PDA

View Full Version : Web Browser Infected With Malware



Startropic1
2017-08-17, 18:40
I have Microsoft Edge, Google Chrome, and Firefox installed on my PC, though I mostly use Chrome & Edge. I'm running Windows 10 64-bit.
Whenever I do a search in google, I'm redirected to a yahoo search. clicking on a link opens the link in a new tab and redirects the original tab to some malware page sometimes causing popups as well. Sometimes when I open a new tab it redirects to something called safe-search.net or something.

FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-08-2017
Ran by Joshua (administrator) on NORTHORPHQGX (17-08-2017 10:15:59)
Running from C:\Stash2
Loaded Profiles: Joshua (Available Profiles: Joshua & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Rocket Division Software) C:\Program Files (x86)\Paragon Software\Net Burner\StarWindLite\StarWindServicelite.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Joshua\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(BitTorrent Inc.) C:\Users\Joshua\AppData\Roaming\uTorrent\uTorrent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Addins\AndroidBackupRestore\BackupRemind.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(ArcSoft Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(BitTorrent Inc.) C:\Users\Joshua\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(BitTorrent Inc.) C:\Users\Joshua\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(BitTorrent Inc.) C:\Users\Joshua\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
() C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2015-08-18] (Pixart Imaging Inc)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-26] (DivX, LLC)
HKLM-x32\...\Run: [Net Burner] => C:\Program Files (x86)\Paragon Software\Net Burner\NetBurner.exe [3454224 2009-01-28] (Paragon Software Group)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1910424 2017-06-06] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3048256 2017-07-26] (Electronic Arts)
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Run: [Steam] => C:\Games\Steam\steam.exe [3062560 2017-07-17] (Valve Corporation)
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Run: [Comrade.exe] => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe [36864 2007-06-29] (IGN Entertainment Inc.)
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Run: [Spotify Web Helper] => C:\Users\Joshua\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-02-24] (Spotify Ltd)
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Run: [Spotify] => C:\Users\Joshua\AppData\Roaming\Spotify\Spotify.exe [6743664 2016-02-24] (Spotify Ltd)
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Run: [uTorrent] => C:\Users\Joshua\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Policies\Explorer: [NoDrives] 33554432
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Policies\Explorer: [NoViewOnDrive] 33554432
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\MountPoints2: {166e68d8-400f-11e5-9bc2-806e6f6e6963} - "D:\SETUP.EXE"
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\MountPoints2: {373e4a36-3c4b-11e4-a0c1-74d435e6e6a2} - "L:\TLBootstrap_WPP.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\aa_patch.exe [2016-08-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk [2017-02-04]
ShortcutTarget: BackupRemind.lnk -> C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Addins\AndroidBackupRestore\BackupRemind.exe (Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk [2016-08-29]
ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-10-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk [2014-09-03]
ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
Startup: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2017-08-15]
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2577772942-3954309557-1672937280-1000] => hxxp://nonblock.net/wpad.dat?37380101bea19d8230b479e4b87d0fb015089779
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{23fab50d-039c-46a1-93b9-a284bb6728cf}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{60b3f712-cfe6-40d9-a760-5d7b32a07468}: [DhcpNameServer] 10.9.0.1
Tcpip\..\Interfaces\{6E0A8087-BA3E-4345-88FC-523629501356}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{ccbfda97-ef03-4206-9597-d8dfb3e20e26}: [DhcpNameServer] 10.17.0.1
ManualProxies: 0hxxp://nonblock.net/wpad.dat?37380101bea19d8230b479e4b87d0fb015089779

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> DefaultScope {3D56E5C3-5CD1-4AD8-BBFC-6756EA6DF66B} URL = hxxp://search.findwide.com/serp?guid={F4EDED45-D6CE-4600-AE16-1256AC3F410E}&k={searchTerms}
SearchScopes: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> {2D0B871E-3DF8-4973-A8D8-6AF39842A425} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11083
SearchScopes: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> {3D56E5C3-5CD1-4AD8-BBFC-6756EA6DF66B} URL = hxxp://search.findwide.com/serp?guid={F4EDED45-D6CE-4600-AE16-1256AC3F410E}&k={searchTerms}
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-16] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-16] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - FindWide Toolbar - {C3AC019C-D74E-40E1-A3D3-0BDDCF3519CA} - C:\Program Files (x86)\TNT2\2.0.0.1949\IEToolbar64.dll [2015-02-24] (Freshy.com)
Toolbar: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> FindWide Toolbar - {C3AC019C-D74E-40E1-A3D3-0BDDCF3519CA} - C:\Program Files (x86)\TNT2\2.0.0.1949\IEToolbar64.dll [2015-02-24] (Freshy.com)

FireFox:
========
FF DefaultProfile: 59uig06a.default
FF ProfilePath: C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\59uig06a.default [2017-07-27]
FF Extension: (ShopperPro) - C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\59uig06a.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2016-01-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-03-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-10-09] [not signed]
FF HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-06-29] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-16] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2577772942-3954309557-1672937280-1000: @tnt2npapi.com/Plugin -> C:\Users\Joshua\AppData\Local\TNT2\2.0.0.1949\npTNT2.dll [2015-02-24] (Freshy.com)
FF Plugin HKU\S-1-5-21-2577772942-3954309557-1672937280-1000: SkypePlugin -> C:\Users\Joshua\AppData\Local\SkypePlugin\7.7.0.219\npGatewayNpapi.dll [2015-09-23] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2577772942-3954309557-1672937280-1000: SkypePlugin64 -> C:\Users\Joshua\AppData\Local\SkypePlugin\7.7.0.219\npGatewayNpapi-x64.dll [2015-09-23] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2003-07-14] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-27] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default [2017-08-17]
CHR Extension: (Adblock Plus) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Dark Theme v3) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\djlgdeklopcjagknhlchbdjekgpgenad [2016-09-21]
CHR Extension: (ARC Welder) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2016-11-01]
CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2016-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Chrome Media Router) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-04]
CHR Extension: (CVS) - C:\Users\Joshua\Downloads\CVS pharmacy_v2.7.3_apkpure.com.apk_export_sPmlk [2016-06-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32384 2016-10-03] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2168672 2017-07-26] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3148128 2017-07-26] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.) [File not signed]
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889888 2017-08-01] (Microsoft Corporation)
R2 StarWindServiceLite; C:\Program Files (x86)\Paragon Software\Net Burner\StarWindLite\StarWindServiceLite.exe [321296 2009-01-28] (Rocket Division Software)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe [441344 2017-01-05] (Wondershare) [File not signed]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [124048 2017-01-05] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ArcSec; C:\WINDOWS\System32\drivers\ArcSec.sys [312184 2010-09-21] () [File not signed]
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2015-08-11] (Disc Soft Ltd)
R3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-12-10] (ELECOM)
R3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-12-10] (ELECOM)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 MpKslaf8f7303; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7883442C-4D91-4FCD-8AAC-2CD6A081A92B}\MpKslaf8f7303.sys [44928 2017-08-17] (Microsoft Corporation)
R1 MpKslb8478bb6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2FF0FB8D-0AAF-4E1C-B702-1805E906855D}\MpKslb8478bb6.sys [44928 2017-08-14] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-02] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-05-01] (NVIDIA Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 sscdserd; C:\WINDOWS\system32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R1 StarPortLite; C:\WINDOWS\System32\drivers\StarPortLite.sys [114960 2009-01-28] (Rocket Division Software)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2015-08-18] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\WINDOWS\system32\sdnclean64.exe"
2017-08-17 10:11 - 2017-08-17 10:15 - 000000000 ____D C:\FRST
2017-08-16 10:44 - 2017-08-16 11:21 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\Forge
2017-08-16 10:44 - 2017-08-16 10:44 - 000000000 ____D C:\Users\Joshua\AppData\Local\Forge
2017-08-15 01:16 - 2017-07-31 11:14 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-15 01:16 - 2017-07-31 11:14 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-09 02:28 - 2017-08-01 13:20 - 002264344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 02:28 - 2017-08-01 13:20 - 001431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-08-09 02:28 - 2017-08-01 13:20 - 000781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 02:28 - 2017-08-01 13:20 - 000116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-08-09 02:28 - 2017-08-01 13:19 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-08-09 02:28 - 2017-08-01 13:19 - 000577976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 02:28 - 2017-08-01 13:16 - 006665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 02:28 - 2017-08-01 13:16 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-08-09 02:28 - 2017-08-01 13:16 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 02:28 - 2017-08-01 13:15 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 02:28 - 2017-08-01 13:15 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-08-09 02:28 - 2017-08-01 13:15 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-08-09 02:28 - 2017-08-01 13:15 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-08-09 02:28 - 2017-08-01 13:10 - 000306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-08-09 02:28 - 2017-08-01 13:07 - 005686784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 02:28 - 2017-08-01 12:56 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-08-09 02:28 - 2017-08-01 12:56 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-08-09 02:28 - 2017-08-01 12:55 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-09 02:28 - 2017-08-01 12:54 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-08-09 02:28 - 2017-08-01 12:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-08-09 02:28 - 2017-08-01 12:54 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 02:28 - 2017-08-01 12:53 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-08-09 02:28 - 2017-08-01 12:52 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-08-09 02:28 - 2017-08-01 12:51 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-08-09 02:28 - 2017-08-01 12:51 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 02:28 - 2017-08-01 12:50 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-08-09 02:28 - 2017-08-01 12:50 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-08-09 02:28 - 2017-08-01 12:50 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-08-09 02:28 - 2017-08-01 12:49 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 02:28 - 2017-08-01 12:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-08-09 02:28 - 2017-08-01 12:47 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-08-09 02:28 - 2017-08-01 12:45 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-08-09 02:28 - 2017-08-01 12:41 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-08-09 02:28 - 2017-08-01 12:39 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 02:28 - 2017-08-01 12:39 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 02:28 - 2017-08-01 12:37 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 02:28 - 2017-08-01 12:37 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-08-09 02:28 - 2017-08-01 12:36 - 007468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-08-09 02:28 - 2017-08-01 12:35 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-08-09 02:28 - 2017-08-01 12:34 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-08-09 02:28 - 2017-08-01 12:34 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-08-09 02:28 - 2017-08-01 12:33 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-08-09 02:28 - 2017-08-01 12:32 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-08-09 02:28 - 2017-08-01 12:32 - 002648576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-08-09 02:28 - 2017-08-01 12:31 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-09 02:28 - 2017-08-01 12:31 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-08-09 02:28 - 2017-08-01 12:31 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 02:28 - 2017-08-01 12:31 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-08-09 02:28 - 2017-08-01 12:31 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-08-09 02:28 - 2017-08-01 12:31 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-08-09 02:28 - 2017-08-01 12:30 - 002997248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 02:28 - 2017-08-01 12:30 - 002482688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-09 02:28 - 2017-08-01 12:30 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-08-09 02:28 - 2017-08-01 12:30 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 02:28 - 2017-08-01 12:30 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-08-09 02:28 - 2017-08-01 12:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-08-09 02:28 - 2017-08-01 12:30 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-08-09 02:28 - 2017-08-01 12:29 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-08-09 02:28 - 2017-08-01 12:28 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-08-09 02:28 - 2017-08-01 10:15 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 02:28 - 2017-08-01 10:15 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 02:28 - 2017-08-01 10:15 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 02:28 - 2017-08-01 10:15 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 02:28 - 2017-08-01 10:15 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 02:28 - 2017-08-01 10:15 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 02:28 - 2017-08-01 10:15 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 02:28 - 2017-07-12 02:12 - 001573280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-08-09 02:28 - 2017-07-12 01:55 - 000607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-08-09 02:28 - 2017-07-12 01:55 - 000111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-08-09 02:28 - 2017-07-12 01:52 - 004312760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-08-09 02:28 - 2017-07-12 01:29 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-08-09 02:28 - 2017-07-12 01:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-08-09 02:28 - 2017-07-12 01:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-08-09 02:28 - 2017-07-12 01:21 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 02:28 - 2017-07-12 01:19 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-08-09 02:28 - 2017-07-12 01:18 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-08-09 02:28 - 2017-07-12 01:12 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-08-09 02:28 - 2017-07-12 01:11 - 002154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-08-09 02:28 - 2017-07-12 01:10 - 000546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-08-09 02:28 - 2017-07-12 01:09 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-08-09 02:28 - 2017-07-12 01:07 - 001572352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-08-09 02:28 - 2017-03-04 02:05 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-08-09 02:27 - 2017-08-01 15:32 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-08-09 02:27 - 2017-08-01 15:31 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 02:27 - 2017-08-01 15:29 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 02:27 - 2017-08-01 15:27 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 02:27 - 2017-08-01 15:22 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-08-09 02:27 - 2017-08-01 15:22 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-08-09 02:27 - 2017-08-01 15:21 - 002759712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 02:27 - 2017-08-01 15:21 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 02:27 - 2017-08-01 15:20 - 000557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-08-09 02:27 - 2017-08-01 15:18 - 008169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 02:27 - 2017-08-01 15:18 - 004260064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-08-09 02:27 - 2017-08-01 15:18 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 02:27 - 2017-08-01 15:18 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-08-09 02:27 - 2017-08-01 15:18 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-08-09 02:27 - 2017-08-01 15:17 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 02:27 - 2017-08-01 15:17 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-08-09 02:27 - 2017-08-01 15:17 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-08-09 02:27 - 2017-08-01 15:13 - 002532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 02:27 - 2017-08-01 15:13 - 001102176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-08-09 02:27 - 2017-08-01 15:13 - 000387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 02:27 - 2017-08-01 14:58 - 000299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2017-08-09 02:27 - 2017-08-01 14:57 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2017-08-09 02:27 - 2017-08-01 14:57 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-08-09 02:27 - 2017-08-01 14:53 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-08-09 02:27 - 2017-08-01 14:52 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-08-09 02:27 - 2017-08-01 14:51 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-09 02:27 - 2017-08-01 14:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 02:27 - 2017-08-01 14:48 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-08-09 02:27 - 2017-08-01 14:48 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 02:27 - 2017-08-01 14:47 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-08-09 02:27 - 2017-08-01 14:47 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 02:27 - 2017-08-01 14:46 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-08-09 02:27 - 2017-08-01 14:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-08-09 02:27 - 2017-08-01 14:46 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-08-09 02:27 - 2017-08-01 14:46 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 02:27 - 2017-08-01 14:45 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 02:27 - 2017-08-01 14:45 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-08-09 02:27 - 2017-08-01 14:45 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-08-09 02:27 - 2017-08-01 14:45 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 02:27 - 2017-08-01 14:44 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-08-09 02:27 - 2017-08-01 14:43 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-08-09 02:27 - 2017-08-01 14:42 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 02:27 - 2017-08-01 14:38 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-08-09 02:27 - 2017-08-01 14:37 - 013091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 02:27 - 2017-08-01 14:36 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 02:27 - 2017-08-01 14:35 - 001908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 02:27 - 2017-08-01 14:32 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 02:27 - 2017-08-01 14:32 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-08-09 02:27 - 2017-08-01 14:32 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 02:27 - 2017-08-01 14:30 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-08-09 02:27 - 2017-08-01 14:29 - 004743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 02:27 - 2017-08-01 14:29 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-08-09 02:27 - 2017-08-01 14:29 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 02:27 - 2017-08-01 14:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-09 02:27 - 2017-08-01 14:27 - 008076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-08-09 02:27 - 2017-08-01 14:27 - 004149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-08-09 02:27 - 2017-08-01 14:27 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-08-09 02:27 - 2017-08-01 14:27 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 02:27 - 2017-08-01 14:27 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-08-09 02:27 - 2017-08-01 14:27 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-08-09 02:27 - 2017-08-01 14:27 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-08-09 02:27 - 2017-08-01 14:26 - 001949696 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2017-08-09 02:27 - 2017-08-01 14:26 - 001513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 02:27 - 2017-08-01 14:26 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-08-09 02:27 - 2017-08-01 14:24 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-08-09 02:27 - 2017-08-01 14:24 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-08-09 02:27 - 2017-08-01 14:24 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-08-09 02:27 - 2017-08-01 13:19 - 000339896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 02:27 - 2017-08-01 13:19 - 000266080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 02:27 - 2017-08-01 13:19 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 02:27 - 2017-08-01 13:18 - 000139104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 02:27 - 2017-08-01 12:59 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 02:27 - 2017-08-01 12:58 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-08-09 02:27 - 2017-08-01 12:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2017-08-09 02:27 - 2017-08-01 12:51 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-08-09 02:27 - 2017-08-01 12:51 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-08-09 02:27 - 2017-08-01 12:51 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 02:27 - 2017-08-01 12:51 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 02:27 - 2017-08-01 12:50 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-08-09 02:27 - 2017-08-01 12:48 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 02:27 - 2017-08-01 12:47 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-08-09 02:27 - 2017-08-01 12:47 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-08-09 02:27 - 2017-08-01 12:47 - 000396288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 02:27 - 2017-08-01 12:47 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-08-09 02:27 - 2017-08-01 12:45 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll
2017-08-09 02:27 - 2017-08-01 12:42 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 02:27 - 2017-08-01 12:40 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 02:27 - 2017-08-01 12:40 - 012187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 02:27 - 2017-08-01 12:38 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-08-09 02:27 - 2017-08-01 12:37 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-08-09 02:27 - 2017-08-01 12:37 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-08-09 02:27 - 2017-08-01 12:37 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll
2017-08-09 02:27 - 2017-08-01 12:34 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 02:27 - 2017-08-01 12:33 - 006031872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 02:27 - 2017-08-01 12:31 - 003664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 02:27 - 2017-08-01 10:15 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 02:27 - 2017-08-01 10:15 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 02:27 - 2017-08-01 10:15 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 02:27 - 2017-08-01 10:15 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 02:27 - 2017-08-01 10:15 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 02:27 - 2017-08-01 10:15 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 02:27 - 2017-08-01 10:15 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 02:27 - 2017-08-01 10:15 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 02:27 - 2017-07-12 02:17 - 000081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-08-09 02:27 - 2017-07-12 02:15 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 02:27 - 2017-07-12 02:15 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-08-09 02:27 - 2017-07-12 02:12 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 02:27 - 2017-07-12 02:09 - 001181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-08-09 02:27 - 2017-07-12 02:02 - 002186592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 02:27 - 2017-07-12 02:02 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-08-09 02:27 - 2017-07-12 02:01 - 000715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-08-09 02:27 - 2017-07-12 02:01 - 000156000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2017-08-09 02:27 - 2017-07-12 02:00 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-08-09 02:27 - 2017-07-12 02:00 - 000160608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2017-08-09 02:27 - 2017-07-12 02:00 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2017-08-09 02:27 - 2017-07-12 01:59 - 000857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-08-09 02:27 - 2017-07-12 01:59 - 000148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-08-09 02:27 - 2017-07-12 01:56 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 02:27 - 2017-07-12 01:35 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll
2017-08-09 02:27 - 2017-07-12 01:32 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2017-08-09 02:27 - 2017-07-12 01:32 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll
2017-08-09 02:27 - 2017-07-12 01:31 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 02:27 - 2017-07-12 01:31 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2017-08-09 02:27 - 2017-07-12 01:30 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2017-08-09 02:27 - 2017-07-12 01:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll
2017-08-09 02:27 - 2017-07-12 01:24 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmdisk0101.sys
2017-08-09 02:27 - 2017-07-12 01:24 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2017-08-09 02:27 - 2017-07-12 01:23 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 02:27 - 2017-07-12 01:23 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-08-09 02:27 - 2017-07-12 01:23 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-08-09 02:27 - 2017-07-12 01:23 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-08-09 02:27 - 2017-07-12 01:21 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2017-08-09 02:27 - 2017-07-12 01:17 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-08-09 02:27 - 2017-07-12 01:16 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-08-09 02:27 - 2017-07-12 01:15 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 02:27 - 2017-07-12 01:15 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2017-08-09 02:27 - 2017-07-12 01:14 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 02:27 - 2017-07-12 01:13 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 02:27 - 2017-07-12 01:10 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 02:27 - 2017-07-12 01:06 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-08-09 02:27 - 2017-07-12 01:06 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-08-09 02:27 - 2017-07-12 01:05 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 02:27 - 2017-07-12 01:03 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-08-09 02:27 - 2017-07-12 01:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-08-09 02:27 - 2017-07-12 01:00 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-08-09 02:27 - 2017-07-12 00:58 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-08-09 02:27 - 2017-07-12 00:58 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 02:27 - 2017-07-12 00:57 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 02:27 - 2017-07-12 00:56 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-08-09 02:27 - 2017-07-11 22:49 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-08-09 02:27 - 2017-03-04 02:14 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2017-08-09 02:27 - 2017-03-04 02:05 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-08-09 02:27 - 2016-09-07 01:24 - 000057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-08-09 02:27 - 2016-08-02 04:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 02:26 - 2017-08-01 15:25 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-08-09 02:26 - 2017-08-01 15:21 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-08-09 02:26 - 2017-08-01 15:21 - 000295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 02:26 - 2017-08-01 15:21 - 000146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-08-09 02:26 - 2017-08-01 15:21 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 02:26 - 2017-08-01 15:21 - 000026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-08-09 02:26 - 2017-08-01 15:20 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-08-09 02:26 - 2017-08-01 15:20 - 000684344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 02:26 - 2017-08-01 15:20 - 000383776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 02:26 - 2017-08-01 15:20 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 02:26 - 2017-08-01 15:20 - 000079712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 02:26 - 2017-08-01 15:17 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-08-09 02:26 - 2017-08-01 15:17 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-08-09 02:26 - 2017-08-01 15:01 - 007218176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 02:26 - 2017-08-01 14:54 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 02:26 - 2017-08-01 14:52 - 022569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 02:26 - 2017-08-01 14:52 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 02:26 - 2017-08-01 14:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-08-09 02:26 - 2017-08-01 14:47 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-08-09 02:26 - 2017-08-01 14:47 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-08-09 02:26 - 2017-08-01 14:47 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-08-09 02:26 - 2017-08-01 14:47 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-08-09 02:26 - 2017-08-01 14:46 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-08-09 02:26 - 2017-08-01 14:46 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-08-09 02:26 - 2017-08-01 14:46 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 02:26 - 2017-08-01 14:46 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 02:26 - 2017-08-01 14:46 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 02:26 - 2017-08-01 14:45 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-08-09 02:26 - 2017-08-01 14:45 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 02:26 - 2017-08-01 14:45 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 02:26 - 2017-08-01 14:44 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 02:26 - 2017-08-01 14:43 - 000966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-08-09 02:26 - 2017-08-01 14:43 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-08-09 02:26 - 2017-08-01 14:43 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 02:26 - 2017-08-01 14:42 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 02:26 - 2017-08-01 14:41 - 002222080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll
2017-08-09 02:26 - 2017-08-01 14:40 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-08-09 02:26 - 2017-08-01 14:40 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 02:26 - 2017-08-01 14:40 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 02:26 - 2017-08-01 14:39 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 02:26 - 2017-08-01 14:39 - 001281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 02:26 - 2017-08-01 14:39 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-08-09 02:26 - 2017-08-01 14:39 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 02:26 - 2017-08-01 14:38 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-08-09 02:26 - 2017-08-01 14:36 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-08-09 02:26 - 2017-08-01 14:34 - 001837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 02:26 - 2017-08-01 14:33 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 02:26 - 2017-08-01 14:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2017-08-09 02:26 - 2017-08-01 14:33 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-08-09 02:26 - 2017-08-01 14:32 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-08-09 02:26 - 2017-08-01 14:30 - 002916864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-08-09 02:26 - 2017-08-01 14:30 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-08-09 02:26 - 2017-08-01 14:30 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 02:26 - 2017-08-01 14:28 - 001490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-08-09 02:26 - 2017-08-01 14:27 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-08-09 02:26 - 2017-08-01 14:27 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-08-09 02:26 - 2017-08-01 14:25 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 02:26 - 2017-08-01 14:24 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 02:26 - 2017-08-01 14:23 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 02:26 - 2017-08-01 14:23 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-08-09 02:26 - 2017-08-01 12:47 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 02:26 - 2017-07-12 02:16 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-08-09 02:26 - 2017-07-12 02:15 - 000101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2017-08-09 02:26 - 2017-07-12 02:14 - 001886896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-08-09 02:26 - 2017-07-12 02:13 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 02:26 - 2017-07-12 01:59 - 001100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-08-09 02:26 - 2017-07-12 01:59 - 000989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-08-09 02:26 - 2017-07-12 01:59 - 000947040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-08-09 02:26 - 2017-07-12 01:55 - 004674872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-08-09 02:26 - 2017-07-12 01:25 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2017-08-09 02:26 - 2017-07-12 01:24 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2017-08-09 02:26 - 2017-07-12 01:23 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2017-08-09 02:26 - 2017-07-12 01:23 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\frprov.dll
2017-08-09 02:26 - 2017-07-12 01:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2017-08-09 02:26 - 2017-07-12 01:21 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-08-09 02:26 - 2017-07-12 01:21 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-08-09 02:26 - 2017-07-12 01:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll
2017-08-09 02:26 - 2017-07-12 01:19 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-08-09 02:26 - 2017-07-12 01:19 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-08-09 02:26 - 2017-07-12 01:19 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 02:26 - 2017-07-12 01:17 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-08-09 02:26 - 2017-07-12 01:16 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 02:26 - 2017-07-12 01:15 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-08-09 02:26 - 2017-07-12 01:13 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 02:26 - 2017-07-12 01:12 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 02:26 - 2017-07-12 01:12 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-08-09 02:26 - 2017-07-12 01:12 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2017-08-09 02:26 - 2017-07-12 01:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 02:26 - 2017-07-12 01:10 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 02:26 - 2017-07-12 01:09 - 003291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-08-09 02:26 - 2017-07-12 01:08 - 002861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-08-09 02:26 - 2017-07-12 01:07 - 000954880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 02:26 - 2017-07-12 01:07 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-08-09 02:26 - 2017-07-12 01:06 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 02:26 - 2017-07-12 01:03 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 02:26 - 2017-07-12 01:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 02:26 - 2017-07-12 01:02 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 02:26 - 2017-07-12 01:01 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 02:26 - 2017-07-12 00:59 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-08-09 02:26 - 2017-07-12 00:59 - 002318336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 02:26 - 2017-07-12 00:59 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 02:26 - 2017-07-12 00:58 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 02:26 - 2017-03-04 02:57 - 000372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-08-09 02:26 - 2017-03-04 02:16 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-08-09 02:26 - 2017-03-04 02:07 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-08-01 17:30 - 2017-08-02 18:09 - 000000000 ____D C:\Users\Joshua\Documents\gerald
2017-07-26 17:45 - 2017-08-02 20:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-25 22:30 - 2017-08-15 01:20 - 000000000 ____D C:\Users\Joshua\AppData\LocalLow\uTorrent
2017-07-24 13:23 - 2017-07-24 15:03 - 000000000 ____D C:\Users\Joshua\Documents\Pokemon
2017-07-20 08:26 - 2017-07-20 08:26 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2577772942-3954309557-1672937280-1000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-17 10:18 - 2016-04-14 17:24 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-08-17 10:16 - 2014-08-25 18:06 - 000000000 ____D C:\Stash2
2017-08-17 10:15 - 2014-08-27 15:23 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\uTorrent
2017-08-17 10:08 - 2016-04-14 17:19 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-08-17 09:59 - 2016-09-28 15:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-17 09:37 - 2016-09-28 19:19 - 000000000 ___DC C:\WINDOWS\Panther
2017-08-17 09:32 - 2017-07-11 02:54 - 000000000 ___HD C:\$WINDOWS.~BT
2017-08-16 22:37 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-16 12:25 - 2016-09-28 15:25 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-16 11:20 - 2014-11-05 13:09 - 000000000 ____D C:\ProgramData\Oracle
2017-08-16 11:19 - 2016-01-28 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-08-16 11:19 - 2015-02-12 00:05 - 000000000 ____D C:\Program Files (x86)\Java
2017-08-16 11:19 - 2014-11-05 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-16 11:19 - 2014-11-05 13:09 - 000000000 ____D C:\Program Files\Java
2017-08-16 11:18 - 2015-02-12 00:05 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-08-16 03:03 - 2017-03-18 02:37 - 000003258 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJoshua
2017-08-16 03:03 - 2017-03-18 02:37 - 000000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJoshua.job
2017-08-15 16:26 - 2016-07-16 07:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-15 11:57 - 2014-08-27 10:19 - 000001631 _____ C:\Users\Public\Desktop\jetAudio.lnk
2017-08-15 11:57 - 2014-08-27 10:19 - 000000000 ____D C:\Program Files\JetAudio
2017-08-15 11:52 - 2014-08-26 23:35 - 000000000 ____D C:\ProgramData\Origin
2017-08-15 11:42 - 2014-08-27 11:06 - 000001226 _____ C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
2017-08-15 11:42 - 2014-08-27 11:06 - 000001196 _____ C:\Users\Joshua\Desktop\Trillian.lnk
2017-08-15 11:42 - 2014-08-27 11:06 - 000000000 ____D C:\Program Files (x86)\Trillian
2017-08-15 11:35 - 2016-09-28 16:09 - 000000000 ____D C:\Users\Joshua\AppData\Local\ApplicationHistory
2017-08-15 01:29 - 2016-07-16 07:45 - 000000000 ____D C:\WINDOWS\INF
2017-08-15 01:26 - 2016-02-24 15:12 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\Spotify
2017-08-15 01:21 - 2016-09-28 15:29 - 010141016 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-15 01:19 - 2016-09-28 15:30 - 000000000 ____D C:\Users\Joshua
2017-08-15 01:19 - 2016-02-24 15:15 - 000000000 ____D C:\Users\Joshua\AppData\Local\Spotify
2017-08-15 01:18 - 2016-09-28 15:24 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-08-15 01:18 - 2016-02-13 09:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-15 01:18 - 2014-08-26 22:15 - 000000000 __SHD C:\Users\Joshua\IntelGraphicsProfiles
2017-08-15 01:14 - 2016-09-28 15:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-15 01:14 - 2016-09-28 15:21 - 009511880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-15 01:14 - 2016-01-28 11:39 - 000000091 _____ C:\HaxLogs.txt
2017-08-15 01:12 - 2016-07-16 02:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-08-15 01:11 - 2016-07-16 10:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-08-15 01:11 - 2016-07-16 07:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-15 01:11 - 2016-07-16 07:47 - 000000000 ___RD C:\Program Files\Windows Defender
2017-08-15 01:11 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-08-15 01:11 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-15 01:11 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-08-15 01:11 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-15 01:11 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\Provisioning
2017-08-15 01:11 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-08-15 01:11 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-08-15 01:11 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-15 01:11 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-15 01:11 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-15 01:11 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-08-11 00:05 - 2014-08-26 23:38 - 000000000 ____D C:\Program Files (x86)\Origin
2017-08-09 02:37 - 2016-07-16 07:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 02:31 - 2014-12-14 14:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 02:29 - 2014-12-14 14:29 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 23:37 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-08 23:37 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-08 22:38 - 2014-08-29 21:59 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-08-06 05:57 - 2016-03-29 19:34 - 000000000 ____D C:\Users\Joshua\AppData\Local\CrashDumps
2017-08-05 16:22 - 2016-09-28 15:58 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-03 14:28 - 2016-08-25 13:04 - 000002316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-03 14:28 - 2016-08-25 13:04 - 000002304 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-02 21:38 - 2017-02-04 16:06 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\Syncios
2017-08-02 20:48 - 2015-06-19 09:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-01 10:58 - 2014-08-28 11:24 - 000000000 ____D C:\Users\Joshua\Documents\sugarray
2017-07-24 15:03 - 2015-02-04 13:25 - 000000132 _____ C:\Users\Joshua\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-07-20 08:26 - 2015-08-11 10:57 - 000002416 _____ C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-20 08:26 - 2015-08-11 10:57 - 000000000 ___RD C:\Users\Joshua\OneDrive
2017-07-18 13:58 - 2014-08-28 13:05 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\Audacity

==================== Files in the root of some directories =======

2015-06-10 14:18 - 2016-01-17 18:26 - 000000132 _____ () C:\Users\Joshua\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-06-07 20:59 - 2015-06-07 21:00 - 000000132 _____ () C:\Users\Joshua\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-06-01 14:29 - 2016-06-01 14:29 - 000000132 _____ () C:\Users\Joshua\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2015-02-04 13:25 - 2017-07-24 15:03 - 000000132 _____ () C:\Users\Joshua\AppData\Roaming\Adobe PNG Format CS6 Prefs
2012-05-03 07:12 - 2012-05-03 07:12 - 000000532 _____ () C:\Users\Joshua\AppData\Local\datos.txt
2016-01-06 17:54 - 2016-01-06 17:54 - 000000120 _____ () C:\Users\Joshua\AppData\Local\dottmpfile.txt
2014-12-09 10:36 - 2014-12-09 10:36 - 000000094 _____ () C:\Users\Joshua\AppData\Local\fusioncache.dat
2014-02-05 16:08 - 2014-02-05 16:08 - 000193744 _____ () C:\Users\Joshua\AppData\Local\lateral1.bmp
2010-11-12 05:10 - 2010-11-12 05:10 - 000193744 _____ () C:\Users\Joshua\AppData\Local\lateral2.bmp
2014-02-05 16:10 - 2014-02-05 16:10 - 000195108 _____ () C:\Users\Joshua\AppData\Local\lateral3.bmp
2014-02-05 17:50 - 2014-02-05 17:50 - 000043976 _____ () C:\Users\Joshua\AppData\Local\save_en.bmp
2014-02-05 17:49 - 2014-02-05 17:49 - 000043976 _____ () C:\Users\Joshua\AppData\Local\save_es.bmp
2016-09-28 15:25 - 2016-09-28 15:25 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-06 12:38 - 2017-03-13 12:00 - 000011540 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
2017-07-18 19:52 - 2017-07-18 19:52 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\-opx1gp9.dll
2016-10-22 11:42 - 2016-10-22 11:42 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\0oxheq82.dll
2016-11-13 12:36 - 2016-11-13 12:36 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\0rof7bix.dll
2017-07-05 21:07 - 2017-07-05 21:07 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\27ffivre.dll
2017-08-10 18:42 - 2017-08-10 18:42 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\3m437wk2.dll
2017-01-27 10:56 - 2017-01-27 10:56 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\3n2nrqua.dll
2017-07-25 22:30 - 2017-07-25 22:30 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\3nud9uux.dll
2017-05-22 18:30 - 2017-05-22 18:30 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\66k6sfej.dll
2017-07-18 20:05 - 2017-07-18 20:05 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\9xh8rygx.dll
2017-07-20 20:03 - 2017-07-20 20:03 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\aqf9saay.dll
2017-07-22 18:40 - 2017-07-22 18:40 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ca9tlkl4.dll
2017-07-25 18:07 - 2017-07-25 18:07 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\cb4zks17.dll
2017-04-04 09:42 - 2017-04-04 09:42 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ce16xwwc.dll
2014-01-08 05:18 - 2014-01-08 05:18 - 000057856 _____ () C:\Users\Joshua\AppData\Local\Temp\CPUID.dll
2017-07-10 19:06 - 2017-07-10 19:06 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\dbqmctj9.dll
2017-07-10 21:14 - 2017-07-10 21:14 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\dv_auycn.dll
2017-01-16 21:23 - 2017-01-16 21:23 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ejevcly3.dll
2017-08-05 16:12 - 2017-08-05 16:12 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\f3jiwg9w.dll
2017-07-04 18:39 - 2017-07-04 18:39 - 000006656 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\feiy46zy.dll
2017-04-04 18:19 - 2017-04-04 18:19 - 000024576 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\fhdl0vws.dll
2017-07-09 23:58 - 2017-07-09 23:58 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\g3jzqnkc.dll
2016-12-02 16:14 - 2016-12-02 16:14 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\hfdiozie.dll
2017-07-29 21:38 - 2017-07-29 21:38 - 000024576 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\hfuzw-qj.dll
2017-06-27 09:35 - 2017-06-27 09:35 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\hsl3w2xv.dll
2016-10-11 09:57 - 2016-10-11 09:57 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\is89rrb0.dll
2016-10-20 19:19 - 2016-10-20 19:19 - 000737856 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-19 20:19 - 2017-01-19 20:19 - 000739904 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-07-20 19:19 - 2017-07-20 19:19 - 000739904 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-08-16 10:50 - 2017-08-16 10:50 - 000740416 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-05-25 14:09 - 2017-05-25 14:09 - 000024576 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\j_dnziqy.dll
2017-07-09 16:39 - 2017-07-09 16:39 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\kiyyfsss.dll
2017-07-02 22:38 - 2017-07-02 22:38 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\lr7kjbea.dll
2017-07-01 00:23 - 2017-07-01 00:23 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\m-xbpcnz.dll
2017-04-18 23:18 - 2017-04-18 23:18 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\m8vposw3.dll
2017-07-15 16:35 - 2017-07-15 16:35 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\mdtx8pyg.dll
2017-07-25 19:11 - 2017-07-25 19:11 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ngtuif_p.dll
2017-02-15 14:39 - 2016-12-29 08:43 - 000860776 _____ (NVIDIA Corporation) C:\Users\Joshua\AppData\Local\Temp\nvSCPAPI64.dll
2017-05-12 18:51 - 2016-12-29 08:43 - 000351680 _____ (NVIDIA Corporation) C:\Users\Joshua\AppData\Local\Temp\nvStInst.exe
2016-11-10 10:56 - 2016-11-10 10:56 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\o_tqxl74.dll
2017-02-27 19:26 - 2017-02-27 19:26 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\p8bvd0gj.dll
2016-10-05 20:56 - 2016-10-05 20:56 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\qljo-g8i.dll
2017-07-13 19:39 - 2017-07-13 19:39 - 000015872 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\rsn4j7z1.dll
2017-03-13 18:17 - 2017-03-13 18:17 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\scgu4a-v.dll
2017-07-21 18:14 - 2017-07-21 18:14 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\uhk6bbk1.dll
2017-07-15 08:53 - 2017-07-15 08:53 - 000015872 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\vnx3x6nl.dll
2017-08-14 00:02 - 2017-08-14 00:02 - 000015872 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\w7auqfnt.dll
2017-07-14 00:01 - 2017-07-14 00:01 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\wwxori_3.dll
2016-11-11 00:59 - 2016-11-11 00:59 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\w_iw6blb.dll
2017-07-24 17:33 - 2017-07-24 17:33 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\xgd1vd1x.dll
2017-03-27 18:22 - 2017-03-27 18:22 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\xwhfiefk.dll
2017-05-24 09:54 - 2017-05-24 09:54 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\y62v3xu0.dll
2017-06-03 13:15 - 2017-06-03 13:15 - 000024576 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ynmp-wkb.dll
2017-08-10 18:59 - 2017-08-10 18:59 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\zcbwxz81.dll
2017-07-21 23:47 - 2017-07-21 23:47 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\_egmessz.dll
2017-01-27 17:36 - 2017-01-27 17:36 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\_hjqt8_n.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-16 16:23

==================== End of FRST.txt ============================

I'm going to include an aswMBR log, but please note that I could not say "yes" to the virtualization technology prompt. Any time I did, the PC crashed to a suspicious looking blue screen telling me my PC would reset. (Somehow I doubt a legitimate error screen would have a :( smiley on it. )

Actually I'm noticing that aswMBR may be too out of date for use on Windows 10. I'm seeing (c) 2014, (Windows 10 came out in 2015), and it's identifying the MBR as Windows 7. I downloaded the one in the "Before You POST" thread, (which is also woefully outdated referencing Spybot v1.6.2 when we're up to 2.6 currently), which is v1.0.1.2252 .

I'll let aswMBR complete the scan for the purposes of the log, but please let me know if aswMBR should really be used anymore.

Startropic1
2017-08-17, 19:46
aswMBR log:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-08-17 10:53:07
-----------------------------
10:53:07.729 OS Version: Windows x64 6.2.9200
10:53:07.729 Number of processors: 4 586 0x3C03
10:53:07.729 ComputerName: NORTHORPHQGX UserName: Joshua
10:53:18.857 Initialize success
10:53:19.873 VM: initialized successfully
10:53:19.873 VM: Intel CPU supported
10:53:22.623 VM: not used
11:06:45.403 AVAST engine defs: 17030301
11:09:36.236 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000034
11:09:36.237 Disk 0 Vendor: WDC_WD20EZRX-00D8PB0 80.00A80 Size: 1907729MB BusType: 11
11:09:36.314 Disk 0 MBR read successfully
11:09:36.314 Disk 0 MBR scan
11:09:36.368 Disk 0 Windows 7 default MBR code
11:09:36.368 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:09:36.383 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907177 MB offset 206848
11:09:36.414 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 450 MB offset 3906105344
11:09:36.467 Disk 0 scanning C:\WINDOWS\system32\drivers
11:09:53.480 Service scanning
11:10:16.574 Modules scanning
11:10:16.595 Disk 0 trace - called modules:
11:10:16.612 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys
11:10:16.628 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffbd096dac3060]
11:10:16.628 3 CLASSPNP.SYS[fffff80e567f5efb] -> nt!IofCallDriver -> [0xffffbd096cff5c40]
11:10:16.644 5 ACPI.sys[fffff80e55854571] -> nt!IofCallDriver -> [0xffffbd096cfead90]
11:10:16.659 7 ACPI.sys[fffff80e55854571] -> nt!IofCallDriver -> \Device\00000034[0xffffbd096cfee060]
11:10:18.345 AVAST engine scan C:\WINDOWS
11:10:22.502 AVAST engine scan C:\WINDOWS\system32
11:14:19.469 AVAST engine scan C:\WINDOWS\system32\drivers
11:14:39.243 AVAST engine scan C:\Users\Joshua
11:16:22.045 Disk 0 MBR has been saved successfully to "C:\Stash2\MBR.dat"
11:16:22.061 The log file has been saved successfully to "C:\Stash2\aswMBR.txt"


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-08-17 11:18:39
-----------------------------
11:18:39.273 OS Version: Windows x64 6.2.9200
11:18:39.273 Number of processors: 4 586 0x3C03
11:18:39.274 ComputerName: NORTHORPHQGX UserName: Joshua
11:18:41.294 Initialize success
11:18:41.310 VM: initialized successfully
11:18:41.326 VM: Intel CPU supported
11:18:43.232 VM: not used
11:19:16.683 AVAST engine defs: 17030301
11:19:18.022 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000034
11:19:18.022 Disk 0 Vendor: WDC_WD20EZRX-00D8PB0 80.00A80 Size: 1907729MB BusType: 11
11:19:18.207 Disk 0 MBR read successfully
11:19:18.207 Disk 0 MBR scan
11:19:18.207 Disk 0 Windows 7 default MBR code
11:19:18.223 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:19:18.223 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907177 MB offset 206848
11:19:18.254 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 450 MB offset 3906105344
11:19:18.338 Disk 0 scanning C:\WINDOWS\system32\drivers
11:19:34.547 Service scanning
11:19:55.831 Modules scanning
11:19:55.847 Disk 0 trace - called modules:
11:19:55.862 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys storahci.sys hal.dll
11:19:55.880 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffbd096dac3060]
11:19:55.885 3 CLASSPNP.SYS[fffff80e567f5efb] -> nt!IofCallDriver -> [0xffffbd096cff5c40]
11:19:55.885 5 ACPI.sys[fffff80e55854571] -> nt!IofCallDriver -> [0xffffbd096cfead90]
11:19:55.885 7 ACPI.sys[fffff80e55854571] -> nt!IofCallDriver -> \Device\00000034[0xffffbd096cfee060]
11:19:57.854 AVAST engine scan C:\WINDOWS
11:20:02.231 AVAST engine scan C:\WINDOWS\system32
11:22:49.385 AVAST engine scan C:\WINDOWS\system32\drivers
11:23:05.534 AVAST engine scan C:\Users\Joshua
12:35:40.331 AVAST engine scan C:\ProgramData
12:42:38.773 Disk 0 statistics 4663533/0/0 @ 0.69 MB/s
12:42:38.773 Scan finished successfully
12:45:01.438 Disk 0 MBR has been saved successfully to "C:\Stash2\MBR.dat"
12:45:01.492 The log file has been saved successfully to "C:\Stash2\aswMBR.txt"

Juliet
2017-08-18, 00:01
Hi and welcome

The Additions.txt isn't posted which is very needed but, I think, we have enough of the log to get started.

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - worms (http://en.wikipedia.org/wiki/Computer_worm), backdoor Trojans (http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99), IRCBots (http://en.wikipedia.org/wiki/IRC_bot), and rootkits (http://en.wikipedia.org/wiki/Rootkit) propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of infection is to avoid these types of web sites and P2P programmes. Please read the following articles for more information.

Risks of File-Sharing Technology (http://www.us-cert.gov/cas/tips/ST05-007.html)
P2P Software User Advisories (http://aresgalaxy.sourceforge.net/p2prisks.htm)
More malware is traveling on P2P networks these days (http://www.computerworld.com/s/article/9240067/More_malware_is_traveling_on_P2P_networks_these_days)

Your P2P software can be removed by following the instructions below.

Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the aforementioned programme(s), right-click and click Uninstall. Follow the prompts.

If you choose not to, please refrain from using the programme(s) during this process.

~~~~~~

Start Farbar Recovery Scan Tool (Please double-click on FRST/FRST64) with Administrator privileges

or Right click on the FRST icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time
or

Right click/highlight on the text below and select Copy.
Start:: and finishing with End::]


Start::
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction <==== ATTENTION
AutoConfigURL: [S-1-5-21-2577772942-3954309557-1672937280-1000] => hxxp://nonblock.net/wpad.dat?37380101bea19d8230b479e4b87d0fb015089779
ManualProxies: 0hxxp://nonblock.net/wpad.dat?37380101bea19d8230b479e4b87d0fb015089779
SearchScopes: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> DefaultScope {3D56E5C3-5CD1-4AD8-BBFC-6756EA6DF66B} URL = hxxp://search.findwide.com/serp?guid={F4EDED45-D6CE-4600-AE16-1256AC3F410E}&k={searchTerms}
SearchScopes: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> {2D0B871E-3DF8-4973-A8D8-6AF39842A425} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11083
SearchScopes: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> {3D56E5C3-5CD1-4AD8-BBFC-6756EA6DF66B} URL = hxxp://search.findwide.com/serp?guid={F4EDED45-D6CE-4600-AE16-1256AC3F410E}&k={searchTerms}
Toolbar: HKLM - FindWide Toolbar - {C3AC019C-D74E-40E1-A3D3-0BDDCF3519CA} - C:\Program Files (x86)\TNT2\2.0.0.1949\IEToolbar64.dll [2015-02-24] (Freshy.com)
Toolbar: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> FindWide Toolbar - {C3AC019C-D74E-40E1-A3D3-0BDDCF3519CA} - C:\Program Files (x86)\TNT2\2.0.0.1949\IEToolbar64.dll [2015-02-24] (Freshy.com)
FF Extension: (ShopperPro) - C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\59uig06a.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2016-01-07] [not signed]
FF Plugin HKU\S-1-5-21-2577772942-3954309557-1672937280-1000: @tnt2npapi.com/Plugin -> C:\Users\Joshua\AppData\Local\TNT2\2.0.0.1949\npTNT2.dll [2015-02-24] (Freshy.com)
2017-07-18 19:52 - 2017-07-18 19:52 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\-opx1gp9.dll
2016-10-22 11:42 - 2016-10-22 11:42 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\0oxheq82.dll
2016-11-13 12:36 - 2016-11-13 12:36 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\0rof7bix.dll
2017-07-05 21:07 - 2017-07-05 21:07 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\27ffivre.dll
2017-08-10 18:42 - 2017-08-10 18:42 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\3m437wk2.dll
2017-01-27 10:56 - 2017-01-27 10:56 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\3n2nrqua.dll
2017-07-25 22:30 - 2017-07-25 22:30 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\3nud9uux.dll
2017-05-22 18:30 - 2017-05-22 18:30 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\66k6sfej.dll
2017-07-18 20:05 - 2017-07-18 20:05 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\9xh8rygx.dll
2017-07-20 20:03 - 2017-07-20 20:03 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\aqf9saay.dll
2017-07-22 18:40 - 2017-07-22 18:40 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ca9tlkl4.dll
2017-07-25 18:07 - 2017-07-25 18:07 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\cb4zks17.dll
2017-04-04 09:42 - 2017-04-04 09:42 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ce16xwwc.dll
2014-01-08 05:18 - 2014-01-08 05:18 - 000057856 _____ () C:\Users\Joshua\AppData\Local\Temp\CPUID.dll
2017-07-10 19:06 - 2017-07-10 19:06 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\dbqmctj9.dll
2017-07-10 21:14 - 2017-07-10 21:14 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\dv_auycn.dll
2017-01-16 21:23 - 2017-01-16 21:23 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ejevcly3.dll
2017-08-05 16:12 - 2017-08-05 16:12 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\f3jiwg9w.dll
2017-07-04 18:39 - 2017-07-04 18:39 - 000006656 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\feiy46zy.dll
2017-04-04 18:19 - 2017-04-04 18:19 - 000024576 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\fhdl0vws.dll
2017-07-09 23:58 - 2017-07-09 23:58 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\g3jzqnkc.dll
2016-12-02 16:14 - 2016-12-02 16:14 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\hfdiozie.dll
2017-07-29 21:38 - 2017-07-29 21:38 - 000024576 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\hfuzw-qj.dll
2017-06-27 09:35 - 2017-06-27 09:35 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\hsl3w2xv.dll
2016-10-11 09:57 - 2016-10-11 09:57 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\is89rrb0.dll
2016-10-20 19:19 - 2016-10-20 19:19 - 000737856 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-19 20:19 - 2017-01-19 20:19 - 000739904 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-07-20 19:19 - 2017-07-20 19:19 - 000739904 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-08-16 10:50 - 2017-08-16 10:50 - 000740416 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-05-25 14:09 - 2017-05-25 14:09 - 000024576 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\j_dnziqy.dll
2017-07-09 16:39 - 2017-07-09 16:39 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\kiyyfsss.dll
2017-07-02 22:38 - 2017-07-02 22:38 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\lr7kjbea.dll
2017-07-01 00:23 - 2017-07-01 00:23 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\m-xbpcnz.dll
2017-04-18 23:18 - 2017-04-18 23:18 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\m8vposw3.dll
2017-07-15 16:35 - 2017-07-15 16:35 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\mdtx8pyg.dll
2017-07-25 19:11 - 2017-07-25 19:11 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ngtuif_p.dll
2017-02-15 14:39 - 2016-12-29 08:43 - 000860776 _____ (NVIDIA Corporation) C:\Users\Joshua\AppData\Local\Temp\nvSCPAPI64.dll
2017-05-12 18:51 - 2016-12-29 08:43 - 000351680 _____ (NVIDIA Corporation) C:\Users\Joshua\AppData\Local\Temp\nvStInst.exe
2016-11-10 10:56 - 2016-11-10 10:56 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\o_tqxl74.dll
2017-02-27 19:26 - 2017-02-27 19:26 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\p8bvd0gj.dll
2016-10-05 20:56 - 2016-10-05 20:56 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\qljo-g8i.dll
2017-07-13 19:39 - 2017-07-13 19:39 - 000015872 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\rsn4j7z1.dll
2017-03-13 18:17 - 2017-03-13 18:17 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\scgu4a-v.dll
2017-07-21 18:14 - 2017-07-21 18:14 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\uhk6bbk1.dll
2017-07-15 08:53 - 2017-07-15 08:53 - 000015872 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\vnx3x6nl.dll
2017-08-14 00:02 - 2017-08-14 00:02 - 000015872 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\w7auqfnt.dll
2017-07-14 00:01 - 2017-07-14 00:01 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\wwxori_3.dll
2016-11-11 00:59 - 2016-11-11 00:59 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\w_iw6blb.dll
2017-07-24 17:33 - 2017-07-24 17:33 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\xgd1vd1x.dll
2017-03-27 18:22 - 2017-03-27 18:22 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\xwhfiefk.dll
2017-05-24 09:54 - 2017-05-24 09:54 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\y62v3xu0.dll
2017-06-03 13:15 - 2017-06-03 13:15 - 000024576 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ynmp-wkb.dll
2017-08-10 18:59 - 2017-08-10 18:59 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\zcbwxz81.dll
2017-07-21 23:47 - 2017-07-21 23:47 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\_egmessz.dll
2017-01-27 17:36 - 2017-01-27 17:36 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\_hjqt8_n.dll
Emptytemp:
End::


Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~``

Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/)


After the installation IS complete let it update if it asks.
Under SETTINGS.....APPLICATIONS leave everything at default
Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
Then go to the Dashboard and click on SCAN NOW
When the scan is finished click on EXPORT SUMMARY......COPY TO CLIPBOARD
Then come back to this thread and and under REPLY TO THIS TOPIC, right click in the reply and select Paste
Then click on POST
Exit Malwarebytes


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/h3qKPnn.png Malwarebytes AdwCleaner

Please download Malwarebytes AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan. and wait until it ends.
NEXT**
Click on [Clean], read the informative message. If you have any questions about it, please ask.
All unrequired programs will be closed during the cleaning process, so be sure to save your work before.
When the clean is over, the computer may reboot and shows the logfile
Copy/Paste it in your answer.


Please post these 3 logs when finished.

Juliet
2017-08-21, 23:02
bump....

Startropic1
2017-08-22, 04:52
bump....

Appreciated ;p

Before I go through your instruction posted above, let me add the addition.txt you requested. I actually did create one with the initial logs, I just neglected to post it.


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017
Ran by Joshua (17-08-2017 10:19:21)
Running from C:\Stash2
Windows 10 Pro Version 1607 (X64) (2016-09-28 20:04:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2577772942-3954309557-1672937280-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2577772942-3954309557-1672937280-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-2577772942-3954309557-1672937280-503 - Limited - Disabled)
Guest (S-1-5-21-2577772942-3954309557-1672937280-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2577772942-3954309557-1672937280-1002 - Limited - Enabled)
Joshua (S-1-5-21-2577772942-3954309557-1672937280-1000 - Administrator - Enabled) => C:\Users\Joshua

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
5600 (HKLM-x32\...\{F2DC2589-C894-43DD-BA70-8FDCA7360584}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
5600_Help (HKLM-x32\...\{7DCBC3D8-8954-491D-A1B9-8C61C563B004}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (HKLM-x32\...\{2605461E-AB2E-49F5-8A16-64B7F3595030}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
AdAwareInstaller (HKLM\...\{17DB0909-D123-43E1-B5F2-CC356E08B4AA}) (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}) (Version: 11.5.202.7299 - Lavasoft) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.21) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.21 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Alchemilla v1.1 (HKLM-x32\...\{F48B561D-9D56-4C5E-8822-AB78042BA342}}_is1) (Version: - White Noise)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anna - Extended Edition (HKLM\...\Steam App 217690) (Version: - Dreampainters)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
AntimalwareEngine (HKLM\...\{CC347FC6-C8D7-493A-B70E-1D89E22691A7}) (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ArcSoft TotalMedia Theatre 5 (HKLM-x32\...\{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}) (Version: 5.0.1.80 - ArcSoft) Hidden
ArcSoft TotalMedia Theatre 5 (HKLM-x32\...\InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}) (Version: 5.0.1.113 - ArcSoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.49.52296 - Electronic Arts)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C703740}) (Version: 3.7.4.0 - Betternet Technologies Inc.)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Blurb Book Creator CS6 v2.7.0.20d16 (HKLM-x32\...\Blurb Template Creator CS6_is1) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Boot Animation Factory (HKLM-x32\...\{3EA00EEB-27DE-4507-AFF4-0C697A20C37B}) (Version: 1.4.1.0 - D01 MicroApps)
Borderlands 2 - Game Of The Year Edition (HKLM-x32\...\Borderlands 2 - Game Of The Year Edition_is1) (Version: Borderlands 2 - Game Of The Year Edition - )
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version: - 2K Australia)
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version: - )
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Bulletstorm (HKLM-x32\...\{45410935-3E72-472B-8C35-AB1000008200}) (Version: 1.0.0000.130 - EA) Hidden
Bulletstorm (HKLM-x32\...\GFWL_{45410935-3E72-472B-8C35-AB1000008200}) (Version: 1.0.0000.130 - EA)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.76.0.2015 - Georgy Berdyshev)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Content Manager Assistant for PlayStation(R) (HKLM-x32\...\{E5C1C342-5E78-4D91-85BE-40C716B09391}) (Version: 3.55.7671.0901 - Sony Computer Entertainment Inc.)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\CopyTrans Suite) (Version: 4.013 - WindSolutions)
Crusader No Remorse (HKLM-x32\...\{2AEA735F-B393-4D89-93EF-5849CB72B4A3}) (Version: 1.0.0.2 - Electronic Arts)
Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Data Lifeguard Diagnostic for Windows 1.29 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
DC++ 0.851 (HKLM-x32\...\DC++) (Version: 0.851 - Jacek Sieka)
DDS Viewer (HKLM-x32\...\{707333E0-C796-4E2D-B0DA-5A429706C361}_is1) (Version: - IdeaMK)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DOOM (HKLM\...\Steam App 379720) (Version: - id Software)
Doom 3 (HKLM-x32\...\{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision) Hidden
Doom 3 (HKLM-x32\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision)
DOOM Open Beta (HKLM\...\Steam App 350470) (Version: - id Software)
dr.fone toolkit for Android (Version 8.1.0) (HKLM-x32\...\{7B08A1E1-3644-4237-B39D-762B5F5564D0}_is1) (Version: 8.1.0.47 - Wondershare Software Co.,Ltd.)
Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.7.0 Beta - Alexandre Devilliers (aka Elbereth))
DS4Tool (HKLM-x32\...\{498F10CC-41BC-42EB-8D1C-FAFCCD7DAAE3}) (Version: 1.4.40 - DSDCS)
Evolve (HKLM-x32\...\Steam App 273350) (Version: - Turtle Rock Studios)
Exact Audio Copy 1.0beta6 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta6 - Andre Wiethoff)
Eye Candy 4000 Demo (HKLM-x32\...\Eye Candy 4000) (Version: - )
F.E.A.R. 2: Project Origin (HKLM-x32\...\Steam App 16450) (Version: - Monolith)
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
Findwide Toolbar (HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\{F4EDED45-D6CE-4600-AE16-1256AC3F410E}) (Version: - Freshy) <==== ATTENTION
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version: - Scott Cawthon)
Fritz 15 64-bit (HKLM\...\{E055F983-1A0C-4A1B-84BE-A0E5F03F279C}) (Version: 15.3.0.0 - ChessBase)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Gone Home (HKLM-x32\...\GoneHome) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Horizon (HKLM-x32\...\{6b384f34-10c8-4c10-ba08-345168bda7e8}) (Version: 2.9.0 - Daring Development Inc.)
Horizon (HKLM-x32\...\{6BCA2AC7-7BC2-4011-BE10-143BDFD43D6C}) (Version: 2.9.0 - Daring Development Inc.) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.7.27.15 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Infinity Wars - Animated Trading Card Game (HKLM-x32\...\Steam App 257730) (Version: - Lightmare Studios)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java SE Development Kit 8 Update 72 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180720}) (Version: 8.0.720.15 - Oracle Corporation)
jetAudio Basic (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
Killing Floor (HKLM\...\Steam App 1250) (Version: - Tripwire Interactive)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Layers of Fear (HKLM\...\Steam App 391720) (Version: - Bloober Team SA)
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Magic 2015 (HKLM-x32\...\Steam App 255420) (Version: - Stainless Games)
Magic The Gathering Online (HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\01641bea2c75c522) (Version: 3.4.95.1048 - Wizards of the Coast, LLC)
MakeitOne - MP3AlbumMaker (HKLM-x32\...\{DD6FA976-3F0A-4C6C-A30F-6E75DFC39DE9}) (Version: 1.0.0 - MakeitOne)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MegaDownloader 1.1 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.1 - Andres_age)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MKVCleaver x64 (HKLM\...\{1256E11A-B91F-4869-9DC3-EBCC7466314C}) (Version: 6.0.7 - Ilia Bakhmoutski)
MKVToolNix 7.9.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.9.0 - Moritz Bunkus)
Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version: - GameTuts)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
mp3Tag 5.9 (HKLM-x32\...\mp3Tag_is1) (Version: - ManiacTools.com)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My MP4Box GUI 0.6.0.6 (HKLM\...\{3FBE3061-F2BC-4D3A-B4A9-8FB15C503F87}_is1) (Version: 0.6.0.6 - Matt Bodin)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Open 3D Model Viewer (HKLM-x32\...\{EBDFEC36-5277-454F-875B-F0AA2CDC3C92}) (Version: 1.10.0000 - Alexander Gessler)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenVPN 2.3.12-I602 (HKLM-x32\...\OpenVPN) (Version: 2.3.12-I602 - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.17.36908 - Electronic Arts, Inc.)
Outlast (HKLM\...\Steam App 238320) (Version: - Red Barrels)
Outlast (HKLM-x32\...\GOGPACKOUTLAST_is1) (Version: 2.0.0.3 - GOG.com)
PAK Explorer (HKLM-x32\...\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}) (Version: 1.3.0.0 - The Battlezone 2 Community Project)
Paragon Net Burner (Build 2.0.0.1) (HKLM-x32\...\Paragon Net Burner_is1) (Version: - Paragon Software Group)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PeerGuardian 2.0 (HKLM\...\PeerGuardian_is1) (Version: 2.1.0.2 - Methlabs Productions)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
PlayChess (HKLM-x32\...\PlayChess) (Version: - ChessBase GmbH)
PodTrans 4.9.0 (HKLM-x32\...\{A5B89AC2-2FE2-4AFD-8CB4-2613E0BB85FF}}_is1) (Version: 4.9.0 - iMobie Inc.)
Pokémon Trading Card Game Online (HKLM-x32\...\{4564E5ED-FA24-4D00-9192-BB4E92F8F2F0}) (Version: 2.44.2 - The Pokémon Company International)
Prey (HKLM\...\Steam App 480490) (Version: - Arkane Studios)
Qcma (HKLM\...\Qcma) (Version: 0.3.12 - codestation)
Quake 4(TM) (HKLM-x32\...\{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}) (Version: 1.0 - Activision) Hidden
Quake 4(TM) (HKLM-x32\...\InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}) (Version: 1.0 - Activision)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - )
RAGE (HKLM-x32\...\Steam App 9200) (Version: - id Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Red Faction (HKLM-x32\...\Steam App 20530) (Version: - Volition, Inc.)
Red Faction II (HKLM-x32\...\Steam App 20550) (Version: - Volition, Inc.)
Red Faction: Armageddon (HKLM-x32\...\Steam App 55110) (Version: - Volition)
Red Faction: Guerrilla Steam Edition (HKLM-x32\...\Steam App 20500) (Version: - Volition)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version: - Flying Wild Hog)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Web Plugin (HKLM-x32\...\{0F7D4832-16AE-4857-A6FA-2B141D75A59B}) (Version: 7.7.0.219 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolForge (HKLM-x32\...\Steam App 232450) (Version: - Stone Blade Entertainment)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\Spotify) (Version: 1.0.23.90.g42187855 - Spotify AB)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steam Controller Database Client (HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\143ba96d0d39f1c2) (Version: 1.0.0.10 - Flaming Zonkey)
Steins;Gate version 1.0 (HKLM\...\{2A05A52B-BDD8-4FD5-A65A-687CB10D98DF}_is1) (Version: 1.0 - JAST USA)
Syncios 6.1.4 (HKLM-x32\...\Syncios) (Version: 6.1.4 - Anvsoft)
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
System Shock - Enhanced Edition (HKLM-x32\...\1439995156_is1) (Version: 2.1.0.4 - GOG.com)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
The Talos Principle (HKLM-x32\...\Steam App 257510) (Version: - Croteam)
The Witcher: Enhanced Edition (HKLM\...\Steam App 20900) (Version: - CD PROJEKT RED)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version: - Hi-Rez Studios)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
UHS Reader (Version 6.10) (HKLM-x32\...\UHS Reader (Version 6.10)) (Version: 6.10 - Universal Hint System)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.3.0.0 - Manuel Hoefs (Zottel))
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)
Viscera Cleanup Detail: Shadow Warrior (HKLM-x32\...\Steam App 255520) (Version: - RuneStorm)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Warframe (HKLM-x32\...\{B1B30BC2-0725-456D-9DBA-70374977AC91}) (Version: 1.0.0 - Digital Extremes)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - libusb-win32 PS Vita Type B (02/23/2013 1.2.6.0) (HKLM\...\E88FB411ED92EFDB9BF3A5F94548DA4956C0D97B) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wolfenstein (HKLM-x32\...\{F9B37992-968C-4264-8449-489032FC28DE}) (Version: 1.0 - Activision) Hidden
Wolfenstein (HKLM-x32\...\InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}) (Version: 1.2 - Activision)
Wolfenstein(TM) 1.2 Patch (HKLM-x32\...\{91C514E8-C92E-48E4-BDEE-DE3407837194}) (Version: 1.2 - Activision) Hidden
Wolfenstein(TM) 1.2 Patch (HKLM-x32\...\InstallShield_{91C514E8-C92E-48E4-BDEE-DE3407837194}) (Version: - ) Hidden
WWE 2K15 (HKLM-x32\...\Steam App 240460) (Version: - YUKE’S Co., Ltd.)
WWE 2K16 (HKLM\...\Steam App 385730) (Version: - Visual Concepts)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000_Classes\CLSID\{031d25bb-102f-47dc-8ec1-62fc4e909d99}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000_Classes\CLSID\{81CD4B70-A8AB-48FC-826C-8F76A1A06829}\InprocServer32 -> C:\Users\Joshua\AppData\Local\SkypePlugin\7.7.0.219\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000_Classes\CLSID\{C3AC019C-D74E-40E1-A3D3-0BDDCF3519CA}\InprocServer32 -> C:\Program Files (x86)\TNT2\2.0.0.1949\IEToolbar64.dll (Freshy.com)
CustomCLSID: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Joshua\AppData\Local\SkypePlugin\7.7.0.219\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000_Classes\CLSID\{D779CCB8-300C-4160-B101-D6A5FD73294E}\localserver32 -> C:\Users\Joshua\AppData\Local\SkypePlugin\7.7.0.219\GatewayVersion-x64.exe (Skype Technologies S.A.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2014-12-03] (Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareShellExtension.dll [2014-12-18] ()
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareShellExtension.dll [2014-12-18] ()
ContextMenuHandlers3: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => C:\Program Files\JetAudio\JetFlExt64.dll [2013-05-09] (JetAudio)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2014-12-03] (Adobe Systems Inc.)
ContextMenuHandlers6: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => C:\Program Files\JetAudio\JetFlExt64.dll [2013-05-09] (JetAudio)
ContextMenuHandlers6-x32: [SxContextMenump3Tag] -> {3B13F43E-2872-47AD-A427-880C29694E31} => C:\Program Files (x86)\mp3Tag 5\tag_menu.dll [2006-10-26] ()
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0811765A-5022-4505-AB9B-2F252A23C466} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {0995A23F-D1B2-47FC-AB15-344BA9CBF343} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-03] (HP Inc.)
Task: {0D360E8E-6046-45C5-8F47-9145F3C85E1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {17B173E6-676F-4EB1-B919-5648BC234E3C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1D7CBF22-526D-4109-9C56-3BB34CB6BCE6} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {264B1E25-E50F-4544-BC07-5C6E89E45E79} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {26FBBC35-5256-4B23-9CDA-90459325B269} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-25] (Google Inc.)
Task: {33D2ABED-1AA5-4BE6-8795-794661EA3FF3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {36BD7178-9994-4E5D-B371-E7E0057E2DCE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {45D7BB0C-A84A-482D-B34A-EDEAEDAABF6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {4A87F1A6-AE69-4970-8A2B-F0D7246FE1FD} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4ACC85B7-8C6A-428B-9C3E-C05081172ED9} - System32\Tasks\HPCeeScheduleForJoshua => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {4E8B0F13-0618-42A2-9AF6-1B848B85CFBE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5595B560-A176-49C9-BDF8-78691BB61730} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {56EF2B35-C125-4253-99BA-25101EB09F6C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {5959C4A6-9896-444C-BEB7-78A3E60A7581} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {59D806A3-507B-4DB3-A50D-E3E6140E544D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {5A8E121E-1847-43B3-97CA-B03A4CB8E55F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {62C8B779-6B73-4C3A-B7DA-F3B2E0346C5D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7017931C-85E3-40CE-AF64-B568FC895DE9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {70730959-EC0F-4ACC-BADC-B1043EE91352} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {7229D835-58AF-4E16-AEA7-A53EA83B69F8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7668DEFE-2398-4424-A1A3-92440F57B5E4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7862FE7C-F295-452C-916F-08BEE1B09891} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {79E71FB0-AAD3-492B-8363-05A2863B313F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7CFC2E8C-1FEA-4BCD-B909-F31B112B5F03} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7F289240-089D-4386-A0B9-41939CB70AEC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {8756F5CE-3706-4DE2-A52D-E98626FCAAEB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8D7176A7-F17E-476F-82B3-A633C64E263D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {8E2FBA80-51BF-45D4-BA19-BFB0F8C997C0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9863C25C-A9C5-4074-BABA-1435CB40951A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9FA4A95B-3887-477A-84B2-8AC2BC007B02} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A074D99D-C9EA-43E5-BC2A-C93B90577B60} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A7D940C8-B79B-4B89-ABEA-0863945B69F7} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AE77AB85-BBF2-4A54-84C0-F87C1FBF9C98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-25] (Google Inc.)
Task: {B1181095-66B1-45F8-9D78-1A11BBB515D1} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B4B5AF1F-F41A-43FE-A3F2-D08906B3725D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {B8C1BC5F-512A-447F-8BB1-740322B92EAC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BDBF02AF-A6FF-4741-94EB-FA7C487191AD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-08-09] (Microsoft Corporation)
Task: {BEEE4AA2-D939-4F85-B529-11268A2FBB70} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C0F5204F-751D-4243-AEDB-CAF88EFFB82E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {C21D8D22-A645-4037-855A-91D01CAFBB02} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Joshua\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {C237F615-88E5-4BE4-9281-FA90A02C31D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {C5A90ACF-CB42-4AF8-91F1-DC87E3446AD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {CA4A3E9E-8FEB-49B9-BC89-6A62FB99BEF2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CD1E3F34-F917-4479-BC73-37DF7752942B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CDA67D8E-99C9-4F50-B20C-9FE9FC7F5377} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D2CA313C-D633-4FBF-92D1-CB50FA726273} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {D3D3285B-F8CF-4217-B41D-AE185A5397B2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D5FAFE51-606F-4666-8564-9DBF031A835F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D62FA339-802C-4B4E-A92F-16B939E6E63F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D7B6F6DF-B2BB-4299-8162-26CE0503C501} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DB464760-3BAD-4DEF-9001-067776B64287} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DC91BA53-A4D1-456D-AD2D-4ECB2E87CD30} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {DE9FBC71-DAD3-430C-B263-6904320D0793} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {E6C08200-18E3-4DDB-87F4-908A495F7FC7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E803A1EF-134A-48C8-849F-DE48BEC83079} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {F0A26EE4-3713-440F-8F80-247AAC82095D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-01] (HP Inc.)
Task: {F8C9F5BA-719B-4569-965D-F7A275A01FAB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F8F22E92-0E1C-4084-A677-CF290CC63ED3} - System32\Tasks\{3E17A046-E3D2-453D-BD4D-C1E9EC13C355} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\TNT2\2.0.0.1949\TNT2User.exe -c /UNINSTALL PARTNER=11083
Task: {FD9C48E4-20FB-457F-9570-5FE7E6AA696C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FEA660D4-2526-4FF2-A43D-B742360CBDBD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForJoshua.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe\Warframe.lnk -> C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe (Digital Extremes) -> "hxxp://safesurfs.net/?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"
ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"
ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://safesurfs.net/?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://safesurfs.net/?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"
ShortcutWithArgument: C:\Users\Public\Desktop\Syndicate.lnk -> C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe () -> "hxxp://safesurfs.net/?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-12 11:15 - 2017-06-21 03:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 000713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 16:22 - 2014-12-18 16:22 - 000024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 16:22 - 2014-12-18 16:22 - 000107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 16:22 - 2014-12-18 16:22 - 000055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 16:22 - 2014-12-18 16:22 - 000125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 16:22 - 2014-12-18 16:22 - 000033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 012716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 003396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 16:22 - 2014-12-18 16:22 - 000786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 001107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 001009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 001171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 001295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 16:22 - 2014-12-18 16:22 - 000035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 001091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 003096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 002953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 001251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 16:22 - 2014-12-18 16:22 - 000053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 001289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 002785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 001228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 001177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2016-10-29 00:01 - 2017-05-03 16:21 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 002757456 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareShellExtension.dll
2016-09-28 19:12 - 2016-09-28 19:12 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 00:11 - 2017-03-04 02:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 00:08 - 2017-03-04 02:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 00:08 - 2017-03-04 02:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 00:08 - 2017-03-04 02:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-08-09 02:26 - 2017-03-04 02:05 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-08-09 02:26 - 2017-08-01 14:26 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-09 02:26 - 2017-08-01 14:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 008947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 16:22 - 2014-12-18 16:22 - 000500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 002130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 000811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-06-06 02:45 - 2017-06-06 02:45 - 001910424 _____ () C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
2016-09-01 20:59 - 2016-09-01 20:59 - 000017024 _____ () C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
2016-06-21 20:39 - 2016-06-21 20:39 - 001419776 _____ () C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
2017-07-17 07:24 - 2017-07-17 07:27 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-17 07:24 - 2017-07-17 07:27 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-17 07:24 - 2017-07-17 07:27 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-17 07:24 - 2017-07-17 07:27 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-07-17 07:24 - 2017-07-17 07:27 - 000139776 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2017-08-03 14:28 - 2017-08-02 03:39 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-03 14:28 - 2017-08-02 03:39 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
2016-10-29 00:01 - 2017-05-03 16:21 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-29 00:01 - 2017-05-03 16:20 - 065709176 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-01-15 15:38 - 2014-09-11 19:09 - 001498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-01-15 15:38 - 2014-05-19 18:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-06-07 03:31 - 2017-06-07 03:31 - 000594432 _____ () C:\Program Files (x86)\Anvsoft\Syncios\DuiLib.dll
2017-05-22 21:38 - 2017-05-22 21:38 - 000074240 _____ () C:\Program Files (x86)\Anvsoft\Syncios\generalFunc_pdt.dll
2017-06-06 21:20 - 2017-06-06 21:20 - 001072640 _____ () C:\Program Files (x86)\Anvsoft\Syncios\androidSyncCore_pdm.dll
2017-06-06 21:20 - 2017-06-06 21:20 - 000177664 _____ () C:\Program Files (x86)\Anvsoft\Syncios\driverMgr4Transfer_pdm.dll
2016-11-16 01:37 - 2016-11-16 01:37 - 000579584 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libsscan.dll
2016-08-01 04:01 - 2016-08-01 04:01 - 000571392 _____ () C:\Program Files (x86)\Anvsoft\Syncios\sqlite3.dll
2016-08-01 04:01 - 2016-08-01 04:01 - 001970688 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libplist.dll
2016-09-01 20:59 - 2016-09-01 20:59 - 001278080 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libandroidnotifier.dll
2017-05-22 21:38 - 2017-05-22 21:38 - 000986624 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libandroidrecovery.dll
2017-05-09 00:45 - 2017-05-09 00:45 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:45 - 2017-05-09 00:45 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-21 20:39 - 2016-06-21 20:39 - 000671744 _____ () C:\Program Files (x86)\Anvsoft\Syncios\hashAB.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-08-26 22:08 - 2013-09-16 12:17 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-07-24 00:00 - 2017-07-24 00:00 - 000071680 _____ () C:\Program Files (x86)\Trillian\zlib1.dll
2017-07-24 00:00 - 2017-07-24 00:00 - 000116736 _____ () C:\Program Files (x86)\Trillian\libexpat.dll
2017-07-24 00:00 - 2017-07-24 00:00 - 000006656 _____ () c:\program files (x86)\trillian\languages\en\trillian.dll
2017-07-24 00:00 - 2017-07-24 00:00 - 000220672 _____ () C:\Program Files (x86)\Trillian\libpng16.dll
2017-07-24 00:00 - 2017-07-24 00:00 - 000015360 _____ () C:\Program Files (x86)\Trillian\libgif.dll
2017-07-24 00:00 - 2017-07-24 00:00 - 000003072 _____ () c:\program files (x86)\trillian\languages\en\toolkit.dll
2017-07-24 00:00 - 2017-07-24 00:00 - 000010752 _____ () c:\program files (x86)\trillian\languages\en\buddy.dll
2017-07-24 00:00 - 2017-07-24 00:00 - 000005120 _____ () c:\program files (x86)\trillian\languages\en\talk.dll
2017-07-24 00:00 - 2017-07-24 00:00 - 000061952 _____ () C:\Program Files (x86)\Trillian\libtinyxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Joshua\Cookies:xGuTvRI3t5Vb0P9SHzd9 [1960]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\...\123simsen.com -> www.123simsen.com

There are 7888 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-04-14 23:29 - 000451860 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15504 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joshua\appdata\local\microsoft\windows\themes\pacific r\desktopbackground\pacific_rim_3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F7C74DAA-B19C-4E9F-B9A5-DF2B925ED57B}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{D74F738F-7EA9-49C6-81CD-BCEF73BFD6B6}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{086C4231-5DA7-421D-A78A-348BD7ABA4C4}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{4061ADD8-2C11-4BD4-9C65-450E576CA5DC}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{29045E3A-2653-4C2B-8D98-3E6B0F26CFEF}] => (Allow) C:\Games\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{6DD8B30E-F192-466A-8F0F-EF89DA45A599}] => (Allow) C:\Games\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{0214F5BE-0B71-44E8-BEAB-5AD5F709B6C5}] => (Allow) C:\Games\Steam\SteamApps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{8EBED308-B65B-403B-AA6A-0539F745464C}] => (Allow) C:\Games\Steam\SteamApps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{CEB5F8C9-F6B7-4848-AD00-A1CB26E24037}] => (Allow) C:\Games\Steam\SteamApps\common\Anna\Anna.exe
FirewallRules: [{EB1E9795-5F61-4C83-AE77-297E38DF3262}] => (Allow) C:\Games\Steam\SteamApps\common\Anna\Anna.exe
FirewallRules: [{0AA4E155-FFBF-449E-B99D-03AE8825898F}] => (Allow) C:\Games\Steam\SteamApps\common\Layers of Fear\Layers Of Fear.exe
FirewallRules: [{D9B01A1D-C940-4B7F-8624-124867FD4043}] => (Allow) C:\Games\Steam\SteamApps\common\Layers of Fear\Layers Of Fear.exe
FirewallRules: [{E2944F37-EA6D-423F-98BC-1442B97BB3EC}] => (Allow) C:\Games\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{2B10D477-D237-4121-A031-1C7526C1633D}] => (Allow) C:\Games\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{C569D265-D355-4B7E-868D-1F252A5D1902}] => (Allow) C:\Games\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{65730845-4232-4F95-A03F-BA1A4E11F27F}] => (Allow) C:\Games\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{CE423476-1DC5-4838-835F-1699CBA7A359}] => (Allow) C:\Games\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{EED8D0CA-58F8-4206-B34D-177439F5F155}] => (Allow) C:\Games\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{C4BC343F-57EE-4154-9476-F5E352B0475A}] => (Allow) C:\Games\Steam\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{DE6C7234-5FBB-4988-BD32-4A425F343323}] => (Allow) C:\Games\Steam\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{FDD1A2EF-E603-4C39-BD6B-6DE2F5C03F97}] => (Allow) C:\Games\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{C76C29D2-67D5-4833-A57B-E44F2AE3188E}] => (Allow) C:\Games\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{D530E4F8-FF87-44AD-BB68-4AE75F1DDE41}] => (Allow) C:\Games\Steam\SteamApps\common\Magic 2015\DotP_D15.exe
FirewallRules: [{DD5A40AA-C9BB-4658-8023-D9EAA03269D9}] => (Allow) C:\Games\Steam\SteamApps\common\Magic 2015\DotP_D15.exe
FirewallRules: [{5A587DA9-A62C-4389-AF8A-A83BF68EC8D9}] => (Allow) C:\Games\Steam\SteamApps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{5DAA7586-0C6D-4FC9-BF7D-ADE89C93383C}] => (Allow) C:\Games\Steam\SteamApps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{2249B1B3-E480-40A2-86C5-E33B0ADD0F21}] => (Allow) C:\Games\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{B8953BD6-D9F8-4776-9CDD-8796CC61FABA}] => (Allow) C:\Games\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{9FD2FC5A-A53C-43E4-8429-67628E8B01EA}] => (Allow) C:\Games\Steam\SteamApps\common\DOOM Open Beta\DOOMx64.exe
FirewallRules: [{E9EFFB84-AA67-4D20-8C94-AE04D3AD1698}] => (Allow) C:\Games\Steam\SteamApps\common\DOOM Open Beta\DOOMx64.exe
FirewallRules: [UDP Query User{6B853072-7D02-4627-9A04-0CBFAE77493F}C:\games\steam\steamapps\common\rise of the triad\binaries\win64\rott.exe] => (Allow) C:\games\steam\steamapps\common\rise of the triad\binaries\win64\rott.exe
FirewallRules: [TCP Query User{1DE654E4-3193-461C-B1B5-19ED0A695287}C:\games\steam\steamapps\common\rise of the triad\binaries\win64\rott.exe] => (Allow) C:\games\steam\steamapps\common\rise of the triad\binaries\win64\rott.exe
FirewallRules: [{60C35863-D47A-485A-AB3E-844D96FFC3BC}] => (Allow) C:\Games\Steam\SteamApps\common\Rise of the Triad\Binaries\ROTTLauncher.exe
FirewallRules: [{69D10CFF-1BDF-48F3-AB91-D9EE2D455C53}] => (Allow) C:\Games\Steam\SteamApps\common\Rise of the Triad\Binaries\ROTTLauncher.exe
FirewallRules: [UDP Query User{9DDDDB01-9C17-4FAC-8D9B-06BCE6F76980}C:\program files\dc++\dcplusplus.exe] => (Block) C:\program files\dc++\dcplusplus.exe
FirewallRules: [TCP Query User{A9F4C5B9-55AC-4D88-B219-8289A49D6380}C:\program files\dc++\dcplusplus.exe] => (Block) C:\program files\dc++\dcplusplus.exe
FirewallRules: [UDP Query User{C6E84D48-C66D-4C2C-9704-2C822C51D82B}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe
FirewallRules: [TCP Query User{BCF4C2C4-0596-49B1-82A8-E1868FAE5942}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe
FirewallRules: [{4E8A5632-1951-4AA6-823C-8F9DF5925E01}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E0978921-9A04-418B-BBB7-7FC141EEE277}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{E1F36797-AF53-4F4F-82F1-C8CC0C87FAE7}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
FirewallRules: [TCP Query User{AC40B739-AE84-47C3-AD3C-9FD1EC12CA80}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
FirewallRules: [UDP Query User{27671957-32C0-4B84-8016-2DFEAE74CB51}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
FirewallRules: [TCP Query User{E3935758-0C11-4D1A-B79F-52E537F368A0}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
FirewallRules: [{B814EEB0-9A4D-441B-801B-F95A83EBC9E1}] => (Allow) C:\Games\Steam\SteamApps\common\WWE 2K15\WWE2K15Launcher.exe
FirewallRules: [{F0FCEFD7-2048-4EC5-8E97-EEAEE8DB4C66}] => (Allow) C:\Games\Steam\SteamApps\common\WWE 2K15\WWE2K15Launcher.exe
FirewallRules: [UDP Query User{5833D958-C2FE-4FD0-A888-74768D0E0392}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe
FirewallRules: [TCP Query User{95AD7887-BF17-4C4A-B8A7-AEE0C226E9B2}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe
FirewallRules: [{D66077F0-ED1A-4D28-B3DF-C0FD4A978C7F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{2FDC1E44-0537-4937-A32A-5740DC0FEDD7}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{84F7BA59-DD03-44B1-B5DC-7DE09D26A6B2}] => (Allow) C:\Games\EA\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
FirewallRules: [{F607A723-4E6C-47F9-A7F1-C5FD328E192C}] => (Allow) C:\Games\EA\Bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
FirewallRules: [{B6BC5475-00FA-48C1-B808-32DF95453778}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{BA72B8A5-72E1-41BB-8696-38BE99CDA30B}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{0910FF06-2EC3-429C-8EE8-66BBEC070A78}] => (Allow) C:\Users\Joshua\AppData\Local\TNT2\2.0.0.1949\TNT2User.exe
FirewallRules: [{AE635F00-DCEA-46D9-9935-2F306CD41923}] => (Allow) C:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{B5CE9458-5473-44F7-A180-1637DEC46E41}] => (Allow) C:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{9611382D-14AB-4AC4-891A-C76A74CE05CE}] => (Allow) C:\Users\Joshua\AppData\Local\Temp\nsz84C9.tmp\CnetInstaller-10013740.exe
FirewallRules: [{A2A375BB-66C1-4849-AEE3-BDDF272A3B7E}] => (Allow) C:\Users\Joshua\AppData\Local\Temp\nsz84C9.tmp\CnetInstaller-10013740.exe
FirewallRules: [{C444DEFE-2156-4C65-8580-B3B9C12E16F3}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg.exe
FirewallRules: [{D0FA6A38-4DFB-4B46-9A0B-7DF69A48463A}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg.exe
FirewallRules: [{94E55EED-E6F7-4514-B72F-486506A05655}] => (Allow) C:\Games\Steam\SteamApps\common\red faction armageddon\rf4_launcher.exe
FirewallRules: [{E7128849-1334-4762-8D9A-D609517C7AB6}] => (Allow) C:\Games\Steam\SteamApps\common\red faction armageddon\rf4_launcher.exe
FirewallRules: [{56312774-B31C-4C5C-8F64-EA12385DA536}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg_launcher.exe
FirewallRules: [{DDF4312D-CE17-46E8-BFA3-A3AD9B692C82}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction Guerrilla\rfg_launcher.exe
FirewallRules: [{853C159F-87B3-4A54-9E52-05E479FAC552}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction II\Red Faction II.exe
FirewallRules: [{13A52DA1-19EF-4274-A71A-CC6369EB3C6F}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction II\Red Faction II.exe
FirewallRules: [{A6586F04-9B46-4742-871B-682869A8A68E}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction\RedFaction.exe
FirewallRules: [{2BD021E7-C9B4-477D-8294-6A5134138B87}] => (Allow) C:\Games\Steam\SteamApps\common\Red Faction\RedFaction.exe
FirewallRules: [{01CEF471-CEBD-4A45-9522-8C145848848F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E11A8739-911E-4967-B1B0-4AC0B024B64C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FDBB50B0-340C-4EF6-8D5A-2E2433B76F76}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1A8ACE6D-EB79-4EAF-A39E-56FF70305FAB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6CA1FEDB-E202-4E08-B4E3-64807E1F66D4}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe
FirewallRules: [{3D50693F-787C-4411-93AF-BCF5E0568B2A}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe
FirewallRules: [{39958D66-1AE3-4228-BCB4-E114A8A496F6}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{310752C1-B9A0-42CE-9B50-E110182540BA}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{72947B39-C9C4-4244-928A-AAD8CB9B9332}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe
FirewallRules: [{4D80EADD-5153-4CF9-B5CF-6BC716FB1E58}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe
FirewallRules: [{3B680845-DD6C-4B28-B7AA-278CE4EE731A}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
FirewallRules: [{55903C66-4715-462E-B999-BC592D328176}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
FirewallRules: [{32E3DA83-E717-4994-80E5-218FFBAF02FF}] => (Allow) C:\Games\Steam\SteamApps\common\Shadow Warrior\sw.exe
FirewallRules: [{5132D459-9577-4093-BBA8-BB45D93DE2F9}] => (Allow) C:\Games\Steam\SteamApps\common\Shadow Warrior\sw.exe
FirewallRules: [{B96145B6-704E-4E7C-A80A-EFE913CA8E10}] => (Allow) C:\Program Files (x86)\Origin Games\Crusader No Remorse\data\Game\DOSBox\DOSBox.exe
FirewallRules: [{6B1CB885-2334-4A27-8AA3-6DC48021B125}] => (Allow) C:\Program Files (x86)\Origin Games\Crusader No Remorse\data\Game\DOSBox\DOSBox.exe
FirewallRules: [{7DBA97AB-68B3-463C-8FA9-5BCAD397FB06}] => (Allow) C:\Games\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{1AE70695-EFC7-48DC-8DDB-D6378BEE4653}] => (Allow) C:\Games\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{72666BED-A43C-42EC-819D-9031EAEB3002}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{09B977C4-B53D-40BA-8514-3EE1DBC1B764}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [UDP Query User{7B90C674-7CD7-43D8-98A4-308B0FA227F0}C:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{F079F970-3CA4-43E2-A586-B980081DFD26}C:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\games\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{5E458DC1-B0B9-4003-A087-A50A3CC594C4}] => (Allow) C:\Games\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{E36FC237-D301-4B1C-8E39-1981479F3DC7}] => (Allow) C:\Games\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{C5E8E32D-94AA-4DE1-A931-1AEEA20A22C5}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{3FCF9B6A-EFF5-4DAF-B110-49DF6C9270FC}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{BF2C60BF-57EB-4C0F-BC59-709D582A0DE5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{ACFBA37E-5BF8-4775-99F2-D6A15F677EC0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{F369170F-5C7F-4022-893D-7F3FA68667C4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{0768733C-E6CC-4DF3-BC7A-4310547D413B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{53AEE634-5677-45CF-B711-B8071E0FD646}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{A130D804-0065-4D42-9A5B-8CC1AF9D3EE5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{8DD0437F-888E-48EA-9403-012C50DF4E18}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{EF138326-1224-4570-ACE0-ED8D74F43E28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{25CC5A7A-1897-4C80-B0FD-8F0B09ACDF9B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{C4DAC3A6-98FF-4340-A014-97AAE8F4E8C6}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{5E6C9F65-2633-474E-885A-7E888ACBAFC3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{83961A59-872B-4982-9300-12F673D495C8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{47A7731B-F283-4BC4-BABD-2456FC37DEDA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{B3AD2E55-CBCD-4813-B9AE-455CC23BF308}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{FFC223BC-5504-4960-BC0E-C0FFC2A24CB0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9373D688-DF00-4FA8-B2B3-B123D4178BDD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{0A6E34CF-FB8C-43FE-A883-CAA8F72A01D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{16946307-3BCC-4145-9FA8-6804FBCD5B82}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{F411A2CE-0A9C-4E34-949E-799B4E9F1961}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{02191D71-FA7A-4D1E-80F4-F5C1ED4862B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{01AA6173-F090-4FC2-9C43-DDA1F3A184B5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{F22E077E-3690-4007-8D57-7663634D977D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{CFF1F133-B75B-4454-A04E-98ADFFD108C2}] => (Allow) C:\Games\Steam\SteamApps\common\Elsword\ESSTEAM.exe
FirewallRules: [{230CA78C-9B28-4CBD-8C79-45F59CA934ED}] => (Allow) C:\Games\Steam\SteamApps\common\Elsword\ESSTEAM.exe
FirewallRules: [{E760597B-97AD-4678-AE2D-CDD08E88D319}] => (Allow) C:\Games\Steam\SteamApps\common\Rise of the Triad\LDKDedicatedServer.exe
FirewallRules: [{7F954BCA-DAA1-4510-8735-5A2287E7DF46}] => (Allow) C:\Games\Steam\SteamApps\common\Rise of the Triad\LDKDedicatedServer.exe
FirewallRules: [{4B8D968D-DEE8-4551-88C5-A77EFDEBD051}] => (Allow) C:\Games\Steam\SteamApps\common\The Apogee Throwback Pack\ThrowbackPackLauncher.exe
FirewallRules: [{8211312A-0B89-44B1-935D-BFEA2765A558}] => (Allow) C:\Games\Steam\SteamApps\common\The Apogee Throwback Pack\ThrowbackPackLauncher.exe
FirewallRules: [{A4A6B03E-0E8D-4E31-9FB4-99083F28E884}] => (Allow) C:\Games\Steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{1F5D0EBF-99CB-4090-A8F4-7D4732E95C7F}] => (Allow) C:\Games\Steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [UDP Query User{63EFCB0F-6B11-472C-A03F-F7445997DDDC}C:\gog games\outlast\binaries\win64\olgame.exe] => (Allow) C:\gog games\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{A162965A-98E1-4304-A493-8F9C6B372AFE}C:\gog games\outlast\binaries\win64\olgame.exe] => (Allow) C:\gog games\outlast\binaries\win64\olgame.exe
FirewallRules: [{D96DFFDB-DE34-4E9C-ACA8-ED98F11F9058}] => (Allow) C:\Games\Steam\SteamApps\common\InfinityWars\Infinity Wars TCG.exe
FirewallRules: [{C1621212-8093-4AA4-8412-07E8D3E74510}] => (Allow) C:\Games\Steam\SteamApps\common\InfinityWars\Infinity Wars TCG.exe
FirewallRules: [{483C2F3F-3EDF-42B4-B17E-CC8A3F0F2890}] => (Allow) C:\Games\Steam\SteamApps\common\SolForge\SolForge.exe
FirewallRules: [{23BBDBCE-3AAC-4224-A53C-D8F829C6E4F6}] => (Allow) C:\Games\Steam\SteamApps\common\SolForge\SolForge.exe
FirewallRules: [{E117F0E8-D8D8-4A19-8A74-DB17DC37D240}] => (Allow) C:\Games\Steam\SteamApps\common\FEAR2\FEAR2.exe
FirewallRules: [{587E82E2-F8A4-4A71-BFD7-D5A4AC32C302}] => (Allow) C:\Games\Steam\SteamApps\common\FEAR2\FEAR2.exe
FirewallRules: [{85C605B3-F955-49E5-817B-509BBAC0690F}] => (Allow) C:\Games\2K Games\Borderlands 2 - Game Of The Year Edition\Binaries\Win32\borderlands2.exe
FirewallRules: [{81EFC44D-EE38-4553-B6CA-C509694F2061}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{308A521D-3F32-4FB0-8CB0-84DCBD03E7BF}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{5696E011-DCCF-4AAF-BC4A-609A1B13469C}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{5D737135-79E6-4AD8-A1E3-1E7D26509BBF}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{13962D92-2882-4267-A1E2-13E90B12B483}] => (Allow) C:\Games\2K Games\Borderlands 2 - Game Of The Year Edition\Binaries\Win32\borderlands2.exe
FirewallRules: [UDP Query User{72907FAC-FDEE-427E-8975-A9FD0E870154}C:\program files (x86)\2k games\borderlands 2 - game of the year edition\binaries\win64\borderlands2.exe] => (Allow) C:\program files (x86)\2k games\borderlands 2 - game of the year edition\binaries\win64\borderlands2.exe
FirewallRules: [TCP Query User{3F805E78-B455-4F01-B7DC-F148A7B77ED3}C:\program files (x86)\2k games\borderlands 2 - game of the year edition\binaries\win64\borderlands2.exe] => (Allow) C:\program files (x86)\2k games\borderlands 2 - game of the year edition\binaries\win64\borderlands2.exe
FirewallRules: [{FE0C3A5B-F85A-41F4-8317-DD98E97CBB3A}] => (Allow) C:\Program Files (x86)\2K Games\Borderlands 2 - Game Of The Year Edition\Binaries\Win32\borderlands2.exe
FirewallRules: [UDP Query User{FDD535BF-8DE7-4464-9AA8-C0E65A8BCAF9}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe
FirewallRules: [TCP Query User{664897DD-CA5A-427B-A5DF-921A76A469C2}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe
FirewallRules: [UDP Query User{DA7B9AEB-72CE-4FC0-BCD8-B0F3D91A8E5F}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe
FirewallRules: [TCP Query User{1CD83E76-8C09-4D4E-87FE-B91FBC729DCE}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe] => (Allow) C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe
FirewallRules: [{CD515F26-A766-4C54-9447-AFE8540F6154}] => (Allow) C:\Program Files (x86)\2K Games\Borderlands 2 - Game Of The Year Edition\Binaries\Win32\borderlands2.exe
FirewallRules: [UDP Query User{7629B5F6-B6FF-4346-991E-E72B2F179056}C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe] => (Allow) C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe
FirewallRules: [TCP Query User{ACDDEB70-0EEA-47AD-86D3-8FAD1BB0EC22}C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe] => (Allow) C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe
FirewallRules: [{FCF4324E-C142-4EA1-BE34-FC30AC22A0F9}] => (Allow) C:\Games\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{6309EC98-D543-452F-9170-928BB874D7CE}] => (Allow) C:\Games\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [UDP Query User{DF731C6D-B2D2-4FCF-B2A0-1FA8F5AB6C3C}C:\games\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe] => (Block) C:\games\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe
FirewallRules: [TCP Query User{7208572E-C162-4BC9-B5B1-A0E8A10C3BA0}C:\games\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe] => (Block) C:\games\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe
FirewallRules: [{565FDF83-47BB-4018-AD42-B8DF8CF77743}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{B15031A5-9201-4652-8D7B-93A55EC180FD}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{3E8F65E4-2C14-4D43-A1A3-2ED0B275F06D}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{69386B41-BFAE-4FA3-B742-CBD10E77BEC9}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{5290CB1B-1B1F-49BB-AC27-B36489650484}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{483F2ACB-FB82-4625-A430-421BE74C4C50}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{B87B2B47-070B-4E88-8F02-EA76962863E3}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{ED48FA61-1FBA-4AF1-8226-0F85E44CE432}] => (Allow) C:\Users\Joshua\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{0004F174-B4CE-43C0-904B-52285314F89F}] => (Allow) C:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe
FirewallRules: [{6833779D-A122-4654-8350-7BFA570E99DD}] => (Allow) C:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe
FirewallRules: [UDP Query User{8DDEAB12-F37E-4D51-959C-F2D9EE82B6A1}C:\games\steam\steamapps\common\magic 2015 demo\dotp_d15.exe] => (Allow) C:\games\steam\steamapps\common\magic 2015 demo\dotp_d15.exe
FirewallRules: [TCP Query User{E6B9DA75-1B03-4DBE-AB40-2224C8ECDACD}C:\games\steam\steamapps\common\magic 2015 demo\dotp_d15.exe] => (Allow) C:\games\steam\steamapps\common\magic 2015 demo\dotp_d15.exe
FirewallRules: [{F973D4F5-2711-4800-A072-65A51B684897}] => (Allow) C:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{82C0E512-F7EF-4CAE-87AF-8C91762D328D}] => (Allow) C:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{E1A56B63-3BFC-4929-A92A-00D4DFE0F4B0}] => (Allow) C:\Games\Activision\Wolfenstein\MP\Wolf2MPLite.exe
FirewallRules: [{ABE41976-A585-42AB-8370-27CAAACFA97E}] => (Allow) C:\Games\Activision\Wolfenstein\MP\Wolf2MPLite.exe
FirewallRules: [{DFF33EC5-53BA-4380-8392-77D64BE074A9}] => (Allow) C:\Games\Activision\Wolfenstein\MP\Wolf2MP.exe
FirewallRules: [{FC71E80D-E08E-4624-AFC0-9DFDAA10920B}] => (Allow) C:\Games\Activision\Wolfenstein\MP\Wolf2MP.exe
FirewallRules: [{865800D8-52A7-420C-B4C8-2EF9A1F3BEBC}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{90ADFD68-491F-4665-9BAE-7E69990D01B7}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{11E05778-6AF1-4928-ABB9-976B7975CFE9}] => (Allow) C:\Games\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{0CFA355C-9BFA-4496-98EA-A10EF210FFD0}] => (Allow) C:\Games\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{A534E423-0A1B-4BA5-8864-ECA74928DED2}] => (Allow) C:\Games\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{C68CA6C9-0531-418B-BE17-B940DA7A8AB3}] => (Allow) C:\Games\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{C433F5BB-5D1C-4EE0-B759-86AB45A17999}] => (Allow) C:\Games\Steam\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{75CFA0A6-DE9E-44B3-9FD1-87ECB0E2B77B}] => (Allow) C:\Games\Steam\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{9539F185-0A84-45BD-8DD3-30D9E8CF6D36}] => (Allow) C:\Games\Steam\SteamApps\common\half-life 2\hl2.exe
FirewallRules: [{463655E2-12AC-477A-BA2C-E7756AF08EA4}] => (Allow) C:\Games\Steam\SteamApps\common\half-life 2\hl2.exe
FirewallRules: [{5893D8DC-1354-49A0-AED4-87C23B85852E}] => (Allow) C:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{892FBDA3-5C39-4FE2-ABA4-DF209364192E}] => (Allow) C:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{582F3C60-B435-478E-8A1D-FC53C36F7981}] => (Allow) C:\Games\Steam\SteamApps\common\HauntedMemories\HM.exe
FirewallRules: [{FDEC8FB5-5D9A-468D-8F50-BD0CA5FC82B4}] => (Allow) C:\Games\Steam\SteamApps\common\HauntedMemories\HM.exe
FirewallRules: [{ECBAAD69-69BE-4434-B874-498E96FF5B70}] => (Allow) LPort=7935
FirewallRules: [{8BD1904D-207D-4877-903E-D1932730036E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{546E1EC7-E7D5-48B4-8B80-588BE7A14332}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{394B5990-B1E7-48FD-B085-EDB12B87393C}] => (Allow) C:\Users\Joshua\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BE7D8A34-5F6C-4A13-B880-664A5113E14B}] => (Allow) C:\Users\Joshua\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BC94288B-4352-4D2C-8DCC-3AD1BF4D41D2}] => (Allow) C:\Games\Steam\SteamApps\common\RAGE\Rage64.exe
FirewallRules: [{1ACF2540-181B-4B03-87E3-53AFBD36826F}] => (Allow) C:\Games\Steam\SteamApps\common\RAGE\Rage64.exe
FirewallRules: [{EC96983C-A2F7-4E01-9509-5835458D1C1A}] => (Allow) C:\Games\Steam\SteamApps\common\RAGE\Rage.exe
FirewallRules: [{0E3CA8A5-D983-479D-B1E6-CC2A9BF4C6CF}] => (Allow) C:\Games\Steam\SteamApps\common\RAGE\Rage.exe
FirewallRules: [{505C2284-15C4-4056-B280-A829369C3FB0}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{51F57CFC-717C-4A42-A768-03CB80736555}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{B34B7A1C-266D-4598-89EF-49D9E84B8071}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{EA6B7408-655F-4C4F-BE60-C67A282EF7D7}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{134BF144-5471-4A5F-BE49-16F90142F797}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{73A47C39-0866-4083-BAC1-0AEEF0E643DC}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{154D4BF9-B314-487A-B86B-D3C00DB3AD68}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{0426EF05-FF38-4ECB-93FA-DCD5F2D9F8F5}] => (Allow) C:\Games\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{054C371D-35FB-4EA0-93B0-BBCBEDB3984D}] => (Allow) C:\Games\Steam\SteamApps\common\Tribes\Binaries\Win32\HirezBridge.exe
FirewallRules: [{E2E5A8DC-63A7-4D7D-BDE5-C62DC2B30A4B}] => (Allow) C:\Games\Steam\SteamApps\common\Tribes\Binaries\Win32\HirezBridge.exe
FirewallRules: [{3CBC54C3-A1A8-49EA-B91A-80EBF5AB12DF}] => (Allow) C:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{0E194090-07C4-4B72-872F-D731FDDD8AFF}] => (Allow) C:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{D469D511-45B6-43AF-830B-DB80B88B5E40}] => (Allow) C:\Games\Steam\Steam.exe
FirewallRules: [{F4DEAF3A-566C-482B-BB2C-19BEA9B63F27}] => (Allow) C:\Games\Steam\Steam.exe
FirewallRules: [{8B078030-E8E3-4B2A-8442-0448EAD63905}] => (Allow) C:\Program Files (x86)\uTorrent323\uTorrent.exe
FirewallRules: [{433800B6-FA9D-4EF8-A49C-79A38C69B129}] => (Allow) C:\Program Files (x86)\uTorrent323\uTorrent.exe
FirewallRules: [{9D827F73-286B-4D76-80A6-E0CE0BF311CB}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{64DC0E1B-1BD2-41BA-BBD2-DCC5ED6D895D}] => (Allow) C:\Games\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [TCP Query User{A0DF5329-C387-42AD-82CF-F0F33BB49DA6}C:\program files (x86)\trillian\plugins\skypekit.exe] => (Allow) C:\program files (x86)\trillian\plugins\skypekit.exe
FirewallRules: [UDP Query User{F9565792-9B06-4205-BDF4-AE843B34E148}C:\program files (x86)\trillian\plugins\skypekit.exe] => (Allow) C:\program files (x86)\trillian\plugins\skypekit.exe
FirewallRules: [TCP Query User{6A88E54E-EAA9-414E-B566-A73A4CB94DC7}C:\users\joshua\appdata\local\skypeplugin\7.7.0.219\pluginhost.exe] => (Allow) C:\users\joshua\appdata\local\skypeplugin\7.7.0.219\pluginhost.exe
FirewallRules: [UDP Query User{BD9CEC96-035C-4145-AEAB-51D8AF687152}C:\users\joshua\appdata\local\skypeplugin\7.7.0.219\pluginhost.exe] => (Allow) C:\users\joshua\appdata\local\skypeplugin\7.7.0.219\pluginhost.exe
FirewallRules: [TCP Query User{F29F9B56-E271-4C4E-AABE-239D7380F0CA}C:\games\steam\steamapps\common\dear esther\dearesther.exe] => (Allow) C:\games\steam\steamapps\common\dear esther\dearesther.exe
FirewallRules: [UDP Query User{DE660241-CFEE-456D-AA71-DCD6F93CC577}C:\games\steam\steamapps\common\dear esther\dearesther.exe] => (Allow) C:\games\steam\steamapps\common\dear esther\dearesther.exe
FirewallRules: [TCP Query User{352141CA-3BE0-4EEC-AF5E-AB00495C1952}C:\program files (x86)\trillian\plugins\skypekit.exe] => (Allow) C:\program files (x86)\trillian\plugins\skypekit.exe
FirewallRules: [UDP Query User{9CC2E108-A338-48FA-B0DE-1E0075DCD150}C:\program files (x86)\trillian\plugins\skypekit.exe] => (Allow) C:\program files (x86)\trillian\plugins\skypekit.exe
FirewallRules: [{D9146AC5-77FF-4C4E-AD48-14FF4A1AD197}] => (Allow) C:\Games\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{82B258F9-89B1-4AC7-8438-FCDBC231B25D}] => (Allow) C:\Games\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{8F5037F5-BC04-4058-8A6C-D9DE7B1C2168}] => (Allow) C:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{EDB4401E-1576-4C34-983F-71F87262B798}] => (Allow) C:\Games\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe
FirewallRules: [{B8492FBC-8389-426A-9DF4-06653F7DE12A}] => (Allow) C:\Games\Steam\SteamApps\common\WWE2K16\WWE2K16.exe
FirewallRules: [{A07C6944-4770-4CFF-9E85-BDE897FA5D98}] => (Allow) C:\Games\Steam\SteamApps\common\WWE2K16\WWE2K16.exe
FirewallRules: [{B2BD3D99-2E5E-49CA-85B8-C809A278EC61}] => (Allow) C:\Games\Steam\SteamApps\common\Tribes\Binaries\Win32\TribesAscend.exe
FirewallRules: [{91773F69-AD48-419C-A2E3-1B1C90A63ACE}] => (Allow) C:\Games\Steam\SteamApps\common\Tribes\Binaries\Win32\TribesAscend.exe
FirewallRules: [{4A4CDCA7-CD16-4270-A3E9-7E5395E406AF}] => (Allow) C:\Games\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{35EED965-E615-4D0B-8DF4-71BCD5915910}] => (Allow) C:\Games\Steam\SteamApps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{3BFD324C-5C40-48BD-A2FC-9CF6E59234C1}] => (Allow) C:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3C748391-8571-4496-847C-CB2F1C073A3A}] => (Allow) C:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EB8EE6E7-F808-4D60-B1F5-941D8228D999}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{DFFF1BF8-B81E-4507-886E-1730D19D282E}] => (Allow) C:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{3D96BEA2-B9B9-4D74-B7EC-DF63A0189A02}] => (Allow) C:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{4D62FE34-772E-49D0-88C1-FC62B5FF7A14}] => (Allow) C:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{1F3B24B7-BCA3-42D6-94AB-776C21BD0A51}] => (Allow) C:\Games\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{CF7DFCD7-DF85-48B6-B645-EE720E997B0C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{29F5F800-2894-4171-BC69-694F70B1F1C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{47300F81-5379-4BB6-9443-3505E0B41951}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{C76739D6-1A27-43D3-9D92-F041F455BBCD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AEB7F9A9-A5ED-4B6C-A838-578F07B6EE40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BEA98A6F-0C81-45FC-B25E-9AA9F0782E30}] => (Allow) C:\Games\Steam\SteamApps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
FirewallRules: [{7A017758-6EE4-42CF-8095-A36C0A0410E2}] => (Allow) C:\Games\Steam\SteamApps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
FirewallRules: [{468F11CA-EC3C-4CCF-A446-A29EE92A297E}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{CCA2C159-47C3-49A8-AA2A-DC1376517C48}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{6051DBE6-1B78-4405-8881-C87E4315FFA1}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{C9AB1380-0C55-46F0-906D-7B959ACD47AF}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{B8D4FC9D-F417-45A2-A776-9D5F8FEDDE94}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{B7D7EB22-6D25-4FC0-B77A-D7CB31FE185B}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{767F06CF-6B0A-4F4B-A69A-54768C1FC4C9}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{E34D565A-A867-4AB5-B15B-BEA2D6DCDA7B}] => (Allow) C:\Games\Steam\SteamApps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{D1416D75-7199-4CA0-8D34-110F5EFE8ACE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{FB428FC8-B51B-4EC7-9000-918EEA4DA3E5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{B2395817-9336-44A2-A6AD-3EDA81C0D9DF}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{DC37A0BB-3A1D-40DB-9CD4-C01DD15F8489}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{4009AFEC-C87F-4E5E-868C-42ED671AE9C0}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{02A7DD62-F321-4AE6-A90A-DEC167A75182}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{6C2FCECB-04E1-4E89-8A65-1FD9C3513947}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C2A108D0-F0B4-4AC2-AF2A-844429C2DDB8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A271D21C-64EC-4BB2-BC80-734A34790E33}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A0E435F2-26BE-4A19-B6FD-2E4AFE38AF30}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{481AD292-ADBD-4AEC-BCE0-BB3AF44AAE5C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0E2C36AF-0CCA-4A8B-858B-838D37A1F4FD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

29-07-2017 16:14:37 Scheduled Checkpoint
07-08-2017 18:25:21 Scheduled Checkpoint
16-08-2017 16:29:09 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2017 10:14:53 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (08/17/2017 10:14:53 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (08/17/2017 09:28:40 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\Tools.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/17/2017 09:28:40 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/17/2017 09:28:39 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDScanLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDScanLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/17/2017 09:28:39 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/17/2017 09:28:39 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/17/2017 09:28:39 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/17/2017 09:28:39 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDFileScanLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDFileScanLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (08/17/2017 09:28:39 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll" on line 2.
The manifest file root element must be assembly.


System errors:
=============
Error: (08/17/2017 01:48:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Feature update to Windows 10, version 1703.

Error: (08/15/2017 01:26:01 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (08/15/2017 01:22:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/15/2017 01:22:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (08/15/2017 01:21:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Support Solutions Framework Service service hung on starting.

Error: (08/15/2017 01:18:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/15/2017 01:18:02 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (08/15/2017 01:15:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetMsmqActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/15/2017 01:15:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.

Error: (08/15/2017 01:15:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
Date: 2017-08-17 10:17:14.465
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-17 10:17:14.463
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-17 10:17:14.455
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-17 10:17:14.453
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-17 10:11:29.817
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-17 10:11:29.816
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-17 10:08:20.226
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-17 10:08:20.224
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-17 10:08:15.150
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-17 10:08:15.147
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 58%
Total physical RAM: 8062.91 MB
Available physical RAM: 3314.21 MB
Total Virtual: 16254.91 MB
Available Virtual: 11484.57 MB

==================== Drives ================================

Drive c: (HQGX1) (Fixed) (Total:1862.48 GB) (Free:457.58 GB) NTFS
Drive d: (Prey) (CDROM) (Total:7.26 GB) (Free:0 GB) UDF
Drive i: (CDROM) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 23134AB5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

I'll update after I follow your previous instructions. :cool:

Startropic1
2017-08-22, 06:13
So apparently there's a spybot.info server problem preventing me from posting anymore logs. It keeps giving me a 500 timeout. :confused:

Startropic1
2017-08-22, 07:49
Let's try this one by one.

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Joshua (21-08-2017 21:54:10) Run:1
Running from C:\Stash2
Loaded Profiles: Joshua (Available Profiles: Joshua & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction <==== ATTENTION
AutoConfigURL: [S-1-5-21-2577772942-3954309557-1672937280-1000] => hxxp://nonblock.net/wpad.dat?37380101bea19d8230b479e4b87d0fb015089779
ManualProxies: 0hxxp://nonblock.net/wpad.dat?37380101bea19d8230b479e4b87d0fb015089779
SearchScopes: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> DefaultScope {3D56E5C3-5CD1-4AD8-BBFC-6756EA6DF66B} URL = hxxp://search.findwide.com/serp?guid={F4EDED45-D6CE-4600-AE16-1256AC3F410E}&k={searchTerms}
SearchScopes: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> {2D0B871E-3DF8-4973-A8D8-6AF39842A425} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11083
SearchScopes: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> {3D56E5C3-5CD1-4AD8-BBFC-6756EA6DF66B} URL = hxxp://search.findwide.com/serp?guid={F4EDED45-D6CE-4600-AE16-1256AC3F410E}&k={searchTerms}
Toolbar: HKLM - FindWide Toolbar - {C3AC019C-D74E-40E1-A3D3-0BDDCF3519CA} - C:\Program Files (x86)\TNT2\2.0.0.1949\IEToolbar64.dll [2015-02-24] (Freshy.com)
Toolbar: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2577772942-3954309557-1672937280-1000 -> FindWide Toolbar - {C3AC019C-D74E-40E1-A3D3-0BDDCF3519CA} - C:\Program Files (x86)\TNT2\2.0.0.1949\IEToolbar64.dll [2015-02-24] (Freshy.com)
FF Extension: (ShopperPro) - C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\59uig06a.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2016-01-07] [not signed]
FF Plugin HKU\S-1-5-21-2577772942-3954309557-1672937280-1000: @tnt2npapi.com/Plugin -> C:\Users\Joshua\AppData\Local\TNT2\2.0.0.1949\npTNT2.dll [2015-02-24] (Freshy.com)
2017-07-18 19:52 - 2017-07-18 19:52 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\-opx1gp9.dll
2016-10-22 11:42 - 2016-10-22 11:42 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\0oxheq82.dll
2016-11-13 12:36 - 2016-11-13 12:36 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\0rof7bix.dll
2017-07-05 21:07 - 2017-07-05 21:07 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\27ffivre.dll
2017-08-10 18:42 - 2017-08-10 18:42 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\3m437wk2.dll
2017-01-27 10:56 - 2017-01-27 10:56 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\3n2nrqua.dll
2017-07-25 22:30 - 2017-07-25 22:30 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\3nud9uux.dll
2017-05-22 18:30 - 2017-05-22 18:30 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\66k6sfej.dll
2017-07-18 20:05 - 2017-07-18 20:05 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\9xh8rygx.dll
2017-07-20 20:03 - 2017-07-20 20:03 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\aqf9saay.dll
2017-07-22 18:40 - 2017-07-22 18:40 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ca9tlkl4.dll
2017-07-25 18:07 - 2017-07-25 18:07 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\cb4zks17.dll
2017-04-04 09:42 - 2017-04-04 09:42 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ce16xwwc.dll
2014-01-08 05:18 - 2014-01-08 05:18 - 000057856 _____ () C:\Users\Joshua\AppData\Local\Temp\CPUID.dll
2017-07-10 19:06 - 2017-07-10 19:06 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\dbqmctj9.dll
2017-07-10 21:14 - 2017-07-10 21:14 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\dv_auycn.dll
2017-01-16 21:23 - 2017-01-16 21:23 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ejevcly3.dll
2017-08-05 16:12 - 2017-08-05 16:12 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\f3jiwg9w.dll
2017-07-04 18:39 - 2017-07-04 18:39 - 000006656 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\feiy46zy.dll
2017-04-04 18:19 - 2017-04-04 18:19 - 000024576 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\fhdl0vws.dll
2017-07-09 23:58 - 2017-07-09 23:58 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\g3jzqnkc.dll
2016-12-02 16:14 - 2016-12-02 16:14 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\hfdiozie.dll
2017-07-29 21:38 - 2017-07-29 21:38 - 000024576 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\hfuzw-qj.dll
2017-06-27 09:35 - 2017-06-27 09:35 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\hsl3w2xv.dll
2016-10-11 09:57 - 2016-10-11 09:57 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\is89rrb0.dll
2016-10-20 19:19 - 2016-10-20 19:19 - 000737856 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-19 20:19 - 2017-01-19 20:19 - 000739904 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-07-20 19:19 - 2017-07-20 19:19 - 000739904 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-08-16 10:50 - 2017-08-16 10:50 - 000740416 _____ (Oracle Corporation) C:\Users\Joshua\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-05-25 14:09 - 2017-05-25 14:09 - 000024576 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\j_dnziqy.dll
2017-07-09 16:39 - 2017-07-09 16:39 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\kiyyfsss.dll
2017-07-02 22:38 - 2017-07-02 22:38 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\lr7kjbea.dll
2017-07-01 00:23 - 2017-07-01 00:23 - 000011264 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\m-xbpcnz.dll
2017-04-18 23:18 - 2017-04-18 23:18 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\m8vposw3.dll
2017-07-15 16:35 - 2017-07-15 16:35 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\mdtx8pyg.dll
2017-07-25 19:11 - 2017-07-25 19:11 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ngtuif_p.dll
2017-02-15 14:39 - 2016-12-29 08:43 - 000860776 _____ (NVIDIA Corporation) C:\Users\Joshua\AppData\Local\Temp\nvSCPAPI64.dll
2017-05-12 18:51 - 2016-12-29 08:43 - 000351680 _____ (NVIDIA Corporation) C:\Users\Joshua\AppData\Local\Temp\nvStInst.exe
2016-11-10 10:56 - 2016-11-10 10:56 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\o_tqxl74.dll
2017-02-27 19:26 - 2017-02-27 19:26 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\p8bvd0gj.dll
2016-10-05 20:56 - 2016-10-05 20:56 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\qljo-g8i.dll
2017-07-13 19:39 - 2017-07-13 19:39 - 000015872 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\rsn4j7z1.dll
2017-03-13 18:17 - 2017-03-13 18:17 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\scgu4a-v.dll
2017-07-21 18:14 - 2017-07-21 18:14 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\uhk6bbk1.dll
2017-07-15 08:53 - 2017-07-15 08:53 - 000015872 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\vnx3x6nl.dll
2017-08-14 00:02 - 2017-08-14 00:02 - 000015872 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\w7auqfnt.dll
2017-07-14 00:01 - 2017-07-14 00:01 - 000005632 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\wwxori_3.dll
2016-11-11 00:59 - 2016-11-11 00:59 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\w_iw6blb.dll
2017-07-24 17:33 - 2017-07-24 17:33 - 000005120 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\xgd1vd1x.dll
2017-03-27 18:22 - 2017-03-27 18:22 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\xwhfiefk.dll
2017-05-24 09:54 - 2017-05-24 09:54 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\y62v3xu0.dll
2017-06-03 13:15 - 2017-06-03 13:15 - 000024576 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\ynmp-wkb.dll
2017-08-10 18:59 - 2017-08-10 18:59 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\zcbwxz81.dll
2017-07-21 23:47 - 2017-07-21 23:47 - 000009728 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\_egmessz.dll
2017-01-27 17:36 - 2017-01-27 17:36 - 000008704 _____ ( ) C:\Users\Joshua\AppData\Local\Temp\_hjqt8_n.dll
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D0B871E-3DF8-4973-A8D8-6AF39842A425} => key removed successfully
HKLM\Software\Classes\CLSID\{2D0B871E-3DF8-4973-A8D8-6AF39842A425} => key not found.
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D56E5C3-5CD1-4AD8-BBFC-6756EA6DF66B} => key removed successfully
HKLM\Software\Classes\CLSID\{3D56E5C3-5CD1-4AD8-BBFC-6756EA6DF66B} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{C3AC019C-D74E-40E1-A3D3-0BDDCF3519CA} => value removed successfully
HKLM\Software\Classes\CLSID\{C3AC019C-D74E-40E1-A3D3-0BDDCF3519CA} => key not found.
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C3AC019C-D74E-40E1-A3D3-0BDDCF3519CA} => value removed successfully
HKLM\Software\Classes\CLSID\{C3AC019C-D74E-40E1-A3D3-0BDDCF3519CA} => key not found.
C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\59uig06a.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} => moved successfully
HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\MozillaPlugins\@tnt2npapi.com/Plugin => key removed successfully
C:\Users\Joshua\AppData\Local\TNT2\2.0.0.1949\npTNT2.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\-opx1gp9.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\0oxheq82.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\0rof7bix.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\27ffivre.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\3m437wk2.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\3n2nrqua.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\3nud9uux.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\66k6sfej.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\9xh8rygx.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\aqf9saay.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\ca9tlkl4.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\cb4zks17.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\ce16xwwc.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\CPUID.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\dbqmctj9.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\dv_auycn.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\ejevcly3.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\f3jiwg9w.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\feiy46zy.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\fhdl0vws.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\g3jzqnkc.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\hfdiozie.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\hfuzw-qj.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\hsl3w2xv.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\is89rrb0.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\jre-8u111-windows-au.exe => moved successfully
C:\Users\Joshua\AppData\Local\Temp\jre-8u121-windows-au.exe => moved successfully
C:\Users\Joshua\AppData\Local\Temp\jre-8u141-windows-au.exe => moved successfully
C:\Users\Joshua\AppData\Local\Temp\jre-8u144-windows-au.exe => moved successfully
C:\Users\Joshua\AppData\Local\Temp\j_dnziqy.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\kiyyfsss.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\lr7kjbea.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\m-xbpcnz.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\m8vposw3.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\mdtx8pyg.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\ngtuif_p.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Joshua\AppData\Local\Temp\o_tqxl74.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\p8bvd0gj.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\qljo-g8i.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\rsn4j7z1.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\scgu4a-v.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\uhk6bbk1.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\vnx3x6nl.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\w7auqfnt.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\wwxori_3.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\w_iw6blb.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\xgd1vd1x.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\xwhfiefk.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\y62v3xu0.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\ynmp-wkb.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\zcbwxz81.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\_egmessz.dll => moved successfully
C:\Users\Joshua\AppData\Local\Temp\_hjqt8_n.dll => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 308208 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57193986 B
Java, Flash, Steam htmlcache => 84918877 B
Windows/system/drivers => 235015262 B
Edge => 27489246 B
Chrome => 1377700178 B
Firefox => 381554105 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6234 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 418048 B
NetworkService => 4472952 B
Joshua => 1658596229 B
DefaultAppPool => 6234 B

RecycleBin => 0 B
EmptyTemp: => 3.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:05:37 ====

Startropic1
2017-08-22, 07:57
first malwarebytes log still not going through due to 500 timeouts. Let's try the AdwCleaner log...

# AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 22 03:27:11 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files (x86)\YTDownloader
Deleted: C:\Program Files (x86)\Yahoo!\Companion
Deleted: C:\Users\Joshua\AppData\Roaming\Yahoo!\Companion


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk["http:\\safesurfs.net\?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"]
Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk["http:\\safesurfs.net\?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"]
Cleaned: C:\Users\Joshua\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk["http:\\safesurfs.net\?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"]
Cleaned: C:\Users\Joshua\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk["http:\\safesurfs.net\?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"]
Cleaned: C:\Users\Public\Desktop\Mozilla Firefox.lnk["http:\\safesurfs.net\?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"]
Cleaned: C:\Users\Public\Desktop\Mozilla Firefox.lnk["http:\\safesurfs.net\?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"]
Cleaned: C:\Users\Public\Desktop\Syndicate.lnk["http:\\safesurfs.net\?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"]
Cleaned: C:\Users\Public\Desktop\Syndicate.lnk["http:\\safesurfs.net\?ssid=1472142773&a=1003203&src=sh&uuid=7680328b-58a8-4eba-aabf-3b4449f6b7e2"]


***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Deleted: [Key] - HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\AppDataLow\Software\adawarebp
Deleted: [Key] - HKCU\Software\AppDataLow\Software\adawarebp
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2577772942-3954309557-1672937280-1000\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\yt.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F7C74DAA-B19C-4E9F-B9A5-DF2B925ED57B}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D74F738F-7EA9-49C6-81CD-BCEF73BFD6B6}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{086C4231-5DA7-421D-A78A-348BD7ABA4C4}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4061ADD8-2C11-4BD4-9C65-450E576CA5DC}
Deleted: [Key] - HKLM\SOFTWARE\SrpnFiles


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [15390 B] - [2017/8/22 3:25:25]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Juliet
2017-08-22, 13:15
Look in add/remove programs list to see if
Findwide Toolbar is there.

Please download and install Revo Uninstaller Free (http://www.revouninstaller.com/)

Double click Revo Uninstaller to run it.
From the list of programs double click on Findwide Toolbar (if found)
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.


~~~~~~~~~~~~~~~~~~~~


malwarebytes log still not going through due to 500 timeouts.
I don't know whats happening here.
Is it a very large log?, that needs to be posted in multiple replies?
locate the file and see if it will attach, using the attachment button?

After using AdwCleaner and rebooting the machine, Malwarebytes log still isn't working?

Tell me what the computer is doing now.

Startropic1
2017-08-22, 18:40
Look in add/remove programs list to see if
Findwide Toolbar is there.

Please download and install Revo Uninstaller Free (http://www.revouninstaller.com/)

Double click Revo Uninstaller to run it.
From the list of programs double click on Findwide Toolbar (if found)
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.


~~~~~~~~~~~~~~~~~~~~


I don't know whats happening here.
Is it a very large log?, that needs to be posted in multiple replies?
locate the file and see if it will attach, using the attachment button?

After using AdwCleaner and rebooting the machine, Malwarebytes log still isn't working?

Tell me what the computer is doing now.

Findwide is not found in apps under settings nor by the uninstaller.
This forum restricts attachments to around 48k, (a bit absurd in 2017); the Malwarebytes log is like ~140K. I realise larger files--even in terms of kilobytes, can be packing malware/trojans/etc. However, in today's digital environment some concessions must be made.

I'll use pastebin as an alternative, malwarebytes log:
https://pastebin.com/nKeYJq4t

Please note anything flagged by the programs to be quarantined, I looked through and let the programs quarantine the items as they requested. (Nothing they flagged appeared important to any software I use or the OS.)

The malware/adware issues have always been confined to the web browser. Most of the symptoms seem to be gone, but I'll continue to monitor things.

Juliet
2017-08-22, 23:46
This forum restricts attachments to around 48k, (a bit absurd in 2017); the Malwarebytes log is like ~140K. I realise larger files--even in terms of kilobytes, can be packing malware/trojans/etc. However, in today's digital environment some concessions must be made.
I will pass the comment along to administrators



The malware/adware issues have always been confined to the web browser. Most of the symptoms seem to be gone, but I'll continue to monitor things.
Good.
A couple more scans should find any remnants that could be left over.

Zemana AntiMalware Free
download it from here (https://www.zemana.com/Download/AntiMalware/Setup/Free/Zemana.AntiMalware.Setup.exe):

Double-click on the file named “Zemana.AntiMalware.Portable” to perform a system scan with Zemana AntiMalware Free.

You may be presented with a User Account Control dialog asking you if you want to run this program. If this happens, you should click “Yes” to allow Zemana AntiMalware to run.
When Zemana AntiMalware starts, click on the “Scan” button to perform a system scan.
without changing any options, press Scan

When Zemana has finished finished scanning it will show a screen that displays any malware that has been detected. To remove all the malicious files, click on the “Next” button.
Zemana AntiMalware will now start to remove all the malicious programs from your computer.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

open Zemana AntiMalware again and locate the latest report
please paste the contents into your reply

When the process is complete, you can close Zemana AntiMalware

~~~~~~~~~~`

ESET Online Scanner

Click here (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) to download the installer for ESET Online Scanner and save it to your Desktop.
Disable all your antivirus and antimalware software - see how to do that here (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
Select Enable detection of potentially unwanted applications.
Click Advanced Settings, then place a checkmark in the following:

Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Click Start to begin scanning.
ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
When the scan is done, click List threats (only available if ESET Online Scanner found something).
Click Export, then save the file to your desktop.
Click Back, then Finish to exit ESET Online Scanner.

Juliet
2017-08-27, 15:05
bump...

Juliet
2017-08-29, 23:16
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.