.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S4 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-29] (The OpenVPN Project)
R2 AMP; C:\WINDOWS\system32\Drivers\amp.sys [181512 2016-10-11] (CYREN Inc.)
R2 AMPSE; C:\WINDOWS\system32\Drivers\ampse.sys [1793288 2016-10-11] (CYREN Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1177008 2018-05-16] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1723552 2018-05-16] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-05-16] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [130840 2018-05-16] (BitDefender LLC)
R2 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [45104 2018-05-16] (© Bitdefender SRL)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96448 2018-05-16] (BitDefender)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [142952 2018-05-16] (Emsisoft Ltd)
R0 eppdisk; C:\WINDOWS\System32\drivers\eppdisk.sys [37064 2018-04-02] (Emsisoft Ltd)
R3 GrdKey; C:\WINDOWS\system32\DRIVERS\grdkey.sys [1211136 2017-12-27] (Aktiv Co.)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [189544 2018-05-16] (BitDefender LLC)
R0 ignis; C:\WINDOWS\System32\DRIVERS\ignis.sys [191592 2018-05-16] (Bitdefender)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-07] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52ac7eb8f32780d5\nvlddmkm.sys [17211376 2018-08-01] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31200 2018-05-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-07-30] (NVIDIA Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2018-08-01] (Greatis Software)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1106256 2018-06-24] (Realtek )
R3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [8228688 2018-05-03] (Realtek Semiconductor Corporation )
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-11] (Microsoft Corporation)
S3 tapvyprvpn; C:\WINDOWS\System32\drivers\tapvyprvpn.sys [44896 2015-09-28] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-08-08] ()
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [609576 2018-08-02] (Bitdefender)
R3 usbglcs1100302; C:\WINDOWS\system32\drivers\usbglcs1100302.sys [25600 2014-06-11] (Windows ® Win 7 DDK provider)
R3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [213080 2018-07-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [222864 2018-07-16] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-06-19] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313384 2018-06-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-06-19] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2017-12-21] (Wellbia.com Co., Ltd.)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [250024 2018-03-08] (Copyright 2017.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [250024 2018-03-08] (Copyright 2017.)
S1 netfilter2; system32\drivers\netfilter2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-12 12:17 - 2018-08-12 12:17 - 000070991 _____ C:\ProgramData\vpn.1534101378.bdinstall.bin
2018-08-12 12:17 - 2018-08-12 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender VPN
2018-08-12 12:16 - 2018-08-12 12:16 - 000035040 _____ C:\ProgramData\vpn.uninstall.1534101384.bdinstall.bin
2018-08-12 11:31 - 2018-08-12 11:31 - 000000085 _____ C:\WINDOWS\wininit.ini
2018-08-12 11:24 - 2018-08-12 11:24 - 000000000 ____D C:\Users\Shane\AppData\Local\IsolatedStorage
2018-08-11 16:43 - 2018-08-11 16:44 - 030223661 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community (1).mp4
2018-08-11 10:17 - 2018-08-11 10:17 - 000002113 _____ C:\Users\Public\Desktop\System Mechanic.lnk
2018-08-11 10:15 - 2018-08-11 10:15 - 000000912 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoenix360.lnk
2018-08-11 10:15 - 2018-08-11 10:15 - 000000900 _____ C:\Users\Public\Desktop\Phoenix360.lnk
2018-08-10 12:00 - 2018-08-10 12:00 - 000109031 _____ C:\Users\Shane\Downloads\FRST (1).txt
2018-08-10 00:30 - 2018-08-10 00:30 - 000001095 _____ C:\Users\Public\Desktop\Unchecky.lnk
2018-08-10 00:30 - 2018-08-10 00:30 - 000000000 ____D C:\ProgramData\Unchecky
2018-08-10 00:30 - 2018-08-10 00:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2018-08-10 00:30 - 2018-08-10 00:30 - 000000000 ____D C:\Program Files (x86)\Unchecky
2018-08-10 00:01 - 2018-08-10 00:02 - 000000000 ____D C:\symbols
2018-08-09 21:49 - 2018-08-09 21:53 - 000000000 ____D C:\Users\Shane\Downloads\ElDorito-master
2018-08-08 23:43 - 2018-08-08 23:43 - 000001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-08-08 20:13 - 2018-08-08 20:13 - 000027509 _____ C:\Users\Shane\Downloads\luckyproject.aup
2018-08-08 20:11 - 2018-08-08 20:11 - 000000000 ____D C:\Users\Shane\Downloads\luckyproject_data
2018-08-08 00:44 - 2018-08-08 00:44 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-08-08 00:42 - 2018-08-08 00:42 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-08 00:39 - 2018-08-08 00:40 - 027093048 _____ (Adlice Software) C:\Users\Shane\Downloads\RogueKiller_portable64.exe
2018-08-08 00:37 - 2018-08-08 00:37 - 000000000 ____D C:\ProgramData\Emsisoft
2018-08-08 00:35 - 2018-08-08 00:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2018-08-08 00:35 - 2018-04-02 20:18 - 000037064 _____ (Emsisoft Ltd) C:\WINDOWS\system32\Drivers\eppdisk.sys
2018-08-08 00:33 - 2018-08-12 22:35 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-08-08 00:21 - 2018-08-08 00:21 - 000000000 ____D C:\Users\Shane\Doctor Web
2018-08-08 00:21 - 2018-08-08 00:21 - 000000000 ____D C:\ProgramData\Doctor Web
2018-08-08 00:19 - 2018-08-08 00:19 - 000000010 _____ C:\Users\Shane\AppData\Local\sponge.last.runtime.cache
2018-08-08 00:19 - 2018-08-08 00:04 - 002527376 _____ (Trend Micro Inc.) C:\Users\Shane\Desktop\HousecallLauncher64.exe
2018-08-08 00:15 - 2018-08-08 00:15 - 000000000 ____D C:\WINDOWS\Trend Micro
2018-08-08 00:15 - 2018-08-08 00:15 - 000000000 ____D C:\ProgramData\Trend Micro
2018-08-08 00:08 - 2018-08-08 00:15 - 325974784 _____ (Emsisoft Ltd. ) C:\Users\Shane\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2018-08-08 00:07 - 2017-10-17 09:40 - 000334488 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2018-08-08 00:06 - 2018-08-08 00:06 - 000000036 _____ C:\Users\Shane\AppData\Local\housecall.guid.cache
2018-08-08 00:04 - 2018-08-08 00:21 - 000094660 _____ C:\Users\Shane\Downloads\Addition.txt
2018-08-08 00:04 - 2018-08-08 00:04 - 002527376 _____ (Trend Micro Inc.) C:\Users\Shane\Downloads\HousecallLauncher64.exe
2018-08-07 23:57 - 2018-08-08 00:21 - 000110409 _____ C:\Users\Shane\Downloads\FRST.txt
2018-08-07 23:56 - 2018-08-12 22:42 - 000000000 ____D C:\FRST
2018-08-07 16:53 - 2018-08-07 16:53 - 001786768 _____ (GridinSoft LLC) C:\Users\Shane\Downloads\TrojanKiller-Setup.exe
2018-08-07 16:31 - 2018-08-09 15:03 - 000000000 ____D C:\ProgramData\TEMP
2018-08-07 16:14 - 2018-08-07 16:14 - 000000000 ____D C:\Users\Shane\Documents\Simply Super Software
2018-08-07 16:01 - 2018-08-12 18:17 - 000002706 _____ C:\bdlog.txt
2018-08-07 15:41 - 2018-08-07 15:41 - 000000022 _____ C:\Users\Shane\Downloads\ESETPoweliksCleaner.exe_20180807.154101.70292.zip
2018-08-07 15:38 - 2018-08-07 15:38 - 000549504 _____ (ESET) C:\Users\Shane\Downloads\ESETPoweliksCleaner.exe
2018-08-07 13:59 - 2018-08-07 14:00 - 3293432832 _____ C:\Users\Shane\Downloads\ShaneCalerFinalSparkVideo(backup).avi
2018-08-07 13:56 - 2018-08-07 13:56 - 000193018 _____ C:\Users\Shane\Downloads\2018-08-05_BAK1.MV_
2018-08-07 13:55 - 2018-08-07 13:56 - 055185649 _____ C:\Users\Shane\Downloads\ShaneCalerFinalSparkVideo.mp4
2018-08-07 13:45 - 2018-08-07 13:45 - 000193804 _____ C:\Users\Shane\Downloads\2018-08-05_BAK0.MV_
2018-08-07 13:42 - 2018-08-07 14:03 - 000115968 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community_mp4.H0
2018-08-06 16:49 - 2018-08-06 16:49 - 000002080 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-08-06 16:49 - 2018-08-06 16:49 - 000002078 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-08-06 16:49 - 2018-08-06 16:49 - 000002068 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-08-06 16:49 - 2018-08-06 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-08-06 16:49 - 2018-08-06 16:49 - 000000000 ____D C:\Program Files\Google
2018-08-06 16:44 - 2018-08-06 16:44 - 001130840 _____ (Google Inc.) C:\Users\Shane\Downloads\installbackupandsync.exe
2018-08-05 15:05 - 2018-08-07 14:03 - 000194224 _____ C:\Users\Shane\Downloads\2018-08-05.MVP
2018-08-05 15:05 - 2018-08-05 15:06 - 062233124 _____ C:\Users\Shane\ES1022-final-spark-video.mp4
2018-08-05 15:04 - 2018-08-07 14:03 - 000002604 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community_mp4.HDP
2018-08-05 14:21 - 2018-08-05 14:23 - 038190148 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community.mp4
2018-08-05 13:56 - 2018-08-05 13:57 - 023950701 _____ C:\Users\Shane\Downloads\videoplayback (3).mp4
2018-08-05 13:43 - 2018-08-05 13:44 - 037051109 _____ C:\Users\Shane\Downloads\videoplayback (2).mp4
2018-08-05 13:17 - 2018-08-05 13:18 - 009093906 _____ C:\Users\Shane\Downloads\videoplayback (1).mp4
2018-08-05 13:14 - 2018-08-05 13:14 - 003348413 _____ C:\Users\Shane\Downloads\videoplayback.mp4
2018-08-05 13:13 - 2018-08-05 13:13 - 002167977 _____ C:\Users\Shane\Downloads\videoplayback.3gp
2018-08-05 11:53 - 2018-08-05 12:00 - 000000200 _____ C:\Users\Shane\_netrc
2018-08-05 11:53 - 2018-08-05 11:53 - 000000000 ____D C:\Users\Shane\AppData\Local\heroku
2018-08-04 21:47 - 2018-08-04 21:47 - 000000000 ____D C:\Users\Shane\AppData\Local\ElDewrito
2018-08-04 21:19 - 2018-08-10 01:21 - 000000000 ____D C:\Users\Shane\Downloads\Halo Online 0.6
2018-08-04 15:32 - 2018-08-04 15:32 - 000316722 _____ C:\Users\Shane\Downloads\current.musicology.89.bothwell.95-102.pdf
2018-08-04 15:07 - 2018-08-04 15:08 - 002089612 _____ C:\Users\Shane\Downloads\9781134845712_googlepreview.pdf
2018-08-04 14:59 - 2018-08-04 14:59 - 000508262 _____ C:\Users\Shane\Downloads\9781134243648_preview.pdf
2018-08-04 14:59 - 2018-08-04 14:59 - 000508262 _____ C:\Users\Shane\Downloads\9781134243648_preview (1).pdf
2018-08-04 11:59 - 2018-08-07 13:31 - 000018422 ____H C:\Users\Shane\Downloads\~WRL0005.tmp
2018-08-03 22:38 - 2018-08-03 22:38 - 002130484 _____ C:\Users\Shane\Downloads\css-grid-master.zip
2018-08-03 11:53 - 2018-08-04 04:04 - 000029748 _____ C:\WINDOWS\SysWOW64\MyDefrag.dat
2018-08-03 00:13 - 2018-07-30 10:50 - 000132488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-08-03 00:10 - 2018-08-03 00:10 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-08-03 00:09 - 2018-08-03 00:09 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-03 00:09 - 2018-08-03 00:09 - 000002290 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-03 00:06 - 2018-08-01 02:50 - 004352880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 003769016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 002002448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439882.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001565048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001467920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439882.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001420576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001218528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001094128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000749936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000628920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000608544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000518488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 040346808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 035250008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 031250184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 025966552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 013728728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 011273816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 001159120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000906808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000816392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000654760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000635968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 017756224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 015170808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 001349384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 001065688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-08-03 00:06 - 2018-08-01 02:47 - 004128280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-08-02 23:13 - 2018-08-02 23:13 - 000000000 ____D C:\Users\Shane\AppData\Roaming\VS Revo Group
2018-08-02 11:07 - 2018-08-02 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reanimator
2018-08-02 00:57 - 2018-08-02 00:58 - 000004016 _____ C:\Users\Shane\Downloads\netadapter-log-2018-08-02-0-57-04.txt
2018-08-02 00:56 - 2018-08-02 00:56 - 000003392 _____ C:\Users\Shane\Downloads\netadapter-log-2018-08-02-0-56-43.txt
2018-08-02 00:15 - 2018-08-02 00:15 - 002091520 _____ (Conner Bernhard) C:\Users\Shane\Downloads\NetAdapterRepair1.2.exe
2018-08-01 23:52 - 2018-08-07 23:46 - 000002592 _____ C:\Users\Shane\Desktop\Rkill.txt
2018-08-01 23:50 - 2018-08-01 23:50 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Shane\Downloads\rkill (1).exe
2018-08-01 23:29 - 2018-08-12 18:18 - 000002154 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2018-08-01 23:26 - 2018-08-12 18:16 - 000000000 ____D C:\@RestoreQuarantine
2018-08-01 21:40 - 2018-08-12 17:45 - 000000000 ____D C:\ProgramData\RegRun
2018-08-01 21:21 - 2018-08-01 21:21 - 000040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2018-08-01 21:21 - 2018-08-01 20:56 - 000000985 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-08-01 21:20 - 2018-08-12 17:58 - 000000000 ____D C:\Users\Shane\Documents\RegRun2
2018-08-01 21:20 - 2018-08-12 17:47 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2018-08-01 21:20 - 2018-08-04 10:18 - 000003408 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2018-08-01 21:20 - 2018-08-04 10:18 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-08-01 21:20 - 2018-08-01 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2018-08-01 21:20 - 2018-06-13 15:51 - 000014984 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2018-08-01 21:20 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2018-08-01 21:17 - 2018-06-13 05:51 - 019073856 _____ (Greatis Software, LLC. ) C:\Users\Shane\Downloads\unhackme_setup.exe
2018-08-01 16:16 - 2018-08-01 16:16 - 000002500 _____ C:\Users\Shane\Desktop\Word.lnk
2018-08-01 13:46 - 2018-08-01 13:46 - 000002308 _____ C:\Users\Shane\Desktop\Google Chrome.lnk
2018-08-01 13:22 - 2018-08-03 22:37 - 000000000 ____D C:\Users\Shane\Desktop\IDE's
2018-08-01 13:21 - 2018-08-01 13:45 - 000000000 ____D C:\Users\Shane\Desktop\Browsers
2018-08-01 13:21 - 2018-08-01 13:24 - 000000000 ____D C:\Users\Shane\Desktop\Games
2018-08-01 13:20 - 2018-08-12 22:42 - 000000000 ____D C:\Users\Shane\Desktop\Security  Tools
2018-07-31 01:46 - 2018-07-31 01:46 - 000000000 ____D C:\WINDOWS\Panther
2018-07-30 20:22 - 2018-07-30 20:22 - 001293777 _____ C:\Users\Shane\Downloads\minidumper.zip
2018-07-30 19:16 - 2018-07-30 19:16 - 000000000 ____D C:\Users\Shane\Apple
2018-07-30 17:34 - 2018-07-30 17:34 - 000000000 ____D C:\ProgramData\Apple Computer
2018-07-30 15:00 - 2018-07-30 15:00 - 000001400 _____ C:\Users\Shane\Downloads\dhcp.pcap
2018-07-30 14:58 - 2018-07-30 14:58 - 000125201 _____ C:\Users\Shane\Downloads\samples.zip
2018-07-30 11:12 - 2018-07-30 11:12 - 192962560 ____N C:\WINDOWS\system32\config\software.amg
2018-07-30 11:09 - 2018-07-30 11:09 - 000000000 ____D C:\Users\Shane\AppData\Local\ESET
2018-07-30 07:25 - 2018-07-30 07:25 - 005414064 _____ (Avira Operations GmbH & Co. KG) C:\Users\Shane\Downloads\avira_en_asu60_3080799118_egg2xi2885693g28gcnb_wd.exe
2018-07-30 06:46 - 2018-07-30 06:46 - 003001296 _____ C:\Users\Shane\Downloads\SecurityTaskManager_Setup.exe
2018-07-30 00:27 - 2018-07-30 00:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-07-30 00:27 - 2018-07-30 00:27 - 000000000 ____D C:\Program Files\VS Revo Group
2018-07-29 23:38 - 2018-07-14 17:58 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-29 23:38 - 2018-07-14 17:56 - 001523240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-07-29 23:38 - 2018-07-14 17:44 - 006587392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-07-29 23:38 - 2018-07-14 17:44 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-29 23:38 - 2018-07-14 17:43 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-29 23:38 - 2018-07-14 17:42 - 008624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-29 23:38 - 2018-07-14 17:42 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-29 23:38 - 2018-07-14 17:41 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-07-29 23:38 - 2018-07-14 17:41 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2018-07-29 23:38 - 2018-07-14 17:39 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-29 23:38 - 2018-07-14 17:39 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-29 23:38 - 2018-07-14 17:38 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-29 23:38 - 2018-07-14 17:36 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-29 23:38 - 2018-07-14 16:28 - 001327424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-07-29 23:38 - 2018-07-14 16:18 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-07-29 23:38 - 2018-07-14 16:17 - 011901440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-29 23:38 - 2018-07-14 16:15 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-29 23:38 - 2018-07-14 16:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-29 23:38 - 2018-07-14 16:13 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-29 23:38 - 2018-07-14 16:11 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-29 23:38 - 2018-07-13 23:46 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-29 23:38 - 2018-07-13 23:42 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-29 23:38 - 2018-07-13 21:37 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-07-29 23:38 - 2018-07-13 21:37 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-07-29 23:38 - 2018-07-13 21:30 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-29 23:38 - 2018-07-13 21:24 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-29 23:38 - 2018-07-13 21:23 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-29 23:38 - 2018-07-13 21:23 - 000760888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-29 23:38 - 2018-07-13 21:23 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-29 23:38 - 2018-07-13 21:22 - 006813744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-29 23:38 - 2018-07-13 21:22 - 001144664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-29 23:38 - 2018-07-13 21:22 - 000510392 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-29 23:38 - 2018-07-13 21:22 - 000203560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-07-29 23:38 - 2018-07-13 21:21 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-29 23:38 - 2018-07-13 21:21 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-29 23:38 - 2018-07-13 21:21 - 000722824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-07-29 23:38 - 2018-07-13 21:21 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-07-29 23:38 - 2018-07-13 21:20 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-29 23:38 - 2018-07-13 21:20 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-29 23:38 - 2018-07-13 21:20 - 000184472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-07-29 23:38 - 2018-07-13 21:20 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-29 23:38 - 2018-07-13 21:19 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-29 23:38 - 2018-07-13 21:19 - 000981920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 000636944 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-07-29 23:38 - 2018-07-13 21:19 - 000483024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 007436112 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 002563984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 002371416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 001017584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 000930712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-29 23:38 - 2018-07-13 21:18 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 000443216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 000376216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-07-29 23:38 - 2018-07-13 21:17 - 006527056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-29 23:38 - 2018-07-13 21:17 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-29 23:38 - 2018-07-13 21:17 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-29 23:38 - 2018-07-13 21:17 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-29 23:38 - 2018-07-13 21:17 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-29 23:38 - 2018-07-13 21:17 - 000743320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-07-29 23:38 - 2018-07-13 21:16 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-29 23:38 - 2018-07-13 21:16 - 001143096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-29 23:38 - 2018-07-13 21:16 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 006044112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-29 23:38 - 2018-07-13 21:15 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-29 23:38 - 2018-07-13 21:08 - 022006784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-29 23:38 - 2018-07-13 21:03 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-29 23:38 - 2018-07-13 21:03 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-07-29 23:38 - 2018-07-13 21:01 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-29 23:38 - 2018-07-13 21:01 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-29 23:38 - 2018-07-13 21:00 - 022714368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-29 23:38 - 2018-07-13 20:59 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-29 23:38 - 2018-07-13 20:59 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-29 23:38 - 2018-07-13 20:59 - 003553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 008188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 007057920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 004331008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 004559872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 002697216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Controls.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 001703936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Controls.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 001558016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdPinAuthLsa.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe
2018-07-29 23:38 - 2018-07-13 20:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe
2018-07-29 23:38 - 2018-07-13 20:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-07-29 23:38 - 2018-07-13 20:55 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdBroker.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-07-29 23:38 - 2018-07-13 20:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2018-07-29 23:38 - 2018-07-13 20:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 003319808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-07-29 23:38 - 2018-07-13 20:54 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 004770816 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 002904576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 001747968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 001304064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-29 23:38 - 2018-07-13 20:50 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 001359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-07-29 23:38 - 2018-07-13 20:49 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-29 23:38 - 2018-07-13 19:35 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-29 18:48 - 2018-07-29 18:48 - 000002196 _____ C:\Users\Shane\Downloads\Demons - Inspired Tory Lanez x Travis Scott Type Beat Instrumental ( Prod. dannyebtracks).aup
2018-07-29 18:22 - 2018-07-29 18:22 - 001353240 _____ (Microsoft Corporation) C:\Users\Shane\Downloads\winsdksetup.exe
2018-07-29 16:57 - 2018-07-29 16:57 - 002159149 _____ C:\Users\Shane\Downloads\volatility-2.3.1.win32.exe
2018-07-29 16:56 - 2018-07-29 16:56 - 000000000 ____D C:\ProgramData\Guardant
2018-07-29 16:50 - 2018-07-29 16:50 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Passware
2018-07-29 16:49 - 2018-07-29 16:49 - 010021892 _____ C:\volatility-2.3.1.standalone.exe
2018-07-29 16:49 - 2018-07-29 16:49 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Belkasoft
2018-07-29 16:49 - 2018-07-29 16:49 - 000000000 ____D C:\Users\Shane\AppData\Local\Belkasoft
2018-07-29 16:48 - 2018-07-29 16:48 - 000000000 ____D C:\ProgramData\Belkasoft
2018-07-29 16:47 - 2018-07-29 16:47 - 000000000 ____D C:\Program Files\Common Files\Guardant
2018-07-29 16:47 - 2017-12-27 13:58 - 000680760 _____ (Aktiv Co.) C:\WINDOWS\system32\grddrv.cpl
2018-07-29 16:47 - 2017-12-27 13:58 - 000657208 _____ (Aktiv Co.) C:\WINDOWS\SysWOW64\grddiag.exe
2018-07-29 16:47 - 2017-12-27 13:58 - 000394552 _____ (Aktiv Co.) C:\WINDOWS\system32\grddrv.dll
2018-07-29 16:46 - 2018-07-03 13:04 - 000011024 ____N C:\Users\Shane\Downloads\README.txt
2018-07-29 16:46 - 2018-07-03 13:04 - 000000639 ____N C:\Users\Shane\Downloads\File_id.diz
2018-07-29 16:12 - 2018-07-29 16:12 - 000000000 ____D C:\Users\Shane\lucky_data
2018-07-25 17:09 - 2018-07-25 17:09 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Giegerich & Partner GmbH
2018-07-25 17:08 - 2018-07-25 17:08 - 000000000 ____D C:\Program Files (x86)\Giegerich und Partner GmbH
2018-07-25 17:00 - 2018-07-25 17:00 - 003749353 _____ C:\Users\Shane\Downloads\gnupg-1.4.23.tar.bz2
2018-07-25 16:38 - 2018-08-07 14:53 - 000000000 ____D C:\Users\Shane\AppData\Local\Microsoft_Corporation
2018-07-25 16:38 - 2018-07-30 10:40 - 000000000 ____D C:\Users\Shane\AppData\Roaming\OutlookPrivacyPlugin
2018-07-25 16:36 - 2018-07-25 17:03 - 000000000 ____D C:\Users\Shane\AppData\Local\Deployment
2018-07-25 16:36 - 2018-07-25 16:36 - 000000000 ____D C:\Program Files (x86)\Outlook Privacy Plugin
2018-07-25 16:27 - 2018-07-25 16:27 - 000002751 _____ C:\Users\Shane\Downloads\Untitled (1)
2018-07-25 16:27 - 2018-07-25 16:27 - 000000011 _____ C:\Users\Shane\Downloads\Untitled
2018-07-25 16:23 - 2018-07-25 16:23 - 000013951 _____ C:\Users\Shane\Downloads\smime.p7m
2018-07-24 22:05 - 2018-07-24 22:05 - 000003145 _____ C:\Users\Shane\Downloads\Testy_McTest_pub.asc
2018-07-24 21:46 - 2018-07-24 21:46 - 000000000 ____D C:\Users\Shane\AppData\Local\pEp
2018-07-24 21:41 - 2018-07-30 15:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-07-24 21:41 - 2018-07-24 21:48 - 000000000 ____D C:\Users\Shane\AppData\Local\Thunderbird
2018-07-24 21:41 - 2018-07-24 21:41 - 000001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-07-24 21:41 - 2018-07-24 21:41 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Thunderbird
2018-07-24 21:40 - 2018-07-24 21:40 - 002848262 _____ C:\Users\Shane\Downloads\enigmail-2.0.7-sm+tb.xpi
2018-07-24 19:31 - 2018-07-24 22:16 - 000000000 ____D C:\Users\Shane\AppData\Roaming\kleopatra
2018-07-24 19:30 - 2018-08-06 22:23 - 000000000 ____D C:\Users\Shane\AppData\Roaming\gnupg
2018-07-24 19:30 - 2018-07-24 19:30 - 000002123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk
2018-07-24 19:30 - 2018-07-24 19:30 - 000001225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPA.lnk
2018-07-24 19:30 - 2018-07-24 19:30 - 000000000 ____D C:\Program Files (x86)\Gpg4win
2018-07-24 19:30 - 2018-07-24 19:30 - 000000000 ____D C:\Program Files (x86)\GnuPG
2018-07-23 23:33 - 2018-07-23 23:33 - 000312869 _____ C:\Users\Shane\Downloads\ZAPGettingStartedGuide-2.6.pdf
2018-07-23 20:49 - 2018-07-12 21:34 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-23 20:49 - 2018-07-12 21:32 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-23 20:49 - 2018-07-12 21:30 - 002718624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-23 20:49 - 2018-07-12 20:59 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-23 20:49 - 2018-07-11 03:23 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-23 20:49 - 2018-07-11 02:24 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-23 19:53 - 2018-07-23 19:53 - 000000000 ____D C:\Program Files\MySQL
2018-07-23 19:46 - 2018-07-23 19:49 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
2018-07-23 19:42 - 2018-07-23 19:53 - 000000000 ____D C:\ProgramData\MySQL
2018-07-23 19:42 - 2018-07-23 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2018-07-23 19:42 - 2018-07-23 19:42 - 000000000 ____D C:\WINDOWS\System32\Tasks\MySQL
2018-07-23 19:42 - 2018-07-23 19:42 - 000000000 ____D C:\Program Files (x86)\MySQL
2018-07-23 19:30 - 2018-07-23 19:56 - 503031808 ____N C:\Users\Shane\Downloads\DVWA-1.0.7.iso
2018-07-23 19:13 - 2018-07-23 19:14 - 000000000 ____D C:\DVWA-master
2018-07-22 17:38 - 2018-07-22 17:38 - 000001156 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2018-07-22 17:38 - 2018-07-22 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2018-07-22 12:07 - 2018-07-23 21:01 - 000000939 _____ C:\WINDOWS\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749}.job
2018-07-22 12:07 - 2018-07-22 12:07 - 000004136 _____ C:\WINDOWS\System32\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749}
2018-07-19 09:57 - 2018-07-19 12:23 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-17 20:37 - 2018-07-17 20:37 - 000001005 _____ C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
2018-07-16 12:35 - 2018-07-16 12:35 - 000222864 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys
2018-07-16 12:35 - 2018-07-16 12:35 - 000213080 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-12 22:44 - 2018-03-08 12:13 - 000224099 _____ C:\WINDOWS\ZAM.krnl.trace
2018-08-12 22:44 - 2018-03-08 12:13 - 000201489 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-08-12 22:41 - 2018-05-18 13:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-12 19:23 - 2018-04-11 14:04 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2018-08-12 18:32 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-12 18:25 - 2018-05-18 13:39 - 000936252 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-12 18:25 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-12 18:24 - 2017-05-19 01:10 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-12 18:18 - 2018-05-18 14:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-12 18:17 - 2018-05-18 13:40 - 000000000 ____D C:\Users\Shane
2018-08-12 18:17 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-08-12 17:43 - 2018-05-27 02:02 - 000000000 ____D C:\Users\Shane\AppData\LocalLow\Mozilla
2018-08-12 12:42 - 2018-05-18 14:21 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2243521789-936282867-848371492-1001
2018-08-12 12:41 - 2018-05-18 13:40 - 000002410 _____ C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-12 12:41 - 2015-05-08 06:03 - 000000000 ___RD C:\Users\Shane\OneDrive
2018-08-12 12:16 - 2016-12-11 14:18 - 000000000 ____D C:\Program Files\Bitdefender
2018-08-12 12:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-12 12:12 - 2016-09-15 12:32 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-08-12 11:31 - 2016-09-15 12:32 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-08-12 11:29 - 2014-12-16 16:37 - 000000000 ____D C:\Users\Shane\AppData\Local\Battle.net
2018-08-11 17:40 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-11 11:11 - 2018-01-05 11:14 - 000000000 ____D C:\ProgramData\Phoenix360
2018-08-11 10:19 - 2018-05-18 14:21 - 000003644 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-08-11 10:16 - 2015-03-04 22:53 - 000000000 ____D C:\Users\Shane\AppData\Local\CrashDumps
2018-08-11 10:15 - 2014-12-13 02:49 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-08-11 10:12 - 2015-04-12 17:52 - 000000000 ____D C:\Users\Shane\AppData\Local\Downloaded Installations
2018-08-10 19:42 - 2014-12-17 11:05 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-08-10 15:55 - 2018-05-30 18:31 - 000000000 ____D C:\Users\Shane\AppData\Local\D3DSCache
2018-08-10 15:51 - 2016-12-10 18:11 - 000000000 ____D C:\Program Files (x86)\Overwatch Test
2018-08-10 15:50 - 2014-12-16 16:37 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-08-10 00:52 - 2015-03-06 11:38 - 000000000 ____D C:\Users\Shane\Documents\Visual Studio 2013
2018-08-09 22:34 - 2015-10-18 00:35 - 000000000 ____D C:\Users\Shane\Documents\Visual Studio 2015
2018-08-09 22:26 - 2018-06-07 00:59 - 000000000 ____D C:\Users\Shane\Desktop\ReactProjects
2018-08-09 20:45 - 2017-12-18 13:51 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Audacity
2018-08-09 18:59 - 2015-09-10 12:37 - 000000000 ____D C:\Program Files (x86)\DebugMode
2018-08-08 23:43 - 2018-05-18 14:21 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1487318455
2018-08-08 23:43 - 2015-07-31 10:20 - 000000000 ____D C:\Program Files (x86)\Opera
2018-08-08 13:51 - 2014-12-17 12:19 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 10:03 - 2013-08-22 08:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-08-08 08:18 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-08 00:39 - 2018-03-14 21:41 - 000000000 ____D C:\Users\Public\Speedup Sessions
2018-08-07 23:43 - 2014-12-16 16:16 - 000000000 ____D C:\Users\Shane\AppData\Local\NVIDIA Corporation
2018-08-07 16:59 - 2018-07-07 20:51 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-06 22:05 - 2018-04-26 14:07 - 000000000 ____D C:\Users\Shane\AppData\Roaming\npm
2018-08-06 21:47 - 2016-09-09 11:11 - 000000000 ____D C:\Users\Shane\AppData\Roaming\discord
2018-08-06 16:49 - 2014-12-17 12:09 - 000000000 ____D C:\Users\Shane\AppData\Local\Google
2018-08-06 00:21 - 2014-12-17 12:09 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-05 15:07 - 2016-09-24 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2018-08-04 04:38 - 2016-09-09 11:11 - 000000000 ____D C:\Users\Shane\AppData\Local\Discord
2018-08-04 04:04 - 2016-11-29 16:03 - 000056998 _____ C:\WINDOWS\SysWOW64\Defrag.debuglog
2018-08-03 16:17 - 2017-12-01 03:27 - 000000000 ____D C:\Users\Shane\AppData\Local\Packages
2018-08-03 11:08 - 2018-06-11 22:54 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-08-03 11:08 - 2017-05-19 01:10 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-08-03 00:14 - 2015-12-22 23:05 - 000000000 ____D C:\Temp
2018-08-03 00:14 - 2014-12-13 02:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-08-03 00:12 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\Help
2018-08-03 00:11 - 2014-12-16 16:16 - 000000000 ____D C:\Users\Shane\AppData\Local\NVIDIA
2018-08-02 23:39 - 2017-12-05 16:42 - 000000000 ____D C:\Users\Public\Games
2018-08-02 11:35 - 2016-12-11 14:18 - 000609576 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2018-08-02 02:08 - 2018-05-18 13:40 - 000000000 ____D C:\Users\Administrator
2018-08-02 01:49 - 2015-07-31 11:46 - 000000000 ____D C:\AdwCleaner
2018-08-01 23:48 - 2018-06-30 18:34 - 000003734 _____ C:\WINDOWS\System32\Tasks\JavaUpdateSched
2018-08-01 23:48 - 2018-06-30 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-08-01 23:48 - 2015-01-11 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-08-01 23:48 - 2015-01-11 15:30 - 000000000 ____D C:\Program Files\Java
2018-08-01 23:47 - 2018-06-30 18:33 - 000145272 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-08-01 23:09 - 2016-11-29 13:29 - 000000000 ____D C:\Users\Shane\Desktop\OldDesktopStuff 11-29-2016
2018-08-01 22:46 - 2018-05-18 07:59 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-08-01 22:44 - 2018-01-05 12:48 - 000000000 ____D C:\netfilter2
2018-08-01 21:01 - 2016-12-12 15:02 - 000000000 ____D C:\Users\Shane\Desktop\class work
2018-08-01 02:47 - 2018-04-03 09:00 - 004858224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-07-31 11:24 - 2015-12-05 20:10 - 000000000 ____D C:\NVIDIA
2018-07-31 11:23 - 2015-09-16 19:47 - 000000000 ____D C:\Users\Shane\.VirtualBox
2018-07-30 19:05 - 2018-06-13 00:25 - 000000000 ____D C:\ProgramData\Packages
2018-07-30 17:34 - 2018-06-03 18:38 - 000000000 ____D C:\ProgramData\Apple
2018-07-30 16:31 - 2017-12-22 17:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-07-30 16:22 - 2014-12-31 13:26 - 000000000 ____D C:\ProgramData\Norton
2018-07-30 16:18 - 2015-10-20 21:16 - 000000000 ____D C:\Users\Shane\.thumbnails
2018-07-30 16:18 - 2015-07-31 10:48 - 000000000 ____D C:\ProgramData\MFAData
2018-07-30 16:17 - 2017-05-08 10:30 - 000000000 ____D C:\Users\Shane\.idlerc
2018-07-30 16:17 - 2015-12-05 19:41 - 000000000 ____D C:\Users\Shane\.oracle_jre_usage
2018-07-30 16:17 - 2015-03-05 13:34 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Mumble
2018-07-30 16:17 - 2015-01-27 23:42 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Skype
2018-07-30 16:07 - 2015-08-24 22:00 - 000000000 ____D C:\Users\Shane\AppData\LocalLow\Temp
2018-07-30 16:07 - 2015-08-21 23:31 - 000000000 ____D C:\Intel
2018-07-30 15:49 - 2018-05-12 16:30 - 000000000 ____D C:\xampp
2018-07-30 15:48 - 2016-09-15 12:26 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-07-30 15:48 - 2016-06-17 11:47 - 000000000 ____D C:\adbLink
2018-07-30 15:47 - 2016-11-13 02:07 - 000000000 ____D C:\Program Files (x86)\InnerSpace
2018-07-30 15:47 - 2016-09-09 11:11 - 000000000 ____D C:\Users\Shane\AppData\Local\SquirrelTemp
2018-07-30 15:47 - 2016-06-03 13:32 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Sony
2018-07-30 15:47 - 2015-09-02 17:17 - 000000000 ____D C:\Users\Shane\Documents\Add-in Express
2018-07-30 15:46 - 2018-05-09 01:32 - 000000000 ____D C:\Program Files\Sublime Text 3
2018-07-30 15:46 - 2017-12-16 18:35 - 000000000 ____D C:\Program Files (x86)\VPN Unlimited
2018-07-30 15:46 - 2016-09-22 19:09 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2018-07-30 15:46 - 2015-04-20 11:46 - 000000000 ____D C:\Program Files (x86)\CarbonPoker Odds Calculator
2018-07-30 15:46 - 2015-04-05 22:35 - 000000000 ____D C:\AmericasCardroom
2018-07-30 15:46 - 2015-02-03 14:40 - 000000000 ____D C:\Users\Shane\AppData\LocalLow\raidcall
2018-07-30 15:45 - 2018-05-25 18:21 - 000000000 ____D C:\Users\Shane\AppData\Roaming\TeamViewer
2018-07-30 15:45 - 2016-11-29 12:12 - 000000000 ____D C:\Windows10Upgrade
2018-07-30 15:45 - 2015-12-05 15:40 - 000000000 ____D C:\Users\Shane\Documents\The Witcher 3
2018-07-30 15:45 - 2015-04-20 11:46 - 000000000 ____D C:\Program Files (x86)\CarbonPoker
2018-07-30 15:45 - 2015-01-31 22:42 - 000000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2018-07-30 15:44 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-07-30 15:44 - 2015-07-31 17:57 - 000000000 ____D C:\Users\Shane\Documents\Adobe
2018-07-30 15:43 - 2018-06-19 18:16 - 000000000 ____D C:\Users\Shane\AppData\Roaming\EasyAntiCheat
2018-07-30 15:43 - 2018-05-31 14:26 - 000000000 ____D C:\Users\Shane\AppData\Local\GitHubDesktop
2018-07-30 15:43 - 2018-05-22 01:12 - 000000000 ____D C:\Users\Shane\AppData\Local\Postman
2018-07-30 15:43 - 2018-05-09 01:47 - 000000000 ____D C:\Users\Shane\AppData\Local\clink
2018-07-30 15:43 - 2017-10-17 17:18 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Twitch
2018-07-30 15:43 - 2017-04-16 18:37 - 000000000 ____D C:\Users\Shane\boost_1_63_0
2018-07-30 15:43 - 2016-09-09 02:05 - 000000000 ____D C:\Users\Shane\AppData\Local\ConnectedDevicesPlatform
2018-07-30 15:43 - 2015-12-09 19:52 - 000000000 ____D C:\Users\Shane\AppData\Roaming\codelite
2018-07-30 15:43 - 2015-08-18 21:37 - 000000000 ____D C:\Users\Shane\AppData\Local\GameMaker-Studio
2018-07-30 15:43 - 2015-01-27 23:07 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Ventrilo
2018-07-30 15:42 - 2018-07-02 14:15 - 000000000 ____D C:\Users\Shane\AppData\Local\PlaceholderTileLogoFolder
2018-07-30 15:42 - 2017-12-22 17:01 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\TeamViewer
2018-07-30 15:42 - 2017-12-20 15:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\discord
2018-07-30 15:41 - 2014-12-16 16:27 - 000000000 ____D C:\Program Files (x86)\Steam
2018-07-30 12:14 - 2018-04-03 09:01 - 000065792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-07-30 12:14 - 2018-04-03 09:00 - 000044271 _____ C:\WINDOWS\system32\nvinfo.pb
2018-07-30 11:58 - 2016-08-04 13:52 - 000000000 ____D C:\Users\Shane\AppData\Roaming\MassPlanner2
2018-07-30 11:16 - 2015-09-02 17:17 - 000000000 ____D C:\ProgramData\WinZip
2018-07-30 10:55 - 2017-12-08 12:05 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
2018-07-30 10:43 - 2016-11-29 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-07-30 10:43 - 2014-12-13 02:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-30 10:41 - 2017-05-19 01:10 - 005947600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 002612264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 001767632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000634352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000450768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000124216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-07-30 10:40 - 2018-05-27 02:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-30 10:40 - 2015-12-05 00:05 - 000000000 ____D C:\Program Files (x86)\VyprVPN
2018-07-30 07:42 - 2018-06-03 18:53 - 000000000 ____D C:\Users\Public\Documents\Avid Video Engine
2018-07-30 07:42 - 2018-06-03 18:46 - 000000000 ____D C:\Program Files\Avid
2018-07-30 01:18 - 2018-05-18 13:33 - 005615080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-30 01:13 - 2018-04-11 16:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-07-30 01:13 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-30 01:13 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-07-30 01:08 - 2016-06-09 23:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-30 01:00 - 2017-12-11 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2018-07-29 23:47 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-29 19:44 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-29 18:48 - 2015-03-06 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2018-07-29 18:43 - 2015-03-06 11:11 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2018-07-29 08:00 - 2016-10-29 14:11 - 000000000 ____D C:\Program Files (x86)\TradeSkillMaster Application
2018-07-28 21:36 - 2015-03-15 11:18 - 000000000 ____D C:\Users\Shane\Documents\Outlook Files
2018-07-28 02:13 - 2016-06-23 23:04 - 000000000 ____D C:\Users\Shane\AppData\Local\ElevatedDiagnostics
2018-07-25 16:35 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-07-24 02:03 - 2017-05-19 01:10 - 008253772 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-07-23 21:16 - 2015-07-31 17:05 - 000000000 ____D C:\Users\Shane\AppData\Local\Adobe
2018-07-23 21:15 - 2018-07-07 14:02 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-23 21:15 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-23 21:15 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-23 19:46 - 2017-05-02 15:50 - 000000000 ____D C:\Users\Shane\AppData\Local\Package Cache
2018-07-22 23:09 - 2015-09-16 19:47 - 000000000 ____D C:\Users\Shane\VirtualBox VMs
2018-07-22 12:58 - 2016-09-24 14:36 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2018-07-20 10:33 - 2016-10-29 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application
2018-07-20 06:05 - 2018-06-02 13:54 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-19 12:23 - 2016-12-03 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-07-19 12:23 - 2013-09-30 12:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-18 19:16 - 2016-04-15 13:43 - 000000000 ____D C:\Users\Shane\Documents\Sound recordings
2018-07-17 20:53 - 2015-01-24 17:44 - 000000000 ____D C:\Program Files (x86)\World of Warcraft Public Test
2018-07-16 21:47 - 2017-05-19 01:10 - 000950592 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-07-16 12:35 - 2018-03-08 20:12 - 000984376 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2018-07-16 12:35 - 2018-03-08 20:12 - 000168896 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
 
==================== Files in the root of some directories =======
 
2015-09-09 17:52 - 2015-09-09 17:54 - 000163219 _____ () C:\Users\Shane\maxout_10028.dat
2015-09-24 13:49 - 2015-09-24 13:51 - 000013121 _____ () C:\Users\Shane\maxout_13044.dat
2015-08-25 15:27 - 2015-08-25 15:29 - 000004907 _____ () C:\Users\Shane\maxout_13796.dat
2015-11-13 21:35 - 2015-11-13 21:36 - 000014342 _____ () C:\Users\Shane\maxout_15904.dat
2015-11-13 21:21 - 2015-11-13 21:24 - 000014342 _____ () C:\Users\Shane\maxout_19172.dat
2015-08-25 15:38 - 2015-08-25 15:45 - 000004907 _____ () C:\Users\Shane\maxout_7140.dat
2018-06-12 00:09 - 2018-06-24 23:15 - 000000033 _____ () C:\Users\Shane\AppData\Roaming\AdobeWLCMCache.dat
2015-08-13 11:45 - 2015-08-13 11:45 - 000000112 _____ () C:\Users\Shane\AppData\Roaming\JP2K CS6 Prefs
2018-06-24 23:22 - 2018-06-24 23:22 - 000000028 _____ () C:\Users\Shane\AppData\Roaming\kulerdata.json
2018-08-08 00:06 - 2018-08-08 00:06 - 000000036 _____ () C:\Users\Shane\AppData\Local\housecall.guid.cache
2018-08-08 00:19 - 2018-08-08 00:19 - 000000010 _____ () C:\Users\Shane\AppData\Local\sponge.last.runtime.cache
2018-04-10 12:52 - 2018-04-10 12:52 - 000000000 ____N () C:\Users\Shane\AppData\Local\{59745BC6-AB93-47AE-A3E3-ACEDF246D979}
2017-12-02 10:16 - 2017-12-02 10:16 - 000000000 ____N () C:\Users\Shane\AppData\Local\{944BCD73-00FD-4536-B994-737E9BF5959A}
 
Some files in TEMP:
====================
2018-08-12 12:16 - 2018-08-12 12:16 - 000290304 _____ (Microsoft Corporation) C:\Users\Shane\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-18 13:33
 

 

==================== End of FRST.txt ============================

Edited by terpy, 13 August 2018 - 02:57 AM.


#5 terpy

terpy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 13 August 2018 - 02:50 AM

addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Shane (12-08-2018 22:45:37)
Running from C:\Users\Shane\Desktop\Security  Tools
Windows 10 Home Version 1803 17134.191 (X64) (2018-05-18 21:38:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2243521789-936282867-848371492-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2243521789-936282867-848371492-503 - Limited - Disabled)
Guest (S-1-5-21-2243521789-936282867-848371492-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2243521789-936282867-848371492-1005 - Limited - Enabled)
Shane (S-1-5-21-2243521789-936282867-848371492-1001 - Administrator - Enabled) => C:\Users\Shane
WDAGUtilityAccount (S-1-5-21-2243521789-936282867-848371492-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Emsisoft Anti-Malware (Enabled - Up to date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {DC16DD39-CCB9-A216-985D-0316186C71B0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.08 beta (x64) (HKLM\...\7-Zip) (Version: 15.08 - Igor Pavlov)
7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_2_1) (Version: 14.2.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_6) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.6 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2018 (HKLM-x32\...\DRWV_18_1) (Version: 18.1 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_1) (Version: 22.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_1_0) (Version: 12.1.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_1_2) (Version: 11.1.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_3) (Version: 19.1.3 - Adobe Systems Incorporated)
AmericasCardroom (HKLM-x32\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.6 - IGSoft)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apache Tomcat 8.0.27 (HKLM\...\nbi-tomcat-8.0.27.0.0) (Version:  - )
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{9F429DF7-F8DD-4980-9673-E6DACA012F6C}) (Version: 3.3 - Microsoft Corporation) Hidden
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AVG PC TuneUp 2015 (en-US) (HKLM-x32\...\{4AC74ED1-719B-46DA-8B8A-340FBF892291}) (Version: 15.0.1001.604 - AVG Technologies) Hidden
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 11.3.0 - Avid Technology, Inc.)
Avira (HKLM-x32\...\{B5B610D2-992E-45B8-A888-0BC163C539C9}) (Version: 1.2.117.17323 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{fcfe3cca-17f1-49fe-8deb-729b45d9c923}) (Version: 1.2.117.17323 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.7.1.7268 - Avira Operations GmbH & Co. KG)
AVSDK5 (HKLM\...\{D5A6E342-907C-4CEF-96CC-FC2F4990DC9C}) (Version: 5.4.30 - CYREN Inc.) Hidden
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.2.1195 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{E719AF7A-FBD9-45F8-AD4F-EBD1EFD985BB}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
BetOnline Client (remove only) (HKLM-x32\...\BetOnLine Client) (Version: 1.0 - BetOnlineDevelopment)
BetOnline Poker 8.2 (HKLM-x32\...\BetOnline Poker 8.2) (Version: 8.2.12.201411270900 - Hero Poker Network)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.21.970 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.22.1050 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.1.1 - Bitdefender)
Bitdefender VPN (HKLM\...\Bitdefender VPN) (Version: 22.0.7.583 - Bitdefender)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.7 - Kakao Games Europe B.V.)
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (HKLM-x32\...\{403759F5-1D77-49F4-812D-AF43196E8C74}) (Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\{87E4F4E2-99A4-44C6-9175-9FF2773E46CF}) (Version: 2.76.0 - Blender Foundation)
Brackets (HKLM-x32\...\{73C9B88C-61DF-4DC1-9F38-8FBB2AF45816}) (Version: 1.12.1 - brackets.io)
Build Tools - amd64 (HKLM\...\{4926C378-8A39-4273-AF6F-726F899F9F74}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{BB543516-F37F-46A4-BED1-C5146A6D9892}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{5DF74EA2-A660-446F-93B3-B19823435C30}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{FCB384E7-0E3F-431E-A510-2458E1FF21ED}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
CarbonPoker (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\CarbonPoker) (Version: 6.0 - )
Chrome Remote Desktop Host (HKLM-x32\...\{67971EAD-F5D1-45A6-B281-A09D3193DB3F}) (Version: 69.0.3497.7 - Google Inc.)
Complemento do Microsoft Report Viewer para Visual Studio 2013 (HKLM-x32\...\{1B5ABBBD-3808-403D-A224-F1ACB0A00EB1}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Complemento Microsoft Report Viewer para Visual Studio 2013 (HKLM-x32\...\{56A47015-095E-48CA-819F-15D0B52C274B}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (HKLM-x32\...\{44AEF1F7-C770-471C-AA62-4145A4F2C517}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
CrypTool 1.4.41 (HKLM-x32\...\CrypTool) (Version: 1.4.41 - CrypTool Team)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.82 - NVIDIA Corporation) Hidden
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition 5.18.1 (HKLM-x32\...\{9890DF1A-10E9-4236-94B1-1EFAA4099F13}) (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Easy Photo Scan (HKLM-x32\...\{93AEF2AF-86FB-42AD-8392-5DAEC0638B1A}) (Version: 1.00.0012 - Seiko Epson Corporation)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2018.5 - Emsisoft Ltd.)
Entity Framework 6.1.0 Tools  for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson Printer Connection Checker (HKLM-x32\...\{9A09FA7F-C756-4B47-98D0-6C8482980A46}) (Version: 2.1.0.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EPSON XP-430 Series Printer Uninstall (HKLM\...\EPSON XP-430 Series) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Git version 2.16.2 (HKLM\...\Git_is1) (Version: 2.16.2 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\GitHubDesktop) (Version: 1.2.2 - GitHub, Inc.)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.8 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
gpg4o - GPG for Outlook 5.3.201.9100 (MSI) (HKLM-x32\...\{BC7DF0B9-330B-4B59-8455-700000009100}) (Version: 5.3.201 - Giegerich und Partner GmbH) Hidden
gpg4o - GPG for Outlook v5.3.201.9100 (HKLM-x32\...\{545f18f7-e593-4e38-b994-5d0aedfd3dce}) (Version: 5.3.201.9100 - Giegerich und Partner GmbH)
Gpg4win (3.1.2) (HKLM-x32\...\Gpg4win) (Version: 3.1.2 - The Gpg4win Project)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Haskell Platform 8.0.2 (HKLM\...\HaskellPlatform-8.0.2) (Version:  - Haskell.org)
Haskell Stack (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\Haskell Stack) (Version:  - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}) (Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
IntelliJ IDEA 2018.1.3 (HKLM-x32\...\IntelliJ IDEA 2018.1.3) (Version: 181.4892.42 - JetBrains s.r.o.)
Java 10.0.2 (64-bit) (HKLM\...\{EECB2736-D013-5AC5-9917-7656712F6931}) (Version: 10.0.2.0 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java SE Development Kit 8 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.26 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
Java™ SE Development Kit 10.0.1 (64-bit) (HKLM\...\{398EFBE6-18DB-5E47-8E12-481F95602239}) (Version: 10.0.1.0 - Oracle Corporation)
Java™ SE Development Kit 9.0.1 (64-bit) (HKLM\...\{4AC8DBB2-1AE5-5156-83F9-D4E2E6DD564B}) (Version: 9.0.1.0 - Oracle Corporation)
Kanto Player version 10.0.0.0 (HKLM-x32\...\{39E3D7C6-0677-49C8-905B-4D1874A17DE1}_is1) (Version: 10.0.0.0 - Globosoft S.R.L.)
Kits Configuration Installer (HKLM-x32\...\{6F502640-B753-C101-FFA5-B38C3FA5B29A}) (Version: 10.1.17134.12 - Microsoft) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
LocalESPC (HKLM-x32\...\{62910715-63E3-0AB0-0B29-99140DE1C15E}) (Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us (HKLM-x32\...\{326A5052-061C-F656-31E3-3B73842ABD46}) (Version: 8.59.29989 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH) Hidden
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\MX.{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (HKLM\...\{EFF38464-ED43-451C-9117-F910728B3FF8}) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{EFF38464-ED43-451C-9117-F910728B3FF8}) (Version: 7.0.1.27 - MAGIX Software GmbH)
Malware Killer (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.427 - Iolo Technologies, LLC)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Memory Profiler (HKLM-x32\...\{4A037836-B224-4890-9631-341F759AD703}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{68DA3B27-2C18-4366-93B0-6B97F5E9B309}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{229FC339-A2DE-46C7-8AB7-E64BD2FD9592}) (Version: 4.7.03056 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{90FBABBB-0CFC-469F-971F-0A1F11F5AF2E}) (Version: 4.7.03056 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9126.2259 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9126.2259 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2243521789-936282867-848371492-500\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{4B2B6F4B-9B09-46ED-935E-A84A669D2DC9}) (Version: 2.8.2.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{84e72603-1a6a-4c51-81b3-de36aabcc4f8}) (Version: 12.0.30501 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Module Microsoft Report Viewer pour Visual Studio 2013 (HKLM-x32\...\{607562A3-7BD3-4EDE-BDEA-4F1A8D7E84AA}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.9.1 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
MySQL Installer - Community (HKLM-x32\...\{E893209B-DB26-475E-ABE3-900812CBDF9A}) (Version: 1.4.25.0 - Oracle Corporation)
MySQL Server 8.0 (HKLM\...\{11CF35A6-DF56-426A-8FEF-BAA039D8FF31}) (Version: 8.0.11 - Oracle Corporation)
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Node.js (HKLM\...\{F69C1A4C-0402-462C-B95D-6BEAED881FA1}) (Version: 8.11.1 - Node.js Foundation)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.82 - NVIDIA Corporation)
NVIDIA Graphics Driver 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Oculus Rift Sensor Driver (HKLM\...\{4FC053C6-9DF5-45EC-B478-979398DA5E3F}) (Version: 1.0.14.0 - Oculus VR, LLC)
Oculus Runtime (HKLM-x32\...\Oculus Runtime 0.8.0.0-public-release-117061) (Version: 0.8.0.0-public-release-117061 - Oculus VR, LLC)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Opera Stable 54.0.2952.71 (HKLM-x32\...\Opera 54.0.2952.71) (Version: 54.0.2952.71 - Opera Software)
Oracle VM VirtualBox 5.2.16 (HKLM\...\{9BDE6621-5201-47E9-8394-FF44CBD66A1E}) (Version: 5.2.16 - Oracle Corporation)
Outlook Privacy Plugin (HKLM-x32\...\{68E34B9C-F9B5-4346-B394-F22B2A726306}) (Version: 2.0.5627.23349 - Deja vu Security)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.3.0756 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.3.0756 - PACE Anti-Piracy, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 2.5.1.4585 - Grinding Gear Games) Hidden
Path of Exile (HKLM-x32\...\{e4bece34-29a4-49b4-9517-941948cdb429}) (Version: 2.5.1.4585 - Grinding Gear Games)
Phoenix360 (HKLM-x32\...\{AE251E8F-2A54-49D8-84CC-914D86A0A207}) (Version: 2.2.1.391 - iolo Technologies, LLC)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
Postman-win64-6.1.2 (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\Postman) (Version: 6.1.2 - Postman)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Privacy Guardian (HKLM-x32\...\PrivacyGuardian) (Version: 1.0.7.0 - iolo technologies, LLC)
Python 3.6.0 (32-bit) (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{e11344b8-2f53-4139-aacd-cb4176efbc4c}) (Version: 3.6.150.0 - Python Software Foundation)
Python 3.6.0 Core Interpreter (32-bit) (HKLM-x32\...\{FC638B75-E969-4496-A546-9D78EA7D8F35}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Development Libraries (32-bit) (HKLM-x32\...\{F2A430F2-A7AC-4B46-808A-FC6E8419ABDE}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Documentation (32-bit) (HKLM-x32\...\{A66771E3-430A-40A7-B00C-94A239396BEE}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (32-bit) (HKLM-x32\...\{3C182441-3C75-4113-A28D-D3AEAD85B320}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 pip Bootstrap (32-bit) (HKLM-x32\...\{1D427483-31FE-4ED4-AD39-AB78BBF7D22D}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (32-bit) (HKLM-x32\...\{4CB36E4F-EC00-479B-AA25-0B9EC5385B0C}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C7D63030-7738-499A-A0D2-8549174D2B70}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (32-bit) (HKLM-x32\...\{6EAD5F85-97EC-4AFB-84D2-D52AC41D3C66}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Utility Scripts (32-bit) (HKLM-x32\...\{7C3DAC9E-E229-415C-A600-5974B5D9DE7F}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.1 (64-bit) (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{5984d629-979e-4439-b893-accde1a00a68}) (Version: 3.6.1150.0 - Python Software Foundation)
Python 3.6.1 Add to Path (64-bit) (HKLM\...\{079FEF6F-9E83-4694-897D-69C30389B772}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Core Interpreter (64-bit) (HKLM\...\{27133190-078A-4A46-81B0-FF476EAEBF2A}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Development Libraries (64-bit) (HKLM\...\{953B4007-8312-48CA-817E-29B43988EB35}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Documentation (64-bit) (HKLM\...\{41626EAD-257F-401F-8531-51C5A7D4CA6C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (64-bit) (HKLM\...\{9139037B-B991-4022-946F-DAA9A9FDC7EE}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 pip Bootstrap (64-bit) (HKLM\...\{5F9A36CA-767E-4922-84AB-73E61264FE5C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (64-bit) (HKLM\...\{B7A716F0-78C1-4CB9-8756-0E51C5DD7622}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (64-bit) (HKLM\...\{AC60D963-1CE4-429B-AB29-F973DC55A918}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (64-bit) (HKLM\...\{A298B2DB-1F21-476D-9BD7-4ECC23101C90}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Utility Scripts (64-bit) (HKLM\...\{7CB8460F-55AD-4C70-8D04-72947C46C85E}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.7 volatility-2.3.1 (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\volatility-py3.7) (Version:  - )
Python 3.7.0 (32-bit) (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{ece37911-ffeb-4f29-95d6-abcf555d7364}) (Version: 3.7.150.0 - Python Software Foundation)
Python 3.7.0 Core Interpreter (32-bit) (HKLM-x32\...\{13BB06D9-FD38-47E5-946E-C2606C554030}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Development Libraries (32-bit) (HKLM-x32\...\{B424BE74-3C96-4974-8754-9D6442286112}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Documentation (32-bit) (HKLM-x32\...\{ABEE159E-FE5B-4E58-BDD7-1DED2F10AAEB}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Executables (32-bit) (HKLM-x32\...\{4642A126-F999-4407-801B-C1C89BDA58C5}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 pip Bootstrap (32-bit) (HKLM-x32\...\{69CFC76B-3434-4919-8885-BA7960725137}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Standard Library (32-bit) (HKLM-x32\...\{09160A5D-8B99-4A89-9E9D-8A6D8E9C7EC1}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{8A09EA6B-C86C-4ECA-8742-C4C1BCA96845}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Test Suite (32-bit) (HKLM-x32\...\{717DB3B4-C457-447B-A8A6-6921A4D917EF}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Utility Scripts (32-bit) (HKLM-x32\...\{FC756D1E-1252-406E-8414-E11FAF97F3C7}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{D6BDDB48-938A-4384-A7BE-2B4E4931B111}) (Version: 3.7.6386.0 - Python Software Foundation)
Python Tools 2.2 for Visual Studio 2013 (HKLM-x32\...\{6D689B7E-ADDB-48F4-90C4-0B9888375688}) (Version: 2.2.30718.00 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.27.511.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0218.1 - REALTEK Semiconductor Corp.)
RegRun Reanimator (HKLM-x32\...\UnHackMe Update - Reanimator_is1) (Version:  - Greatis Software, LLC.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Riftcat (HKLM-x32\...\{482d58be-fe71-4dae-835c-0950729ac3de}) (Version: 1.0.0 - Riftcat)
Riftcat Client (HKLM-x32\...\{B2C26ED3-33A6-4A0E-98EE-6ACEC22C5793}) (Version: 1.0.0.3 - Riftcat) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
SDK Debuggers (HKLM-x32\...\{8238CD59-617A-FE41-8AB4-A88AF3160849}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95150002-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text Build 3170 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
System Mechanic (HKLM-x32\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 18.0.1.391 - iolo technologies, LLC)
System Mechanic Pro (HKLM\...\{1E5E7177-5156-4541-B8D5-B0C7E9064329}) (Version:  - ) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{791295AE-3B0A-3222-9E69-26C8C106E8D1}) (Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TI-Nspire™ Computer Link (HKLM-x32\...\{6C5AC088-3136-4043-8985-8B0772A9580E}) (Version: 3.9.0.455 - Texas Instruments Inc.)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Twitch (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
TypeScript Power Tool (HKLM-x32\...\{8A8A0C13-A9B3-45AF-9A4C-4D351E0DFC8A}) (Version: 1.0.1.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{83499F62-B5EC-4F40-A28C-1297241E4D1D}) (Version: 1.0.1.0 - Microsoft Corporation) Hidden
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
UnHackMe 9.90 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Unity (HKLM-x32\...\Unity) (Version: 2017.3.0f3 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2013 Update 2 (KB2829760) (HKLM-x32\...\{3c348532-c3bd-4bae-a928-7b555f8c808f}) (Version: 12.0.30501 - Microsoft Corporation)
VPN Unlimited 4.18 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 4.18 - KeepSolid Inc.)
VS Update core components (HKLM-x32\...\{39D9555C-47A7-38F6-AEB9-9E7CAE1C6AF5}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
VyprVPN (HKLM\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.7.8.6317 - Golden Frog, GmbH.)
Warcraft Logs Uploader (HKLM-x32\...\{F1010B8C-12DA-C61A-7C32-3AC420F37756}) (Version: 4.15 - UNKNOWN) Hidden
Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 4.15 - UNKNOWN)
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation)
Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
WPT Redistributables (HKLM-x32\...\{F28E1B8B-1F92-80AF-710B-3E0191A25917}) (Version: 10.1.17134.12 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{711802CA-302C-6805-6D1F-D5CEF535F15E}) (Version: 10.1.17134.12 - Microsoft) Hidden
XAMPP (HKLM-x32\...\xampp) (Version: 7.2.5-0 - Bitnami)
Надстройка Microsoft Report Viewer для Visual Studio 2013 (HKLM-x32\...\{30BCD3B4-F753-451F-B8F7-86E115A9AE72}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (HKLM-x32\...\{EA754818-DB87-42B6-9753-E668B9186434}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-FCB919FC5A94}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{92776d32-cf7d-4db1-835e-621c281033ed}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAMShellExt64.dll [2018-03-08] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-06-17] (g10 Code GmbH)
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\x64\Incinerator.dll [2018-08-03] (iolo technologies, LLC)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll -> No File
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll -> No File
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-06-17] (g10 Code GmbH)
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\x64\Incinerator.dll [2018-08-03] (iolo technologies, LLC)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-07-30] (NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAMShellExt64.dll [2018-03-08] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {025E5424-1A2F-4F8E-BB74-E61A8D5A7785} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {02B519A6-CD10-40E2-BEE9-0A4BD8A36DD6} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2018-03-14] (Avira Operations GmbH & Co. KG )
Task: {05D1A8A2-5F83-48D8-A422-6B6E6F2ECDEE} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-05-20] (NVIDIA Corporation)
Task: {0A298F3C-D339-4659-9408-67A7A893DB97} - System32\Tasks\Opera scheduled Autoupdate 1487318455 => C:\Program Files (x86)\Opera\launcher.exe [2018-08-06] (Opera Software)
Task: {0BE58DB4-DF01-4A4E-8F65-7A0F7FCA79CA} - System32\Tasks\S-1-5-21-2243521789-936282867-848371492-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {165C2229-E2D0-42F8-AB6A-D88972258BCB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-05-20] (NVIDIA Corporation)
Task: {1759ADD2-8467-4B13-9C65-5700B28AC6ED} - System32\Tasks\ActiveMessenger-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveMessenger.exe
Task: {224E7899-EB03-460F-91EC-69845FC2961B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {26742BF6-9E81-42B7-A9A9-716601EEFC51} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2018-03-08] (Avira Operations GmbH & Co. KG)
Task: {26BFE09B-2652-4099-8C5D-554F1CF03BC3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2AA8339D-DAC7-4B69-A3C0-C0B6EE3F2AEB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {31FCF4E6-A89F-4074-8D8F-29EA1E7BD9E7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {342B725D-C774-4595-AB87-5881DEF29A4C} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2018-06-13] (Greatis Software)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37D70374-79FD-48D4-8B50-6DB91696C663} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2018-05-16] (Bitdefender)
Task: {3B953EA6-5B73-4E1D-8854-1D54E00BE664} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\4 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {3F29EAE7-DDFB-4F6D-B1A0-CBD24EDA65D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-19] (Microsoft Corporation)
Task: {412463C0-F98D-4EAC-9B64-3F143CB79676} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {45D361C0-0597-4190-BC65-83778E11E355} - System32\Tasks\ActiveMessenger-PrivacyGuardian => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveMessenger.exe
Task: {47BA98D9-E95B-44DB-8EE8-A1D4C136BE4D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {47F42AE0-8169-4539-B3E6-502F5F9BE80C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {52E5E37E-DC50-4CFB-A465-8CE42107F5F4} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {5CAEA5DC-0D0C-490A-8B35-8D4B8DBF25DF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {5E81EC25-B9BD-44BE-A96A-46A9FA1A3C54} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-19] (Microsoft Corporation)
Task: {613474AB-E7BE-41BF-960F-6D8B1529A19F} - System32\Tasks\EPSON XP-430 Series Update {DB1B0FE6-AAE3-4FBA-A97A-0857C28977C5} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {62927EA4-D4AC-4D03-AA36-B321D260B727} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {650C1CF4-DC08-4A34-AFE9-9E360B79C17D} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files (x86)\Phoenix360\MalwareKiller\ZAM.exe [2018-02-14] (Copyright 2018.)
Task: {658A70B7-0D89-40E1-A57B-FCCBC4A1A0FA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {698583E4-8871-438E-9993-A00E760E749E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {6A9B33B9-F556-4CE7-8553-6FD76CA0136C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7602F030-CF62-4737-A60A-34C5039531FD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7634339E-C9B7-4B51-AB8F-0BC6A099B0A8} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2018-03-08] (Avira Operations GmbH & Co. KG)
Task: {7D8AED93-DB12-4EC5-BEC0-6DBDB01C4928} - System32\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {809E4633-6A4C-422E-BC1E-E0F4A1FEBB96} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {82C8AF72-2E5E-4A2D-92AC-F9A8B20741D5} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-06-27] (Oracle Corporation)
Task: {84349628-9B9C-4237-BD18-443A30BFE476} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8F8BE353-F6F3-437F-8D41-5BF5A2CE2B36} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\7 => C:\Program Files (x86)\HV-MS732 Gaming mouse\rsmon.exe [2015-10-20] ()
Task: {90249B6B-A88D-4EC9-A590-324DF0FDD2E2} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-06-27] (Oracle Corporation)
Task: {9462E1CE-F001-4B66-A89B-802E1ECE0781} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-05-16] (Bitdefender)
Task: {9565C9E8-F3FC-4288-BDBA-24BB75D5A0D3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-19] (Microsoft Corporation)
Task: {9624946F-8E36-470C-BABB-8613A61C2172} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {96FCD520-57EA-4EBB-9C4C-8F731EA3DEAB} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {9AD632C4-92D8-4BC3-902F-139F6E2DF5C6} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-scaler0222@gmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {A11D705C-B93D-4989-BBCB-E8D59A1C7604} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-19] (Microsoft Corporation)
Task: {A715D800-3509-4539-8247-DB238EA45CA6} - System32\Tasks\ActiveSync-PrivacyGuardian => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activesync.exe
Task: {A781CBBB-2B3D-4D0F-B12B-3E66BA26E8A4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {A7959D96-159B-4B9A-8731-E6E87357BB66} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-scaler0222@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {ACD0393C-DAB9-4F23-AEDE-0A4CDDC6D81C} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2018-03-17] (Oracle Corporation)
Task: {AE900A0E-B3FF-4165-AFBD-C6B5855F67C6} - System32\Tasks\ActiveSync-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activesync.exe
Task: {B8FCFA90-9CE2-44C3-8946-41DE8DCD2470} - System32\Tasks\ActiveSync-MalwareKiller => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activesync.exe
Task: {BA0BEBFF-A0C5-48C4-9B6C-817C070FA8CD} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {BA25FEB6-A769-4E46-ADFB-7BF60B8D5D4A} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {BEF13E71-67BA-41F0-B442-E714F4012847} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\5 => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2018-04-24] (Adobe Systems Incorporated)
Task: {BF5F15C5-C45A-4405-A43C-3FB04F4D050B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-20] (NVIDIA Corporation)
Task: {C46ADB6E-007F-4643-BA82-4E26F10D9812} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CB21B67D-38A2-4EE2-862A-F6FB1068465F} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\9 => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Task: {CDB8AF6E-2F32-4C47-8927-38A1676F535E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {D1402DE7-8516-4341-B93C-31D9AA988E29} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-07-10] (Microsoft Corporation)
Task: {DAAA6167-B7FC-47E3-97D8-9CB0B73E72F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-19] (Microsoft Corporation)
Task: {EA80B604-0490-4D11-AB4D-FD998E97F32C} - System32\Tasks\Avira\System Speedup\Delayed Startup\Shane\1 => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIPAE.EXE [2014-11-13] (SEIKO EPSON CORPORATION) <==== ATTENTION
Task: {EBE73E2E-F79F-486E-A98E-2F3451EF096D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EE829BF7-7ED7-4687-A389-3A8C42837B9D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {F1147C63-F453-4FC0-A027-BCDC28C4832A} - System32\Tasks\Microsoft\Windows\PrivacyGuardian\PrivacyGuardianStart => C:\Program Files (x86)\Phoenix360\PrivacyGuardian\PrivacyGuardianApplication.exe [2017-11-16] (iolo technologies, LLC)
Task: {F537DE93-FF46-4EE0-95AE-9F555252273F} - System32\Tasks\Avira\System Speedup\Delayed Startup\Shane\3 => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28] (Safer-Networking Ltd.) <==== ATTENTION
Task: {F70AF660-CABA-4669-9EC2-44A2DE7F05E0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-23] (Adobe Systems Incorporated)
Task: {F76F20D9-4D68-4BE7-A8BF-EEF35C838E7F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {FD6BE568-B641-4953-B42E-E66A80C454E7} - System32\Tasks\ActiveMessenger-MalwareKiller => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveMessenger.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE:/EXE:{CDB9B9D7-847A-4014-88C7-DD2F2D5E4749} /F:UpdateWORKGROUP\SHANES_PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-430 Series Update {DB1B0FE6-AAE3-4FBA-A97A-0857C28977C5}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE:/EXE:{DB1B0FE6-AAE3-4FBA-A97A-0857C28977C5} /F:UpdateWORKGROUP\SHANES_PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.1.5-p273\Interactive Ruby.lnk -> C:\Ruby21\bin\irb.bat ()
 
ShortcutWithArgument: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www.khanacademy.org\https_80\(6) Chemistry _ Khan Academy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.khanacademy.org/science/chemistry
ShortcutWithArgument: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.1.5-p273\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby21\bin\setrbvars.bat
ShortcutWithArgument: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-07-18 02:20 - 2018-07-18 02:20 - 000993728 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02751_004\ashttpbr.mdl
2018-07-18 02:20 - 2018-07-18 02:20 - 000544880 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02751_004\ashttpdsp.mdl
2018-07-18 02:20 - 2018-07-18 02:20 - 003232216 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02751_004\ashttpph.mdl
2018-07-18 02:20 - 2018-07-18 02:20 - 001528320 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02751_004\ashttprbl.mdl
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-06-02 13:55 - 2018-07-20 06:05 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-05-19 01:09 - 2014-01-28 12:16 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2018-02-27 20:08 - 2018-02-27 20:08 - 000614856 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2016-05-08 12:17 - 2018-07-19 12:19 - 008936112 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-10 14:29 - 2018-07-05 23:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 13:07 - 2018-07-17 13:07 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-08-11 17:39 - 2018-08-11 17:39 - 035124224 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-08-11 17:39 - 2018-08-11 17:39 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-08-11 17:39 - 2018-08-11 17:39 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-25 17:40 - 2017-09-25 17:40 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-08-11 17:39 - 2018-08-11 17:39 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-07-30 14:38 - 2018-07-30 15:30 - 000088888 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\zlib1.dll
2018-07-30 14:38 - 2018-07-30 15:29 - 001356088 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\libxml2.dll
2018-05-24 21:36 - 2018-05-20 10:36 - 001315296 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-18 19:26 - 2015-10-20 13:07 - 003341824 _____ () C:\Program Files (x86)\HV-MS732 Gaming mouse\rsmon.exe
2014-12-13 02:49 - 2013-05-07 16:06 - 000096768 ____N () C:\Program Files (x86)\REALTEK\REALTEK USB Wireless LAN Driver\WPSService20.exe
2018-07-30 19:06 - 2018-07-30 19:06 - 001399960 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10325.20091.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2018-07-30 19:05 - 2018-07-30 19:05 - 000199168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-07-30 19:05 - 2018-07-30 19:05 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-30 19:05 - 2018-07-30 19:05 - 007814144 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-05-19 01:09 - 2018-08-12 18:21 - 000029696 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2017-05-19 01:09 - 2014-01-28 12:16 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-03-20 12:43 - 2014-03-20 12:43 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-05-24 21:36 - 2018-05-20 10:36 - 001033184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-18 19:26 - 2011-01-27 00:53 - 000028160 _____ () C:\Program Files (x86)\HV-MS732 Gaming mouse\uiHook.dll
2017-07-19 07:32 - 2017-07-19 07:32 - 000368000 _____ () C:\Program Files (x86)\Phoenix360\PrivacyGuardian\NetFilter\ProtocolFilters.DLL
2017-07-19 07:32 - 2017-07-19 07:32 - 000134528 _____ () C:\Program Files (x86)\Phoenix360\PrivacyGuardian\NetFilter\nfapi.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\sharepoint.com -> hxxps://appslosrios.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2018-08-12 22:19 - 000024915 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 0123movies.com
0.0.0.0 11bet.com
0.0.0.0 12kotov.ru
0.0.0.0 1406588359.rsc.cdn77.org
0.0.0.0 1dnscontrol.com
0.0.0.0 360installer.com
0.0.0.0 77.mycfg.site
0.0.0.0 78325.alexsoff.com
0.0.0.0 88796.alexsoff.com
0.0.0.0 addons-chrome.com
0.0.0.0 adf.ly
0.0.0.0 adsrvr.org
0.0.0.0 adsymptotic.com
0.0.0.0 adturtle.biz
0.0.0.0 adult.yourblocksite.com
0.0.0.0 advertising.com
0.0.0.0 advmaker.su
0.0.0.0 agkn.com
0.0.0.0 akisho.ru
0.0.0.0 alexsoff.com
0.0.0.0 allowcontent.site
0.0.0.0 allsthe.net
0.0.0.0 alphashoppers.com
0.0.0.0 altocloudmedia.com
0.0.0.0 am15.net
0.0.0.0 amtomil.ru
0.0.0.0 andtired.info
0.0.0.0 appchucklegift.com
0.0.0.0 apytrc.com
0.0.0.0 aqua1man.net
 
There are 918 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2243521789-936282867-848371492-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shane\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\yddnbvy.jpg
HKU\S-1-5-21-2243521789-936282867-848371492-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: chromoting => 2
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: EasyAntiCheat => 2
MSCONFIG\Services: OVRService => 2
MSCONFIG\Services: PaceLicenseDServices => 2
MSCONFIG\Services: PandaAgent => 2
MSCONFIG\Services: RunSwUSB => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpeedupService => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: VPNUnlimitedService => 2
MSCONFIG\Services: VyprVPN => 2
MSCONFIG\Services: ZAMSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "OculusConfigUtil.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Cybergenic Shade Home Edition.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "BdVpnApp"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\StartupFolder: => "MassPlanner2.lnk"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\Run: => "VPN Unlimited"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe
FirewallRules: [TCP Query User{18A11324-CB55-48C4-8261-52B6A3BF2E90}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{2E21D9C0-75C8-4B23-92F5-400D6CACBF5E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7CCA553C-353A-4728-AC9A-1F3AB0FA2774}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\69.0.3497.7\remoting_host.exe
FirewallRules: [{DBC82562-F866-4112-961F-B0EAF59A5F61}] => (Allow) C:\Users\Shane\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe
FirewallRules: [{B1261ED1-3EF5-4B69-B78B-ABF7BAE02DE3}] => (Allow) C:\Users\Shane\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
FirewallRules: [TCP Query User{119E05DB-D1DA-409A-A773-488FEA204F74}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{82CA6415-A108-4ECF-8F29-5A47927554BC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7365C72F-A194-4874-88BF-006FA5C5C5B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3283EF4B-1872-4E22-ADCC-A006BE792210}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E489A62A-17FB-4E4C-8E8E-DF09AAF1DD73}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{737E6130-F051-45B1-917F-12FE06A260D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B42BCC49-054C-48BC-B317-AE85764F2FB3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8082E4BE-78E5-43EA-8EF2-15F14FB4F468}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{77E2EE56-F7C6-48CE-A880-2E216CEE6628}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{C5D10574-FE01-4E39-BD40-AAD35D84B631}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4CCC893B-304D-47BF-9C74-18EC7559683C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6686D933-EB05-4D6A-9FCF-B89916DB7BBD}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
FirewallRules: [TCP Query User{788167AC-C4AC-496C-8ED1-3CF84D160336}C:\users\shane\downloads\halo online 0.6\eldorado.exe] => (Allow) C:\users\shane\downloads\halo online 0.6\eldorado.exe
FirewallRules: [UDP Query User{48015A1D-772B-474A-BC5B-15C5EFD76397}C:\users\shane\downloads\halo online 0.6\eldorado.exe] => (Allow) C:\users\shane\downloads\halo online 0.6\eldorado.exe
 
==================== Restore Points =========================
 
12-08-2018 19:01:15 Windows Backup
 
==================== Faulty Device Manager Devices =============
 
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Realtek PCIe GbE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/12/2018 06:08:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/12/2018 02:01:55 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (08/12/2018 12:23:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program unhackme_setup.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 25c8
 
Start Time: 01d43271d5411347
 
Termination Time: 55737
 
Application Path: C:\Users\Shane\AppData\Local\Temp\is-5AV7A.tmp\unhackme_setup.tmp
 
Report Id: b0915ee9-134f-461a-8dfc-ba98c7ed1827
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/12/2018 12:14:47 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (08/12/2018 12:14:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (08/12/2018 11:24:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemMechanic.exe version 18.0.1.391 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: bf6c
 
Start Time: 01d43269ae50de3e
 
Termination Time: 775
 
Application Path: C:\Program Files (x86)\Phoenix360\System Mechanic\SystemMechanic.exe
 
Report Id: d8004872-f85e-4380-898c-ef756b638993
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/11/2018 02:01:57 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (08/11/2018 10:18:49 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
 
System errors:
=============
Error: (08/12/2018 10:20:25 PM) (Source: TermService) (EventID: 1057) (User: )
Description: The RD Session Host Server has failed to create a new self signed certificate to be used for RD Session Host Server authentication on SSL connections. The relevant status code was Object already exists.
.
 
Error: (08/12/2018 08:44:09 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.
 
Error: (08/12/2018 08:12:30 PM) (Source: DCOM) (EventID: 10016) (User: SHANES_PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Shanes_PC\Shane SID (S-1-5-21-2243521789-936282867-848371492-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/12/2018 07:37:09 PM) (Source: DCOM) (EventID: 10016) (User: SHANES_PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Shanes_PC\Shane SID (S-1-5-21-2243521789-936282867-848371492-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/12/2018 06:23:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The netfilter2 service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (08/12/2018 06:19:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ZAMSvc service to connect.
 
Error: (08/12/2018 06:18:59 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.
 
Error: (08/12/2018 06:18:30 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.
 
 
Windows Defender:
===================================
Date: 2018-06-21 00:21:30.316
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3C035A5D-F034-4534-91E9-DF19380F2458}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-20 23:17:14.511
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {078EFA11-3AF3-4EB0-B42A-F78BA9AA142A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-20 23:01:51.540
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6EAFB811-D5A3-4AB2-AD02-25995AE1BFAF}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-20 22:47:03.826
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {48248A17-8CED-4B35-A776-31005ADC10A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-20 22:25:17.791
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {AB099F7D-74CF-45AA-85F8-5BF5790231B8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
CodeIntegrity:
===================================
 
Date: 2018-08-12 18:23:18.222
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-12 12:16:12.956
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-12 11:34:04.738
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-08-12 11:31:08.626
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-12 11:31:08.624
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-12 11:31:08.621
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-12 11:31:08.619
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-09 19:40:06.590
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 34%
Total physical RAM: 16327.28 MB
Available physical RAM: 10653.73 MB
Total Virtual: 17351.28 MB
Available Virtual: 11939.11 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1862.23 GB) (Free:1015.09 GB) NTFS
Drive d: (XP-430_XP-434) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS
 
\\?\Volume{75a111c8-85f5-11e4-8254-806e6f6e6963}\ (System) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS
\\?\Volume{d27788f8-0000-0000-0000-e0a4d1010000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: D27788F8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 

 

==================== End of Addition.txt ============================

Edited by terpy, 13 August 2018 - 02:52 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:39 AM

Posted 13 August 2018 - 01:09 PM

Greetings,

You have far too many antivirus/security type programs on your computer. I would like to clean them out then you can decide what programs to use.

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.
  • Right click Revo Uninstaller and select Run as administrator
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
AVG PC TuneUp
Avira
Avira System Speedup
AVSDK5
Bitdefender Agent
Bitdefender Device Management
Bitdefender Total Security
Bitdefender VPN
Emsisoft Anti-Malware
HitmanPro 3.8
Malware Killer
Phoenix360
Privacy Guardian
RegRun Reanimator
System Mechanic
System Mechanic Pro
UnHackMe 9.90
VPN Unlimited 4.18
VyprVPN
  • Click Yes to any warning screen that may appear
  • If presented with the program uninstall option click Uninstall
  • If asked to restart now click No
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window click Select All, Delete, then Yes
  • If prompted click on Next
  • On the Found leftover files and folders window click on Select all, Delete, Yes, OK on any warning screen, then Finish
  • Reboot your computer into Normal Boot and check the performance
  • Run a new FRST scan and post the logs
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Revo results
  • New FRST reports (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 terpy

terpy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 15 August 2018 - 03:03 AM

Sorry for the delay in my response. So I went ahead and removed all the software that you recommended, though for some reason a few still remained in my FRST log. Also, in Revo (but not the Microsoft Apps settings page), it still lists Bitdefender Agent and Bitdefender VPN, but it won't allow me to remove them, giving an error that says "This action is only valid for products that are currently installed".

 

Here are my FRST.txt and Addition.txt, I'm not sure if by "Revo results" you want a log or if you just mean that I successfully uninstalled the applications, because I couldn't find any logs on the tool's settings.

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Shane (administrator) on SHANES_PC (15-08-2018 00:11:07)
Running from C:\Users\Shane\Desktop\Security  Tools
Loaded Profiles: Shane (Available Profiles: Shane & Administrator)
Platform: Windows 10 Home Version 1803 17134.228 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files (x86)\HV-MS732 Gaming mouse\ETGMSrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIPAE.EXE
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
() C:\Program Files (x86)\REALTEK\REALTEK USB Wireless LAN Driver\WPSService20.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MpCmdRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MpCmdRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [BdVpnApp] => C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe [87344 2018-07-05] (Bitdefender)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)
HKLM\...\Run: [{C12EDCD9-A219-4778-A5FC-0D0F1F219F12}] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-4778-A5FC-0D0F1F219F12}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-47 (the data entry has 36 more characters).
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIPAE.EXE [417776 2014-11-13] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-08-13]
ShortcutTarget: Twitch.lnk -> C:\Users\Shane\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
BootExecute: autocheck autochk * ḫ䗫㴀送SHANES_PC\Shane 䀀
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{449234d4-39cb-4a01-8a84-852ce7f9f3d0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d922699d-3f62-4dda-95db-cd0339f0d366}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e15fa8a2-da66-4941-a1a6-bf8885abb41a}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{f9fef2cd-d98e-47d6-bd23-5c2099baf510}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-19] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.2\bin\jp2ssv.dll [2018-08-01] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll => No File
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-19] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-07-19] (Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 9rtzq1ov.default
FF ProfilePath: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default [2018-08-14]
FF Extension: (No Name) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\@react-devtools.xpi [2018-05-28]
FF Extension: (Avira Browser Safety) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\abs@avira.com [2016-11-29]
FF Extension: (Redux DevTools) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\extension@redux.devtools.xpi [2018-05-27]
FF Extension: (Firefox Hotfix) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-13] [Legacy]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff => not found
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-11-16] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff => not found
FF Plugin: @java.com/DTPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\dtplugin\npDeployJava1.dll [2018-08-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\plugin2\npjp2.dll [2018-08-01] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-07-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-07-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2243521789-936282867-848371492-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default [2018-08-14]
CHR Extension: (Slides) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-01]
CHR Extension: (Docs) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-01]
CHR Extension: (Google Drive) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-02]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-08-01]
CHR Extension: (YouTube) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-08-01]
CHR Extension: (Sheets) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-01]
CHR Extension: (React Developer Tools) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2018-08-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-08-12]
CHR Extension: (Google Docs Offline) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-08-09]
CHR Extension: (Privacy Guardian™ Online Privacy Protection) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\higopmjdpgolhfdefeicklcmgifipcbh [2018-08-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-08-14]
CHR Extension: (The Great Suspender) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2018-08-02]
CHR Extension: (Redux DevTools) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmhkpmbekcpmknklioeibfkpmmfibljd [2018-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-01]
CHR Extension: (Gmail) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-01]
CHR Extension: (Chrome Media Router) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-01]
CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated)
S3 AfVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\vpnservice.exe [321920 2018-06-28] (AnchorFree Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
S3 BdVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [108064 2018-07-05] (Bitdefender)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Corporation)
S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\69.0.3497.7\remoting_host.exe [72024 2018-07-23] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522928 2018-06-30] (Microsoft Corporation)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-19] (EasyAntiCheat Ltd)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [674768 2018-03-11] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ETGMGlcsSrv; C:\Program Files (x86)\HV-MS732 Gaming mouse\ETGMSrv.exe [1181544 2012-04-24] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 MySQL80; C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe [44932096 2018-04-08] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
S4 RunSwUSB; C:\Windows\runSW.exe [44104 2014-01-16] ()
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] ()
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [286208 2018-07-13] (Microsoft Corporation)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R2 unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-08-10] (Reason Software Company Inc.)
S3 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2016-10-11] (CYREN Inc.)
S3 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2016-10-11] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2016-10-11] (CYREN Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-06-19] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-06-19] (Microsoft Corporation)
R2 WPSService20; C:\Program Files (x86)\REALTEK\REALTEK USB Wireless LAN Driver\WPSService20.exe [96768 2013-05-07] () [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S4 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-29] (The OpenVPN Project)
R2 AMP; C:\WINDOWS\system32\Drivers\amp.sys [181512 2016-10-11] (CYREN Inc.)
R2 AMPSE; C:\WINDOWS\system32\Drivers\ampse.sys [1793288 2016-10-11] (CYREN Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R3 GrdKey; C:\WINDOWS\system32\DRIVERS\grdkey.sys [1211136 2017-12-27] (Aktiv Co.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-07] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52ac7eb8f32780d5\nvlddmkm.sys [17211376 2018-08-01] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31200 2018-05-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-07-30] (NVIDIA Corporation)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1106256 2018-06-24] (Realtek )
R3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [8228688 2018-05-03] (Realtek Semiconductor Corporation )
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-11] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-08-08] ()
R3 usbglcs1100302; C:\WINDOWS\system32\drivers\usbglcs1100302.sys [25600 2014-06-11] (Windows ® Win 7 DDK provider)
R3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [213080 2018-07-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [222864 2018-07-16] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-06-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-06-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-06-19] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2017-12-21] (Wellbia.com Co., Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [250024 2018-03-08] (Copyright 2017.)
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-15 00:06 - 2018-08-15 00:06 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2018-08-14 23:26 - 2018-08-14 23:26 - 000184034 _____ C:\ProgramData\cl.uninstall.1534314015.bdinstall.bin
2018-08-14 23:21 - 2018-08-14 23:21 - 000036485 _____ C:\ProgramData\dm.uninstall.1534314056.bdinstall.bin
2018-08-14 23:18 - 2018-08-14 23:18 - 000017498 _____ C:\ProgramData\agent.uninstall.1534313900.bdinstall.bin
2018-08-14 20:04 - 2018-08-03 01:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-08-14 20:04 - 2018-08-03 01:20 - 004049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-08-14 20:04 - 2018-08-03 01:20 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-08-14 20:04 - 2018-08-03 00:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-08-14 20:04 - 2018-08-02 20:40 - 001221048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-08-14 20:04 - 2018-08-02 20:40 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-08-14 20:04 - 2018-08-02 20:40 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-08-14 20:04 - 2018-08-02 20:40 - 000228136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-08-14 20:04 - 2018-08-02 20:39 - 009091480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-08-14 20:04 - 2018-08-02 20:39 - 002829216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-08-14 20:04 - 2018-08-02 20:39 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-08-14 20:04 - 2018-08-02 20:39 - 000170936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-08-14 20:04 - 2018-08-02 20:38 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-08-14 20:04 - 2018-08-02 20:38 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-08-14 20:04 - 2018-08-02 20:38 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-08-14 20:04 - 2018-08-02 20:25 - 002255008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-08-14 20:04 - 2018-08-02 20:25 - 001131064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-08-14 20:04 - 2018-08-02 20:25 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-08-14 20:04 - 2018-08-02 20:15 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-08-14 20:04 - 2018-08-02 20:14 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-08-14 20:04 - 2018-08-02 20:13 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-08-14 20:04 - 2018-08-02 20:13 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-08-14 20:04 - 2018-08-02 20:12 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-08-14 20:04 - 2018-08-02 20:11 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-08-14 20:04 - 2018-08-02 20:11 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-08-14 20:04 - 2018-08-02 20:11 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-08-14 20:04 - 2018-08-02 20:11 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-08-14 20:04 - 2018-08-02 20:10 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-08-14 20:04 - 2018-08-02 20:09 - 005776896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-08-14 20:04 - 2018-08-02 20:09 - 004529664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2018-08-14 20:04 - 2018-08-02 20:09 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-08-14 20:04 - 2018-08-02 20:09 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-08-14 20:04 - 2018-08-02 20:09 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-08-14 20:04 - 2018-08-02 20:08 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-08-14 20:04 - 2018-08-02 20:08 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-08-14 20:04 - 2018-08-02 20:08 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-08-14 20:04 - 2018-08-02 20:08 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-08-14 20:04 - 2018-08-02 20:06 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-08-14 20:04 - 2018-08-02 20:05 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-08-14 20:04 - 2018-08-02 20:05 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-08-14 20:03 - 2018-08-03 01:39 - 021389368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-08-14 20:03 - 2018-08-03 01:21 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-08-14 20:03 - 2018-08-03 01:21 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-08-14 20:03 - 2018-08-03 00:43 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-08-14 20:03 - 2018-08-03 00:29 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-08-14 20:03 - 2018-08-02 22:41 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-08-14 20:03 - 2018-08-02 21:49 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-08-14 20:03 - 2018-08-02 20:47 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-08-14 20:03 - 2018-08-02 20:46 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-08-14 20:03 - 2018-08-02 20:46 - 000269248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-08-14 20:03 - 2018-08-02 20:41 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-08-14 20:03 - 2018-08-02 20:40 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-08-14 20:03 - 2018-08-02 20:40 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-08-14 20:03 - 2018-08-02 20:39 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-08-14 20:03 - 2018-08-02 20:39 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-08-14 20:03 - 2018-08-02 20:39 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-08-14 20:03 - 2018-08-02 20:38 - 001945792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-08-14 20:03 - 2018-08-02 20:38 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-08-14 20:03 - 2018-08-02 20:38 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-08-14 20:03 - 2018-08-02 20:38 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-08-14 20:03 - 2018-08-02 20:38 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-08-14 20:03 - 2018-08-02 20:38 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-08-14 20:03 - 2018-08-02 20:38 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-08-14 20:03 - 2018-08-02 20:26 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-08-14 20:03 - 2018-08-02 20:25 - 006568784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-08-14 20:03 - 2018-08-02 20:25 - 001622296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-08-14 20:03 - 2018-08-02 20:25 - 000583120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-08-14 20:03 - 2018-08-02 20:23 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-08-14 20:03 - 2018-08-02 20:18 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-08-14 20:03 - 2018-08-02 20:18 - 022007808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-08-14 20:03 - 2018-08-02 20:17 - 004380160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-08-14 20:03 - 2018-08-02 20:16 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-08-14 20:03 - 2018-08-02 20:13 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-08-14 20:03 - 2018-08-02 20:13 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-08-14 20:03 - 2018-08-02 20:12 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-08-14 20:03 - 2018-08-02 20:12 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-08-14 20:03 - 2018-08-02 20:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-08-14 20:03 - 2018-08-02 20:11 - 005746688 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2018-08-14 20:03 - 2018-08-02 20:11 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-08-14 20:03 - 2018-08-02 20:11 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-08-14 20:03 - 2018-08-02 20:11 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-08-14 20:03 - 2018-08-02 20:11 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-08-14 20:03 - 2018-08-02 20:09 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-08-14 20:03 - 2018-08-02 20:09 - 001932288 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-08-14 20:03 - 2018-08-02 20:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-08-14 20:03 - 2018-08-02 20:09 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-08-14 20:03 - 2018-08-02 20:08 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-08-14 20:03 - 2018-08-02 20:08 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-08-14 20:03 - 2018-08-02 20:07 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-08-14 20:03 - 2018-08-02 20:07 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-08-14 20:03 - 2018-08-02 20:06 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-08-14 20:03 - 2018-08-02 20:06 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-08-14 20:03 - 2018-08-02 20:06 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-08-14 20:03 - 2018-08-02 20:06 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-08-14 20:02 - 2018-08-03 01:39 - 000790304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-08-14 20:02 - 2018-08-03 01:25 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-08-14 20:02 - 2018-08-03 01:25 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-08-14 20:02 - 2018-08-03 01:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-08-14 20:02 - 2018-08-03 01:24 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2018-08-14 20:02 - 2018-08-03 01:24 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-08-14 20:02 - 2018-08-03 01:22 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-08-14 20:02 - 2018-08-03 01:21 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-08-14 20:02 - 2018-08-03 01:20 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2018-08-14 20:02 - 2018-08-03 01:19 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-08-14 20:02 - 2018-08-03 00:45 - 000663128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-08-14 20:02 - 2018-08-03 00:33 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-08-14 20:02 - 2018-08-03 00:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-08-14 20:02 - 2018-08-03 00:32 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2018-08-14 20:02 - 2018-08-03 00:30 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-08-14 20:02 - 2018-08-03 00:29 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-08-14 20:02 - 2018-08-03 00:27 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-08-14 20:02 - 2018-08-03 00:27 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-08-14 20:02 - 2018-08-02 22:36 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationREST.dll
2018-08-14 20:02 - 2018-08-02 20:47 - 000128920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2018-08-14 20:02 - 2018-08-02 20:41 - 000077608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-08-14 20:02 - 2018-08-02 20:41 - 000061736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-08-14 20:02 - 2018-08-02 20:40 - 000072800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-08-14 20:02 - 2018-08-02 20:39 - 000692240 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-08-14 20:02 - 2018-08-02 20:39 - 000114080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-08-14 20:02 - 2018-08-02 20:39 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-08-14 20:02 - 2018-08-02 20:39 - 000031648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-08-14 20:02 - 2018-08-02 20:38 - 001285536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-08-14 20:02 - 2018-08-02 20:38 - 000115640 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2018-08-14 20:02 - 2018-08-02 20:27 - 000061032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-08-14 20:02 - 2018-08-02 20:25 - 000539168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-08-14 20:02 - 2018-08-02 20:17 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-08-14 20:02 - 2018-08-02 20:16 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2018-08-14 20:02 - 2018-08-02 20:16 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2018-08-14 20:02 - 2018-08-02 20:15 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-08-14 20:02 - 2018-08-02 20:14 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-08-14 20:02 - 2018-08-02 20:14 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-08-14 20:02 - 2018-08-02 20:14 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSAssessment.dll
2018-08-14 20:02 - 2018-08-02 20:13 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-08-14 20:02 - 2018-08-02 20:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdp.dll
2018-08-14 20:02 - 2018-08-02 20:12 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-08-14 20:02 - 2018-08-02 20:12 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-08-14 20:02 - 2018-08-02 20:10 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebManagement.exe
2018-08-14 20:02 - 2018-08-02 20:10 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2018-08-14 20:02 - 2018-08-02 20:09 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-08-14 20:02 - 2018-08-02 20:08 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-08-14 20:02 - 2018-08-02 20:08 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-08-14 20:02 - 2018-08-02 20:08 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-08-14 20:02 - 2018-08-02 20:08 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-08-14 20:02 - 2018-08-02 20:08 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-08-14 20:02 - 2018-08-02 20:07 - 000627200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdp.dll
2018-08-14 20:02 - 2018-08-02 20:07 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-08-14 20:02 - 2018-08-02 20:07 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-08-14 20:02 - 2018-08-02 20:06 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-08-14 20:02 - 2018-08-02 20:05 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-08-14 20:02 - 2018-08-02 20:04 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-08-14 20:02 - 2018-08-02 18:54 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-08-14 05:00 - 2018-08-14 05:00 - 003546085 _____ C:\Users\Shane\Downloads\elvui-10.78 (1).zip
2018-08-13 12:51 - 2018-08-13 12:51 - 000000014 _____ C:\END
2018-08-13 12:49 - 2018-08-13 12:56 - 000000000 ____D C:\ProgramData\Phoenix360
2018-08-13 11:43 - 2018-08-13 11:43 - 003546085 _____ C:\Users\Shane\Downloads\elvui-10.78.zip
2018-08-12 12:17 - 2018-08-12 12:17 - 000070991 _____ C:\ProgramData\vpn.1534101378.bdinstall.bin
2018-08-12 12:17 - 2018-08-12 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender VPN
2018-08-12 12:16 - 2018-08-12 12:16 - 000035040 _____ C:\ProgramData\vpn.uninstall.1534101384.bdinstall.bin
2018-08-12 11:31 - 2018-08-12 11:31 - 000000085 _____ C:\WINDOWS\wininit.ini
2018-08-12 11:24 - 2018-08-12 11:24 - 000000000 ____D C:\Users\Shane\AppData\Local\IsolatedStorage
2018-08-11 16:43 - 2018-08-11 16:44 - 030223661 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community (1).mp4
2018-08-10 12:00 - 2018-08-10 12:00 - 000109031 _____ C:\Users\Shane\Downloads\FRST (1).txt
2018-08-10 00:30 - 2018-08-10 00:30 - 000001095 _____ C:\Users\Public\Desktop\Unchecky.lnk
2018-08-10 00:30 - 2018-08-10 00:30 - 000000000 ____D C:\ProgramData\Unchecky
2018-08-10 00:30 - 2018-08-10 00:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2018-08-10 00:30 - 2018-08-10 00:30 - 000000000 ____D C:\Program Files (x86)\Unchecky
2018-08-10 00:01 - 2018-08-10 00:02 - 000000000 ____D C:\symbols
2018-08-09 21:49 - 2018-08-09 21:53 - 000000000 ____D C:\Users\Shane\Downloads\ElDorito-master
2018-08-08 23:43 - 2018-08-08 23:43 - 000001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-08-08 20:13 - 2018-08-08 20:13 - 000027509 _____ C:\Users\Shane\Downloads\luckyproject.aup
2018-08-08 20:11 - 2018-08-08 20:11 - 000000000 ____D C:\Users\Shane\Downloads\luckyproject_data
2018-08-08 00:44 - 2018-08-08 00:44 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-08-08 00:42 - 2018-08-08 00:42 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-08 00:39 - 2018-08-08 00:40 - 027093048 _____ (Adlice Software) C:\Users\Shane\Downloads\RogueKiller_portable64.exe
2018-08-08 00:37 - 2018-08-13 12:35 - 000000000 ____D C:\ProgramData\Emsisoft
2018-08-08 00:21 - 2018-08-08 00:21 - 000000000 ____D C:\Users\Shane\Doctor Web
2018-08-08 00:21 - 2018-08-08 00:21 - 000000000 ____D C:\ProgramData\Doctor Web
2018-08-08 00:19 - 2018-08-08 00:19 - 000000010 _____ C:\Users\Shane\AppData\Local\sponge.last.runtime.cache
2018-08-08 00:19 - 2018-08-08 00:04 - 002527376 _____ (Trend Micro Inc.) C:\Users\Shane\Desktop\HousecallLauncher64.exe
2018-08-08 00:15 - 2018-08-08 00:15 - 000000000 ____D C:\WINDOWS\Trend Micro
2018-08-08 00:15 - 2018-08-08 00:15 - 000000000 ____D C:\ProgramData\Trend Micro
2018-08-08 00:08 - 2018-08-08 00:15 - 325974784 _____ (Emsisoft Ltd. ) C:\Users\Shane\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2018-08-08 00:07 - 2017-10-17 09:40 - 000334488 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2018-08-08 00:06 - 2018-08-08 00:06 - 000000036 _____ C:\Users\Shane\AppData\Local\housecall.guid.cache
2018-08-08 00:04 - 2018-08-08 00:21 - 000094660 _____ C:\Users\Shane\Downloads\Addition.txt
2018-08-08 00:04 - 2018-08-08 00:04 - 002527376 _____ (Trend Micro Inc.) C:\Users\Shane\Downloads\HousecallLauncher64.exe
2018-08-07 23:57 - 2018-08-08 00:21 - 000110409 _____ C:\Users\Shane\Downloads\FRST.txt
2018-08-07 23:56 - 2018-08-15 00:11 - 000000000 ____D C:\FRST
2018-08-07 16:53 - 2018-08-07 16:53 - 001786768 _____ (GridinSoft LLC) C:\Users\Shane\Downloads\TrojanKiller-Setup.exe
2018-08-07 16:31 - 2018-08-09 15:03 - 000000000 ____D C:\ProgramData\TEMP
2018-08-07 16:14 - 2018-08-07 16:14 - 000000000 ____D C:\Users\Shane\Documents\Simply Super Software
2018-08-07 16:01 - 2018-08-14 23:21 - 000003246 _____ C:\bdlog.txt
2018-08-07 15:41 - 2018-08-07 15:41 - 000000022 _____ C:\Users\Shane\Downloads\ESETPoweliksCleaner.exe_20180807.154101.70292.zip
2018-08-07 15:38 - 2018-08-07 15:38 - 000549504 _____ (ESET) C:\Users\Shane\Downloads\ESETPoweliksCleaner.exe
2018-08-07 13:59 - 2018-08-07 14:00 - 3293432832 _____ C:\Users\Shane\Downloads\ShaneCalerFinalSparkVideo(backup).avi
2018-08-07 13:56 - 2018-08-07 13:56 - 000193018 _____ C:\Users\Shane\Downloads\2018-08-05_BAK1.MV_
2018-08-07 13:55 - 2018-08-07 13:56 - 055185649 _____ C:\Users\Shane\Downloads\ShaneCalerFinalSparkVideo.mp4
2018-08-07 13:45 - 2018-08-07 13:45 - 000193804 _____ C:\Users\Shane\Downloads\2018-08-05_BAK0.MV_
2018-08-07 13:42 - 2018-08-07 14:03 - 000115968 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community_mp4.H0
2018-08-06 16:49 - 2018-08-06 16:49 - 000002080 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-08-06 16:49 - 2018-08-06 16:49 - 000002078 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-08-06 16:49 - 2018-08-06 16:49 - 000002068 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-08-06 16:49 - 2018-08-06 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-08-06 16:49 - 2018-08-06 16:49 - 000000000 ____D C:\Program Files\Google
2018-08-06 16:44 - 2018-08-06 16:44 - 001130840 _____ (Google Inc.) C:\Users\Shane\Downloads\installbackupandsync.exe
2018-08-05 15:05 - 2018-08-07 14:03 - 000194224 _____ C:\Users\Shane\Downloads\2018-08-05.MVP
2018-08-05 15:05 - 2018-08-05 15:06 - 062233124 _____ C:\Users\Shane\ES1022-final-spark-video.mp4
2018-08-05 15:04 - 2018-08-07 14:03 - 000002604 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community_mp4.HDP
2018-08-05 14:21 - 2018-08-05 14:23 - 038190148 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community.mp4
2018-08-05 13:56 - 2018-08-05 13:57 - 023950701 _____ C:\Users\Shane\Downloads\videoplayback (3).mp4
2018-08-05 13:43 - 2018-08-05 13:44 - 037051109 _____ C:\Users\Shane\Downloads\videoplayback (2).mp4
2018-08-05 13:17 - 2018-08-05 13:18 - 009093906 _____ C:\Users\Shane\Downloads\videoplayback (1).mp4
2018-08-05 13:14 - 2018-08-05 13:14 - 003348413 _____ C:\Users\Shane\Downloads\videoplayback.mp4
2018-08-05 13:13 - 2018-08-05 13:13 - 002167977 _____ C:\Users\Shane\Downloads\videoplayback.3gp
2018-08-05 11:53 - 2018-08-05 12:00 - 000000200 _____ C:\Users\Shane\_netrc
2018-08-05 11:53 - 2018-08-05 11:53 - 000000000 ____D C:\Users\Shane\AppData\Local\heroku
2018-08-04 21:47 - 2018-08-04 21:47 - 000000000 ____D C:\Users\Shane\AppData\Local\ElDewrito
2018-08-04 21:19 - 2018-08-10 01:21 - 000000000 ____D C:\Users\Shane\Downloads\Halo Online 0.6
2018-08-04 15:32 - 2018-08-04 15:32 - 000316722 _____ C:\Users\Shane\Downloads\current.musicology.89.bothwell.95-102.pdf
2018-08-04 15:07 - 2018-08-04 15:08 - 002089612 _____ C:\Users\Shane\Downloads\9781134845712_googlepreview.pdf
2018-08-04 14:59 - 2018-08-04 14:59 - 000508262 _____ C:\Users\Shane\Downloads\9781134243648_preview.pdf
2018-08-04 14:59 - 2018-08-04 14:59 - 000508262 _____ C:\Users\Shane\Downloads\9781134243648_preview (1).pdf
2018-08-04 11:59 - 2018-08-07 13:31 - 000018422 ____H C:\Users\Shane\Downloads\~WRL0005.tmp
2018-08-03 22:38 - 2018-08-03 22:38 - 002130484 _____ C:\Users\Shane\Downloads\css-grid-master.zip
2018-08-03 11:53 - 2018-08-04 04:04 - 000029748 _____ C:\WINDOWS\SysWOW64\MyDefrag.dat
2018-08-03 00:13 - 2018-07-30 10:50 - 000132488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-08-03 00:09 - 2018-08-03 00:09 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-03 00:09 - 2018-08-03 00:09 - 000002290 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-03 00:06 - 2018-08-01 02:50 - 004352880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 003769016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 002002448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439882.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001565048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001467920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439882.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001420576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001218528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001094128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000749936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000628920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000608544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000518488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 040346808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 035250008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 031250184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 025966552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 013728728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 011273816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 001159120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000906808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000816392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000654760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000635968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 017756224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 015170808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 001349384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 001065688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-08-03 00:06 - 2018-08-01 02:47 - 004128280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-08-02 23:13 - 2018-08-02 23:13 - 000000000 ____D C:\Users\Shane\AppData\Roaming\VS Revo Group
2018-08-02 00:57 - 2018-08-02 00:58 - 000004016 _____ C:\Users\Shane\Downloads\netadapter-log-2018-08-02-0-57-04.txt
2018-08-02 00:56 - 2018-08-02 00:56 - 000003392 _____ C:\Users\Shane\Downloads\netadapter-log-2018-08-02-0-56-43.txt
2018-08-02 00:15 - 2018-08-02 00:15 - 002091520 _____ (Conner Bernhard) C:\Users\Shane\Downloads\NetAdapterRepair1.2.exe
2018-08-01 23:52 - 2018-08-07 23:46 - 000002592 _____ C:\Users\Shane\Desktop\Rkill.txt
2018-08-01 23:50 - 2018-08-01 23:50 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Shane\Downloads\rkill (1).exe
2018-08-01 23:29 - 2018-08-12 18:18 - 000002154 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2018-08-01 23:26 - 2018-08-12 18:16 - 000000000 ____D C:\@RestoreQuarantine
2018-08-01 21:40 - 2018-08-12 17:45 - 000000000 ____D C:\ProgramData\RegRun
2018-08-01 21:21 - 2018-08-01 20:56 - 000000985 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-08-01 21:20 - 2018-08-12 17:58 - 000000000 ____D C:\Users\Shane\Documents\RegRun2
2018-08-01 21:20 - 2018-08-12 17:47 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2018-08-01 21:17 - 2018-06-13 05:51 - 019073856 _____ (Greatis Software, LLC. ) C:\Users\Shane\Downloads\unhackme_setup.exe
2018-08-01 16:16 - 2018-08-01 16:16 - 000002500 _____ C:\Users\Shane\Desktop\Word.lnk
2018-08-01 13:46 - 2018-08-01 13:46 - 000002308 _____ C:\Users\Shane\Desktop\Google Chrome.lnk
2018-08-01 13:22 - 2018-08-03 22:37 - 000000000 ____D C:\Users\Shane\Desktop\IDE's
2018-08-01 13:21 - 2018-08-01 13:45 - 000000000 ____D C:\Users\Shane\Desktop\Browsers
2018-08-01 13:21 - 2018-08-01 13:24 - 000000000 ____D C:\Users\Shane\Desktop\Games
2018-08-01 13:20 - 2018-08-15 00:11 - 000000000 ____D C:\Users\Shane\Desktop\Security  Tools
2018-07-31 01:46 - 2018-07-31 01:46 - 000000000 ____D C:\WINDOWS\Panther
2018-07-30 20:22 - 2018-07-30 20:22 - 001293777 _____ C:\Users\Shane\Downloads\minidumper.zip
2018-07-30 19:16 - 2018-07-30 19:16 - 000000000 ____D C:\Users\Shane\Apple
2018-07-30 17:34 - 2018-07-30 17:34 - 000000000 ____D C:\ProgramData\Apple Computer
2018-07-30 15:00 - 2018-07-30 15:00 - 000001400 _____ C:\Users\Shane\Downloads\dhcp.pcap
2018-07-30 14:58 - 2018-07-30 14:58 - 000125201 _____ C:\Users\Shane\Downloads\samples.zip
2018-07-30 11:12 - 2018-07-30 11:12 - 192962560 ____N C:\WINDOWS\system32\config\software.amg
2018-07-30 11:09 - 2018-07-30 11:09 - 000000000 ____D C:\Users\Shane\AppData\Local\ESET
2018-07-30 07:25 - 2018-07-30 07:25 - 005414064 _____ (Avira Operations GmbH & Co. KG) C:\Users\Shane\Downloads\avira_en_asu60_3080799118_egg2xi2885693g28gcnb_wd.exe
2018-07-30 06:46 - 2018-07-30 06:46 - 003001296 _____ C:\Users\Shane\Downloads\SecurityTaskManager_Setup.exe
2018-07-30 00:27 - 2018-07-30 00:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-07-30 00:27 - 2018-07-30 00:27 - 000000000 ____D C:\Program Files\VS Revo Group
2018-07-29 23:38 - 2018-07-14 17:58 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-29 23:38 - 2018-07-14 17:56 - 001523240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-07-29 23:38 - 2018-07-14 17:44 - 006587392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-07-29 23:38 - 2018-07-14 17:44 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-29 23:38 - 2018-07-14 17:43 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-29 23:38 - 2018-07-14 17:42 - 008624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-29 23:38 - 2018-07-14 17:42 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-29 23:38 - 2018-07-14 17:41 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-07-29 23:38 - 2018-07-14 17:41 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2018-07-29 23:38 - 2018-07-14 17:39 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-29 23:38 - 2018-07-14 17:39 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-29 23:38 - 2018-07-14 17:36 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-29 23:38 - 2018-07-14 16:28 - 001327424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-07-29 23:38 - 2018-07-14 16:18 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-07-29 23:38 - 2018-07-14 16:17 - 011901440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-29 23:38 - 2018-07-14 16:15 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-29 23:38 - 2018-07-14 16:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-29 23:38 - 2018-07-14 16:11 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-29 23:38 - 2018-07-13 23:46 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-29 23:38 - 2018-07-13 23:42 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-29 23:38 - 2018-07-13 21:37 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-07-29 23:38 - 2018-07-13 21:37 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-07-29 23:38 - 2018-07-13 21:23 - 000760888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-29 23:38 - 2018-07-13 21:22 - 006813744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-29 23:38 - 2018-07-13 21:22 - 001144664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-29 23:38 - 2018-07-13 21:22 - 000510392 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-29 23:38 - 2018-07-13 21:22 - 000203560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-07-29 23:38 - 2018-07-13 21:21 - 000722824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-07-29 23:38 - 2018-07-13 21:21 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-07-29 23:38 - 2018-07-13 21:20 - 000184472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 000981920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 000636944 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-07-29 23:38 - 2018-07-13 21:19 - 000483024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 002563984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 002371416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 001017584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 000930712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-29 23:38 - 2018-07-13 21:18 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 000443216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 000376216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-07-29 23:38 - 2018-07-13 21:17 - 006527056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-29 23:38 - 2018-07-13 21:17 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-29 23:38 - 2018-07-13 21:17 - 000743320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-07-29 23:38 - 2018-07-13 21:16 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-29 23:38 - 2018-07-13 21:16 - 001143096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-29 23:38 - 2018-07-13 21:16 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-29 23:38 - 2018-07-13 21:01 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-29 23:38 - 2018-07-13 20:59 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-29 23:38 - 2018-07-13 20:59 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-29 23:38 - 2018-07-13 20:59 - 003553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 007057920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 004331008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 004559872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 002697216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Controls.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 001703936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Controls.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 001558016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdPinAuthLsa.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe
2018-07-29 23:38 - 2018-07-13 20:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe
2018-07-29 23:38 - 2018-07-13 20:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-07-29 23:38 - 2018-07-13 20:55 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdBroker.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-07-29 23:38 - 2018-07-13 20:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2018-07-29 23:38 - 2018-07-13 20:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 003319808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-07-29 23:38 - 2018-07-13 20:54 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 004770816 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 002904576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 001747968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 001304064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 001359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-07-29 23:38 - 2018-07-13 20:49 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-29 18:48 - 2018-07-29 18:48 - 000002196 _____ C:\Users\Shane\Downloads\Demons - Inspired Tory Lanez x Travis Scott Type Beat Instrumental ( Prod. dannyebtracks).aup
2018-07-29 18:22 - 2018-07-29 18:22 - 001353240 _____ (Microsoft Corporation) C:\Users\Shane\Downloads\winsdksetup.exe
2018-07-29 16:57 - 2018-07-29 16:57 - 002159149 _____ C:\Users\Shane\Downloads\volatility-2.3.1.win32.exe
2018-07-29 16:56 - 2018-07-29 16:56 - 000000000 ____D C:\ProgramData\Guardant
2018-07-29 16:50 - 2018-07-29 16:50 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Passware
2018-07-29 16:49 - 2018-07-29 16:49 - 010021892 _____ C:\volatility-2.3.1.standalone.exe
2018-07-29 16:49 - 2018-07-29 16:49 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Belkasoft
2018-07-29 16:49 - 2018-07-29 16:49 - 000000000 ____D C:\Users\Shane\AppData\Local\Belkasoft
2018-07-29 16:48 - 2018-07-29 16:48 - 000000000 ____D C:\ProgramData\Belkasoft
2018-07-29 16:47 - 2018-07-29 16:47 - 000000000 ____D C:\Program Files\Common Files\Guardant
2018-07-29 16:47 - 2017-12-27 13:58 - 000680760 _____ (Aktiv Co.) C:\WINDOWS\system32\grddrv.cpl
2018-07-29 16:47 - 2017-12-27 13:58 - 000657208 _____ (Aktiv Co.) C:\WINDOWS\SysWOW64\grddiag.exe
2018-07-29 16:47 - 2017-12-27 13:58 - 000394552 _____ (Aktiv Co.) C:\WINDOWS\system32\grddrv.dll
2018-07-29 16:46 - 2018-07-03 13:04 - 000011024 ____N C:\Users\Shane\Downloads\README.txt
2018-07-29 16:46 - 2018-07-03 13:04 - 000000639 ____N C:\Users\Shane\Downloads\File_id.diz
2018-07-29 16:12 - 2018-07-29 16:12 - 000000000 ____D C:\Users\Shane\lucky_data
2018-07-25 17:09 - 2018-07-25 17:09 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Giegerich & Partner GmbH
2018-07-25 17:08 - 2018-07-25 17:08 - 000000000 ____D C:\Program Files (x86)\Giegerich und Partner GmbH
2018-07-25 17:00 - 2018-07-25 17:00 - 003749353 _____ C:\Users\Shane\Downloads\gnupg-1.4.23.tar.bz2
2018-07-25 16:38 - 2018-08-07 14:53 - 000000000 ____D C:\Users\Shane\AppData\Local\Microsoft_Corporation
2018-07-25 16:38 - 2018-07-30 10:40 - 000000000 ____D C:\Users\Shane\AppData\Roaming\OutlookPrivacyPlugin
2018-07-25 16:36 - 2018-07-25 17:03 - 000000000 ____D C:\Users\Shane\AppData\Local\Deployment
2018-07-25 16:36 - 2018-07-25 16:36 - 000000000 ____D C:\Program Files (x86)\Outlook Privacy Plugin
2018-07-25 16:27 - 2018-07-25 16:27 - 000002751 _____ C:\Users\Shane\Downloads\Untitled (1)
2018-07-25 16:27 - 2018-07-25 16:27 - 000000011 _____ C:\Users\Shane\Downloads\Untitled
2018-07-25 16:23 - 2018-07-25 16:23 - 000013951 _____ C:\Users\Shane\Downloads\smime.p7m
2018-07-24 22:05 - 2018-07-24 22:05 - 000003145 _____ C:\Users\Shane\Downloads\Testy_McTest_pub.asc
2018-07-24 21:46 - 2018-07-24 21:46 - 000000000 ____D C:\Users\Shane\AppData\Local\pEp
2018-07-24 21:41 - 2018-07-30 15:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-07-24 21:41 - 2018-07-24 21:48 - 000000000 ____D C:\Users\Shane\AppData\Local\Thunderbird
2018-07-24 21:41 - 2018-07-24 21:41 - 000001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-07-24 21:41 - 2018-07-24 21:41 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Thunderbird
2018-07-24 21:40 - 2018-07-24 21:40 - 002848262 _____ C:\Users\Shane\Downloads\enigmail-2.0.7-sm+tb.xpi
2018-07-24 19:31 - 2018-07-24 22:16 - 000000000 ____D C:\Users\Shane\AppData\Roaming\kleopatra
2018-07-24 19:30 - 2018-08-06 22:23 - 000000000 ____D C:\Users\Shane\AppData\Roaming\gnupg
2018-07-24 19:30 - 2018-07-24 19:30 - 000002123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk
2018-07-24 19:30 - 2018-07-24 19:30 - 000001225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPA.lnk
2018-07-24 19:30 - 2018-07-24 19:30 - 000000000 ____D C:\Program Files (x86)\Gpg4win
2018-07-24 19:30 - 2018-07-24 19:30 - 000000000 ____D C:\Program Files (x86)\GnuPG
2018-07-23 23:33 - 2018-07-23 23:33 - 000312869 _____ C:\Users\Shane\Downloads\ZAPGettingStartedGuide-2.6.pdf
2018-07-23 20:49 - 2018-07-12 21:30 - 002718624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-23 19:53 - 2018-07-23 19:53 - 000000000 ____D C:\Program Files\MySQL
2018-07-23 19:46 - 2018-07-23 19:49 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
2018-07-23 19:42 - 2018-07-23 19:53 - 000000000 ____D C:\ProgramData\MySQL
2018-07-23 19:42 - 2018-07-23 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2018-07-23 19:42 - 2018-07-23 19:42 - 000000000 ____D C:\WINDOWS\System32\Tasks\MySQL
2018-07-23 19:42 - 2018-07-23 19:42 - 000000000 ____D C:\Program Files (x86)\MySQL
2018-07-23 19:30 - 2018-07-23 19:56 - 503031808 ____N C:\Users\Shane\Downloads\DVWA-1.0.7.iso
2018-07-23 19:13 - 2018-07-23 19:14 - 000000000 ____D C:\DVWA-master
2018-07-22 17:38 - 2018-07-22 17:38 - 000001156 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2018-07-22 17:38 - 2018-07-22 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2018-07-22 12:07 - 2018-07-23 21:01 - 000000939 _____ C:\WINDOWS\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749}.job
2018-07-22 12:07 - 2018-07-22 12:07 - 000004136 _____ C:\WINDOWS\System32\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749}
2018-07-19 09:57 - 2018-07-19 12:23 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-17 20:37 - 2018-07-17 20:37 - 000001005 _____ C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
2018-07-16 12:35 - 2018-07-16 12:35 - 000222864 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys
2018-07-16 12:35 - 2018-07-16 12:35 - 000213080 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-15 00:16 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-15 00:16 - 2018-03-08 12:13 - 000083101 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-08-15 00:13 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-15 00:09 - 2017-10-17 17:18 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Twitch
2018-08-15 00:09 - 2017-05-19 01:10 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-15 00:08 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-15 00:08 - 2014-12-31 13:31 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-08-15 00:05 - 2018-05-18 13:39 - 000936252 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-15 00:05 - 2015-07-31 17:05 - 000000000 ____D C:\Users\Shane\AppData\Local\Adobe
2018-08-15 00:00 - 2018-05-18 13:33 - 005615080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-15 00:00 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-15 00:00 - 2017-12-01 08:47 - 000000000 ___RD C:\Users\Shane\3D Objects
2018-08-15 00:00 - 2014-12-16 16:13 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-08-14 23:59 - 2018-05-18 14:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-14 23:59 - 2016-12-11 14:18 - 000000000 ____D C:\Program Files\Bitdefender
2018-08-14 23:58 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-08-14 23:56 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-08-14 23:56 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-08-14 23:56 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-08-14 23:56 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-08-14 23:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-08-14 23:55 - 2018-04-11 16:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-08-14 23:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-08-14 23:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-08-14 23:55 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-08-14 23:49 - 2014-12-16 16:37 - 000000000 ____D C:\Users\Shane\AppData\Local\Battle.net
2018-08-14 23:11 - 2018-05-18 13:40 - 000000000 ____D C:\Users\Shane
2018-08-14 22:49 - 2018-04-11 14:04 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2018-08-14 22:36 - 2014-12-17 11:05 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-08-14 20:22 - 2014-12-18 11:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-08-14 20:14 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-14 20:14 - 2014-12-18 11:45 - 137343192 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-08-14 18:52 - 2018-05-18 13:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-13 12:52 - 2018-06-25 11:42 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-08-13 12:51 - 2018-06-25 11:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-13 12:48 - 2018-01-05 11:23 - 000000000 ____D C:\Program Files (x86)\Phoenix360
2018-08-13 12:45 - 2014-12-13 02:49 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-08-13 12:40 - 2018-03-08 12:13 - 000567234 _____ C:\WINDOWS\ZAM.krnl.trace
2018-08-13 12:26 - 2016-10-22 22:48 - 000000000 ____D C:\ProgramData\Jagex
2018-08-13 12:01 - 2014-12-13 02:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-08-13 10:25 - 2014-12-16 16:37 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-08-12 17:43 - 2018-05-27 02:02 - 000000000 ____D C:\Users\Shane\AppData\LocalLow\Mozilla
2018-08-12 12:42 - 2018-05-18 14:21 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2243521789-936282867-848371492-1001
2018-08-12 12:41 - 2018-05-18 13:40 - 000002410 _____ C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-12 12:41 - 2015-05-08 06:03 - 000000000 ___RD C:\Users\Shane\OneDrive
2018-08-12 12:12 - 2016-09-15 12:32 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-08-12 11:31 - 2016-09-15 12:32 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-08-11 10:19 - 2018-05-18 14:21 - 000003644 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-08-11 10:16 - 2015-03-04 22:53 - 000000000 ____D C:\Users\Shane\AppData\Local\CrashDumps
2018-08-11 10:12 - 2015-04-12 17:52 - 000000000 ____D C:\Users\Shane\AppData\Local\Downloaded Installations
2018-08-10 15:55 - 2018-05-30 18:31 - 000000000 ____D C:\Users\Shane\AppData\Local\D3DSCache
2018-08-10 15:51 - 2016-12-10 18:11 - 000000000 ____D C:\Program Files (x86)\Overwatch Test
2018-08-10 00:52 - 2015-03-06 11:38 - 000000000 ____D C:\Users\Shane\Documents\Visual Studio 2013
2018-08-09 22:34 - 2015-10-18 00:35 - 000000000 ____D C:\Users\Shane\Documents\Visual Studio 2015
2018-08-09 22:26 - 2018-06-07 00:59 - 000000000 ____D C:\Users\Shane\Desktop\ReactProjects
2018-08-09 20:45 - 2017-12-18 13:51 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Audacity
2018-08-09 18:59 - 2015-09-10 12:37 - 000000000 ____D C:\Program Files (x86)\DebugMode
2018-08-08 23:43 - 2018-05-18 14:21 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1487318455
2018-08-08 23:43 - 2015-07-31 10:20 - 000000000 ____D C:\Program Files (x86)\Opera
2018-08-08 13:51 - 2014-12-17 12:19 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 10:03 - 2013-08-22 08:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-08-08 08:18 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-07 23:43 - 2014-12-16 16:16 - 000000000 ____D C:\Users\Shane\AppData\Local\NVIDIA Corporation
2018-08-07 16:59 - 2018-07-07 20:51 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-06 22:05 - 2018-04-26 14:07 - 000000000 ____D C:\Users\Shane\AppData\Roaming\npm
2018-08-06 21:47 - 2016-09-09 11:11 - 000000000 ____D C:\Users\Shane\AppData\Roaming\discord
2018-08-06 16:49 - 2014-12-17 12:09 - 000000000 ____D C:\Users\Shane\AppData\Local\Google
2018-08-06 08:19 - 2018-04-11 16:41 - 000836480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-08-06 08:19 - 2018-04-11 16:41 - 000181120 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-06 00:21 - 2014-12-17 12:09 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-05 15:07 - 2016-09-24 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2018-08-04 04:38 - 2016-09-09 11:11 - 000000000 ____D C:\Users\Shane\AppData\Local\Discord
2018-08-04 04:04 - 2016-11-29 16:03 - 000056998 _____ C:\WINDOWS\SysWOW64\Defrag.debuglog
2018-08-03 16:17 - 2017-12-01 03:27 - 000000000 ____D C:\Users\Shane\AppData\Local\Packages
2018-08-03 11:08 - 2018-06-11 22:54 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-08-03 11:08 - 2017-05-19 01:10 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-08-03 00:14 - 2015-12-22 23:05 - 000000000 ____D C:\Temp
2018-08-03 00:14 - 2014-12-13 02:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-08-03 00:12 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\Help
2018-08-03 00:11 - 2014-12-16 16:16 - 000000000 ____D C:\Users\Shane\AppData\Local\NVIDIA
2018-08-02 23:39 - 2017-12-05 16:42 - 000000000 ____D C:\Users\Public\Games
2018-08-02 02:08 - 2018-05-18 13:40 - 000000000 ____D C:\Users\Administrator
2018-08-02 01:49 - 2015-07-31 11:46 - 000000000 ____D C:\AdwCleaner
2018-08-01 23:48 - 2018-06-30 18:34 - 000003734 _____ C:\WINDOWS\System32\Tasks\JavaUpdateSched
2018-08-01 23:48 - 2018-06-30 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-08-01 23:48 - 2015-01-11 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-08-01 23:48 - 2015-01-11 15:30 - 000000000 ____D C:\Program Files\Java
2018-08-01 23:47 - 2018-06-30 18:33 - 000145272 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-08-01 23:09 - 2016-11-29 13:29 - 000000000 ____D C:\Users\Shane\Desktop\OldDesktopStuff 11-29-2016
2018-08-01 22:46 - 2018-05-18 07:59 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-08-01 21:01 - 2016-12-12 15:02 - 000000000 ____D C:\Users\Shane\Desktop\class work
2018-08-01 02:47 - 2018-04-03 09:00 - 004858224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-07-31 11:24 - 2015-12-05 20:10 - 000000000 ____D C:\NVIDIA
2018-07-31 11:23 - 2015-09-16 19:47 - 000000000 ____D C:\Users\Shane\.VirtualBox
2018-07-30 19:05 - 2018-06-13 00:25 - 000000000 ____D C:\ProgramData\Packages
2018-07-30 17:34 - 2018-06-03 18:38 - 000000000 ____D C:\ProgramData\Apple
2018-07-30 16:31 - 2017-12-22 17:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-07-30 16:22 - 2014-12-31 13:26 - 000000000 ____D C:\ProgramData\Norton
2018-07-30 16:18 - 2015-10-20 21:16 - 000000000 ____D C:\Users\Shane\.thumbnails
2018-07-30 16:18 - 2015-07-31 10:48 - 000000000 ____D C:\ProgramData\MFAData
2018-07-30 16:17 - 2017-05-08 10:30 - 000000000 ____D C:\Users\Shane\.idlerc
2018-07-30 16:17 - 2015-12-05 19:41 - 000000000 ____D C:\Users\Shane\.oracle_jre_usage
2018-07-30 16:17 - 2015-03-05 13:34 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Mumble
2018-07-30 16:17 - 2015-01-27 23:42 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Skype
2018-07-30 16:07 - 2015-08-24 22:00 - 000000000 ____D C:\Users\Shane\AppData\LocalLow\Temp
2018-07-30 16:07 - 2015-08-21 23:31 - 000000000 ____D C:\Intel
2018-07-30 15:49 - 2018-05-12 16:30 - 000000000 ____D C:\xampp
2018-07-30 15:48 - 2016-09-15 12:26 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-07-30 15:48 - 2016-06-17 11:47 - 000000000 ____D C:\adbLink
2018-07-30 15:47 - 2016-11-13 02:07 - 000000000 ____D C:\Program Files (x86)\InnerSpace
2018-07-30 15:47 - 2016-09-09 11:11 - 000000000 ____D C:\Users\Shane\AppData\Local\SquirrelTemp
2018-07-30 15:47 - 2016-06-03 13:32 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Sony
2018-07-30 15:47 - 2015-09-02 17:17 - 000000000 ____D C:\Users\Shane\Documents\Add-in Express
2018-07-30 15:46 - 2018-05-09 01:32 - 000000000 ____D C:\Program Files\Sublime Text 3
2018-07-30 15:46 - 2016-09-22 19:09 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2018-07-30 15:46 - 2015-04-20 11:46 - 000000000 ____D C:\Program Files (x86)\CarbonPoker Odds Calculator
2018-07-30 15:46 - 2015-04-05 22:35 - 000000000 ____D C:\AmericasCardroom
2018-07-30 15:46 - 2015-02-03 14:40 - 000000000 ____D C:\Users\Shane\AppData\LocalLow\raidcall
2018-07-30 15:45 - 2018-05-25 18:21 - 000000000 ____D C:\Users\Shane\AppData\Roaming\TeamViewer
2018-07-30 15:45 - 2016-11-29 12:12 - 000000000 ____D C:\Windows10Upgrade
2018-07-30 15:45 - 2015-12-05 15:40 - 000000000 ____D C:\Users\Shane\Documents\The Witcher 3
2018-07-30 15:45 - 2015-04-20 11:46 - 000000000 ____D C:\Program Files (x86)\CarbonPoker
2018-07-30 15:45 - 2015-01-31 22:42 - 000000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2018-07-30 15:44 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-07-30 15:44 - 2015-07-31 17:57 - 000000000 ____D C:\Users\Shane\Documents\Adobe
2018-07-30 15:43 - 2018-06-19 18:16 - 000000000 ____D C:\Users\Shane\AppData\Roaming\EasyAntiCheat
2018-07-30 15:43 - 2018-05-31 14:26 - 000000000 ____D C:\Users\Shane\AppData\Local\GitHubDesktop
2018-07-30 15:43 - 2018-05-22 01:12 - 000000000 ____D C:\Users\Shane\AppData\Local\Postman
2018-07-30 15:43 - 2018-05-09 01:47 - 000000000 ____D C:\Users\Shane\AppData\Local\clink
2018-07-30 15:43 - 2017-04-16 18:37 - 000000000 ____D C:\Users\Shane\boost_1_63_0
2018-07-30 15:43 - 2016-09-09 02:05 - 000000000 ____D C:\Users\Shane\AppData\Local\ConnectedDevicesPlatform
2018-07-30 15:43 - 2015-12-09 19:52 - 000000000 ____D C:\Users\Shane\AppData\Roaming\codelite
2018-07-30 15:43 - 2015-08-18 21:37 - 000000000 ____D C:\Users\Shane\AppData\Local\GameMaker-Studio
2018-07-30 15:43 - 2015-01-27 23:07 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Ventrilo
2018-07-30 15:42 - 2018-07-02 14:15 - 000000000 ____D C:\Users\Shane\AppData\Local\PlaceholderTileLogoFolder
2018-07-30 15:42 - 2017-12-22 17:01 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\TeamViewer
2018-07-30 15:42 - 2017-12-20 15:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\discord
2018-07-30 15:41 - 2014-12-16 16:27 - 000000000 ____D C:\Program Files (x86)\Steam
2018-07-30 12:14 - 2018-04-03 09:01 - 000065792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-07-30 12:14 - 2018-04-03 09:00 - 000044271 _____ C:\WINDOWS\system32\nvinfo.pb
2018-07-30 11:58 - 2016-08-04 13:52 - 000000000 ____D C:\Users\Shane\AppData\Roaming\MassPlanner2
2018-07-30 11:16 - 2015-09-02 17:17 - 000000000 ____D C:\ProgramData\WinZip
2018-07-30 10:55 - 2017-12-08 12:05 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
2018-07-30 10:41 - 2017-05-19 01:10 - 005947600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 002612264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 001767632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000634352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000450768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000124216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-07-30 10:40 - 2018-05-27 02:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-30 07:42 - 2018-06-03 18:53 - 000000000 ____D C:\Users\Public\Documents\Avid Video Engine
2018-07-30 07:42 - 2018-06-03 18:46 - 000000000 ____D C:\Program Files\Avid
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-07-30 01:08 - 2016-06-09 23:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-30 01:00 - 2017-12-11 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2018-07-29 19:44 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-29 18:48 - 2015-03-06 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2018-07-29 18:43 - 2015-03-06 11:11 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2018-07-29 08:00 - 2016-10-29 14:11 - 000000000 ____D C:\Program Files (x86)\TradeSkillMaster Application
2018-07-28 21:36 - 2015-03-15 11:18 - 000000000 ____D C:\Users\Shane\Documents\Outlook Files
2018-07-28 02:13 - 2016-06-23 23:04 - 000000000 ____D C:\Users\Shane\AppData\Local\ElevatedDiagnostics
2018-07-25 16:35 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-07-24 02:03 - 2017-05-19 01:10 - 008253772 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-07-23 21:15 - 2018-07-07 14:02 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-23 21:15 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-23 21:15 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-23 19:46 - 2017-05-02 15:50 - 000000000 ____D C:\Users\Shane\AppData\Local\Package Cache
2018-07-22 23:09 - 2015-09-16 19:47 - 000000000 ____D C:\Users\Shane\VirtualBox VMs
2018-07-22 12:58 - 2016-09-24 14:36 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2018-07-20 10:33 - 2016-10-29 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application
2018-07-20 06:05 - 2018-06-02 13:54 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-19 12:23 - 2016-12-03 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-07-19 12:23 - 2013-09-30 12:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-18 19:16 - 2016-04-15 13:43 - 000000000 ____D C:\Users\Shane\Documents\Sound recordings
2018-07-17 20:53 - 2015-01-24 17:44 - 000000000 ____D C:\Program Files (x86)\World of Warcraft Public Test
2018-07-16 21:47 - 2017-05-19 01:10 - 000950592 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-07-16 12:35 - 2018-03-08 20:12 - 000984376 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2018-07-16 12:35 - 2018-03-08 20:12 - 000168896 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
 
==================== Files in the root of some directories =======
 
2015-09-09 17:52 - 2015-09-09 17:54 - 000163219 _____ () C:\Users\Shane\maxout_10028.dat
2015-09-24 13:49 - 2015-09-24 13:51 - 000013121 _____ () C:\Users\Shane\maxout_13044.dat
2015-08-25 15:27 - 2015-08-25 15:29 - 000004907 _____ () C:\Users\Shane\maxout_13796.dat
2015-11-13 21:35 - 2015-11-13 21:36 - 000014342 _____ () C:\Users\Shane\maxout_15904.dat
2015-11-13 21:21 - 2015-11-13 21:24 - 000014342 _____ () C:\Users\Shane\maxout_19172.dat
2015-08-25 15:38 - 2015-08-25 15:45 - 000004907 _____ () C:\Users\Shane\maxout_7140.dat
2018-06-12 00:09 - 2018-06-24 23:15 - 000000033 _____ () C:\Users\Shane\AppData\Roaming\AdobeWLCMCache.dat
2015-08-13 11:45 - 2015-08-13 11:45 - 000000112 _____ () C:\Users\Shane\AppData\Roaming\JP2K CS6 Prefs
2018-06-24 23:22 - 2018-06-24 23:22 - 000000028 _____ () C:\Users\Shane\AppData\Roaming\kulerdata.json
2018-08-08 00:06 - 2018-08-08 00:06 - 000000036 _____ () C:\Users\Shane\AppData\Local\housecall.guid.cache
2018-08-08 00:19 - 2018-08-08 00:19 - 000000010 _____ () C:\Users\Shane\AppData\Local\sponge.last.runtime.cache
2018-04-10 12:52 - 2018-04-10 12:52 - 000000000 ____N () C:\Users\Shane\AppData\Local\{59745BC6-AB93-47AE-A3E3-ACEDF246D979}
2017-12-02 10:16 - 2017-12-02 10:16 - 000000000 ____N () C:\Users\Shane\AppData\Local\{944BCD73-00FD-4536-B994-737E9BF5959A}
 
Some files in TEMP:
====================
2018-08-12 12:16 - 2018-08-12 12:16 - 000290304 _____ (Microsoft Corporation) C:\Users\Shane\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
2018-08-13 12:38 - 2018-07-02 14:15 - 011576808 _____ (SurfRight B.V.) C:\Users\Shane\AppData\Local\Temp\HitmanPro.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-18 13:33
 

 

==================== End of FRST.txt ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Shane (15-08-2018 00:19:42)
Running from C:\Users\Shane\Desktop\Security  Tools
Windows 10 Home Version 1803 17134.228 (X64) (2018-05-18 21:38:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2243521789-936282867-848371492-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2243521789-936282867-848371492-503 - Limited - Disabled)
Guest (S-1-5-21-2243521789-936282867-848371492-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2243521789-936282867-848371492-1005 - Limited - Enabled)
Shane (S-1-5-21-2243521789-936282867-848371492-1001 - Administrator - Enabled) => C:\Users\Shane
WDAGUtilityAccount (S-1-5-21-2243521789-936282867-848371492-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.08 beta (x64) (HKLM\...\7-Zip) (Version: 15.08 - Igor Pavlov)
7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_2_1) (Version: 14.2.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_6) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.6 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2018 (HKLM-x32\...\DRWV_18_1) (Version: 18.1 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_1) (Version: 22.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_1_0) (Version: 12.1.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_1_2) (Version: 11.1.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_3) (Version: 19.1.3 - Adobe Systems Incorporated)
AmericasCardroom (HKLM-x32\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.6 - IGSoft)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apache Tomcat 8.0.27 (HKLM\...\nbi-tomcat-8.0.27.0.0) (Version:  - )
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{9F429DF7-F8DD-4980-9673-E6DACA012F6C}) (Version: 3.3 - Microsoft Corporation) Hidden
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AVG PC TuneUp 2015 (en-US) (HKLM-x32\...\{4AC74ED1-719B-46DA-8B8A-340FBF892291}) (Version: 15.0.1001.604 - AVG Technologies) Hidden
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 11.3.0 - Avid Technology, Inc.)
AVSDK5 (HKLM\...\{D5A6E342-907C-4CEF-96CC-FC2F4990DC9C}) (Version: 5.4.30 - CYREN Inc.) Hidden
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.2.1195 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{E719AF7A-FBD9-45F8-AD4F-EBD1EFD985BB}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
BetOnline Client (remove only) (HKLM-x32\...\BetOnLine Client) (Version: 1.0 - BetOnlineDevelopment)
BetOnline Poker 8.2 (HKLM-x32\...\BetOnline Poker 8.2) (Version: 8.2.12.201411270900 - Hero Poker Network)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.7 - Kakao Games Europe B.V.)
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (HKLM-x32\...\{403759F5-1D77-49F4-812D-AF43196E8C74}) (Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\{87E4F4E2-99A4-44C6-9175-9FF2773E46CF}) (Version: 2.76.0 - Blender Foundation)
Brackets (HKLM-x32\...\{73C9B88C-61DF-4DC1-9F38-8FBB2AF45816}) (Version: 1.12.1 - brackets.io)
Build Tools - amd64 (HKLM\...\{4926C378-8A39-4273-AF6F-726F899F9F74}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{BB543516-F37F-46A4-BED1-C5146A6D9892}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{5DF74EA2-A660-446F-93B3-B19823435C30}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{FCB384E7-0E3F-431E-A510-2458E1FF21ED}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
CarbonPoker (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\CarbonPoker) (Version: 6.0 - )
Chrome Remote Desktop Host (HKLM-x32\...\{67971EAD-F5D1-45A6-B281-A09D3193DB3F}) (Version: 69.0.3497.7 - Google Inc.)
Complemento do Microsoft Report Viewer para Visual Studio 2013 (HKLM-x32\...\{1B5ABBBD-3808-403D-A224-F1ACB0A00EB1}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Complemento Microsoft Report Viewer para Visual Studio 2013 (HKLM-x32\...\{56A47015-095E-48CA-819F-15D0B52C274B}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (HKLM-x32\...\{44AEF1F7-C770-471C-AA62-4145A4F2C517}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
CrypTool 1.4.41 (HKLM-x32\...\CrypTool) (Version: 1.4.41 - CrypTool Team)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.82 - NVIDIA Corporation) Hidden
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition 5.18.1 (HKLM-x32\...\{9890DF1A-10E9-4236-94B1-1EFAA4099F13}) (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Easy Photo Scan (HKLM-x32\...\{93AEF2AF-86FB-42AD-8392-5DAEC0638B1A}) (Version: 1.00.0012 - Seiko Epson Corporation)
Entity Framework 6.1.0 Tools  for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson Printer Connection Checker (HKLM-x32\...\{9A09FA7F-C756-4B47-98D0-6C8482980A46}) (Version: 2.1.0.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EPSON XP-430 Series Printer Uninstall (HKLM\...\EPSON XP-430 Series) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Git version 2.16.2 (HKLM\...\Git_is1) (Version: 2.16.2 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\GitHubDesktop) (Version: 1.2.2 - GitHub, Inc.)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.8 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
gpg4o - GPG for Outlook 5.3.201.9100 (MSI) (HKLM-x32\...\{BC7DF0B9-330B-4B59-8455-700000009100}) (Version: 5.3.201 - Giegerich und Partner GmbH) Hidden
gpg4o - GPG for Outlook v5.3.201.9100 (HKLM-x32\...\{545f18f7-e593-4e38-b994-5d0aedfd3dce}) (Version: 5.3.201.9100 - Giegerich und Partner GmbH)
Gpg4win (3.1.2) (HKLM-x32\...\Gpg4win) (Version: 3.1.2 - The Gpg4win Project)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Haskell Platform 8.0.2 (HKLM\...\HaskellPlatform-8.0.2) (Version:  - Haskell.org)
Haskell Stack (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\Haskell Stack) (Version:  - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}) (Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
IntelliJ IDEA 2018.1.3 (HKLM-x32\...\IntelliJ IDEA 2018.1.3) (Version: 181.4892.42 - JetBrains s.r.o.)
Java 10.0.2 (64-bit) (HKLM\...\{EECB2736-D013-5AC5-9917-7656712F6931}) (Version: 10.0.2.0 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java SE Development Kit 8 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.26 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
Java™ SE Development Kit 10.0.1 (64-bit) (HKLM\...\{398EFBE6-18DB-5E47-8E12-481F95602239}) (Version: 10.0.1.0 - Oracle Corporation)
Java™ SE Development Kit 9.0.1 (64-bit) (HKLM\...\{4AC8DBB2-1AE5-5156-83F9-D4E2E6DD564B}) (Version: 9.0.1.0 - Oracle Corporation)
Kanto Player version 10.0.0.0 (HKLM-x32\...\{39E3D7C6-0677-49C8-905B-4D1874A17DE1}_is1) (Version: 10.0.0.0 - Globosoft S.R.L.)
Kits Configuration Installer (HKLM-x32\...\{6F502640-B753-C101-FFA5-B38C3FA5B29A}) (Version: 10.1.17134.12 - Microsoft) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
LocalESPC (HKLM-x32\...\{62910715-63E3-0AB0-0B29-99140DE1C15E}) (Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us (HKLM-x32\...\{326A5052-061C-F656-31E3-3B73842ABD46}) (Version: 8.59.29989 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH) Hidden
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\MX.{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (HKLM\...\{EFF38464-ED43-451C-9117-F910728B3FF8}) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{EFF38464-ED43-451C-9117-F910728B3FF8}) (Version: 7.0.1.27 - MAGIX Software GmbH)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Memory Profiler (HKLM-x32\...\{4A037836-B224-4890-9631-341F759AD703}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{68DA3B27-2C18-4366-93B0-6B97F5E9B309}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{229FC339-A2DE-46C7-8AB7-E64BD2FD9592}) (Version: 4.7.03056 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{90FBABBB-0CFC-469F-971F-0A1F11F5AF2E}) (Version: 4.7.03056 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9126.2259 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9126.2259 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{4B2B6F4B-9B09-46ED-935E-A84A669D2DC9}) (Version: 2.8.2.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{84e72603-1a6a-4c51-81b3-de36aabcc4f8}) (Version: 12.0.30501 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Module Microsoft Report Viewer pour Visual Studio 2013 (HKLM-x32\...\{607562A3-7BD3-4EDE-BDEA-4F1A8D7E84AA}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.9.1 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
MySQL Installer - Community (HKLM-x32\...\{E893209B-DB26-475E-ABE3-900812CBDF9A}) (Version: 1.4.25.0 - Oracle Corporation)
MySQL Server 8.0 (HKLM\...\{11CF35A6-DF56-426A-8FEF-BAA039D8FF31}) (Version: 8.0.11 - Oracle Corporation)
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Node.js (HKLM\...\{F69C1A4C-0402-462C-B95D-6BEAED881FA1}) (Version: 8.11.1 - Node.js Foundation)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.82 - NVIDIA Corporation)
NVIDIA Graphics Driver 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Oculus Rift Sensor Driver (HKLM\...\{4FC053C6-9DF5-45EC-B478-979398DA5E3F}) (Version: 1.0.14.0 - Oculus VR, LLC)
Oculus Runtime (HKLM-x32\...\Oculus Runtime 0.8.0.0-public-release-117061) (Version: 0.8.0.0-public-release-117061 - Oculus VR, LLC)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Opera Stable 54.0.2952.71 (HKLM-x32\...\Opera 54.0.2952.71) (Version: 54.0.2952.71 - Opera Software)
Oracle VM VirtualBox 5.2.16 (HKLM\...\{9BDE6621-5201-47E9-8394-FF44CBD66A1E}) (Version: 5.2.16 - Oracle Corporation)
Outlook Privacy Plugin (HKLM-x32\...\{68E34B9C-F9B5-4346-B394-F22B2A726306}) (Version: 2.0.5627.23349 - Deja vu Security)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.3.0756 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.3.0756 - PACE Anti-Piracy, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 2.5.1.4585 - Grinding Gear Games) Hidden
Path of Exile (HKLM-x32\...\{e4bece34-29a4-49b4-9517-941948cdb429}) (Version: 2.5.1.4585 - Grinding Gear Games)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
Postman-win64-6.1.2 (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\Postman) (Version: 6.1.2 - Postman)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python 3.6.0 (32-bit) (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{e11344b8-2f53-4139-aacd-cb4176efbc4c}) (Version: 3.6.150.0 - Python Software Foundation)
Python 3.6.0 Core Interpreter (32-bit) (HKLM-x32\...\{FC638B75-E969-4496-A546-9D78EA7D8F35}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Development Libraries (32-bit) (HKLM-x32\...\{F2A430F2-A7AC-4B46-808A-FC6E8419ABDE}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Documentation (32-bit) (HKLM-x32\...\{A66771E3-430A-40A7-B00C-94A239396BEE}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (32-bit) (HKLM-x32\...\{3C182441-3C75-4113-A28D-D3AEAD85B320}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 pip Bootstrap (32-bit) (HKLM-x32\...\{1D427483-31FE-4ED4-AD39-AB78BBF7D22D}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (32-bit) (HKLM-x32\...\{4CB36E4F-EC00-479B-AA25-0B9EC5385B0C}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C7D63030-7738-499A-A0D2-8549174D2B70}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (32-bit) (HKLM-x32\...\{6EAD5F85-97EC-4AFB-84D2-D52AC41D3C66}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Utility Scripts (32-bit) (HKLM-x32\...\{7C3DAC9E-E229-415C-A600-5974B5D9DE7F}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.1 (64-bit) (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{5984d629-979e-4439-b893-accde1a00a68}) (Version: 3.6.1150.0 - Python Software Foundation)
Python 3.6.1 Add to Path (64-bit) (HKLM\...\{079FEF6F-9E83-4694-897D-69C30389B772}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Core Interpreter (64-bit) (HKLM\...\{27133190-078A-4A46-81B0-FF476EAEBF2A}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Development Libraries (64-bit) (HKLM\...\{953B4007-8312-48CA-817E-29B43988EB35}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Documentation (64-bit) (HKLM\...\{41626EAD-257F-401F-8531-51C5A7D4CA6C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (64-bit) (HKLM\...\{9139037B-B991-4022-946F-DAA9A9FDC7EE}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 pip Bootstrap (64-bit) (HKLM\...\{5F9A36CA-767E-4922-84AB-73E61264FE5C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (64-bit) (HKLM\...\{B7A716F0-78C1-4CB9-8756-0E51C5DD7622}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (64-bit) (HKLM\...\{AC60D963-1CE4-429B-AB29-F973DC55A918}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (64-bit) (HKLM\...\{A298B2DB-1F21-476D-9BD7-4ECC23101C90}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Utility Scripts (64-bit) (HKLM\...\{7CB8460F-55AD-4C70-8D04-72947C46C85E}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.7 volatility-2.3.1 (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\volatility-py3.7) (Version:  - )
Python 3.7.0 (32-bit) (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{ece37911-ffeb-4f29-95d6-abcf555d7364}) (Version: 3.7.150.0 - Python Software Foundation)
Python 3.7.0 Core Interpreter (32-bit) (HKLM-x32\...\{13BB06D9-FD38-47E5-946E-C2606C554030}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Development Libraries (32-bit) (HKLM-x32\...\{B424BE74-3C96-4974-8754-9D6442286112}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Documentation (32-bit) (HKLM-x32\...\{ABEE159E-FE5B-4E58-BDD7-1DED2F10AAEB}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Executables (32-bit) (HKLM-x32\...\{4642A126-F999-4407-801B-C1C89BDA58C5}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 pip Bootstrap (32-bit) (HKLM-x32\...\{69CFC76B-3434-4919-8885-BA7960725137}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Standard Library (32-bit) (HKLM-x32\...\{09160A5D-8B99-4A89-9E9D-8A6D8E9C7EC1}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{8A09EA6B-C86C-4ECA-8742-C4C1BCA96845}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Test Suite (32-bit) (HKLM-x32\...\{717DB3B4-C457-447B-A8A6-6921A4D917EF}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Utility Scripts (32-bit) (HKLM-x32\...\{FC756D1E-1252-406E-8414-E11FAF97F3C7}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{D6BDDB48-938A-4384-A7BE-2B4E4931B111}) (Version: 3.7.6386.0 - Python Software Foundation)
Python Tools 2.2 for Visual Studio 2013 (HKLM-x32\...\{6D689B7E-ADDB-48F4-90C4-0B9888375688}) (Version: 2.2.30718.00 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.27.511.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0218.1 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Riftcat (HKLM-x32\...\{482d58be-fe71-4dae-835c-0950729ac3de}) (Version: 1.0.0 - Riftcat)
Riftcat Client (HKLM-x32\...\{B2C26ED3-33A6-4A0E-98EE-6ACEC22C5793}) (Version: 1.0.0.3 - Riftcat) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
SDK Debuggers (HKLM-x32\...\{8238CD59-617A-FE41-8AB4-A88AF3160849}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95150002-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text Build 3170 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
System Mechanic Pro (HKLM\...\{1E5E7177-5156-4541-B8D5-B0C7E9064329}) (Version:  - ) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{791295AE-3B0A-3222-9E69-26C8C106E8D1}) (Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TI-Nspire™ Computer Link (HKLM-x32\...\{6C5AC088-3136-4043-8985-8B0772A9580E}) (Version: 3.9.0.455 - Texas Instruments Inc.)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Twitch (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
TypeScript Power Tool (HKLM-x32\...\{8A8A0C13-A9B3-45AF-9A4C-4D351E0DFC8A}) (Version: 1.0.1.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{83499F62-B5EC-4F40-A28C-1297241E4D1D}) (Version: 1.0.1.0 - Microsoft Corporation) Hidden
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Unity (HKLM-x32\...\Unity) (Version: 2017.3.0f3 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2013 Update 2 (KB2829760) (HKLM-x32\...\{3c348532-c3bd-4bae-a928-7b555f8c808f}) (Version: 12.0.30501 - Microsoft Corporation)
VS Update core components (HKLM-x32\...\{39D9555C-47A7-38F6-AEB9-9E7CAE1C6AF5}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Warcraft Logs Uploader (HKLM-x32\...\{F1010B8C-12DA-C61A-7C32-3AC420F37756}) (Version: 4.15 - UNKNOWN) Hidden
Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 4.15 - UNKNOWN)
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation)
Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
WPT Redistributables (HKLM-x32\...\{F28E1B8B-1F92-80AF-710B-3E0191A25917}) (Version: 10.1.17134.12 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{711802CA-302C-6805-6D1F-D5CEF535F15E}) (Version: 10.1.17134.12 - Microsoft) Hidden
XAMPP (HKLM-x32\...\xampp) (Version: 7.2.5-0 - Bitnami)
Надстройка Microsoft Report Viewer для Visual Studio 2013 (HKLM-x32\...\{30BCD3B4-F753-451F-B8F7-86E115A9AE72}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (HKLM-x32\...\{EA754818-DB87-42B6-9753-E668B9186434}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-FCB919FC5A94}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{92776d32-cf7d-4db1-835e-621c281033ed}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-06-17] (g10 Code GmbH)
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\x64\Incinerator.dll -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll -> No File
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll -> No File
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-06-17] (g10 Code GmbH)
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\x64\Incinerator.dll -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-07-30] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {025E5424-1A2F-4F8E-BB74-E61A8D5A7785} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {05D1A8A2-5F83-48D8-A422-6B6E6F2ECDEE} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {0825AC42-4E5D-483E-9789-DA69CEA144CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-19] (Microsoft Corporation)
Task: {0A298F3C-D339-4659-9408-67A7A893DB97} - System32\Tasks\Opera scheduled Autoupdate 1487318455 => C:\Program Files (x86)\Opera\launcher.exe [2018-08-06] (Opera Software)
Task: {0BE58DB4-DF01-4A4E-8F65-7A0F7FCA79CA} - System32\Tasks\S-1-5-21-2243521789-936282867-848371492-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {165C2229-E2D0-42F8-AB6A-D88972258BCB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-05-20] (NVIDIA Corporation)
Task: {1759ADD2-8467-4B13-9C65-5700B28AC6ED} - \ActiveMessenger-SystemMechanic -> No File <==== ATTENTION
Task: {224E7899-EB03-460F-91EC-69845FC2961B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {26BFE09B-2652-4099-8C5D-554F1CF03BC3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2AA8339D-DAC7-4B69-A3C0-C0B6EE3F2AEB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {31FCF4E6-A89F-4074-8D8F-29EA1E7BD9E7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3F29EAE7-DDFB-4F6D-B1A0-CBD24EDA65D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-19] (Microsoft Corporation)
Task: {412463C0-F98D-4EAC-9B64-3F143CB79676} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {45D361C0-0597-4190-BC65-83778E11E355} - \ActiveMessenger-PrivacyGuardian -> No File <==== ATTENTION
Task: {47BA98D9-E95B-44DB-8EE8-A1D4C136BE4D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {47F42AE0-8169-4539-B3E6-502F5F9BE80C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5C8BEE4D-3787-45A4-8EE1-E87E0A4ADE89} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-19] (Microsoft Corporation)
Task: {5CAEA5DC-0D0C-490A-8B35-8D4B8DBF25DF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {5E81EC25-B9BD-44BE-A96A-46A9FA1A3C54} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-19] (Microsoft Corporation)
Task: {613474AB-E7BE-41BF-960F-6D8B1529A19F} - System32\Tasks\EPSON XP-430 Series Update {DB1B0FE6-AAE3-4FBA-A97A-0857C28977C5} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {62927EA4-D4AC-4D03-AA36-B321D260B727} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {658A70B7-0D89-40E1-A57B-FCCBC4A1A0FA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6A9B33B9-F556-4CE7-8553-6FD76CA0136C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7602F030-CF62-4737-A60A-34C5039531FD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7D8AED93-DB12-4EC5-BEC0-6DBDB01C4928} - System32\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {809E4633-6A4C-422E-BC1E-E0F4A1FEBB96} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {82C8AF72-2E5E-4A2D-92AC-F9A8B20741D5} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-06-27] (Oracle Corporation)
Task: {84349628-9B9C-4237-BD18-443A30BFE476} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {90249B6B-A88D-4EC9-A590-324DF0FDD2E2} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-06-27] (Oracle Corporation)
Task: {94FF1FA5-ABF6-4D9A-B97E-1C78937099D7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-19] (Microsoft Corporation)
Task: {9565C9E8-F3FC-4288-BDBA-24BB75D5A0D3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-19] (Microsoft Corporation)
Task: {9624946F-8E36-470C-BABB-8613A61C2172} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {96FCD520-57EA-4EBB-9C4C-8F731EA3DEAB} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {9AD632C4-92D8-4BC3-902F-139F6E2DF5C6} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-scaler0222@gmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {9C30937B-2DC3-4070-8FEF-5CC00DDCFA3A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-19] (Microsoft Corporation)
Task: {9FCFBA36-98A3-4077-834B-84867796E881} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {A11D705C-B93D-4989-BBCB-E8D59A1C7604} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-19] (Microsoft Corporation)
Task: {A62287E2-D24A-41B6-8A45-2CFE0B1FEAF6} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-05-16] (Bitdefender)
Task: {A715D800-3509-4539-8247-DB238EA45CA6} - \ActiveSync-PrivacyGuardian -> No File <==== ATTENTION
Task: {A781CBBB-2B3D-4D0F-B12B-3E66BA26E8A4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {A7959D96-159B-4B9A-8731-E6E87357BB66} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-scaler0222@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {ACD0393C-DAB9-4F23-AEDE-0A4CDDC6D81C} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2018-03-17] (Oracle Corporation)
Task: {AE900A0E-B3FF-4165-AFBD-C6B5855F67C6} - \ActiveSync-SystemMechanic -> No File <==== ATTENTION
Task: {B8FCFA90-9CE2-44C3-8946-41DE8DCD2470} - \ActiveSync-MalwareKiller -> No File <==== ATTENTION
Task: {BA0BEBFF-A0C5-48C4-9B6C-817C070FA8CD} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {BA25FEB6-A769-4E46-ADFB-7BF60B8D5D4A} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {BF5F15C5-C45A-4405-A43C-3FB04F4D050B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-20] (NVIDIA Corporation)
Task: {C46ADB6E-007F-4643-BA82-4E26F10D9812} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CDB8AF6E-2F32-4C47-8927-38A1676F535E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {D1402DE7-8516-4341-B93C-31D9AA988E29} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-08-14] (Microsoft Corporation)
Task: {DAAA6167-B7FC-47E3-97D8-9CB0B73E72F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-19] (Microsoft Corporation)
Task: {EBE73E2E-F79F-486E-A98E-2F3451EF096D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EE829BF7-7ED7-4687-A389-3A8C42837B9D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {F70AF660-CABA-4669-9EC2-44A2DE7F05E0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-23] (Adobe Systems Incorporated)
Task: {F76F20D9-4D68-4BE7-A8BF-EEF35C838E7F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {FD6BE568-B641-4953-B42E-E66A80C454E7} - \ActiveMessenger-MalwareKiller -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE:/EXE:{CDB9B9D7-847A-4014-88C7-DD2F2D5E4749} /F:UpdateWORKGROUP\SHANES_PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-430 Series Update {DB1B0FE6-AAE3-4FBA-A97A-0857C28977C5}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE:/EXE:{DB1B0FE6-AAE3-4FBA-A97A-0857C28977C5} /F:UpdateWORKGROUP\SHANES_PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.1.5-p273\Interactive Ruby.lnk -> C:\Ruby21\bin\irb.bat ()
 
ShortcutWithArgument: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www.khanacademy.org\https_80\(6) Chemistry _ Khan Academy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.khanacademy.org/science/chemistry
ShortcutWithArgument: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.1.5-p273\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby21\bin\setrbvars.bat
ShortcutWithArgument: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-06-02 13:55 - 2018-07-20 06:05 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-27 20:08 - 2018-02-27 20:08 - 000614856 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2016-05-08 12:17 - 2018-07-19 12:19 - 008936112 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-05-19 01:09 - 2014-01-28 12:16 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2016-09-18 19:26 - 2012-04-24 18:42 - 001181544 _____ () C:\Program Files (x86)\HV-MS732 Gaming mouse\ETGMSrv.exe
2018-05-24 21:36 - 2018-05-20 10:36 - 001315296 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-08-14 20:03 - 2018-08-02 20:09 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-08-11 17:39 - 2018-08-11 17:39 - 035124224 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-08-11 17:39 - 2018-08-11 17:39 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-08-11 17:39 - 2018-08-11 17:39 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-25 17:40 - 2017-09-25 17:40 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-08-11 17:39 - 2018-08-11 17:39 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 13:07 - 2018-07-17 13:07 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-30 14:38 - 2018-07-30 15:30 - 000088888 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\zlib1.dll
2018-07-30 14:38 - 2018-07-30 15:29 - 001356088 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\libxml2.dll
2014-12-13 02:49 - 2013-05-07 16:06 - 000096768 ____N () C:\Program Files (x86)\REALTEK\REALTEK USB Wireless LAN Driver\WPSService20.exe
2017-05-19 01:09 - 2018-08-15 00:01 - 000029696 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2017-05-19 01:09 - 2014-01-28 12:16 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-03-20 12:43 - 2014-03-20 12:43 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-05-24 21:36 - 2018-05-20 10:36 - 001033184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-12 21:33 - 2018-04-12 21:33 - 000142376 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\fs-ext\build\Release\fs-ext.node
2018-04-12 21:33 - 2018-04-12 21:33 - 000271400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2018-04-12 21:33 - 2018-04-12 21:33 - 000141864 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\ref\build\Release\binding.node
2018-04-12 21:33 - 2018-04-12 21:33 - 000150568 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\ffi\build\Release\ffi_bindings.node
2018-04-12 21:33 - 2018-04-12 21:33 - 000097832 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2018-04-12 21:33 - 2018-04-12 21:33 - 000110120 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\idle-gc\build\Release\idle-gc.node
2018-04-24 08:08 - 2018-04-24 08:08 - 000125912 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2018-04-24 08:08 - 2018-04-24 08:08 - 000125400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2018-04-24 08:08 - 2018-04-24 08:08 - 000133080 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2018-04-24 08:08 - 2018-04-24 08:08 - 000222168 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2018-04-24 08:08 - 2018-04-24 08:08 - 000099800 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2018-04-24 08:08 - 2018-04-24 08:08 - 000106448 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2018-04-24 08:08 - 2018-04-24 08:08 - 000094160 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\sharepoint.com -> hxxps://appslosrios.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2018-08-14 23:59 - 000002149 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2243521789-936282867-848371492-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shane\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\yddnbvy.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: chromoting => 2
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: OVRService => 2
MSCONFIG\Services: PandaAgent => 2
MSCONFIG\Services: RunSwUSB => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpeedupService => 2
MSCONFIG\Services: VyprVPN => 2
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\StartupFolder: => "MassPlanner2.lnk"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\StartupApproved\Run: => "SandboxieControl"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe
FirewallRules: [TCP Query User{18A11324-CB55-48C4-8261-52B6A3BF2E90}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{2E21D9C0-75C8-4B23-92F5-400D6CACBF5E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7CCA553C-353A-4728-AC9A-1F3AB0FA2774}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\69.0.3497.7\remoting_host.exe
FirewallRules: [{DBC82562-F866-4112-961F-B0EAF59A5F61}] => (Allow) C:\Users\Shane\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe
FirewallRules: [{B1261ED1-3EF5-4B69-B78B-ABF7BAE02DE3}] => (Allow) C:\Users\Shane\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
FirewallRules: [TCP Query User{119E05DB-D1DA-409A-A773-488FEA204F74}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{82CA6415-A108-4ECF-8F29-5A47927554BC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7365C72F-A194-4874-88BF-006FA5C5C5B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3283EF4B-1872-4E22-ADCC-A006BE792210}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E489A62A-17FB-4E4C-8E8E-DF09AAF1DD73}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{737E6130-F051-45B1-917F-12FE06A260D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B42BCC49-054C-48BC-B317-AE85764F2FB3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8082E4BE-78E5-43EA-8EF2-15F14FB4F468}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{77E2EE56-F7C6-48CE-A880-2E216CEE6628}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{C5D10574-FE01-4E39-BD40-AAD35D84B631}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4CCC893B-304D-47BF-9C74-18EC7559683C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6686D933-EB05-4D6A-9FCF-B89916DB7BBD}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
FirewallRules: [TCP Query User{788167AC-C4AC-496C-8ED1-3CF84D160336}C:\users\shane\downloads\halo online 0.6\eldorado.exe] => (Allow) C:\users\shane\downloads\halo online 0.6\eldorado.exe
FirewallRules: [UDP Query User{48015A1D-772B-474A-BC5B-15C5EFD76397}C:\users\shane\downloads\halo online 0.6\eldorado.exe] => (Allow) C:\users\shane\downloads\halo online 0.6\eldorado.exe
 
==================== Restore Points =========================
 
14-08-2018 20:01:25 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek PCIe GbE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/15/2018 12:22:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/15/2018 12:19:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/15/2018 12:16:25 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f7411639-6b10-4c06-b80e-67017110afe0}
 
Error: (08/14/2018 11:52:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/14/2018 11:50:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/14/2018 11:35:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/14/2018 11:33:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/14/2018 11:21:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
 
System errors:
=============
Error: (08/15/2018 12:02:54 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (08/15/2018 12:02:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/15/2018 12:02:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
 
Error: (08/14/2018 11:59:19 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.
 
Error: (08/14/2018 11:58:40 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.
 
Error: (08/14/2018 11:17:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ProductAgentService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/14/2018 02:49:49 PM) (Source: TermService) (EventID: 1057) (User: )
Description: The RD Session Host Server has failed to create a new self signed certificate to be used for RD Session Host Server authentication on SSL connections. The relevant status code was Object already exists.
.
 
Error: (08/14/2018 02:49:43 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.
 
 
Windows Defender:
===================================
Date: 2018-06-21 00:21:30.316
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3C035A5D-F034-4534-91E9-DF19380F2458}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-20 23:17:14.511
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {078EFA11-3AF3-4EB0-B42A-F78BA9AA142A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-20 23:01:51.540
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6EAFB811-D5A3-4AB2-AD02-25995AE1BFAF}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-20 22:47:03.826
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {48248A17-8CED-4B35-A776-31005ADC10A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-20 22:25:17.791
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {AB099F7D-74CF-45AA-85F8-5BF5790231B8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-08-15 00:06:43.002
Description: 
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified. 
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
 
CodeIntegrity:
===================================
 
Date: 2018-08-12 18:23:18.222
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-12 12:16:12.956
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-12 11:34:04.738
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-08-12 11:31:08.626
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-12 11:31:08.624
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-12 11:31:08.621
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-12 11:31:08.619
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-09 19:40:06.590
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 25%
Total physical RAM: 16327.28 MB
Available physical RAM: 12154.67 MB
Total Virtual: 17351.28 MB
Available Virtual: 13657.95 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1862.23 GB) (Free:1016.25 GB) NTFS
Drive d: (XP-430_XP-434) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS
 
\\?\Volume{75a111c8-85f5-11e4-8254-806e6f6e6963}\ (System) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS
\\?\Volume{d27788f8-0000-0000-0000-e0a4d1010000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: D27788F8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 

 

==================== End of Addition.txt ============================


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:39 AM

Posted 15 August 2018 - 02:20 PM

Greetings Shane.

There is no Revo log. Thanks for the details.

Did you disable SmartScreen?
 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
  • The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below
Start::
CreateRestorePoint:
CloseProcesses:
BootExecute: autocheck autochk * ḫ䗫㴀送SHANES_PC\Shane 䀀
C:\Program Files\Bitdefender Agent
HKLM\...\Run: [BdVpnApp] => C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe [87344 2018-07-05] (Bitdefender)
C:\Program Files\Bitdefender
HKLM\...\Run: [{C12EDCD9-A219-4778-A5FC-0D0F1F219F12}] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-4778-A5FC-0D0F1F219F12}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-47 (the data entry has 36 more characters).
C:\Program Files\Common Files\Bitdefender
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll => No File
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll No File
FF Extension: (Avira Browser Safety) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\abs@avira.com [2016-11-29]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff => not found
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff => not found
S3 BdVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [108064 2018-07-05] (Bitdefender)
S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
C:\Program Files\CyberGhost 5
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [250024 2018-03-08] (Copyright 2017.)
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
2018-08-15 00:06 - 2018-08-15 00:06 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2018-08-14 23:26 - 2018-08-14 23:26 - 000184034 _____ C:\ProgramData\cl.uninstall.1534314015.bdinstall.bin
2018-08-14 23:21 - 2018-08-14 23:21 - 000036485 _____ C:\ProgramData\dm.uninstall.1534314056.bdinstall.bin
2018-08-14 23:18 - 2018-08-14 23:18 - 000017498 _____ C:\ProgramData\agent.uninstall.1534313900.bdinstall.bin
2018-08-13 12:51 - 2018-08-13 12:51 - 000000014 _____ C:\END
2018-08-13 12:49 - 2018-08-13 12:56 - 000000000 ____D C:\ProgramData\Phoenix360
2018-08-12 12:17 - 2018-08-12 12:17 - 000070991 _____ C:\ProgramData\vpn.1534101378.bdinstall.bin
2018-08-12 12:17 - 2018-08-12 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender VPN
2018-08-12 12:16 - 2018-08-12 12:16 - 000035040 _____ C:\ProgramData\vpn.uninstall.1534101384.bdinstall.bin
2018-08-12 11:31 - 2018-08-12 11:31 - 000000085 _____ C:\WINDOWS\wininit.ini
2018-08-08 00:42 - 2018-08-08 00:42 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-08 00:39 - 2018-08-08 00:40 - 027093048 _____ (Adlice Software) C:\Users\Shane\Downloads\RogueKiller_portable64.exe
2018-08-08 00:37 - 2018-08-13 12:35 - 000000000 ____D C:\ProgramData\Emsisoft
2018-08-08 00:21 - 2018-08-08 00:21 - 000000000 ____D C:\Users\Shane\Doctor Web
2018-08-08 00:21 - 2018-08-08 00:21 - 000000000 ____D C:\ProgramData\Doctor Web
2018-08-08 00:19 - 2018-08-08 00:19 - 000000010 _____ C:\Users\Shane\AppData\Local\sponge.last.runtime.cache
2018-08-08 00:19 - 2018-08-08 00:04 - 002527376 _____ (Trend Micro Inc.) C:\Users\Shane\Desktop\HousecallLauncher64.exe
2018-08-08 00:15 - 2018-08-08 00:15 - 000000000 ____D C:\WINDOWS\Trend Micro
2018-08-08 00:15 - 2018-08-08 00:15 - 000000000 ____D C:\ProgramData\Trend Micro
2018-08-08 00:08 - 2018-08-08 00:15 - 325974784 _____ (Emsisoft Ltd. ) C:\Users\Shane\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2018-08-08 00:07 - 2017-10-17 09:40 - 000334488 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2018-08-08 00:06 - 2018-08-08 00:06 - 000000036 _____ C:\Users\Shane\AppData\Local\housecall.guid.cache
2018-08-08 00:04 - 2018-08-08 00:04 - 002527376 _____ (Trend Micro Inc.) C:\Users\Shane\Downloads\HousecallLauncher64.exe
2018-08-07 16:53 - 2018-08-07 16:53 - 001786768 _____ (GridinSoft LLC) C:\Users\Shane\Downloads\TrojanKiller-Setup.exe
2018-08-07 16:31 - 2018-08-09 15:03 - 000000000 ____D C:\ProgramData\TEMP
2018-08-07 16:14 - 2018-08-07 16:14 - 000000000 ____D C:\Users\Shane\Documents\Simply Super Software
2018-08-07 16:01 - 2018-08-14 23:21 - 000003246 _____ C:\bdlog.txt
2018-08-07 15:41 - 2018-08-07 15:41 - 000000022 _____ C:\Users\Shane\Downloads\ESETPoweliksCleaner.exe_20180807.154101.70292.zip
2018-08-07 15:38 - 2018-08-07 15:38 - 000549504 _____ (ESET) C:\Users\Shane\Downloads\ESETPoweliksCleaner.exe
2018-08-01 21:17 - 2018-06-13 05:51 - 019073856 _____ (Greatis Software, LLC. ) C:\Users\Shane\Downloads\unhackme_setup.exe
2018-07-30 11:09 - 2018-07-30 11:09 - 000000000 ____D C:\Users\Shane\AppData\Local\ESET
2018-07-30 07:25 - 2018-07-30 07:25 - 005414064 _____ (Avira Operations GmbH & Co. KG) C:\Users\Shane\Downloads\avira_en_asu60_3080799118_egg2xi2885693g28gcnb_wd.exe
2018-08-15 00:16 - 2018-03-08 12:13 - 000083101 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-08-13 12:48 - 2018-01-05 11:23 - 000000000 ____D C:\Program Files (x86)\Phoenix360
2018-08-13 12:40 - 2018-03-08 12:13 - 000567234 _____ C:\WINDOWS\ZAM.krnl.trace
2018-08-12 12:12 - 2016-09-15 12:32 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-08-12 11:31 - 2016-09-15 12:32 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-07-30 16:22 - 2014-12-31 13:26 - 000000000 ____D C:\ProgramData\Norton
2018-04-10 12:52 - 2018-04-10 12:52 - 000000000 ____N () C:\Users\Shane\AppData\Local\{59745BC6-AB93-47AE-A3E3-ACEDF246D979}
2017-12-02 10:16 - 2017-12-02 10:16 - 000000000 ____N () C:\Users\Shane\AppData\Local\{944BCD73-00FD-4536-B994-737E9BF5959A}
2018-08-13 12:38 - 2018-07-02 14:15 - 011576808 _____ (SurfRight B.V.) C:\Users\Shane\AppData\Local\Temp\HitmanPro.exe
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-FCB919FC5A94}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\x64\Incinerator.dll 
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll -> No File
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll -> No File
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\x64\Incinerator.dll -> No File
Task: {1759ADD2-8467-4B13-9C65-5700B28AC6ED} - \ActiveMessenger-SystemMechanic 
Task: {45D361C0-0597-4190-BC65-83778E11E355} - \ActiveMessenger-PrivacyGuardian
Task: {A62287E2-D24A-41B6-8A45-2CFE0B1FEAF6} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-05-16] (Bitdefender)
Task: {A715D800-3509-4539-8247-DB238EA45CA6} - \ActiveSync-PrivacyGuardian -> No File <==== ATTENTION
Task: {AE900A0E-B3FF-4165-AFBD-C6B5855F67C6} - \ActiveSync-SystemMechanic -> No File <==== ATTENTION
Task: {B8FCFA90-9CE2-44C3-8946-41DE8DCD2470} - \ActiveSync-MalwareKiller -> No File <==== ATTENTION
Task: {FD6BE568-B641-4953-B42E-E66A80C454E7} - \ActiveMessenger-MalwareKiller -> No File <==== ATTENTION
MSCONFIG\Services: VyprVPN => 2
MSCONFIG\Services: PandaAgent => 2
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
AVG PC TuneUp 2015 (en-US) (HKLM-x32\...\{4AC74ED1-719B-46DA-8B8A-340FBF892291}) (Version: 15.0.1001.604 - AVG Technologies) Hidden
System Mechanic Pro (HKLM\...\{1E5E7177-5156-4541-B8D5-B0C7E9064329}) (Version:  - ) Hidden
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SmartScreen?
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 terpy

terpy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 15 August 2018 - 07:11 PM

Hmm, I hadn't even heard of SmartScreen before you mentioning it, so I'm not sure why it was disabled. After running the fix I still am experiencing low internet speeds (9mpbs down and 11mpbs up) and for some reason my windows search feature is still acting funny. It rarely dispalys the actual application I'm searching for and instead displays random related folders. For example, I'll attach a screenshot of what it shows when I search for "Steam".

 

Here is the fix log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Shane (15-08-2018 14:17:31) Run:2
Running from C:\Users\Shane\Desktop\Security  Tools
Loaded Profiles: Shane (Available Profiles: Shane & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
BootExecute: autocheck autochk * ḫ䗫㴀送SHANES_PC\Shane 䀀
C:\Program Files\Bitdefender Agent
HKLM\...\Run: [BdVpnApp] => C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe [87344 2018-07-05] (Bitdefender)
C:\Program Files\Bitdefender
HKLM\...\Run: [{C12EDCD9-A219-4778-A5FC-0D0F1F219F12}] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-4778-A5FC-0D0F1F219F12}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-47 (the data entry has 36 more characters).
C:\Program Files\Common Files\Bitdefender
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll => No File
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll No File
FF Extension: (Avira Browser Safety) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\abs@avira.com [2016-11-29]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff => not found
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff => not found
S3 BdVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [108064 2018-07-05] (Bitdefender)
S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
C:\Program Files\CyberGhost 5
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [250024 2018-03-08] (Copyright 2017.)
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
2018-08-15 00:06 - 2018-08-15 00:06 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2018-08-14 23:26 - 2018-08-14 23:26 - 000184034 _____ C:\ProgramData\cl.uninstall.1534314015.bdinstall.bin
2018-08-14 23:21 - 2018-08-14 23:21 - 000036485 _____ C:\ProgramData\dm.uninstall.1534314056.bdinstall.bin
2018-08-14 23:18 - 2018-08-14 23:18 - 000017498 _____ C:\ProgramData\agent.uninstall.1534313900.bdinstall.bin
2018-08-13 12:51 - 2018-08-13 12:51 - 000000014 _____ C:\END
2018-08-13 12:49 - 2018-08-13 12:56 - 000000000 ____D C:\ProgramData\Phoenix360
2018-08-12 12:17 - 2018-08-12 12:17 - 000070991 _____ C:\ProgramData\vpn.1534101378.bdinstall.bin
2018-08-12 12:17 - 2018-08-12 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender VPN
2018-08-12 12:16 - 2018-08-12 12:16 - 000035040 _____ C:\ProgramData\vpn.uninstall.1534101384.bdinstall.bin
2018-08-12 11:31 - 2018-08-12 11:31 - 000000085 _____ C:\WINDOWS\wininit.ini
2018-08-08 00:42 - 2018-08-08 00:42 - 000000000 ____D C:\ProgramData\RogueKiller
2018-08-08 00:39 - 2018-08-08 00:40 - 027093048 _____ (Adlice Software) C:\Users\Shane\Downloads\RogueKiller_portable64.exe
2018-08-08 00:37 - 2018-08-13 12:35 - 000000000 ____D C:\ProgramData\Emsisoft
2018-08-08 00:21 - 2018-08-08 00:21 - 000000000 ____D C:\Users\Shane\Doctor Web
2018-08-08 00:21 - 2018-08-08 00:21 - 000000000 ____D C:\ProgramData\Doctor Web
2018-08-08 00:19 - 2018-08-08 00:19 - 000000010 _____ C:\Users\Shane\AppData\Local\sponge.last.runtime.cache
2018-08-08 00:19 - 2018-08-08 00:04 - 002527376 _____ (Trend Micro Inc.) C:\Users\Shane\Desktop\HousecallLauncher64.exe
2018-08-08 00:15 - 2018-08-08 00:15 - 000000000 ____D C:\WINDOWS\Trend Micro
2018-08-08 00:15 - 2018-08-08 00:15 - 000000000 ____D C:\ProgramData\Trend Micro
2018-08-08 00:08 - 2018-08-08 00:15 - 325974784 _____ (Emsisoft Ltd. ) C:\Users\Shane\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2018-08-08 00:07 - 2017-10-17 09:40 - 000334488 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2018-08-08 00:06 - 2018-08-08 00:06 - 000000036 _____ C:\Users\Shane\AppData\Local\housecall.guid.cache
2018-08-08 00:04 - 2018-08-08 00:04 - 002527376 _____ (Trend Micro Inc.) C:\Users\Shane\Downloads\HousecallLauncher64.exe
2018-08-07 16:53 - 2018-08-07 16:53 - 001786768 _____ (GridinSoft LLC) C:\Users\Shane\Downloads\TrojanKiller-Setup.exe
2018-08-07 16:31 - 2018-08-09 15:03 - 000000000 ____D C:\ProgramData\TEMP
2018-08-07 16:14 - 2018-08-07 16:14 - 000000000 ____D C:\Users\Shane\Documents\Simply Super Software
2018-08-07 16:01 - 2018-08-14 23:21 - 000003246 _____ C:\bdlog.txt
2018-08-07 15:41 - 2018-08-07 15:41 - 000000022 _____ C:\Users\Shane\Downloads\ESETPoweliksCleaner.exe_20180807.154101.70292.zip
2018-08-07 15:38 - 2018-08-07 15:38 - 000549504 _____ (ESET) C:\Users\Shane\Downloads\ESETPoweliksCleaner.exe
2018-08-01 21:17 - 2018-06-13 05:51 - 019073856 _____ (Greatis Software, LLC. ) C:\Users\Shane\Downloads\unhackme_setup.exe
2018-07-30 11:09 - 2018-07-30 11:09 - 000000000 ____D C:\Users\Shane\AppData\Local\ESET
2018-07-30 07:25 - 2018-07-30 07:25 - 005414064 _____ (Avira Operations GmbH & Co. KG) C:\Users\Shane\Downloads\avira_en_asu60_3080799118_egg2xi2885693g28gcnb_wd.exe
2018-08-15 00:16 - 2018-03-08 12:13 - 000083101 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-08-13 12:48 - 2018-01-05 11:23 - 000000000 ____D C:\Program Files (x86)\Phoenix360
2018-08-13 12:40 - 2018-03-08 12:13 - 000567234 _____ C:\WINDOWS\ZAM.krnl.trace
2018-08-12 12:12 - 2016-09-15 12:32 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-08-12 11:31 - 2016-09-15 12:32 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-07-30 16:22 - 2014-12-31 13:26 - 000000000 ____D C:\ProgramData\Norton
2018-04-10 12:52 - 2018-04-10 12:52 - 000000000 ____N () C:\Users\Shane\AppData\Local\{59745BC6-AB93-47AE-A3E3-ACEDF246D979}
2017-12-02 10:16 - 2017-12-02 10:16 - 000000000 ____N () C:\Users\Shane\AppData\Local\{944BCD73-00FD-4536-B994-737E9BF5959A}
2018-08-13 12:38 - 2018-07-02 14:15 - 011576808 _____ (SurfRight B.V.) C:\Users\Shane\AppData\Local\Temp\HitmanPro.exe
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-FCB919FC5A94}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\x64\Incinerator.dll 
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll -> No File
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll -> No File
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\x64\Incinerator.dll -> No File
Task: {1759ADD2-8467-4B13-9C65-5700B28AC6ED} - \ActiveMessenger-SystemMechanic 
Task: {45D361C0-0597-4190-BC65-83778E11E355} - \ActiveMessenger-PrivacyGuardian
Task: {A62287E2-D24A-41B6-8A45-2CFE0B1FEAF6} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-05-16] (Bitdefender)
Task: {A715D800-3509-4539-8247-DB238EA45CA6} - \ActiveSync-PrivacyGuardian -> No File <==== ATTENTION
Task: {AE900A0E-B3FF-4165-AFBD-C6B5855F67C6} - \ActiveSync-SystemMechanic -> No File <==== ATTENTION
Task: {B8FCFA90-9CE2-44C3-8946-41DE8DCD2470} - \ActiveSync-MalwareKiller -> No File <==== ATTENTION
Task: {FD6BE568-B641-4953-B42E-E66A80C454E7} - \ActiveMessenger-MalwareKiller -> No File <==== ATTENTION
MSCONFIG\Services: VyprVPN => 2
MSCONFIG\Services: PandaAgent => 2
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
AVG PC TuneUp 2015 (en-US) (HKLM-x32\...\{4AC74ED1-719B-46DA-8B8A-340FBF892291}) (Version: 15.0.1001.604 - AVG Technologies) Hidden
System Mechanic Pro (HKLM\...\{1E5E7177-5156-4541-B8D5-B0C7E9064329}) (Version:  - ) Hidden
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\Program Files\Bitdefender Agent => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BdVpnApp" => removed successfully
C:\Program Files\Bitdefender => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\{C12EDCD9-A219-4778-A5FC-0D0F1F219F12}" => removed successfully
"C:\Program Files\Common Files\Bitdefender" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => not found
C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\abs@avira.com => moved successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\bdwtwe@bitdefender.com" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\bdwtwe@bitdefender.com" => removed successfully
"HKLM\System\CurrentControlSet\Services\BdVpnService" => removed successfully
BdVpnService => service removed successfully
"HKLM\System\CurrentControlSet\Services\CGVPNCliService" => removed successfully
CGVPNCliService => service removed successfully
C:\Program Files\CyberGhost 5 => moved successfully
"HKLM\System\CurrentControlSet\Services\ProductAgentService" => removed successfully
ProductAgentService => service removed successfully
ZAM_Guard => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\ZAM_Guard" => removed successfully
ZAM_Guard => service removed successfully
"HKLM\System\CurrentControlSet\Services\Partizan" => removed successfully
Partizan => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM" => removed successfully
ZAM => service removed successfully
C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => moved successfully
C:\ProgramData\cl.uninstall.1534314015.bdinstall.bin => moved successfully
C:\ProgramData\dm.uninstall.1534314056.bdinstall.bin => moved successfully
C:\ProgramData\agent.uninstall.1534313900.bdinstall.bin => moved successfully
C:\END => moved successfully
C:\ProgramData\Phoenix360 => moved successfully
C:\ProgramData\vpn.1534101378.bdinstall.bin => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender VPN => moved successfully
C:\ProgramData\vpn.uninstall.1534101384.bdinstall.bin => moved successfully
C:\WINDOWS\wininit.ini => moved successfully
C:\ProgramData\RogueKiller => moved successfully
C:\Users\Shane\Downloads\RogueKiller_portable64.exe => moved successfully
C:\ProgramData\Emsisoft => moved successfully
C:\Users\Shane\Doctor Web => moved successfully
C:\ProgramData\Doctor Web => moved successfully
C:\Users\Shane\AppData\Local\sponge.last.runtime.cache => moved successfully
C:\Users\Shane\Desktop\HousecallLauncher64.exe => moved successfully
C:\WINDOWS\Trend Micro => moved successfully
C:\ProgramData\Trend Micro => moved successfully
C:\Users\Shane\Downloads\EmsisoftAntiMalwareSetup_bc.exe => moved successfully
C:\WINDOWS\system32\Drivers\tmcomm.sys => moved successfully
C:\Users\Shane\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\Shane\Downloads\HousecallLauncher64.exe => moved successfully
C:\Users\Shane\Downloads\TrojanKiller-Setup.exe => moved successfully
C:\ProgramData\TEMP => moved successfully
C:\Users\Shane\Documents\Simply Super Software => moved successfully
C:\bdlog.txt => moved successfully
C:\Users\Shane\Downloads\ESETPoweliksCleaner.exe_20180807.154101.70292.zip => moved successfully
C:\Users\Shane\Downloads\ESETPoweliksCleaner.exe => moved successfully
C:\Users\Shane\Downloads\unhackme_setup.exe => moved successfully
C:\Users\Shane\AppData\Local\ESET => moved successfully
C:\Users\Shane\Downloads\avira_en_asu60_3080799118_egg2xi2885693g28gcnb_wd.exe => moved successfully
C:\WINDOWS\ZAM_Guard.krnl.trace => moved successfully
C:\Program Files (x86)\Phoenix360 => moved successfully
C:\WINDOWS\ZAM.krnl.trace => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\ProgramData\Norton => moved successfully
C:\Users\Shane\AppData\Local\{59745BC6-AB93-47AE-A3E3-ACEDF246D979} => moved successfully
C:\Users\Shane\AppData\Local\{944BCD73-00FD-4536-B994-737E9BF5959A} => moved successfully
C:\Users\Shane\AppData\Local\Temp\HitmanPro.exe => moved successfully
"HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}" => removed successfully
"HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-FCB919FC5A94}" => removed successfully
"HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}" => removed successfully
"HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Incinerator" => removed successfully
"HKLM\Software\Classes\CLSID\{E8215BEA-3290-4C73-964B-75502B9B41B2}" => removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\AVG Disk Space Explorer Shell Extension" => removed successfully
"HKLM\Software\Classes\CLSID\{4838CD50-7E5D-4811-9B17-C47A85539F28}" => removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\AVG Shredder Shell Extension" => removed successfully
"HKLM\Software\Classes\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" => removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Incinerator" => removed successfully
HKLM\Software\Classes\CLSID\{E8215BEA-3290-4C73-964B-75502B9B41B2} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1759ADD2-8467-4B13-9C65-5700B28AC6ED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1759ADD2-8467-4B13-9C65-5700B28AC6ED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45D361C0-0597-4190-BC65-83778E11E355}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45D361C0-0597-4190-BC65-83778E11E355}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A62287E2-D24A-41B6-8A45-2CFE0B1FEAF6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A62287E2-D24A-41B6-8A45-2CFE0B1FEAF6}" => removed successfully
"C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A715D800-3509-4539-8247-DB238EA45CA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A715D800-3509-4539-8247-DB238EA45CA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ActiveSync-PrivacyGuardian" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE900A0E-B3FF-4165-AFBD-C6B5855F67C6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE900A0E-B3FF-4165-AFBD-C6B5855F67C6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ActiveSync-SystemMechanic" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8FCFA90-9CE2-44C3-8946-41DE8DCD2470}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8FCFA90-9CE2-44C3-8946-41DE8DCD2470}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ActiveSync-MalwareKiller" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD6BE568-B641-4953-B42E-E66A80C454E7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD6BE568-B641-4953-B42E-E66A80C454E7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ActiveMessenger-MalwareKiller" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VyprVPN" => removed successfully
HKLM\System\CurrentControlSet\Services\VyprVPN => not found
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PandaAgent" => removed successfully
HKLM\System\CurrentControlSet\Services\PandaAgent => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Avira SystrayStartTrigger" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Avira SystrayStartTrigger" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4AC74ED1-719B-46DA-8B8A-340FBF892291}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1E5E7177-5156-4541-B8D5-B0C7E9064329}\\SystemComponent" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13876466 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 822308 B
Edge => 3584 B
Chrome => 366464528 B
Firefox => 43063661 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5490 B
LocalService => 0 B
NetworkService => 5902 B
NetworkService => 0 B
Shane => 321837640 B
Administrator => 0 B
 
RecycleBin => 353367741 B
EmptyTemp: => 1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:39:18 ====

Attached Files


Edited by terpy, 15 August 2018 - 07:16 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:39 AM

Posted 15 August 2018 - 07:34 PM

Thank you.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
  • The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below
Start::
CloseProcesses:
StartRegedit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="Warn"
EndRegedit:
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
===================================================

Rebuilding Windows Indexing

--------------------

Note: This process may take a long time to complete. Do not interrupt the process.
  • Click Start, type Index then select Indexing Options above
  • Click Advanced
  • Click Rebuild, then OK
  • When completed you will see Indexing complete
  • Check your Search function
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Rebuild successful?
  • MTB.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 terpy

terpy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 16 August 2018 - 03:22 PM

Hi, so I let the rebuild run overnight, but unfortunately haven't noticed a difference in my search function since completing. It still displays the same results when searching for "Steam." My internet speeds are the same as well, just ran another test and got 9mbps down and 6 mbps. Thanks for all the help so far, here are my new logs:

 

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Shane (15-08-2018 20:29:37) Run:3
Running from C:\Users\Shane\Desktop\Security  Tools
Loaded Profiles: Shane (Available Profiles: Shane & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
StartRegedit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="Warn"
EndRegedit:
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
 
*****************
 
Processes closed successfully.
 
====> Registry
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2243521789-936282867-848371492-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2243521789-936282867-848371492-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 20:29:50 ====

MTB.txt:

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Shane (administrator) on 16-08-2018 at 13:16:50
Running from "C:\Users\Shane\Downloads"
Microsoft Windows 10 Home  (X64)
Model: All Series Manufacturer: ASUS
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
There are 7 entries.
 
========================= IP Configuration: ================================
 
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
Compact Wireless-G USB Adapter = Wi-Fi 3 (Connected)
Realtek PCIe GbE Family Controller = Ethernet (Hardware not present)
Realtek RTL8811AU Wireless LAN 802.11ac USB 2.0 Network Adapter = Wi-Fi (Media disconnected)
AnchorFree TAP-Windows Adapter V9 = Ethernet 3 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Shanes_PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net
 
Ethernet adapter VirtualBox Host-Only Network:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 0A-00-27-00-00-06
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::412f:f36a:9fce:f52e%6(Preferred) 
   Autoconfiguration IPv4 Address. . : 169.254.245.46(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 705298471
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-C4-47-7B-38-2C-4A-E7-16-75
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Realtek RTL8811AU Wireless LAN 802.11ac USB 2.0 Network Adapter
   Physical Address. . . . . . . . . : 74-DA-38-11-12-BF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : AnchorFree TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-78-AB-06-D8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi 3:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Compact Wireless-G USB Adapter #2
   Physical Address. . . . . . . . . : 00-1C-10-63-94-92
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::11e5:a8e5:b154:7170%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, August 15, 2018 8:31:46 PM
   Lease Expires . . . . . . . . . . : Friday, August 17, 2018 1:12:24 PM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 503323664
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-C4-47-7B-38-2C-4A-E7-16-75
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  dsldevice.attlocal.net
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2607:f8b0:4002:c02::65
  108.177.122.101
  108.177.122.138
  108.177.122.113
  108.177.122.102
  108.177.122.100
  108.177.122.139
 
 
Pinging google.com [108.177.122.113] with 32 bytes of data:
Reply from 108.177.122.113: bytes=32 time=60ms TTL=40
Reply from 108.177.122.113: bytes=32 time=61ms TTL=40
 
Ping statistics for 108.177.122.113:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 60ms, Maximum = 61ms, Average = 60ms
Server:  dsldevice.attlocal.net
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  2001:4998:58:1836::11
  2001:4998:44:41d::3
  2001:4998:c:1023::5
  2001:4998:58:1836::10
  2001:4998:44:41d::4
  2001:4998:c:1023::4
  98.138.219.232
  98.137.246.7
  72.30.35.9
  98.137.246.8
  72.30.35.10
  98.138.219.231
 
 
Pinging yahoo.com [98.138.219.232] with 32 bytes of data:
Reply from 98.138.219.232: bytes=32 time=51ms TTL=48
Reply from 98.138.219.232: bytes=32 time=51ms TTL=48
 
Ping statistics for 98.138.219.232:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 51ms, Maximum = 51ms, Average = 51ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  6...0a 00 27 00 00 06 ......VirtualBox Host-Only Ethernet Adapter
 13...74 da 38 11 12 bf ......Realtek RTL8811AU Wireless LAN 802.11ac USB 2.0 Network Adapter
  7...00 ff 78 ab 06 d8 ......AnchorFree TAP-Windows Adapter V9
 14...00 1c 10 63 94 92 ......Compact Wireless-G USB Adapter #2
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.67     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      169.254.0.0      255.255.0.0         On-link    169.254.245.46    281
   169.254.245.46  255.255.255.255         On-link    169.254.245.46    281
  169.254.255.255  255.255.255.255         On-link    169.254.245.46    281
      192.168.1.0    255.255.255.0         On-link      192.168.1.67    311
     192.168.1.67  255.255.255.255         On-link      192.168.1.67    311
    192.168.1.255  255.255.255.255         On-link      192.168.1.67    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link    169.254.245.46    281
        224.0.0.0        240.0.0.0         On-link      192.168.1.67    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link    169.254.245.46    281
  255.255.255.255  255.255.255.255         On-link      192.168.1.67    311
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  6    281 fe80::/64                On-link
 14    311 fe80::/64                On-link
 14    311 fe80::11e5:a8e5:b154:7170/128
                                    On-link
  6    281 fe80::412f:f36a:9fce:f52e/128
                                    On-link
  1    331 ff00::/8                 On-link
  6    281 ff00::/8                 On-link
 14    311 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
 
**** End of log ****

 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:39 AM

Posted 16 August 2018 - 03:42 PM

Greetings.

I see you modified your previous post to include a snapshot of the Steam search results. That looks normal, what concerns you?

Are you currently running a Virtual Machine?

Do you have other computers connected to the same network and are they working OK?

Please run a new FRST scan and copy/paste both reports in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 terpy

terpy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 16 August 2018 - 07:46 PM

Yeah, sorry about that. Initially, I didn't realize that the screenshot didn't attach, so I went back and redid it.Shouldn't the search for Steam be showing the Steam application and not random folders? There are other things I can't search for anymore, like the Snipping Tool for example, and most of my games. They'll either come up with no results found or display folders that have those terms in the names. Sorry, I know that's pretty vague and hard to diagnose, I'm really not sure what I could have done to mess with it like that.

 

As for running a virtual machine, no I haven't run one in a couple of weeks. I had to use a Kali Linux VM for a class at my university but haven't used it since.

 

Yes, I have one other laptop (Surface Pro) connected to the network and it is functioning as expected. I just ran a speedtest on it and got 92.5 download and 70.4 upload and the search feature works normally. The same goes for my cellphone and ps4 which are also intermittently connected to the network, and they usually get expected speeds as well.

 

Another sidenote: I do have an ethernet cable, but found that my connection would randomly drop sometimes when using it, which is why I'm using WiFi now on my PC. The connection is better with the ethernet cable, around 50/50mpbs down/up, but the connection drops were becoming too annoying.

 

Here are my new FRST and addition scans:

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Shane (administrator) on SHANES_PC (16-08-2018 17:14:42)
Running from C:\Users\Shane\Desktop\Security  Tools
Loaded Profiles: Shane (Available Profiles: Shane & Administrator)
Platform: Windows 10 Home Version 1803 17134.228 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIPAE.EXE
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files (x86)\HV-MS732 Gaming mouse\ETGMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files (x86)\REALTEK\REALTEK USB Wireless LAN Driver\WPSService20.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10325.20091.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10325.20091.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18061.17410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIPAE.EXE [417776 2014-11-13] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-08-13]
ShortcutTarget: Twitch.lnk -> C:\Users\Shane\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{449234d4-39cb-4a01-8a84-852ce7f9f3d0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d922699d-3f62-4dda-95db-cd0339f0d366}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e15fa8a2-da66-4941-a1a6-bf8885abb41a}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{f9fef2cd-d98e-47d6-bd23-5c2099baf510}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-19] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.2\bin\jp2ssv.dll [2018-08-01] (Oracle Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-19] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-07-19] (Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-19] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 9rtzq1ov.default
FF ProfilePath: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default [2018-08-16]
FF Extension: (No Name) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\@react-devtools.xpi [2018-05-28]
FF Extension: (Redux DevTools) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\extension@redux.devtools.xpi [2018-05-27]
FF Extension: (Firefox Hotfix) - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\9rtzq1ov.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-13] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-11-16] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\dtplugin\npDeployJava1.dll [2018-08-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=13.0.2.0 -> C:\Program Files\Java\jre-10.0.2\bin\plugin2\npjp2.dll [2018-08-01] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-07-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-07-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2243521789-936282867-848371492-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default [2018-08-16]
CHR Extension: (Slides) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-01]
CHR Extension: (Docs) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-01]
CHR Extension: (Google Drive) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-02]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-08-01]
CHR Extension: (YouTube) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-08-01]
CHR Extension: (Sheets) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-01]
CHR Extension: (React Developer Tools) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2018-08-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-08-12]
CHR Extension: (Google Docs Offline) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-08-09]
CHR Extension: (Privacy Guardian™ Online Privacy Protection) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\higopmjdpgolhfdefeicklcmgifipcbh [2018-08-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-08-15]
CHR Extension: (The Great Suspender) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2018-08-02]
CHR Extension: (Redux DevTools) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmhkpmbekcpmknklioeibfkpmmfibljd [2018-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-01]
CHR Extension: (Gmail) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-01]
CHR Extension: (Chrome Media Router) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-01]
CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Corporation)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\69.0.3497.7\remoting_host.exe [72024 2018-07-23] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522928 2018-06-30] (Microsoft Corporation)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-19] (EasyAntiCheat Ltd)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [674768 2018-03-11] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ETGMGlcsSrv; C:\Program Files (x86)\HV-MS732 Gaming mouse\ETGMSrv.exe [1181544 2012-04-24] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 MySQL80; C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe [44932096 2018-04-08] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
S4 RunSwUSB; C:\Windows\runSW.exe [44104 2014-01-16] ()
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] ()
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [286208 2018-07-13] (Microsoft Corporation)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R2 unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-08-10] (Reason Software Company Inc.)
S3 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2016-10-11] (CYREN Inc.)
S3 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2016-10-11] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2016-10-11] (CYREN Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-15] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-15] (Microsoft Corporation)
R2 WPSService20; C:\Program Files (x86)\REALTEK\REALTEK USB Wireless LAN Driver\WPSService20.exe [96768 2013-05-07] () [File not signed]
S3 AfVpnService; "C:\Program Files\Bitdefender\Bitdefender VPN\vpnservice.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S4 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-29] (The OpenVPN Project)
R2 AMP; C:\WINDOWS\system32\Drivers\amp.sys [181512 2016-10-11] (CYREN Inc.)
R2 AMPSE; C:\WINDOWS\system32\Drivers\ampse.sys [1793288 2016-10-11] (CYREN Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R3 GrdKey; C:\WINDOWS\system32\DRIVERS\grdkey.sys [1211136 2017-12-27] (Aktiv Co.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-07] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52ac7eb8f32780d5\nvlddmkm.sys [17211376 2018-08-01] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31200 2018-05-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-07-30] (NVIDIA Corporation)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1106256 2018-06-24] (Realtek )
R3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [8228688 2018-05-03] (Realtek Semiconductor Corporation )
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-11] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-08-08] ()
R3 usbglcs1100302; C:\WINDOWS\system32\drivers\usbglcs1100302.sys [25600 2014-06-11] (Windows ® Win 7 DDK provider)
R3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [213080 2018-07-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [222864 2018-07-16] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-08-15] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-08-15] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-15] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [47096 2017-12-21] (Wellbia.com Co., Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-16 13:16 - 2018-08-16 13:17 - 000012973 _____ C:\Users\Shane\Downloads\MTB.txt
2018-08-16 13:15 - 2018-08-16 13:16 - 000892416 _____ (Farbar) C:\Users\Shane\Downloads\MiniToolBox.exe
2018-08-14 20:04 - 2018-08-03 01:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-08-14 20:04 - 2018-08-03 01:20 - 004049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-08-14 20:04 - 2018-08-03 01:20 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-08-14 20:04 - 2018-08-03 00:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-08-14 20:04 - 2018-08-02 20:40 - 001221048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-08-14 20:04 - 2018-08-02 20:40 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-08-14 20:04 - 2018-08-02 20:40 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-08-14 20:04 - 2018-08-02 20:40 - 000228136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-08-14 20:04 - 2018-08-02 20:39 - 009091480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-08-14 20:04 - 2018-08-02 20:39 - 002829216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-08-14 20:04 - 2018-08-02 20:39 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-08-14 20:04 - 2018-08-02 20:39 - 000170936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-08-14 20:04 - 2018-08-02 20:38 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-08-14 20:04 - 2018-08-02 20:38 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-08-14 20:04 - 2018-08-02 20:38 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-08-14 20:04 - 2018-08-02 20:25 - 002255008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-08-14 20:04 - 2018-08-02 20:25 - 001131064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-08-14 20:04 - 2018-08-02 20:25 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-08-14 20:04 - 2018-08-02 20:15 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-08-14 20:04 - 2018-08-02 20:14 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-08-14 20:04 - 2018-08-02 20:13 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-08-14 20:04 - 2018-08-02 20:13 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-08-14 20:04 - 2018-08-02 20:12 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-08-14 20:04 - 2018-08-02 20:11 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-08-14 20:04 - 2018-08-02 20:11 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-08-14 20:04 - 2018-08-02 20:11 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-08-14 20:04 - 2018-08-02 20:11 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-08-14 20:04 - 2018-08-02 20:10 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-08-14 20:04 - 2018-08-02 20:09 - 005776896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-08-14 20:04 - 2018-08-02 20:09 - 004529664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2018-08-14 20:04 - 2018-08-02 20:09 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-08-14 20:04 - 2018-08-02 20:09 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-08-14 20:04 - 2018-08-02 20:09 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-08-14 20:04 - 2018-08-02 20:08 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-08-14 20:04 - 2018-08-02 20:08 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-08-14 20:04 - 2018-08-02 20:08 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-08-14 20:04 - 2018-08-02 20:08 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-08-14 20:04 - 2018-08-02 20:06 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-08-14 20:04 - 2018-08-02 20:05 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-08-14 20:04 - 2018-08-02 20:05 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-08-14 20:03 - 2018-08-03 01:39 - 021389368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-08-14 20:03 - 2018-08-03 01:21 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-08-14 20:03 - 2018-08-03 01:21 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-08-14 20:03 - 2018-08-03 00:43 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-08-14 20:03 - 2018-08-03 00:29 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-08-14 20:03 - 2018-08-02 22:41 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-08-14 20:03 - 2018-08-02 21:49 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-08-14 20:03 - 2018-08-02 20:47 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-08-14 20:03 - 2018-08-02 20:46 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-08-14 20:03 - 2018-08-02 20:46 - 000269248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-08-14 20:03 - 2018-08-02 20:41 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-08-14 20:03 - 2018-08-02 20:40 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-08-14 20:03 - 2018-08-02 20:40 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-08-14 20:03 - 2018-08-02 20:39 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-08-14 20:03 - 2018-08-02 20:39 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-08-14 20:03 - 2018-08-02 20:39 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-08-14 20:03 - 2018-08-02 20:38 - 001945792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-08-14 20:03 - 2018-08-02 20:38 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-08-14 20:03 - 2018-08-02 20:38 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-08-14 20:03 - 2018-08-02 20:38 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-08-14 20:03 - 2018-08-02 20:38 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-08-14 20:03 - 2018-08-02 20:38 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-08-14 20:03 - 2018-08-02 20:38 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-08-14 20:03 - 2018-08-02 20:26 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-08-14 20:03 - 2018-08-02 20:25 - 006568784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-08-14 20:03 - 2018-08-02 20:25 - 001622296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-08-14 20:03 - 2018-08-02 20:25 - 000583120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-08-14 20:03 - 2018-08-02 20:23 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-08-14 20:03 - 2018-08-02 20:18 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-08-14 20:03 - 2018-08-02 20:18 - 022007808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-08-14 20:03 - 2018-08-02 20:17 - 004380160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-08-14 20:03 - 2018-08-02 20:16 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-08-14 20:03 - 2018-08-02 20:13 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-08-14 20:03 - 2018-08-02 20:13 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-08-14 20:03 - 2018-08-02 20:12 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-08-14 20:03 - 2018-08-02 20:12 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-08-14 20:03 - 2018-08-02 20:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-08-14 20:03 - 2018-08-02 20:11 - 005746688 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2018-08-14 20:03 - 2018-08-02 20:11 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-08-14 20:03 - 2018-08-02 20:11 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-08-14 20:03 - 2018-08-02 20:11 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-08-14 20:03 - 2018-08-02 20:11 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-08-14 20:03 - 2018-08-02 20:09 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-08-14 20:03 - 2018-08-02 20:09 - 001932288 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-08-14 20:03 - 2018-08-02 20:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-08-14 20:03 - 2018-08-02 20:09 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-08-14 20:03 - 2018-08-02 20:08 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-08-14 20:03 - 2018-08-02 20:08 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-08-14 20:03 - 2018-08-02 20:07 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-08-14 20:03 - 2018-08-02 20:07 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-08-14 20:03 - 2018-08-02 20:06 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-08-14 20:03 - 2018-08-02 20:06 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-08-14 20:03 - 2018-08-02 20:06 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-08-14 20:03 - 2018-08-02 20:06 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-08-14 20:02 - 2018-08-03 01:39 - 000790304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-08-14 20:02 - 2018-08-03 01:25 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-08-14 20:02 - 2018-08-03 01:25 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-08-14 20:02 - 2018-08-03 01:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-08-14 20:02 - 2018-08-03 01:24 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2018-08-14 20:02 - 2018-08-03 01:24 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-08-14 20:02 - 2018-08-03 01:22 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-08-14 20:02 - 2018-08-03 01:21 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-08-14 20:02 - 2018-08-03 01:20 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2018-08-14 20:02 - 2018-08-03 01:19 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-08-14 20:02 - 2018-08-03 00:45 - 000663128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-08-14 20:02 - 2018-08-03 00:33 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-08-14 20:02 - 2018-08-03 00:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-08-14 20:02 - 2018-08-03 00:32 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2018-08-14 20:02 - 2018-08-03 00:30 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-08-14 20:02 - 2018-08-03 00:29 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-08-14 20:02 - 2018-08-03 00:27 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-08-14 20:02 - 2018-08-03 00:27 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-08-14 20:02 - 2018-08-02 22:36 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationREST.dll
2018-08-14 20:02 - 2018-08-02 20:47 - 000128920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2018-08-14 20:02 - 2018-08-02 20:41 - 000077608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-08-14 20:02 - 2018-08-02 20:41 - 000061736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-08-14 20:02 - 2018-08-02 20:40 - 000072800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-08-14 20:02 - 2018-08-02 20:39 - 000692240 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-08-14 20:02 - 2018-08-02 20:39 - 000114080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-08-14 20:02 - 2018-08-02 20:39 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-08-14 20:02 - 2018-08-02 20:39 - 000031648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-08-14 20:02 - 2018-08-02 20:38 - 001285536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-08-14 20:02 - 2018-08-02 20:38 - 000115640 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2018-08-14 20:02 - 2018-08-02 20:27 - 000061032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-08-14 20:02 - 2018-08-02 20:25 - 000539168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-08-14 20:02 - 2018-08-02 20:17 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-08-14 20:02 - 2018-08-02 20:16 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2018-08-14 20:02 - 2018-08-02 20:16 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2018-08-14 20:02 - 2018-08-02 20:15 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-08-14 20:02 - 2018-08-02 20:14 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-08-14 20:02 - 2018-08-02 20:14 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-08-14 20:02 - 2018-08-02 20:14 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSAssessment.dll
2018-08-14 20:02 - 2018-08-02 20:13 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-08-14 20:02 - 2018-08-02 20:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdp.dll
2018-08-14 20:02 - 2018-08-02 20:12 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-08-14 20:02 - 2018-08-02 20:12 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-08-14 20:02 - 2018-08-02 20:10 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebManagement.exe
2018-08-14 20:02 - 2018-08-02 20:10 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2018-08-14 20:02 - 2018-08-02 20:09 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-08-14 20:02 - 2018-08-02 20:08 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-08-14 20:02 - 2018-08-02 20:08 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-08-14 20:02 - 2018-08-02 20:08 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-08-14 20:02 - 2018-08-02 20:08 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-08-14 20:02 - 2018-08-02 20:08 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-08-14 20:02 - 2018-08-02 20:07 - 000627200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdp.dll
2018-08-14 20:02 - 2018-08-02 20:07 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-08-14 20:02 - 2018-08-02 20:07 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-08-14 20:02 - 2018-08-02 20:06 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-08-14 20:02 - 2018-08-02 20:05 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-08-14 20:02 - 2018-08-02 20:04 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-08-14 20:02 - 2018-08-02 18:54 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-08-14 05:00 - 2018-08-14 05:00 - 003546085 _____ C:\Users\Shane\Downloads\elvui-10.78 (1).zip
2018-08-13 11:43 - 2018-08-13 11:43 - 003546085 _____ C:\Users\Shane\Downloads\elvui-10.78.zip
2018-08-12 11:24 - 2018-08-12 11:24 - 000000000 ____D C:\Users\Shane\AppData\Local\IsolatedStorage
2018-08-11 16:43 - 2018-08-11 16:44 - 030223661 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community (1).mp4
2018-08-10 12:00 - 2018-08-10 12:00 - 000109031 _____ C:\Users\Shane\Downloads\FRST (1).txt
2018-08-10 00:30 - 2018-08-10 00:30 - 000001095 _____ C:\Users\Public\Desktop\Unchecky.lnk
2018-08-10 00:30 - 2018-08-10 00:30 - 000000000 ____D C:\ProgramData\Unchecky
2018-08-10 00:30 - 2018-08-10 00:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2018-08-10 00:30 - 2018-08-10 00:30 - 000000000 ____D C:\Program Files (x86)\Unchecky
2018-08-10 00:01 - 2018-08-10 00:02 - 000000000 ____D C:\symbols
2018-08-09 21:49 - 2018-08-09 21:53 - 000000000 ____D C:\Users\Shane\Downloads\ElDorito-master
2018-08-08 23:43 - 2018-08-08 23:43 - 000001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-08-08 20:13 - 2018-08-08 20:13 - 000027509 _____ C:\Users\Shane\Downloads\luckyproject.aup
2018-08-08 20:11 - 2018-08-08 20:11 - 000000000 ____D C:\Users\Shane\Downloads\luckyproject_data
2018-08-08 00:44 - 2018-08-08 00:44 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-08-08 00:04 - 2018-08-08 00:21 - 000094660 _____ C:\Users\Shane\Downloads\Addition.txt
2018-08-07 23:57 - 2018-08-08 00:21 - 000110409 _____ C:\Users\Shane\Downloads\FRST.txt
2018-08-07 23:56 - 2018-08-16 17:14 - 000000000 ____D C:\FRST
2018-08-07 13:59 - 2018-08-07 14:00 - 3293432832 _____ C:\Users\Shane\Downloads\ShaneCalerFinalSparkVideo(backup).avi
2018-08-07 13:56 - 2018-08-07 13:56 - 000193018 _____ C:\Users\Shane\Downloads\2018-08-05_BAK1.MV_
2018-08-07 13:55 - 2018-08-07 13:56 - 055185649 _____ C:\Users\Shane\Downloads\ShaneCalerFinalSparkVideo.mp4
2018-08-07 13:45 - 2018-08-07 13:45 - 000193804 _____ C:\Users\Shane\Downloads\2018-08-05_BAK0.MV_
2018-08-07 13:42 - 2018-08-07 14:03 - 000115968 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community_mp4.H0
2018-08-06 16:49 - 2018-08-06 16:49 - 000002080 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-08-06 16:49 - 2018-08-06 16:49 - 000002078 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-08-06 16:49 - 2018-08-06 16:49 - 000002068 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-08-06 16:49 - 2018-08-06 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-08-06 16:49 - 2018-08-06 16:49 - 000000000 ____D C:\Program Files\Google
2018-08-06 16:44 - 2018-08-06 16:44 - 001130840 _____ (Google Inc.) C:\Users\Shane\Downloads\installbackupandsync.exe
2018-08-05 15:05 - 2018-08-07 14:03 - 000194224 _____ C:\Users\Shane\Downloads\2018-08-05.MVP
2018-08-05 15:05 - 2018-08-05 15:06 - 062233124 _____ C:\Users\Shane\ES1022-final-spark-video.mp4
2018-08-05 15:04 - 2018-08-07 14:03 - 000002604 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community_mp4.HDP
2018-08-05 14:21 - 2018-08-05 14:23 - 038190148 _____ C:\Users\Shane\Downloads\Hip_hop_ the _CNN_ of the African American Community.mp4
2018-08-05 13:56 - 2018-08-05 13:57 - 023950701 _____ C:\Users\Shane\Downloads\videoplayback (3).mp4
2018-08-05 13:43 - 2018-08-05 13:44 - 037051109 _____ C:\Users\Shane\Downloads\videoplayback (2).mp4
2018-08-05 13:17 - 2018-08-05 13:18 - 009093906 _____ C:\Users\Shane\Downloads\videoplayback (1).mp4
2018-08-05 13:14 - 2018-08-05 13:14 - 003348413 _____ C:\Users\Shane\Downloads\videoplayback.mp4
2018-08-05 13:13 - 2018-08-05 13:13 - 002167977 _____ C:\Users\Shane\Downloads\videoplayback.3gp
2018-08-05 11:53 - 2018-08-05 12:00 - 000000200 _____ C:\Users\Shane\_netrc
2018-08-05 11:53 - 2018-08-05 11:53 - 000000000 ____D C:\Users\Shane\AppData\Local\heroku
2018-08-04 21:47 - 2018-08-04 21:47 - 000000000 ____D C:\Users\Shane\AppData\Local\ElDewrito
2018-08-04 21:19 - 2018-08-10 01:21 - 000000000 ____D C:\Users\Shane\Downloads\Halo Online 0.6
2018-08-04 15:32 - 2018-08-04 15:32 - 000316722 _____ C:\Users\Shane\Downloads\current.musicology.89.bothwell.95-102.pdf
2018-08-04 15:07 - 2018-08-04 15:08 - 002089612 _____ C:\Users\Shane\Downloads\9781134845712_googlepreview.pdf
2018-08-04 14:59 - 2018-08-04 14:59 - 000508262 _____ C:\Users\Shane\Downloads\9781134243648_preview.pdf
2018-08-04 14:59 - 2018-08-04 14:59 - 000508262 _____ C:\Users\Shane\Downloads\9781134243648_preview (1).pdf
2018-08-04 11:59 - 2018-08-07 13:31 - 000018422 ____H C:\Users\Shane\Downloads\~WRL0005.tmp
2018-08-03 22:38 - 2018-08-03 22:38 - 002130484 _____ C:\Users\Shane\Downloads\css-grid-master.zip
2018-08-03 11:53 - 2018-08-04 04:04 - 000029748 _____ C:\WINDOWS\SysWOW64\MyDefrag.dat
2018-08-03 00:13 - 2018-07-30 10:50 - 000132488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-08-03 00:09 - 2018-08-03 00:09 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-03 00:09 - 2018-08-03 00:09 - 000002290 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-03 00:06 - 2018-08-01 02:50 - 004352880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 003769016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 002002448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439882.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001565048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001467920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439882.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001420576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001218528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 001094128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000749936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000628920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000608544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-08-03 00:06 - 2018-08-01 02:50 - 000518488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 040346808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 035250008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 031250184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 025966552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 013728728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 011273816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 001159120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000906808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000816392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000654760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-08-03 00:06 - 2018-08-01 02:49 - 000635968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 017756224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 015170808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 001349384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-08-03 00:06 - 2018-08-01 02:48 - 001065688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-08-03 00:06 - 2018-08-01 02:47 - 004128280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-08-02 23:13 - 2018-08-02 23:13 - 000000000 ____D C:\Users\Shane\AppData\Roaming\VS Revo Group
2018-08-02 00:57 - 2018-08-02 00:58 - 000004016 _____ C:\Users\Shane\Downloads\netadapter-log-2018-08-02-0-57-04.txt
2018-08-02 00:56 - 2018-08-02 00:56 - 000003392 _____ C:\Users\Shane\Downloads\netadapter-log-2018-08-02-0-56-43.txt
2018-08-02 00:15 - 2018-08-02 00:15 - 002091520 _____ (Conner Bernhard) C:\Users\Shane\Downloads\NetAdapterRepair1.2.exe
2018-08-01 23:52 - 2018-08-07 23:46 - 000002592 _____ C:\Users\Shane\Desktop\Rkill.txt
2018-08-01 23:50 - 2018-08-01 23:50 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Shane\Downloads\rkill (1).exe
2018-08-01 23:29 - 2018-08-12 18:18 - 000002154 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2018-08-01 23:26 - 2018-08-12 18:16 - 000000000 ____D C:\@RestoreQuarantine
2018-08-01 21:40 - 2018-08-12 17:45 - 000000000 ____D C:\ProgramData\RegRun
2018-08-01 21:21 - 2018-08-01 20:56 - 000000985 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-08-01 21:20 - 2018-08-12 17:58 - 000000000 ____D C:\Users\Shane\Documents\RegRun2
2018-08-01 21:20 - 2018-08-12 17:47 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2018-08-01 16:16 - 2018-08-01 16:16 - 000002500 _____ C:\Users\Shane\Desktop\Word.lnk
2018-08-01 13:46 - 2018-08-01 13:46 - 000002308 _____ C:\Users\Shane\Desktop\Google Chrome.lnk
2018-08-01 13:22 - 2018-08-03 22:37 - 000000000 ____D C:\Users\Shane\Desktop\IDE's
2018-08-01 13:21 - 2018-08-01 13:45 - 000000000 ____D C:\Users\Shane\Desktop\Browsers
2018-08-01 13:21 - 2018-08-01 13:24 - 000000000 ____D C:\Users\Shane\Desktop\Games
2018-08-01 13:20 - 2018-08-16 17:14 - 000000000 ____D C:\Users\Shane\Desktop\Security  Tools
2018-07-31 01:46 - 2018-07-31 01:46 - 000000000 ____D C:\WINDOWS\Panther
2018-07-30 20:22 - 2018-07-30 20:22 - 001293777 _____ C:\Users\Shane\Downloads\minidumper.zip
2018-07-30 19:16 - 2018-07-30 19:16 - 000000000 ____D C:\Users\Shane\Apple
2018-07-30 17:34 - 2018-07-30 17:34 - 000000000 ____D C:\ProgramData\Apple Computer
2018-07-30 15:00 - 2018-07-30 15:00 - 000001400 _____ C:\Users\Shane\Downloads\dhcp.pcap
2018-07-30 14:58 - 2018-07-30 14:58 - 000125201 _____ C:\Users\Shane\Downloads\samples.zip
2018-07-30 11:12 - 2018-07-30 11:12 - 192962560 ____N C:\WINDOWS\system32\config\software.amg
2018-07-30 06:46 - 2018-07-30 06:46 - 003001296 _____ C:\Users\Shane\Downloads\SecurityTaskManager_Setup.exe
2018-07-30 00:27 - 2018-07-30 00:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-07-30 00:27 - 2018-07-30 00:27 - 000000000 ____D C:\Program Files\VS Revo Group
2018-07-29 23:38 - 2018-07-14 17:58 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-29 23:38 - 2018-07-14 17:56 - 001523240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-07-29 23:38 - 2018-07-14 17:44 - 006587392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-07-29 23:38 - 2018-07-14 17:44 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-29 23:38 - 2018-07-14 17:43 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-29 23:38 - 2018-07-14 17:42 - 008624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-29 23:38 - 2018-07-14 17:42 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-29 23:38 - 2018-07-14 17:41 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-07-29 23:38 - 2018-07-14 17:41 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2018-07-29 23:38 - 2018-07-14 17:39 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-29 23:38 - 2018-07-14 17:39 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-29 23:38 - 2018-07-14 17:38 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-29 23:38 - 2018-07-14 17:36 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-29 23:38 - 2018-07-14 16:28 - 001327424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-07-29 23:38 - 2018-07-14 16:18 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-07-29 23:38 - 2018-07-14 16:17 - 011901440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-29 23:38 - 2018-07-14 16:15 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-29 23:38 - 2018-07-14 16:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-29 23:38 - 2018-07-14 16:13 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-29 23:38 - 2018-07-14 16:11 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-29 23:38 - 2018-07-13 23:46 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-29 23:38 - 2018-07-13 23:42 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-29 23:38 - 2018-07-13 21:37 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-07-29 23:38 - 2018-07-13 21:37 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-07-29 23:38 - 2018-07-13 21:23 - 000760888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-29 23:38 - 2018-07-13 21:22 - 006813744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-29 23:38 - 2018-07-13 21:22 - 001144664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-29 23:38 - 2018-07-13 21:22 - 000510392 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-29 23:38 - 2018-07-13 21:22 - 000203560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-07-29 23:38 - 2018-07-13 21:21 - 000722824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-07-29 23:38 - 2018-07-13 21:21 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-07-29 23:38 - 2018-07-13 21:20 - 000184472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 000981920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-07-29 23:38 - 2018-07-13 21:19 - 000636944 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-07-29 23:38 - 2018-07-13 21:19 - 000483024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 002563984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 002371416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 001017584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 000930712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-29 23:38 - 2018-07-13 21:18 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 000443216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-29 23:38 - 2018-07-13 21:18 - 000376216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-07-29 23:38 - 2018-07-13 21:17 - 006527056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-29 23:38 - 2018-07-13 21:17 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-29 23:38 - 2018-07-13 21:17 - 000743320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-07-29 23:38 - 2018-07-13 21:16 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-29 23:38 - 2018-07-13 21:16 - 001143096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-29 23:38 - 2018-07-13 21:16 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-29 23:38 - 2018-07-13 21:15 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-29 23:38 - 2018-07-13 21:01 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-29 23:38 - 2018-07-13 20:59 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-29 23:38 - 2018-07-13 20:59 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-29 23:38 - 2018-07-13 20:59 - 003553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-07-29 23:38 - 2018-07-13 20:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 007057920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 004331008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-07-29 23:38 - 2018-07-13 20:57 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 004559872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 002697216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Controls.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 001703936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Controls.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 001558016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdPinAuthLsa.dll
2018-07-29 23:38 - 2018-07-13 20:56 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe
2018-07-29 23:38 - 2018-07-13 20:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe
2018-07-29 23:38 - 2018-07-13 20:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-07-29 23:38 - 2018-07-13 20:55 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdBroker.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-07-29 23:38 - 2018-07-13 20:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-07-29 23:38 - 2018-07-13 20:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2018-07-29 23:38 - 2018-07-13 20:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 003319808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-07-29 23:38 - 2018-07-13 20:54 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2018-07-29 23:38 - 2018-07-13 20:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 004770816 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll
2018-07-29 23:38 - 2018-07-13 20:53 - 000220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-07-29 23:38 - 2018-07-13 20:52 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 002904576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 001747968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 001304064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-07-29 23:38 - 2018-07-13 20:51 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 001359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-07-29 23:38 - 2018-07-13 20:50 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-07-29 23:38 - 2018-07-13 20:49 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-29 18:48 - 2018-07-29 18:48 - 000002196 _____ C:\Users\Shane\Downloads\Demons - Inspired Tory Lanez x Travis Scott Type Beat Instrumental ( Prod. dannyebtracks).aup
2018-07-29 18:22 - 2018-07-29 18:22 - 001353240 _____ (Microsoft Corporation) C:\Users\Shane\Downloads\winsdksetup.exe
2018-07-29 16:57 - 2018-07-29 16:57 - 002159149 _____ C:\Users\Shane\Downloads\volatility-2.3.1.win32.exe
2018-07-29 16:56 - 2018-07-29 16:56 - 000000000 ____D C:\ProgramData\Guardant
2018-07-29 16:50 - 2018-07-29 16:50 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Passware
2018-07-29 16:49 - 2018-07-29 16:49 - 010021892 _____ C:\volatility-2.3.1.standalone.exe
2018-07-29 16:49 - 2018-07-29 16:49 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Belkasoft
2018-07-29 16:49 - 2018-07-29 16:49 - 000000000 ____D C:\Users\Shane\AppData\Local\Belkasoft
2018-07-29 16:48 - 2018-07-29 16:48 - 000000000 ____D C:\ProgramData\Belkasoft
2018-07-29 16:47 - 2018-07-29 16:47 - 000000000 ____D C:\Program Files\Common Files\Guardant
2018-07-29 16:47 - 2017-12-27 13:58 - 000680760 _____ (Aktiv Co.) C:\WINDOWS\system32\grddrv.cpl
2018-07-29 16:47 - 2017-12-27 13:58 - 000657208 _____ (Aktiv Co.) C:\WINDOWS\SysWOW64\grddiag.exe
2018-07-29 16:47 - 2017-12-27 13:58 - 000394552 _____ (Aktiv Co.) C:\WINDOWS\system32\grddrv.dll
2018-07-29 16:46 - 2018-07-03 13:04 - 000011024 ____N C:\Users\Shane\Downloads\README.txt
2018-07-29 16:46 - 2018-07-03 13:04 - 000000639 ____N C:\Users\Shane\Downloads\File_id.diz
2018-07-29 16:12 - 2018-07-29 16:12 - 000000000 ____D C:\Users\Shane\lucky_data
2018-07-25 17:09 - 2018-07-25 17:09 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Giegerich & Partner GmbH
2018-07-25 17:08 - 2018-07-25 17:08 - 000000000 ____D C:\Program Files (x86)\Giegerich und Partner GmbH
2018-07-25 17:00 - 2018-07-25 17:00 - 003749353 _____ C:\Users\Shane\Downloads\gnupg-1.4.23.tar.bz2
2018-07-25 16:38 - 2018-08-07 14:53 - 000000000 ____D C:\Users\Shane\AppData\Local\Microsoft_Corporation
2018-07-25 16:38 - 2018-07-30 10:40 - 000000000 ____D C:\Users\Shane\AppData\Roaming\OutlookPrivacyPlugin
2018-07-25 16:36 - 2018-07-25 17:03 - 000000000 ____D C:\Users\Shane\AppData\Local\Deployment
2018-07-25 16:36 - 2018-07-25 16:36 - 000000000 ____D C:\Program Files (x86)\Outlook Privacy Plugin
2018-07-25 16:27 - 2018-07-25 16:27 - 000002751 _____ C:\Users\Shane\Downloads\Untitled (1)
2018-07-25 16:27 - 2018-07-25 16:27 - 000000011 _____ C:\Users\Shane\Downloads\Untitled
2018-07-25 16:23 - 2018-07-25 16:23 - 000013951 _____ C:\Users\Shane\Downloads\smime.p7m
2018-07-24 22:05 - 2018-07-24 22:05 - 000003145 _____ C:\Users\Shane\Downloads\Testy_McTest_pub.asc
2018-07-24 21:46 - 2018-07-24 21:46 - 000000000 ____D C:\Users\Shane\AppData\Local\pEp
2018-07-24 21:41 - 2018-07-30 15:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-07-24 21:41 - 2018-07-24 21:48 - 000000000 ____D C:\Users\Shane\AppData\Local\Thunderbird
2018-07-24 21:41 - 2018-07-24 21:41 - 000001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-07-24 21:41 - 2018-07-24 21:41 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Thunderbird
2018-07-24 21:40 - 2018-07-24 21:40 - 002848262 _____ C:\Users\Shane\Downloads\enigmail-2.0.7-sm+tb.xpi
2018-07-24 19:31 - 2018-07-24 22:16 - 000000000 ____D C:\Users\Shane\AppData\Roaming\kleopatra
2018-07-24 19:30 - 2018-08-06 22:23 - 000000000 ____D C:\Users\Shane\AppData\Roaming\gnupg
2018-07-24 19:30 - 2018-07-24 19:30 - 000002123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk
2018-07-24 19:30 - 2018-07-24 19:30 - 000001225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPA.lnk
2018-07-24 19:30 - 2018-07-24 19:30 - 000000000 ____D C:\Program Files (x86)\Gpg4win
2018-07-24 19:30 - 2018-07-24 19:30 - 000000000 ____D C:\Program Files (x86)\GnuPG
2018-07-23 23:33 - 2018-07-23 23:33 - 000312869 _____ C:\Users\Shane\Downloads\ZAPGettingStartedGuide-2.6.pdf
2018-07-23 20:49 - 2018-07-12 21:30 - 002718624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-23 19:53 - 2018-07-23 19:53 - 000000000 ____D C:\Program Files\MySQL
2018-07-23 19:46 - 2018-07-23 19:49 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
2018-07-23 19:42 - 2018-07-23 19:53 - 000000000 ____D C:\ProgramData\MySQL
2018-07-23 19:42 - 2018-07-23 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2018-07-23 19:42 - 2018-07-23 19:42 - 000000000 ____D C:\WINDOWS\System32\Tasks\MySQL
2018-07-23 19:42 - 2018-07-23 19:42 - 000000000 ____D C:\Program Files (x86)\MySQL
2018-07-23 19:30 - 2018-07-23 19:56 - 503031808 ____N C:\Users\Shane\Downloads\DVWA-1.0.7.iso
2018-07-23 19:13 - 2018-07-23 19:14 - 000000000 ____D C:\DVWA-master
2018-07-22 17:38 - 2018-07-22 17:38 - 000001156 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2018-07-22 17:38 - 2018-07-22 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2018-07-22 12:07 - 2018-07-23 21:01 - 000000939 _____ C:\WINDOWS\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749}.job
2018-07-22 12:07 - 2018-07-22 12:07 - 000004136 _____ C:\WINDOWS\System32\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749}
2018-07-19 09:57 - 2018-07-19 12:23 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-17 20:37 - 2018-07-17 20:37 - 000001005 _____ C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-16 17:14 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-16 17:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-16 17:12 - 2018-05-30 18:31 - 000000000 ____D C:\Users\Shane\AppData\Local\D3DSCache
2018-08-16 17:12 - 2018-05-18 13:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-16 17:06 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-16 17:04 - 2018-05-18 13:39 - 000936252 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-16 17:04 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-16 17:00 - 2014-12-16 16:37 - 000000000 ____D C:\Users\Shane\AppData\Local\Battle.net
2018-08-16 15:40 - 2014-12-17 11:05 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-08-16 13:15 - 2018-06-25 11:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-16 13:15 - 2017-05-19 01:10 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-16 13:14 - 2014-12-16 16:37 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-08-15 20:34 - 2017-10-17 17:18 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Twitch
2018-08-15 20:34 - 2016-06-03 13:44 - 000000000 ___RD C:\Users\Shane\Creative Cloud Files
2018-08-15 20:34 - 2015-07-31 17:05 - 000000000 ____D C:\Users\Shane\AppData\Local\Adobe
2018-08-15 20:31 - 2018-05-18 14:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-15 20:30 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-08-15 16:58 - 2018-02-26 13:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-08-15 16:46 - 2018-03-08 12:13 - 000013660 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-08-15 14:35 - 2018-05-18 13:40 - 000000000 ____D C:\Users\Shane
2018-08-15 00:08 - 2014-12-31 13:31 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-08-15 00:00 - 2018-05-18 13:33 - 005615080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-15 00:00 - 2017-12-01 08:47 - 000000000 ___RD C:\Users\Shane\3D Objects
2018-08-15 00:00 - 2014-12-16 16:13 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-08-14 23:56 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-08-14 23:56 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-08-14 23:56 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-08-14 23:56 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-08-14 23:56 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-08-14 23:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-08-14 23:55 - 2018-04-11 16:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-08-14 23:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-08-14 23:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-08-14 23:55 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-08-14 22:49 - 2018-04-11 14:04 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2018-08-14 20:22 - 2014-12-18 11:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-08-14 20:14 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-14 20:14 - 2014-12-18 11:45 - 137343192 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-08-13 12:52 - 2018-06-25 11:42 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-08-13 12:45 - 2014-12-13 02:49 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-08-13 12:26 - 2016-10-22 22:48 - 000000000 ____D C:\ProgramData\Jagex
2018-08-13 12:01 - 2014-12-13 02:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-08-12 17:43 - 2018-05-27 02:02 - 000000000 ____D C:\Users\Shane\AppData\LocalLow\Mozilla
2018-08-12 12:42 - 2018-05-18 14:21 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2243521789-936282867-848371492-1001
2018-08-12 12:41 - 2018-05-18 13:40 - 000002410 _____ C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-12 12:41 - 2015-05-08 06:03 - 000000000 ___RD C:\Users\Shane\OneDrive
2018-08-11 10:19 - 2018-05-18 14:21 - 000003644 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-08-11 10:16 - 2015-03-04 22:53 - 000000000 ____D C:\Users\Shane\AppData\Local\CrashDumps
2018-08-11 10:12 - 2015-04-12 17:52 - 000000000 ____D C:\Users\Shane\AppData\Local\Downloaded Installations
2018-08-10 15:51 - 2016-12-10 18:11 - 000000000 ____D C:\Program Files (x86)\Overwatch Test
2018-08-10 00:52 - 2015-03-06 11:38 - 000000000 ____D C:\Users\Shane\Documents\Visual Studio 2013
2018-08-09 22:34 - 2015-10-18 00:35 - 000000000 ____D C:\Users\Shane\Documents\Visual Studio 2015
2018-08-09 22:26 - 2018-06-07 00:59 - 000000000 ____D C:\Users\Shane\Desktop\ReactProjects
2018-08-09 20:45 - 2017-12-18 13:51 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Audacity
2018-08-09 18:59 - 2015-09-10 12:37 - 000000000 ____D C:\Program Files (x86)\DebugMode
2018-08-08 23:43 - 2018-05-18 14:21 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1487318455
2018-08-08 23:43 - 2015-07-31 10:20 - 000000000 ____D C:\Program Files (x86)\Opera
2018-08-08 13:51 - 2014-12-17 12:19 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 10:03 - 2013-08-22 08:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-08-08 08:18 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-07 23:43 - 2014-12-16 16:16 - 000000000 ____D C:\Users\Shane\AppData\Local\NVIDIA Corporation
2018-08-07 16:59 - 2018-07-07 20:51 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-06 22:05 - 2018-04-26 14:07 - 000000000 ____D C:\Users\Shane\AppData\Roaming\npm
2018-08-06 21:47 - 2016-09-09 11:11 - 000000000 ____D C:\Users\Shane\AppData\Roaming\discord
2018-08-06 16:49 - 2014-12-17 12:09 - 000000000 ____D C:\Users\Shane\AppData\Local\Google
2018-08-06 08:19 - 2018-04-11 16:41 - 000836480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-08-06 08:19 - 2018-04-11 16:41 - 000181120 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-06 00:21 - 2014-12-17 12:09 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-05 15:07 - 2016-09-24 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2018-08-04 04:38 - 2016-09-09 11:11 - 000000000 ____D C:\Users\Shane\AppData\Local\Discord
2018-08-04 04:04 - 2016-11-29 16:03 - 000056998 _____ C:\WINDOWS\SysWOW64\Defrag.debuglog
2018-08-03 16:17 - 2017-12-01 03:27 - 000000000 ____D C:\Users\Shane\AppData\Local\Packages
2018-08-03 11:08 - 2018-06-11 22:54 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-08-03 11:08 - 2017-05-19 01:10 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-08-03 00:14 - 2015-12-22 23:05 - 000000000 ____D C:\Temp
2018-08-03 00:14 - 2014-12-13 02:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-08-03 00:12 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\Help
2018-08-03 00:11 - 2014-12-16 16:16 - 000000000 ____D C:\Users\Shane\AppData\Local\NVIDIA
2018-08-02 23:39 - 2017-12-05 16:42 - 000000000 ____D C:\Users\Public\Games
2018-08-02 02:08 - 2018-05-18 13:40 - 000000000 ____D C:\Users\Administrator
2018-08-02 01:49 - 2015-07-31 11:46 - 000000000 ____D C:\AdwCleaner
2018-08-01 23:48 - 2018-06-30 18:34 - 000003734 _____ C:\WINDOWS\System32\Tasks\JavaUpdateSched
2018-08-01 23:48 - 2018-06-30 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-08-01 23:48 - 2015-01-11 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-08-01 23:48 - 2015-01-11 15:30 - 000000000 ____D C:\Program Files\Java
2018-08-01 23:47 - 2018-06-30 18:33 - 000145272 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-08-01 23:09 - 2016-11-29 13:29 - 000000000 ____D C:\Users\Shane\Desktop\OldDesktopStuff 11-29-2016
2018-08-01 22:46 - 2018-05-18 07:59 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-08-01 21:01 - 2016-12-12 15:02 - 000000000 ____D C:\Users\Shane\Desktop\class work
2018-08-01 02:47 - 2018-04-03 09:00 - 004858224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-07-31 11:24 - 2015-12-05 20:10 - 000000000 ____D C:\NVIDIA
2018-07-31 11:23 - 2015-09-16 19:47 - 000000000 ____D C:\Users\Shane\.VirtualBox
2018-07-30 19:05 - 2018-06-13 00:25 - 000000000 ____D C:\ProgramData\Packages
2018-07-30 17:34 - 2018-06-03 18:38 - 000000000 ____D C:\ProgramData\Apple
2018-07-30 16:31 - 2017-12-22 17:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-07-30 16:18 - 2015-10-20 21:16 - 000000000 ____D C:\Users\Shane\.thumbnails
2018-07-30 16:18 - 2015-07-31 10:48 - 000000000 ____D C:\ProgramData\MFAData
2018-07-30 16:17 - 2017-05-08 10:30 - 000000000 ____D C:\Users\Shane\.idlerc
2018-07-30 16:17 - 2015-12-05 19:41 - 000000000 ____D C:\Users\Shane\.oracle_jre_usage
2018-07-30 16:17 - 2015-03-05 13:34 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Mumble
2018-07-30 16:17 - 2015-01-27 23:42 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Skype
2018-07-30 16:07 - 2015-08-24 22:00 - 000000000 ____D C:\Users\Shane\AppData\LocalLow\Temp
2018-07-30 16:07 - 2015-08-21 23:31 - 000000000 ____D C:\Intel
2018-07-30 15:49 - 2018-05-12 16:30 - 000000000 ____D C:\xampp
2018-07-30 15:48 - 2016-09-15 12:26 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-07-30 15:48 - 2016-06-17 11:47 - 000000000 ____D C:\adbLink
2018-07-30 15:47 - 2016-11-13 02:07 - 000000000 ____D C:\Program Files (x86)\InnerSpace
2018-07-30 15:47 - 2016-09-09 11:11 - 000000000 ____D C:\Users\Shane\AppData\Local\SquirrelTemp
2018-07-30 15:47 - 2016-06-03 13:32 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Sony
2018-07-30 15:47 - 2015-09-02 17:17 - 000000000 ____D C:\Users\Shane\Documents\Add-in Express
2018-07-30 15:46 - 2018-05-09 01:32 - 000000000 ____D C:\Program Files\Sublime Text 3
2018-07-30 15:46 - 2016-09-22 19:09 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2018-07-30 15:46 - 2015-04-20 11:46 - 000000000 ____D C:\Program Files (x86)\CarbonPoker Odds Calculator
2018-07-30 15:46 - 2015-04-05 22:35 - 000000000 ____D C:\AmericasCardroom
2018-07-30 15:46 - 2015-02-03 14:40 - 000000000 ____D C:\Users\Shane\AppData\LocalLow\raidcall
2018-07-30 15:45 - 2018-05-25 18:21 - 000000000 ____D C:\Users\Shane\AppData\Roaming\TeamViewer
2018-07-30 15:45 - 2016-11-29 12:12 - 000000000 ____D C:\Windows10Upgrade
2018-07-30 15:45 - 2015-12-05 15:40 - 000000000 ____D C:\Users\Shane\Documents\The Witcher 3
2018-07-30 15:45 - 2015-04-20 11:46 - 000000000 ____D C:\Program Files (x86)\CarbonPoker
2018-07-30 15:45 - 2015-01-31 22:42 - 000000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2018-07-30 15:44 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-07-30 15:44 - 2015-07-31 17:57 - 000000000 ____D C:\Users\Shane\Documents\Adobe
2018-07-30 15:43 - 2018-06-19 18:16 - 000000000 ____D C:\Users\Shane\AppData\Roaming\EasyAntiCheat
2018-07-30 15:43 - 2018-05-31 14:26 - 000000000 ____D C:\Users\Shane\AppData\Local\GitHubDesktop
2018-07-30 15:43 - 2018-05-22 01:12 - 000000000 ____D C:\Users\Shane\AppData\Local\Postman
2018-07-30 15:43 - 2018-05-09 01:47 - 000000000 ____D C:\Users\Shane\AppData\Local\clink
2018-07-30 15:43 - 2017-04-16 18:37 - 000000000 ____D C:\Users\Shane\boost_1_63_0
2018-07-30 15:43 - 2016-09-09 02:05 - 000000000 ____D C:\Users\Shane\AppData\Local\ConnectedDevicesPlatform
2018-07-30 15:43 - 2015-12-09 19:52 - 000000000 ____D C:\Users\Shane\AppData\Roaming\codelite
2018-07-30 15:43 - 2015-08-18 21:37 - 000000000 ____D C:\Users\Shane\AppData\Local\GameMaker-Studio
2018-07-30 15:43 - 2015-01-27 23:07 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Ventrilo
2018-07-30 15:42 - 2018-07-02 14:15 - 000000000 ____D C:\Users\Shane\AppData\Local\PlaceholderTileLogoFolder
2018-07-30 15:42 - 2017-12-22 17:01 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\TeamViewer
2018-07-30 15:42 - 2017-12-20 15:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\discord
2018-07-30 15:41 - 2014-12-16 16:27 - 000000000 ____D C:\Program Files (x86)\Steam
2018-07-30 12:14 - 2018-04-03 09:01 - 000065792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-07-30 12:14 - 2018-04-03 09:00 - 000044271 _____ C:\WINDOWS\system32\nvinfo.pb
2018-07-30 11:58 - 2016-08-04 13:52 - 000000000 ____D C:\Users\Shane\AppData\Roaming\MassPlanner2
2018-07-30 11:16 - 2015-09-02 17:17 - 000000000 ____D C:\ProgramData\WinZip
2018-07-30 10:55 - 2017-12-08 12:05 - 000000000 ____D C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
2018-07-30 10:41 - 2017-05-19 01:10 - 005947600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 002612264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 001767632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000634352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000450768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000124216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-07-30 10:41 - 2017-05-19 01:10 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-07-30 10:40 - 2018-05-27 02:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-30 07:42 - 2018-06-03 18:53 - 000000000 ____D C:\Users\Public\Documents\Avid Video Engine
2018-07-30 07:42 - 2018-06-03 18:46 - 000000000 ____D C:\Program Files\Avid
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-07-30 01:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-07-30 01:08 - 2016-06-09 23:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-30 01:00 - 2017-12-11 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2018-07-29 19:44 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-29 18:48 - 2015-03-06 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2018-07-29 18:43 - 2015-03-06 11:11 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2018-07-29 08:00 - 2016-10-29 14:11 - 000000000 ____D C:\Program Files (x86)\TradeSkillMaster Application
2018-07-28 21:36 - 2015-03-15 11:18 - 000000000 ____D C:\Users\Shane\Documents\Outlook Files
2018-07-28 02:13 - 2016-06-23 23:04 - 000000000 ____D C:\Users\Shane\AppData\Local\ElevatedDiagnostics
2018-07-25 16:35 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-07-24 02:03 - 2017-05-19 01:10 - 008253772 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-07-23 21:15 - 2018-07-07 14:02 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-23 21:15 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-23 21:15 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-23 19:46 - 2017-05-02 15:50 - 000000000 ____D C:\Users\Shane\AppData\Local\Package Cache
2018-07-22 23:09 - 2015-09-16 19:47 - 000000000 ____D C:\Users\Shane\VirtualBox VMs
2018-07-22 12:58 - 2016-09-24 14:36 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2018-07-20 10:33 - 2016-10-29 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application
2018-07-20 06:05 - 2018-06-02 13:54 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-19 12:23 - 2016-12-03 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-07-19 12:23 - 2013-09-30 12:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-18 19:16 - 2016-04-15 13:43 - 000000000 ____D C:\Users\Shane\Documents\Sound recordings
2018-07-17 20:53 - 2015-01-24 17:44 - 000000000 ____D C:\Program Files (x86)\World of Warcraft Public Test
 
==================== Files in the root of some directories =======
 
2015-09-09 17:52 - 2015-09-09 17:54 - 000163219 _____ () C:\Users\Shane\maxout_10028.dat
2015-09-24 13:49 - 2015-09-24 13:51 - 000013121 _____ () C:\Users\Shane\maxout_13044.dat
2015-08-25 15:27 - 2015-08-25 15:29 - 000004907 _____ () C:\Users\Shane\maxout_13796.dat
2015-11-13 21:35 - 2015-11-13 21:36 - 000014342 _____ () C:\Users\Shane\maxout_15904.dat
2015-11-13 21:21 - 2015-11-13 21:24 - 000014342 _____ () C:\Users\Shane\maxout_19172.dat
2015-08-25 15:38 - 2015-08-25 15:45 - 000004907 _____ () C:\Users\Shane\maxout_7140.dat
2018-06-12 00:09 - 2018-06-24 23:15 - 000000033 _____ () C:\Users\Shane\AppData\Roaming\AdobeWLCMCache.dat
2015-08-13 11:45 - 2015-08-13 11:45 - 000000112 _____ () C:\Users\Shane\AppData\Roaming\JP2K CS6 Prefs
2018-06-24 23:22 - 2018-06-24 23:22 - 000000028 _____ () C:\Users\Shane\AppData\Roaming\kulerdata.json
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-18 13:33
 

 

==================== End of FRST.txt ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Shane (16-08-2018 17:18:19)
Running from C:\Users\Shane\Desktop\Security  Tools
Windows 10 Home Version 1803 17134.228 (X64) (2018-05-18 21:38:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2243521789-936282867-848371492-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2243521789-936282867-848371492-503 - Limited - Disabled)
Guest (S-1-5-21-2243521789-936282867-848371492-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2243521789-936282867-848371492-1005 - Limited - Enabled)
Shane (S-1-5-21-2243521789-936282867-848371492-1001 - Administrator - Enabled) => C:\Users\Shane
WDAGUtilityAccount (S-1-5-21-2243521789-936282867-848371492-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.08 beta (x64) (HKLM\...\7-Zip) (Version: 15.08 - Igor Pavlov)
7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_2_1) (Version: 14.2.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_6) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.6 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2018 (HKLM-x32\...\DRWV_18_1) (Version: 18.1 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_1) (Version: 22.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_1_0) (Version: 12.1.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_1_2) (Version: 11.1.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_3) (Version: 19.1.3 - Adobe Systems Incorporated)
AmericasCardroom (HKLM-x32\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.6 - IGSoft)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apache Tomcat 8.0.27 (HKLM\...\nbi-tomcat-8.0.27.0.0) (Version:  - )
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{9F429DF7-F8DD-4980-9673-E6DACA012F6C}) (Version: 3.3 - Microsoft Corporation) Hidden
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AVG PC TuneUp 2015 (en-US) (HKLM-x32\...\{4AC74ED1-719B-46DA-8B8A-340FBF892291}) (Version: 15.0.1001.604 - AVG Technologies)
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 11.3.0 - Avid Technology, Inc.)
AVSDK5 (HKLM\...\{D5A6E342-907C-4CEF-96CC-FC2F4990DC9C}) (Version: 5.4.30 - CYREN Inc.) Hidden
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.2.1195 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{E719AF7A-FBD9-45F8-AD4F-EBD1EFD985BB}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
BetOnline Client (remove only) (HKLM-x32\...\BetOnLine Client) (Version: 1.0 - BetOnlineDevelopment)
BetOnline Poker 8.2 (HKLM-x32\...\BetOnline Poker 8.2) (Version: 8.2.12.201411270900 - Hero Poker Network)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.7 - Kakao Games Europe B.V.)
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (HKLM-x32\...\{403759F5-1D77-49F4-812D-AF43196E8C74}) (Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\{87E4F4E2-99A4-44C6-9175-9FF2773E46CF}) (Version: 2.76.0 - Blender Foundation)
Brackets (HKLM-x32\...\{73C9B88C-61DF-4DC1-9F38-8FBB2AF45816}) (Version: 1.12.1 - brackets.io)
Build Tools - amd64 (HKLM\...\{4926C378-8A39-4273-AF6F-726F899F9F74}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{BB543516-F37F-46A4-BED1-C5146A6D9892}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{5DF74EA2-A660-446F-93B3-B19823435C30}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{FCB384E7-0E3F-431E-A510-2458E1FF21ED}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
CarbonPoker (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\CarbonPoker) (Version: 6.0 - )
Chrome Remote Desktop Host (HKLM-x32\...\{67971EAD-F5D1-45A6-B281-A09D3193DB3F}) (Version: 69.0.3497.7 - Google Inc.)
Complemento do Microsoft Report Viewer para Visual Studio 2013 (HKLM-x32\...\{1B5ABBBD-3808-403D-A224-F1ACB0A00EB1}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Complemento Microsoft Report Viewer para Visual Studio 2013 (HKLM-x32\...\{56A47015-095E-48CA-819F-15D0B52C274B}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (HKLM-x32\...\{44AEF1F7-C770-471C-AA62-4145A4F2C517}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
CrypTool 1.4.41 (HKLM-x32\...\CrypTool) (Version: 1.4.41 - CrypTool Team)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.82 - NVIDIA Corporation) Hidden
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition 5.18.1 (HKLM-x32\...\{9890DF1A-10E9-4236-94B1-1EFAA4099F13}) (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Easy Photo Scan (HKLM-x32\...\{93AEF2AF-86FB-42AD-8392-5DAEC0638B1A}) (Version: 1.00.0012 - Seiko Epson Corporation)
Entity Framework 6.1.0 Tools  for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson Printer Connection Checker (HKLM-x32\...\{9A09FA7F-C756-4B47-98D0-6C8482980A46}) (Version: 2.1.0.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EPSON XP-430 Series Printer Uninstall (HKLM\...\EPSON XP-430 Series) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Git version 2.16.2 (HKLM\...\Git_is1) (Version: 2.16.2 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\GitHubDesktop) (Version: 1.2.2 - GitHub, Inc.)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.8 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
gpg4o - GPG for Outlook 5.3.201.9100 (MSI) (HKLM-x32\...\{BC7DF0B9-330B-4B59-8455-700000009100}) (Version: 5.3.201 - Giegerich und Partner GmbH) Hidden
gpg4o - GPG for Outlook v5.3.201.9100 (HKLM-x32\...\{545f18f7-e593-4e38-b994-5d0aedfd3dce}) (Version: 5.3.201.9100 - Giegerich und Partner GmbH)
Gpg4win (3.1.2) (HKLM-x32\...\Gpg4win) (Version: 3.1.2 - The Gpg4win Project)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Haskell Platform 8.0.2 (HKLM\...\HaskellPlatform-8.0.2) (Version:  - Haskell.org)
Haskell Stack (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\Haskell Stack) (Version:  - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}) (Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
IntelliJ IDEA 2018.1.3 (HKLM-x32\...\IntelliJ IDEA 2018.1.3) (Version: 181.4892.42 - JetBrains s.r.o.)
Java 10.0.2 (64-bit) (HKLM\...\{EECB2736-D013-5AC5-9917-7656712F6931}) (Version: 10.0.2.0 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java SE Development Kit 8 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.26 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
Java™ SE Development Kit 10.0.1 (64-bit) (HKLM\...\{398EFBE6-18DB-5E47-8E12-481F95602239}) (Version: 10.0.1.0 - Oracle Corporation)
Java™ SE Development Kit 9.0.1 (64-bit) (HKLM\...\{4AC8DBB2-1AE5-5156-83F9-D4E2E6DD564B}) (Version: 9.0.1.0 - Oracle Corporation)
Kanto Player version 10.0.0.0 (HKLM-x32\...\{39E3D7C6-0677-49C8-905B-4D1874A17DE1}_is1) (Version: 10.0.0.0 - Globosoft S.R.L.)
Kits Configuration Installer (HKLM-x32\...\{6F502640-B753-C101-FFA5-B38C3FA5B29A}) (Version: 10.1.17134.12 - Microsoft) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
LocalESPC (HKLM-x32\...\{62910715-63E3-0AB0-0B29-99140DE1C15E}) (Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us (HKLM-x32\...\{326A5052-061C-F656-31E3-3B73842ABD46}) (Version: 8.59.29989 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH) Hidden
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\MX.{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (HKLM\...\{EFF38464-ED43-451C-9117-F910728B3FF8}) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{EFF38464-ED43-451C-9117-F910728B3FF8}) (Version: 7.0.1.27 - MAGIX Software GmbH)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Memory Profiler (HKLM-x32\...\{4A037836-B224-4890-9631-341F759AD703}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{68DA3B27-2C18-4366-93B0-6B97F5E9B309}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{229FC339-A2DE-46C7-8AB7-E64BD2FD9592}) (Version: 4.7.03056 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{90FBABBB-0CFC-469F-971F-0A1F11F5AF2E}) (Version: 4.7.03056 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9126.2259 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9126.2259 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{4B2B6F4B-9B09-46ED-935E-A84A669D2DC9}) (Version: 2.8.2.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{84e72603-1a6a-4c51-81b3-de36aabcc4f8}) (Version: 12.0.30501 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Module Microsoft Report Viewer pour Visual Studio 2013 (HKLM-x32\...\{607562A3-7BD3-4EDE-BDEA-4F1A8D7E84AA}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.9.1 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
MySQL Installer - Community (HKLM-x32\...\{E893209B-DB26-475E-ABE3-900812CBDF9A}) (Version: 1.4.25.0 - Oracle Corporation)
MySQL Server 8.0 (HKLM\...\{11CF35A6-DF56-426A-8FEF-BAA039D8FF31}) (Version: 8.0.11 - Oracle Corporation)
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Node.js (HKLM\...\{F69C1A4C-0402-462C-B95D-6BEAED881FA1}) (Version: 8.11.1 - Node.js Foundation)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.82 - NVIDIA Corporation)
NVIDIA Graphics Driver 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Oculus Rift Sensor Driver (HKLM\...\{4FC053C6-9DF5-45EC-B478-979398DA5E3F}) (Version: 1.0.14.0 - Oculus VR, LLC)
Oculus Runtime (HKLM-x32\...\Oculus Runtime 0.8.0.0-public-release-117061) (Version: 0.8.0.0-public-release-117061 - Oculus VR, LLC)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2259 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Opera Stable 54.0.2952.71 (HKLM-x32\...\Opera 54.0.2952.71) (Version: 54.0.2952.71 - Opera Software)
Oracle VM VirtualBox 5.2.16 (HKLM\...\{9BDE6621-5201-47E9-8394-FF44CBD66A1E}) (Version: 5.2.16 - Oracle Corporation)
Outlook Privacy Plugin (HKLM-x32\...\{68E34B9C-F9B5-4346-B394-F22B2A726306}) (Version: 2.0.5627.23349 - Deja vu Security)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.3.0756 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.3.0756 - PACE Anti-Piracy, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 2.5.1.4585 - Grinding Gear Games) Hidden
Path of Exile (HKLM-x32\...\{e4bece34-29a4-49b4-9517-941948cdb429}) (Version: 2.5.1.4585 - Grinding Gear Games)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
Postman-win64-6.1.2 (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\Postman) (Version: 6.1.2 - Postman)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python 3.6.0 (32-bit) (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{e11344b8-2f53-4139-aacd-cb4176efbc4c}) (Version: 3.6.150.0 - Python Software Foundation)
Python 3.6.0 Core Interpreter (32-bit) (HKLM-x32\...\{FC638B75-E969-4496-A546-9D78EA7D8F35}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Development Libraries (32-bit) (HKLM-x32\...\{F2A430F2-A7AC-4B46-808A-FC6E8419ABDE}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Documentation (32-bit) (HKLM-x32\...\{A66771E3-430A-40A7-B00C-94A239396BEE}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (32-bit) (HKLM-x32\...\{3C182441-3C75-4113-A28D-D3AEAD85B320}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 pip Bootstrap (32-bit) (HKLM-x32\...\{1D427483-31FE-4ED4-AD39-AB78BBF7D22D}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (32-bit) (HKLM-x32\...\{4CB36E4F-EC00-479B-AA25-0B9EC5385B0C}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C7D63030-7738-499A-A0D2-8549174D2B70}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (32-bit) (HKLM-x32\...\{6EAD5F85-97EC-4AFB-84D2-D52AC41D3C66}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Utility Scripts (32-bit) (HKLM-x32\...\{7C3DAC9E-E229-415C-A600-5974B5D9DE7F}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.1 (64-bit) (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{5984d629-979e-4439-b893-accde1a00a68}) (Version: 3.6.1150.0 - Python Software Foundation)
Python 3.6.1 Add to Path (64-bit) (HKLM\...\{079FEF6F-9E83-4694-897D-69C30389B772}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Core Interpreter (64-bit) (HKLM\...\{27133190-078A-4A46-81B0-FF476EAEBF2A}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Development Libraries (64-bit) (HKLM\...\{953B4007-8312-48CA-817E-29B43988EB35}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Documentation (64-bit) (HKLM\...\{41626EAD-257F-401F-8531-51C5A7D4CA6C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (64-bit) (HKLM\...\{9139037B-B991-4022-946F-DAA9A9FDC7EE}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 pip Bootstrap (64-bit) (HKLM\...\{5F9A36CA-767E-4922-84AB-73E61264FE5C}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (64-bit) (HKLM\...\{B7A716F0-78C1-4CB9-8756-0E51C5DD7622}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (64-bit) (HKLM\...\{AC60D963-1CE4-429B-AB29-F973DC55A918}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (64-bit) (HKLM\...\{A298B2DB-1F21-476D-9BD7-4ECC23101C90}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Utility Scripts (64-bit) (HKLM\...\{7CB8460F-55AD-4C70-8D04-72947C46C85E}) (Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.7 volatility-2.3.1 (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\volatility-py3.7) (Version:  - )
Python 3.7.0 (32-bit) (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{ece37911-ffeb-4f29-95d6-abcf555d7364}) (Version: 3.7.150.0 - Python Software Foundation)
Python 3.7.0 Core Interpreter (32-bit) (HKLM-x32\...\{13BB06D9-FD38-47E5-946E-C2606C554030}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Development Libraries (32-bit) (HKLM-x32\...\{B424BE74-3C96-4974-8754-9D6442286112}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Documentation (32-bit) (HKLM-x32\...\{ABEE159E-FE5B-4E58-BDD7-1DED2F10AAEB}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Executables (32-bit) (HKLM-x32\...\{4642A126-F999-4407-801B-C1C89BDA58C5}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 pip Bootstrap (32-bit) (HKLM-x32\...\{69CFC76B-3434-4919-8885-BA7960725137}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Standard Library (32-bit) (HKLM-x32\...\{09160A5D-8B99-4A89-9E9D-8A6D8E9C7EC1}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Tcl/Tk Support (32-bit) (HKLM-x32\...\{8A09EA6B-C86C-4ECA-8742-C4C1BCA96845}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Test Suite (32-bit) (HKLM-x32\...\{717DB3B4-C457-447B-A8A6-6921A4D917EF}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python 3.7.0 Utility Scripts (32-bit) (HKLM-x32\...\{FC756D1E-1252-406E-8414-E11FAF97F3C7}) (Version: 3.7.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{D6BDDB48-938A-4384-A7BE-2B4E4931B111}) (Version: 3.7.6386.0 - Python Software Foundation)
Python Tools 2.2 for Visual Studio 2013 (HKLM-x32\...\{6D689B7E-ADDB-48F4-90C4-0B9888375688}) (Version: 2.2.30718.00 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.27.511.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0218.1 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Riftcat (HKLM-x32\...\{482d58be-fe71-4dae-835c-0950729ac3de}) (Version: 1.0.0 - Riftcat)
Riftcat Client (HKLM-x32\...\{B2C26ED3-33A6-4A0E-98EE-6ACEC22C5793}) (Version: 1.0.0.3 - Riftcat) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
SDK Debuggers (HKLM-x32\...\{8238CD59-617A-FE41-8AB4-A88AF3160849}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95150002-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text Build 3170 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
System Mechanic Pro (HKLM\...\{1E5E7177-5156-4541-B8D5-B0C7E9064329}) (Version:  - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{791295AE-3B0A-3222-9E69-26C8C106E8D1}) (Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TI-Nspire™ Computer Link (HKLM-x32\...\{6C5AC088-3136-4043-8985-8B0772A9580E}) (Version: 3.9.0.455 - Texas Instruments Inc.)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Twitch (HKU\S-1-5-21-2243521789-936282867-848371492-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
TypeScript Power Tool (HKLM-x32\...\{8A8A0C13-A9B3-45AF-9A4C-4D351E0DFC8A}) (Version: 1.0.1.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{83499F62-B5EC-4F40-A28C-1297241E4D1D}) (Version: 1.0.1.0 - Microsoft Corporation) Hidden
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Unity (HKLM-x32\...\Unity) (Version: 2017.3.0f3 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2013 Update 2 (KB2829760) (HKLM-x32\...\{3c348532-c3bd-4bae-a928-7b555f8c808f}) (Version: 12.0.30501 - Microsoft Corporation)
VS Update core components (HKLM-x32\...\{39D9555C-47A7-38F6-AEB9-9E7CAE1C6AF5}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Warcraft Logs Uploader (HKLM-x32\...\{F1010B8C-12DA-C61A-7C32-3AC420F37756}) (Version: 4.15 - UNKNOWN) Hidden
Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 4.15 - UNKNOWN)
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation)
Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
WPT Redistributables (HKLM-x32\...\{F28E1B8B-1F92-80AF-710B-3E0191A25917}) (Version: 10.1.17134.12 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{711802CA-302C-6805-6D1F-D5CEF535F15E}) (Version: 10.1.17134.12 - Microsoft) Hidden
XAMPP (HKLM-x32\...\xampp) (Version: 7.2.5-0 - Bitnami)
Надстройка Microsoft Report Viewer для Visual Studio 2013 (HKLM-x32\...\{30BCD3B4-F753-451F-B8F7-86E115A9AE72}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (HKLM-x32\...\{EA754818-DB87-42B6-9753-E668B9186434}) (Version: 11.1.3411.3 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{92776d32-cf7d-4db1-835e-621c281033ed}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2243521789-936282867-848371492-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ContextMenuHandlers1-x32: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-win32.dll -> No File
ContextMenuHandlers1-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1-x32: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-06-17] (g10 Code GmbH)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-06-17] (g10 Code GmbH)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-07-30] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {025E5424-1A2F-4F8E-BB74-E61A8D5A7785} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {05D1A8A2-5F83-48D8-A422-6B6E6F2ECDEE} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {0A298F3C-D339-4659-9408-67A7A893DB97} - System32\Tasks\Opera scheduled Autoupdate 1487318455 => C:\Program Files (x86)\Opera\launcher.exe [2018-08-06] (Opera Software)
Task: {0BE58DB4-DF01-4A4E-8F65-7A0F7FCA79CA} - System32\Tasks\S-1-5-21-2243521789-936282867-848371492-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {165C2229-E2D0-42F8-AB6A-D88972258BCB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-05-20] (NVIDIA Corporation)
Task: {224E7899-EB03-460F-91EC-69845FC2961B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {26BFE09B-2652-4099-8C5D-554F1CF03BC3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2AA8339D-DAC7-4B69-A3C0-C0B6EE3F2AEB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {31FCF4E6-A89F-4074-8D8F-29EA1E7BD9E7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3F29EAE7-DDFB-4F6D-B1A0-CBD24EDA65D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-19] (Microsoft Corporation)
Task: {412463C0-F98D-4EAC-9B64-3F143CB79676} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {47BA98D9-E95B-44DB-8EE8-A1D4C136BE4D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {47F42AE0-8169-4539-B3E6-502F5F9BE80C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {4A20DA43-B687-4206-8A29-11BBBD445795} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-15] (Microsoft Corporation)
Task: {5CAEA5DC-0D0C-490A-8B35-8D4B8DBF25DF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {5E81EC25-B9BD-44BE-A96A-46A9FA1A3C54} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-19] (Microsoft Corporation)
Task: {5F15224A-A3E8-4033-9CFC-90997330D8C7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-15] (Microsoft Corporation)
Task: {613474AB-E7BE-41BF-960F-6D8B1529A19F} - System32\Tasks\EPSON XP-430 Series Update {DB1B0FE6-AAE3-4FBA-A97A-0857C28977C5} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {62927EA4-D4AC-4D03-AA36-B321D260B727} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {658A70B7-0D89-40E1-A57B-FCCBC4A1A0FA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6A9B33B9-F556-4CE7-8553-6FD76CA0136C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7602F030-CF62-4737-A60A-34C5039531FD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7D8AED93-DB12-4EC5-BEC0-6DBDB01C4928} - System32\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {809E4633-6A4C-422E-BC1E-E0F4A1FEBB96} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {82C8AF72-2E5E-4A2D-92AC-F9A8B20741D5} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-06-27] (Oracle Corporation)
Task: {84349628-9B9C-4237-BD18-443A30BFE476} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {90249B6B-A88D-4EC9-A590-324DF0FDD2E2} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-06-27] (Oracle Corporation)
Task: {9565C9E8-F3FC-4288-BDBA-24BB75D5A0D3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-19] (Microsoft Corporation)
Task: {9624946F-8E36-470C-BABB-8613A61C2172} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {96FCD520-57EA-4EBB-9C4C-8F731EA3DEAB} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {9AD632C4-92D8-4BC3-902F-139F6E2DF5C6} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-scaler0222@gmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {9FCFBA36-98A3-4077-834B-84867796E881} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {A11D705C-B93D-4989-BBCB-E8D59A1C7604} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-19] (Microsoft Corporation)
Task: {A781CBBB-2B3D-4D0F-B12B-3E66BA26E8A4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {A7959D96-159B-4B9A-8731-E6E87357BB66} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-scaler0222@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {ACD0393C-DAB9-4F23-AEDE-0A4CDDC6D81C} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2018-03-17] (Oracle Corporation)
Task: {B19A2990-689D-4375-816A-F989BD808360} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-15] (Microsoft Corporation)
Task: {BA0BEBFF-A0C5-48C4-9B6C-817C070FA8CD} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {BA25FEB6-A769-4E46-ADFB-7BF60B8D5D4A} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {BF5F15C5-C45A-4405-A43C-3FB04F4D050B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-20] (NVIDIA Corporation)
Task: {C46ADB6E-007F-4643-BA82-4E26F10D9812} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CDB8AF6E-2F32-4C47-8927-38A1676F535E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {D1402DE7-8516-4341-B93C-31D9AA988E29} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-08-14] (Microsoft Corporation)
Task: {DAAA6167-B7FC-47E3-97D8-9CB0B73E72F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-19] (Microsoft Corporation)
Task: {EBE73E2E-F79F-486E-A98E-2F3451EF096D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EE829BF7-7ED7-4687-A389-3A8C42837B9D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {F22EB63A-6093-4518-A429-6F2A1D932962} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-15] (Microsoft Corporation)
Task: {F70AF660-CABA-4669-9EC2-44A2DE7F05E0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-23] (Adobe Systems Incorporated)
Task: {F76F20D9-4D68-4BE7-A8BF-EEF35C838E7F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\EPSON XP-430 Series Update {CDB9B9D7-847A-4014-88C7-DD2F2D5E4749}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE:/EXE:{CDB9B9D7-847A-4014-88C7-DD2F2D5E4749} /F:UpdateWORKGROUP\SHANES_PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-430 Series Update {DB1B0FE6-AAE3-4FBA-A97A-0857C28977C5}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE:/EXE:{DB1B0FE6-AAE3-4FBA-A97A-0857C28977C5} /F:UpdateWORKGROUP\SHANES_PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.1.5-p273\Interactive Ruby.lnk -> C:\Ruby21\bin\irb.bat ()
 
ShortcutWithArgument: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www.khanacademy.org\https_80\(6) Chemistry _ Khan Academy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.khanacademy.org/science/chemistry
ShortcutWithArgument: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.1.5-p273\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby21\bin\setrbvars.bat
ShortcutWithArgument: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-06-02 13:55 - 2018-07-20 06:05 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-27 20:08 - 2018-02-27 20:08 - 000614856 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2016-05-08 12:17 - 2018-07-19 12:19 - 008936112 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-08-14 20:03 - 2018-08-02 20:09 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 13:07 - 2018-07-17 13:07 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-17 13:07 - 2018-07-17 13:07 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-08-11 17:39 - 2018-08-11 17:39 - 035124224 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-08-11 17:39 - 2018-08-11 17:39 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-08-11 17:39 - 2018-08-11 17:39 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\