View Full Version : Malware, logs are attached, this is HP Omen running Win 10
I was getting the BSOD several times a day. I ran Spybot S&D, AdwCleaner, Zemana, Malwarebytes, HitManPro.Alert, Avast Premiere. Spybot S&D, Malwarebytes, Hitman all found and removed a bunch of stuff. Others did not find anything, except AdwCleaner. It found and was unable to remove PUP.optional.advancedsystemcare, PUP.optional.legacy, and PUP.optional.productsetup.A. It said unknown handling error, terminating.
I installed new copy of AdwCleaner, same problem:found them, can't remove them. On the last BSOD, which are still happening but less often, it said system service exception NETIO.sys. I thought there might be a problem with IOBit's Driver Booster so I uninstalled it (not necessarily because I thought it was related to NETIO.sys). I uninstalled a few other programs that I know are optional that I don't absolutely have to have such as Dropbox, etc as they are known for security holes. I ran CCleaner and it removed 65 GB of stuff no longer needed (this was after uninstalling those programs).
I have included the required logs and Spybot's Rootkit scan logs as it found a bunch of stuff. I had to compress 3 of the .txt files.
13009130101301113012
Hello geercom, :welcome:
In order for a volunteer analyst to respond please see the FAQ here (https://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)-Updated&p=1150&viewfull=1#post1150).
Copy and paste the Farbar Recovery Scan Tool and aswMBR logs into this topic as shown.
The Addition.txt can be attached but not zipped.
No need to post a log for the Root Analyzer:
https://forums.spybot.info/showthread.php?68092-Rootkit-Analyzer-Please-do-not-post-scan-result-in-the-Malware-Forum
Best regards. :)
When I pasted the logs previously, I assumed they were too long because submitting the post timed out every time and went to a white error screen without posting the thread. When I tried to attach the files as they were, I got an error that they were too large.
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2018-03-26 14:55:33
-----------------------------
14:55:33.483 OS Version: Windows x64 6.2.9200
14:55:33.483 Number of processors: 8 586 0x9E09
14:55:33.483 ComputerName: DESKTOP-7F1R3BQ UserName: david
14:55:34.389 Initialize success
14:55:34.389 VM: initialized successfully
14:55:34.389 VM: Intel CPU BiosDisabled
14:55:42.487 AVAST engine defs: 18032600
14:56:47.861 The log file has been saved successfully to "C:\Users\david\Desktop\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by david (administrator) on DESKTOP-7F1R3BQ (26-03-2018 14:44:10)
Running from C:\Users\david\Desktop
Loaded Profiles: defaultuser0 & david & Administrator (Available Profiles: defaultuser0 & david & Administrator)
Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2018-03-22] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\windows\system32\rundll32.exe" C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-13] (AVAST Software)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074600 2016-08-28] (The Eraser Project)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [HPMSGSVC] => C:\Program Files (x86)\HP\HPPhoenixCtrl\HPMSGSVC.exe [502032 2016-06-16] (HP Development Company, L.P.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2017-04-22] (QFX Software Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [2482128 2018-03-20] ()
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-07] (Ruiware)
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Run: [f.lux] => C:\Users\david\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-10] (f.lux Software LLC)
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Run: [Amazon Drive] => C:\Users\david\AppData\Local\Amazon Drive\AmazonDrive.exe [6319280 2018-03-22] (Amazon.com Inc.)
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\RunOnce: [Uninstall 18.025.0204.0009\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\david\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64"
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\RunOnce: [Uninstall 18.025.0204.0009] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\david\AppData\Local\Microsoft\OneDrive\18.025.0204.0009"
HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
IFEO\appvlp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\hporbit.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\hpphoenixctrl.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\hpsf.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\irmtmodernui.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iwrap.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenotem.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\rebecca.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\setlang.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\softwareupdate.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2017-10-05]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-02-08]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-12-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{0f97bf0f-54bf-44f8-a554-0401debf0323}: [NameServer] 77.234.40.79
Tcpip\..\Interfaces\{a1ab7776-22f9-428e-a8fd-c83a210a0aa1}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {518b33ae-375d-712d-6742-d1fe0400268d} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-03-18] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-09-22] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-03-18] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-09-22] (HP Inc.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: m3cozkdk.default
FF ProfilePath: C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\m3cozkdk.default [2018-03-26]
FF Homepage: Mozilla\Firefox\Profiles\m3cozkdk.default -> about:home
FF Extension: (Avast SafePrice) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\m3cozkdk.default\Extensions\sp@avast.com.xpi [2017-09-03]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\david\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-09-20] (Cisco WebEx LLC)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/search?q=+
CHR Profile: C:\Users\david\AppData\Local\Google\Chrome\User Data\Default [2018-03-26]
CHR Extension: (Slides) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Docs) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-18]
CHR Extension: (YouTube) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-18]
CHR Extension: (Honey) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-03-10]
CHR Extension: (Rebrandly) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaidebojanpehpceonghnmgdofblnlae [2018-03-26]
CHR Extension: (Chromebleed) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2017-05-18]
CHR Extension: (Adobe Acrobat) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-18]
CHR Extension: (Open options.) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiadekoaikejlgdbkbdfeijglgfdalml [2017-12-08]
CHR Extension: (Sheets) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (HTTPS Everywhere) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-03-01]
CHR Extension: (Google Docs Offline) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-18]
CHR Extension: (Avast Online Security) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-02]
CHR Extension: (Hunter) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhmanijnjhaffoampdlllchpolkdnj [2018-03-21]
CHR Extension: (SimilarWeb - Traffic Rank & Website Analysis) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoklmmgfnpapgjgcpechhaamimifchmp [2018-03-01]
CHR Extension: (Cisco WebEx Extension) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-09-20]
CHR Extension: (Grammarly for Chrome) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-03-21]
CHR Extension: (The Great Suspender) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-06-19]
CHR Extension: (Flashcontrol) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2017-07-13]
CHR Extension: (Crystal) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmaonghoefpmlfgaknnboiekjhfpmajh [2018-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-18]
CHR Extension: (Chrome Media Router) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]
CHR Extension: (Dux-Soup for LinkedIn) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppdakpfeaodfophjplfdedpcodkdkbal [2018-03-26]
CHR Profile: C:\Users\david\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-13] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-13] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [357760 2018-03-13] (AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [7649576 2018-03-09] (AVAST Software)
S4 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677880 2017-04-25] (SEIKO EPSON CORPORATION)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4616328 2018-03-21] (SurfRight B.V.)
S2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
S4 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc.)
S4 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc.)
S4 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S4 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
S4 HPWMISVC; c:\Program Files (x86)\HP\HPPhoenixCtrl\HPWMISVC.exe [554768 2016-06-16] (HP Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
S2 IISExpressSVC; C:\Program Files (x86)\Lansweeper\IISExpress\IISexpressSVC.exe [131072 2017-06-23] (Hemoco bvba) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation)
S4 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation)
S4 IRMTService; C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [182896 2016-10-13] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
S2 lansweeperservice; C:\Program Files (x86)\Lansweeper\Service\Lansweeperservice.exe [17175552 2017-07-27] (Lansweeper) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268928 2017-12-20] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation)
S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [86544 2017-04-22] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2018-03-22] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-01-24] (Microsoft Corporation)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758720 2017-12-20] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [90560 2018-03-22] (Alcorlink Corp.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196648 2018-03-13] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-13] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-13] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-13] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-13] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-03-13] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146656 2018-03-13] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [619984 2018-03-13] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-03-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-03-13] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-03-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-03-13] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-03-13] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-05-18] (The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-03-13] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-07-01] (ELAN Microelectronic Corp.)
R1 hmpalert; C:\windows\system32\drivers\hmpalert.sys [297712 2018-03-21] (SurfRight B.V.)
R3 hmpnet; C:\windows\system32\drivers\hmpnet.sys [93800 2018-03-21] (SurfRight B.V.)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-07-01] (REALiX(tm))
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [198080 2018-03-22] (Intel Corporation)
R3 IntelReadyModeDriver; C:\WINDOWS\System32\drivers\IntelReadyModeDriver.sys [34720 2016-10-13] (Intel Corporation)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [233248 2017-02-19] (QFX Software Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-12] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-26] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-26] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-23] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-26] (Malwarebytes)
S3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw04.sys [3556072 2017-09-03] (Intel Corporation)
S3 NETwNs64; C:\WINDOWS\System32\drivers\Netwsw04.sys [3471880 2017-11-16] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8614888 2018-03-22] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdci.inf_amd64_a33a405d786e1e76\nvlddmkm.sys [17493824 2018-03-22] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2018-03-22] (NVIDIA Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2018-02-02] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-03-22] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-09-03] (Realsil Semiconductor Corporation)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [41104 2016-10-18] (SteelSeries ApS)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [52960 2016-10-04] (SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 UimBus; C:\WINDOWS\System32\drivers\uimbus.sys [108856 2017-04-11] (Paragon Software GmbH)
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uimdevim.sys [44848 2017-04-11] (Paragon Software GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2017-12-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2017-06-17] (Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-26 14:44 - 2018-03-26 14:44 - 000031095 _____ C:\Users\david\Desktop\FRST.txt
2018-03-26 14:43 - 2018-03-26 14:44 - 000000000 ____D C:\FRST
2018-03-26 14:42 - 2018-03-26 14:42 - 002403328 _____ (Farbar) C:\Users\david\Desktop\FRST64.exe
2018-03-26 14:39 - 2018-03-26 14:39 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-7F1R3BQ-Windows-10-Pro-(64-bit).dat
2018-03-26 14:39 - 2018-03-26 14:39 - 000000000 ____D C:\RegBackup
2018-03-26 14:38 - 2018-03-26 14:38 - 000017985 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2018-03-26 14:38 - 2018-03-26 14:38 - 000002319 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-03-26 14:38 - 2018-03-26 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-03-26 14:38 - 2018-03-26 14:38 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-03-26 14:37 - 2018-03-26 14:37 - 005766144 _____ (Tweaking.com) C:\Users\david\Desktop\tweaking.com_registry_backup_setup.exe
2018-03-26 14:31 - 2018-03-26 14:31 - 000000088 _____ C:\Users\david\Desktop\Malware Removal.url
2018-03-26 13:37 - 2018-03-26 13:40 - 000082432 _____ C:\Users\david\Desktop\RE Very important fact check for Stan Sterna comment.msg
2018-03-26 13:37 - 2018-03-26 13:37 - 000076800 _____ C:\Users\david\Desktop\RE Very important question about one of Shane Randolph's comments.msg
2018-03-26 12:01 - 2018-03-26 12:01 - 000061440 _____ C:\Users\david\Desktop\ANSWER THESE AND RETURN TO STACY Few more questions for your Smart Contracts story.msg
2018-03-26 10:17 - 2018-03-26 10:17 - 000000096 _____ C:\Users\david\Desktop\How to Find the Best Contact for Your LOI - Technology Content Marketing Writer - Jennifer Goforth Gregory - Raleigh Freelance Technology Writer.url
2018-03-26 09:40 - 2018-03-26 09:40 - 000103936 _____ C:\Users\david\Desktop\Today's LinkedIn Pulse post.msg
2018-03-25 12:45 - 2018-03-25 12:45 - 000064000 _____ C:\Users\david\Desktop\Your Amazon.com order of Epson 200XL High Yield... has shipped!.msg
2018-03-24 19:21 - 2018-03-24 19:21 - 000000163 _____ C:\Users\david\Desktop\-BEFORE You POST-(Please read this Procedure Before Requesting Assistance)- Updated.url
2018-03-24 17:28 - 2018-03-24 17:28 - 000052224 _____ C:\Users\david\Desktop\Your Amazon.com order of Epson 200XL High Yield... and 1 more item..msg
2018-03-24 03:02 - 2018-03-26 13:30 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-24 03:02 - 2018-03-24 03:02 - 000428744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-24 02:55 - 2018-01-09 19:36 - 000453575 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180324-025507.backup
2018-03-23 21:32 - 2018-03-23 21:32 - 000040448 _____ C:\Users\david\Desktop\CENTRIFY CALL IN DATA FOR WED 28TH 1P ET Discuss Next-Gen Access post.msg
2018-03-23 21:31 - 2018-03-23 21:31 - 000117248 _____ C:\Users\david\Desktop\CALENDAR PREP FOR MEETING KAREN 1P ET WED 28TH.msg
2018-03-23 19:02 - 2018-03-23 19:02 - 000076288 _____ C:\Users\david\Desktop\Story ideas for you Sarah.msg
2018-03-23 18:43 - 2018-03-23 18:43 - 000110592 _____ C:\Users\david\Desktop\KAREN SAID THIS KIND OF TWEET FOR LI PULSE AMP LOOKS GREAT.msg
2018-03-23 18:39 - 2018-03-23 18:39 - 000099840 _____ C:\Users\david\Desktop\SETTING CALL FOR THIS KAREN MON OR WED BETWE 10 AND 4 ET.msg
2018-03-23 18:17 - 2018-03-23 18:17 - 000000000 ___HD C:\$SysReset
2018-03-23 17:44 - 2018-03-23 17:44 - 000000000 ____D C:\Users\david\AppData\Local\Amazon Drive
2018-03-23 16:04 - 2018-03-23 16:04 - 000069120 _____ C:\Users\david\Desktop\RE AICPA article we added more of your comments final approval.msg
2018-03-23 15:30 - 2018-03-23 15:30 - 000092160 _____ C:\Users\david\Desktop\Today's tweet amplifying the blockchain identity post.msg
2018-03-23 15:19 - 2018-03-23 15:19 - 000060416 _____ C:\Users\david\Desktop\Re EXTERNAL Quotes I'd like to use.msg
2018-03-23 14:41 - 2018-03-23 14:41 - 000028672 _____ C:\Users\david\Desktop\EXPERT COMMENT DoJ Indictment of Iranian Hackers.msg
2018-03-23 14:37 - 2018-03-23 14:37 - 000147456 _____ C:\Users\david\Desktop\Re Here is the blog post.msg
2018-03-23 13:26 - 2018-03-23 13:26 - 000000192 _____ C:\Users\david\Desktop\your pc encountered a problem and needs to restart - Microsoft Community.url
2018-03-23 13:26 - 2018-03-23 13:26 - 000000188 _____ C:\Users\david\Desktop\Windows 10 reboot loop with Your PC ran into a problem and needs to - Microsoft Community.url
2018-03-23 13:26 - 2018-03-23 13:26 - 000000083 _____ C:\Users\david\Desktop\-Your PC ran into a problem and needs to restart- error [FIX].url
2018-03-23 13:25 - 2018-03-23 13:25 - 000000266 _____ C:\Users\david\Desktop\Windows 10 your computer encountered a problem and must restart - Google Search.url
2018-03-23 13:25 - 2018-03-23 13:25 - 000000184 _____ C:\Users\david\Desktop\Your PC ran into a problem and needs to restart. - Microsoft Community.url
2018-03-23 13:25 - 2018-03-23 13:25 - 000000104 _____ C:\Users\david\Desktop\Your PC ran into a problem and needs to restart in Windows 10 [Fixed] - EaseUS.url
2018-03-23 13:25 - 2018-03-23 13:25 - 000000103 _____ C:\Users\david\Desktop\Your PC ran into a problem and needs to restart.url
2018-03-23 13:21 - 2018-03-23 13:21 - 000000000 ___HD C:\ProgramData\temp
2018-03-23 11:42 - 2018-03-23 11:56 - 000024054 ____H C:\Users\david\Desktop\~WRL1113.tmp
2018-03-23 11:40 - 2018-03-26 13:53 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-23 11:32 - 2018-03-23 11:32 - 000056320 _____ C:\Users\david\Desktop\WAIT TILL MAY TO PITCH OR PING CHRIS BAYSDEN AGAIN IF NO WORD FROM HIM BY THEN.msg
2018-03-23 09:41 - 2018-03-23 09:41 - 000036864 _____ C:\Users\david\Desktop\Thank you for the work; pitches.msg
2018-03-23 08:04 - 2018-03-23 08:04 - 000000067 _____ C:\Users\david\Desktop\Marketing & Sales Training, Courses, and Certifications - HubSpot Academy.url
2018-03-23 07:44 - 2018-03-23 07:44 - 000000093 _____ C:\Users\david\Desktop\MARKETS TO CONSIDER AND HOW TO MARKET TOO.url
2018-03-23 07:41 - 2018-03-23 07:41 - 000000093 _____ C:\Users\david\Desktop\USE FOR KEYWORDS AND SERVICES IN LI PROFILE SUMMARY.url
2018-03-23 07:26 - 2018-03-23 07:26 - 000000068 _____ C:\Users\david\Desktop\I GET MOST LI VIEWS LAST 3RD OF MONTH.url
2018-03-23 07:17 - 2018-03-23 07:17 - 006435449 _____ C:\Users\david\Desktop\workforce-of-future-appendix.pdf
2018-03-23 06:56 - 2018-03-23 06:56 - 000000300 _____ C:\Users\david\Desktop\How are Windows shortcut files vulnerable to attacks-.url
2018-03-22 15:08 - 2018-03-22 15:08 - 000045056 _____ C:\Users\david\Desktop\Mark McLaughlin (IBM) to speak with David Geer (Risk Management Magazine).msg
2018-03-22 14:39 - 2018-03-22 14:39 - 000045056 _____ C:\Users\david\Desktop\ADD TO QS DOC MARK M AND CALENDAR BEFORE CALL FRI 30TH.msg
2018-03-22 14:14 - 2018-03-22 19:35 - 000049664 _____ C:\Users\david\Desktop\CHRIS B AICPA SAYS SEND INVOICES HAVEN'T SENT FOR HIM PROB THE TWO AND LOOK UP HOW SENT AND WHERE.msg
2018-03-22 14:09 - 2018-03-22 14:09 - 000087040 _____ C:\Users\david\Desktop\DO LI PULSE POST HACK ALIVE AFTER 8A MONDAY, 5 TWEETS ONCE KNOW WHAT POINT TO, SET CALL HAVE IDEAS STORIES READY ETC.msg
2018-03-22 13:45 - 2018-03-22 13:45 - 000080896 _____ C:\Users\david\Desktop\TOLD KAREN CENTRIFY BE READY START UP AGAIN MONDAY.msg
2018-03-22 11:05 - 2018-03-22 11:05 - 000000102 _____ C:\Users\david\Desktop\Customizing Your LOI for Multiple Niches - Technology Content Marketing Writer - Jennifer Goforth Gregory - Raleigh Freelance Technology Writer.url
2018-03-22 09:45 - 2018-03-22 09:45 - 019796336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 016449872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 013444552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 011026080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 001976120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439077.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 001673616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439077.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 001334808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 001325384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 001134768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 001126888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 001054704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 001049480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 001043128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 000988464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 000939832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 000795928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 000740336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 000635248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 000618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 000616240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 000599352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 000506864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-03-22 09:45 - 2018-03-22 09:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-03-22 09:44 - 2018-03-22 09:44 - 040269808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-03-22 09:44 - 2018-03-22 09:44 - 035180016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-03-22 09:44 - 2018-03-22 09:44 - 013333668 _____ C:\WINDOWS\system32\Drivers\Netwfw04.dat
2018-03-22 09:44 - 2018-03-22 09:44 - 012843496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-03-22 09:44 - 2018-03-22 09:44 - 010900248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-03-22 09:44 - 2018-03-22 09:44 - 004308976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-03-22 09:44 - 2018-03-22 09:44 - 003894304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-03-22 09:44 - 2018-03-22 09:44 - 003709424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-03-22 09:44 - 2018-03-22 09:44 - 000117392 _____ C:\WINDOWS\system32\Drivers\ibtfw.dat
2018-03-22 09:43 - 2018-03-22 09:43 - 000045600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 072520704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2018-03-22 09:42 - 2018-03-22 09:42 - 013831786 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-03-22 09:42 - 2018-03-22 09:42 - 003677152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-03-22 09:42 - 2018-03-22 09:42 - 003410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 003122648 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 002922976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 001435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 001348160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 001083424 _____ C:\WINDOWS\system32\AmRdrIco.icl
2018-03-22 09:42 - 2018-03-22 09:42 - 001016920 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000984904 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000877424 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000868168 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000866632 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000737960 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000691672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000526272 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000387304 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000381400 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000321704 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000221960 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000209528 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000090560 _____ (Alcorlink Corp.) C:\WINDOWS\system32\Drivers\AmUStor.sys
2018-03-22 09:42 - 2018-03-22 09:42 - 000088336 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000083616 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2018-03-22 09:42 - 2018-03-22 09:42 - 000005115 _____ C:\WINDOWS\system32\AmUStor.ini
2018-03-21 17:43 - 2018-03-21 17:43 - 001274504 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2018-03-21 17:43 - 2018-03-21 17:43 - 000866440 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2018-03-21 17:43 - 2018-03-21 17:43 - 000093800 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpnet.sys
2018-03-21 11:31 - 2018-03-21 11:31 - 000048640 _____ C:\Users\david\Desktop\Latest news from Naked Security (03212018).msg
2018-03-21 10:24 - 2018-03-21 10:24 - 000030208 _____ C:\Users\david\Desktop\Centrify Corporation Payment Notification 0000031211.msg
2018-03-21 03:14 - 2018-03-21 03:14 - 000044544 _____ C:\Users\david\Desktop\You're activated!.msg
2018-03-20 18:10 - 2018-03-21 14:30 - 000056320 _____ C:\Users\david\Desktop\Re URGENT REMINDER Docker Payment Portal Registration required.msg
2018-03-20 17:45 - 2018-03-20 17:45 - 000000066 _____ C:\Users\david\Desktop\ActualTech Media - About ActualTech Media.url
2018-03-20 17:44 - 2018-03-20 17:44 - 000000078 _____ C:\Users\david\Desktop\Editorial Calendar.url
2018-03-20 17:40 - 2018-03-20 17:40 - 000091648 _____ C:\Users\david\Desktop\WILL LET ME KNOW WHEN SHE WANTS TO GO LIVE WITH HACKING IND LI PULSE POST PERHAPS MONDAY.msg
2018-03-20 17:39 - 2018-03-20 17:39 - 000102912 _____ C:\Users\david\Desktop\ALL GOOD W KAREN REYNOLDS LET HER KNOW WHEN BACK UP AND RUNNING.msg
2018-03-20 17:16 - 2018-03-20 17:16 - 000049152 _____ C:\Users\david\Desktop\RE Did you get everything you needed with my first invoice.msg
2018-03-20 17:15 - 2018-03-20 17:15 - 000039936 _____ C:\Users\david\Desktop\IBM's Watson Assistant is coming to IFTTT.msg
2018-03-20 17:13 - 2018-03-20 17:13 - 000036352 _____ C:\Users\david\Desktop\Homeland Security Experts Build $50 million Blockchain.msg
2018-03-20 15:27 - 2018-03-23 16:15 - 000045568 _____ C:\Users\david\Desktop\RE FM Fatal Flaw Review Request (rq5702-414).msg
2018-03-20 15:07 - 2018-03-23 16:03 - 000089088 _____ C:\Users\david\Desktop\FM Fatal Flaw Review Request (rq5702-414).msg
2018-03-20 14:57 - 2018-03-20 14:57 - 000040960 _____ C:\Users\david\Desktop\Re Anything in the pipeline.msg
2018-03-20 13:54 - 2018-03-20 13:54 - 000022016 _____ C:\Users\david\Desktop\Orbitz Breach - need sources.msg
2018-03-19 10:21 - 2018-03-19 10:21 - 000084480 _____ C:\Users\david\Desktop\Today's LI pulse post illness.msg
2018-03-18 14:50 - 2018-03-18 14:50 - 000029696 _____ C:\Users\david\Desktop\Re Part of the tree came down front yard.msg
2018-03-16 14:54 - 2018-03-16 14:54 - 000077312 _____ C:\Users\david\Desktop\Link to today's tweet.msg
2018-03-16 14:34 - 2018-03-16 14:34 - 000100352 _____ C:\Users\david\Desktop\Here is the hacking industry alive and well post.msg
2018-03-16 10:49 - 2018-03-16 10:49 - 001008980 _____ C:\Users\david\Desktop\security-advisor_security-outlook-2017_december.pdf
2018-03-15 10:01 - 2018-03-15 10:01 - 000061952 _____ C:\Users\david\Desktop\RE 1099 Form.msg
2018-03-13 20:02 - 2018-03-13 20:01 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-13 15:36 - 2018-03-01 23:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-13 15:36 - 2018-03-01 22:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-13 15:36 - 2018-03-01 03:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-13 15:36 - 2018-03-01 03:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-13 15:36 - 2018-03-01 03:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-13 15:36 - 2018-03-01 03:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-13 15:36 - 2018-03-01 03:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-13 15:36 - 2018-03-01 03:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-13 15:36 - 2018-03-01 03:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-13 15:36 - 2018-03-01 03:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-13 15:36 - 2018-03-01 03:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-13 15:36 - 2018-03-01 03:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-13 15:36 - 2018-03-01 03:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-13 15:36 - 2018-03-01 03:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-13 15:36 - 2018-03-01 03:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-13 15:36 - 2018-03-01 03:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-13 15:36 - 2018-03-01 03:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-13 15:36 - 2018-03-01 03:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-13 15:36 - 2018-03-01 03:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-13 15:36 - 2018-03-01 03:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-13 15:36 - 2018-03-01 03:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-13 15:36 - 2018-03-01 03:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-13 15:36 - 2018-03-01 03:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-13 15:36 - 2018-03-01 03:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-13 15:36 - 2018-03-01 03:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-13 15:36 - 2018-03-01 03:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-13 15:36 - 2018-03-01 03:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-13 15:36 - 2018-03-01 03:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 15:36 - 2018-03-01 03:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-13 15:36 - 2018-03-01 03:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-13 15:36 - 2018-03-01 03:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-13 15:36 - 2018-03-01 03:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-13 15:36 - 2018-03-01 03:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-13 15:36 - 2018-03-01 03:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-13 15:36 - 2018-03-01 03:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-13 15:36 - 2018-03-01 03:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-13 15:36 - 2018-03-01 03:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-13 15:36 - 2018-03-01 02:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-13 15:36 - 2018-03-01 02:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-13 15:36 - 2018-03-01 02:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-13 15:36 - 2018-03-01 02:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-13 15:36 - 2018-03-01 02:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-13 15:36 - 2018-03-01 02:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 15:36 - 2018-03-01 02:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-13 15:36 - 2018-03-01 02:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-13 15:36 - 2018-03-01 02:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-13 15:36 - 2018-03-01 02:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-13 15:36 - 2018-03-01 02:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-13 15:36 - 2018-03-01 02:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-13 15:36 - 2018-03-01 02:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-13 15:36 - 2018-03-01 02:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-13 15:36 - 2018-03-01 02:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-13 15:36 - 2018-03-01 02:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-13 15:36 - 2018-03-01 02:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-13 15:36 - 2018-03-01 02:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-13 15:36 - 2018-03-01 02:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 15:36 - 2018-03-01 02:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-13 15:36 - 2018-03-01 01:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-13 15:36 - 2018-03-01 01:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-13 15:36 - 2018-03-01 01:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-13 15:36 - 2018-03-01 01:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-13 15:36 - 2018-03-01 01:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-13 15:36 - 2018-03-01 01:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-13 15:36 - 2018-03-01 01:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-13 15:36 - 2018-03-01 01:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-13 15:36 - 2018-03-01 01:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-13 15:36 - 2018-03-01 01:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-13 15:36 - 2018-03-01 01:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-13 15:36 - 2018-03-01 01:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-13 15:36 - 2018-03-01 01:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-13 15:36 - 2018-03-01 01:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-13 15:36 - 2018-03-01 01:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-13 15:36 - 2018-03-01 01:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-13 15:36 - 2018-03-01 01:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-13 15:36 - 2018-03-01 01:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-13 15:36 - 2018-03-01 01:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-13 15:36 - 2018-03-01 01:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-13 15:36 - 2018-03-01 01:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-13 15:36 - 2018-03-01 01:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-13 15:36 - 2018-03-01 01:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-13 15:36 - 2018-03-01 01:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-13 15:36 - 2018-03-01 01:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-13 15:36 - 2018-03-01 01:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-13 15:36 - 2018-03-01 01:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-13 15:36 - 2018-03-01 01:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-13 15:36 - 2018-03-01 01:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-13 15:36 - 2018-03-01 01:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-13 15:36 - 2018-03-01 01:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-13 15:36 - 2018-03-01 01:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-13 15:36 - 2018-03-01 01:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-13 15:36 - 2018-03-01 01:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-13 15:36 - 2018-03-01 01:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-13 15:36 - 2018-03-01 01:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-13 15:36 - 2018-03-01 01:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-13 15:36 - 2018-03-01 01:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-13 15:36 - 2018-03-01 01:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-13 15:36 - 2018-03-01 01:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-13 15:36 - 2018-03-01 01:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-13 15:36 - 2018-03-01 01:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-13 15:36 - 2018-03-01 01:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-13 15:36 - 2018-03-01 01:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-13 15:36 - 2018-03-01 01:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-13 15:36 - 2018-03-01 01:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-13 15:36 - 2018-03-01 01:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-13 15:36 - 2018-03-01 01:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-13 15:36 - 2018-03-01 01:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-13 15:36 - 2018-03-01 01:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-13 15:36 - 2018-03-01 01:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-13 15:36 - 2018-03-01 01:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-13 15:36 - 2018-03-01 01:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-13 15:36 - 2018-03-01 01:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-13 15:36 - 2018-03-01 01:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-13 15:36 - 2018-03-01 01:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-13 15:36 - 2018-03-01 01:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-13 15:36 - 2018-03-01 01:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-13 15:36 - 2018-02-21 22:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-13 15:36 - 2018-02-21 22:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-13 15:36 - 2018-02-21 22:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-13 15:36 - 2018-02-21 22:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-13 15:36 - 2018-02-21 22:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-13 15:36 - 2018-02-21 22:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-13 15:36 - 2018-02-21 22:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-13 15:36 - 2018-02-21 22:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-13 15:36 - 2018-02-21 22:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-13 15:36 - 2018-02-21 22:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-13 15:36 - 2018-02-21 22:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-13 15:36 - 2018-02-21 22:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-13 15:36 - 2018-02-21 22:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-13 15:36 - 2018-02-21 22:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-13 15:36 - 2018-02-21 22:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-13 15:36 - 2018-02-21 21:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-13 15:36 - 2018-02-21 21:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-13 15:36 - 2018-02-21 21:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-13 15:36 - 2018-02-21 21:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-13 15:36 - 2018-02-21 21:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-13 15:36 - 2018-02-21 21:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-13 15:36 - 2018-02-21 21:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-13 15:36 - 2018-02-21 20:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-13 15:36 - 2018-02-21 20:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-13 15:36 - 2018-02-21 20:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-13 15:36 - 2018-02-21 20:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2018-03-13 15:36 - 2018-02-21 20:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-13 15:36 - 2018-02-21 20:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-13 15:36 - 2018-02-21 20:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-13 15:36 - 2018-02-21 20:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 15:35 - 2018-03-01 23:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-13 15:35 - 2018-03-01 23:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-13 15:35 - 2018-03-01 23:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 15:35 - 2018-03-01 23:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-13 15:35 - 2018-03-01 23:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-13 15:35 - 2018-03-01 16:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-13 15:35 - 2018-03-01 03:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-13 15:35 - 2018-03-01 03:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-13 15:35 - 2018-03-01 03:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-13 15:35 - 2018-03-01 03:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-13 15:35 - 2018-03-01 03:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-13 15:35 - 2018-03-01 03:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-13 15:35 - 2018-03-01 03:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-13 15:35 - 2018-03-01 02:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-13 15:35 - 2018-03-01 02:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-13 15:35 - 2018-03-01 02:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-13 15:35 - 2018-03-01 02:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-13 15:35 - 2018-03-01 02:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-13 15:35 - 2018-03-01 02:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-13 15:35 - 2018-03-01 01:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 15:35 - 2018-03-01 01:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-13 15:35 - 2018-03-01 01:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-13 15:35 - 2018-03-01 01:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-13 15:35 - 2018-03-01 01:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-13 15:35 - 2018-03-01 01:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-13 15:35 - 2018-03-01 01:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-13 15:35 - 2018-03-01 01:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-13 15:35 - 2018-03-01 01:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 15:35 - 2018-03-01 01:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-13 15:35 - 2018-03-01 01:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-13 15:35 - 2018-03-01 01:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-13 15:35 - 2018-03-01 01:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-13 15:35 - 2018-03-01 01:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-13 15:35 - 2018-03-01 01:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-13 15:35 - 2018-02-21 22:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-13 15:35 - 2018-02-21 21:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-13 15:35 - 2018-02-21 20:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-13 15:35 - 2018-02-21 20:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-13 15:35 - 2018-02-21 20:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-13 09:18 - 2018-03-13 09:18 - 000043520 _____ C:\Users\david\Desktop\Pavan Udayagiri sent you a new message.msg
2018-03-12 18:19 - 2018-03-26 13:30 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-12 18:19 - 2018-03-26 13:30 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-12 18:19 - 2018-03-23 18:11 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-12 18:19 - 2018-03-12 18:19 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-12 18:19 - 2018-03-12 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-12 15:19 - 2018-03-12 15:19 - 000036864 _____ C:\Users\david\Desktop\New tweet links.msg
2018-03-12 15:00 - 2018-03-12 15:15 - 000047616 _____ C:\Users\david\Desktop\RE Today's tweet.msg
2018-03-12 09:20 - 2018-03-12 09:20 - 000093696 _____ C:\Users\david\Desktop\RE No word yet; is it time to invoice you.msg
2018-03-10 17:40 - 2018-03-10 17:40 - 000000053 _____ C:\Users\david\Desktop\Billions - Official Series Site - SHOWTIME.url
2018-03-09 20:06 - 2018-03-09 20:06 - 000106496 _____ C:\Users\david\Desktop\How long do they take to pay.msg
2018-03-09 13:27 - 2018-03-09 13:27 - 000036864 _____ C:\Users\david\Desktop\SEND DeOS TECH TIP AND INVOICE TO ROB WRIGHT NOT BRENDA BUT COPY HER.msg
2018-03-08 22:33 - 2018-03-10 20:27 - 000000100 _____ C:\Users\david\Desktop\Today's notice and being paid to share or endorse a product or service - LinkedIn Help Forum.url
2018-03-08 22:24 - 2018-03-08 22:24 - 000059904 _____ C:\Users\david\Desktop\Updates to our Terms of Service.msg
2018-03-08 19:20 - 2018-03-08 19:20 - 000001638 _____ C:\Users\david\Desktop\TechTarget--DeOS {SEND ART & INVOICE TO ROB, COPY BRENDA} Attacks Tech Tip - Shortcut.lnk
2018-03-08 15:39 - 2018-03-08 15:39 - 000224256 _____ C:\Users\david\Desktop\Analytics from all tweets.msg
2018-03-08 11:51 - 2018-03-20 13:29 - 000048128 _____ C:\Users\david\Desktop\Re Apple project.msg
2018-03-07 17:53 - 2018-03-08 15:38 - 000068096 _____ C:\Users\david\Desktop\BY FRI MORN 9TH PUT ANALYTICS FROM ALL 5 CENTRIFY TWEETS TOGETHER IN DOC AND SEND TO KAREN.msg
2018-03-07 12:01 - 2018-03-07 12:01 - 000001765 _____ C:\Users\david\Desktop\Centrify--LIPulse, Blockchain+ID How Secure, + 5-7Tweets - Shortcut.lnk
2018-03-07 12:01 - 2018-03-07 12:01 - 000001711 _____ C:\Users\david\Desktop\Centrify--LI Pulse, Hacking Industry, + 5-7 Tweets - Shortcut.lnk
2018-03-07 11:16 - 2018-03-07 11:16 - 000061952 _____ C:\Users\david\Desktop\CodeCanyon Update available for 'WPBakery Page Builder for WordPress (formerly Visual Composer)'.msg
2018-03-06 20:07 - 2018-03-06 20:07 - 000045056 _____ C:\Users\david\Desktop\Re David Geer SoW - for next 3 Pulse Posts.msg
2018-03-06 12:21 - 2018-03-06 12:21 - 000024064 _____ C:\Users\david\Desktop\Reply to thread 'parts that keep cupboard doors and closet doors closed'.msg
2018-03-05 18:17 - 2018-03-05 18:17 - 000000212 _____ C:\Users\david\Desktop\5% CASH BACK GROCERIES APRIL THRU JUNE DISCOVER CARD.url
2018-03-05 17:35 - 2018-03-05 17:35 - 000001850 _____ C:\Users\david\Desktop\AICPA, for Sabine V--8 insights boards know AI - Shortcut.lnk
2018-03-02 19:28 - 2018-03-02 19:28 - 000001626 _____ C:\Users\david\Desktop\Centrify--1 LinkedIn Pulse post Equifax, 5 Tweets - Shortcut.lnk
2018-03-01 22:01 - 2018-03-01 22:01 - 000000000 ____D C:\Users\david\AppData\Local\{1442221E-30EA-4EA6-5D72-6B4E791A97D6}
2018-02-28 20:48 - 2018-02-28 20:48 - 000001707 _____ C:\Users\david\Desktop\QASymphony--Barriers to Adopting Test Automation - Shortcut.lnk
2018-02-28 19:35 - 2018-02-28 19:35 - 000001715 _____ C:\Users\david\Desktop\RMM--Smart contracts & risk management - Shortcut.lnk
2018-02-28 17:17 - 2018-02-28 17:27 - 000060416 _____ C:\Users\david\Desktop\Re Pitch--slideshow seven hard truths about blockchain security.msg
2018-02-28 16:20 - 2018-02-28 16:20 - 000059904 _____ C:\Users\david\Desktop\FW Heard a rumor you were back doing some work at IDG.msg
2018-02-28 12:59 - 2018-03-20 13:40 - 000055808 _____ C:\Users\david\Desktop\Re Support on content creation.msg
2018-02-28 11:46 - 2018-02-28 11:46 - 000097792 _____ C:\Users\david\Desktop\Analytics for 2nd and 3rd tweet.msg
2018-02-27 17:26 - 2018-02-27 17:26 - 000116736 _____ C:\Users\david\Desktop\CONTACT WPP AGENCIES THIS WAY.msg
2018-02-27 16:59 - 2018-02-27 16:59 - 000103936 _____ C:\Users\david\Desktop\RE Thank you for connecting on LinkedIn.msg
2018-02-27 15:09 - 2018-02-27 15:09 - 000001647 _____ C:\Users\david\Desktop\iboss-Hackers target cybersec sw - Shortcut.lnk
2018-02-27 15:09 - 2018-02-27 15:09 - 000001521 _____ C:\Users\david\Desktop\iboss-DeOS attacks - Shortcut.lnk
2018-02-27 12:19 - 2018-02-27 12:19 - 000084992 _____ C:\Users\david\Desktop\CONTACT THIS EDITOR ABOUT WRITING FOR THE FOUNDRY AGAIN.msg
2018-02-27 05:01 - 2018-02-27 14:53 - 000046592 _____ C:\Users\david\Desktop\SEND REQUESTED SAMPLES.msg
2018-02-26 19:27 - 2018-02-26 19:27 - 000049152 _____ C:\Users\david\Desktop\Re Risk cybersecurity technical topics.msg
2018-02-26 17:41 - 2018-02-26 17:41 - 000032256 _____ C:\Users\david\Desktop\ASKED JOAN ABOUT HER LONG FORM CONTENT NEEDS AT IDG NOW SHE BACK WITH IDG SMS.msg
2018-02-26 15:59 - 2018-02-26 15:59 - 000030720 _____ C:\Users\david\Desktop\3rd tweet link.msg
2018-02-26 14:47 - 2018-02-26 14:47 - 000935936 _____ C:\Users\david\Desktop\TECH AND OTHER EDITOR EMAILS.msg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-26 14:44 - 2017-06-17 18:42 - 000699676 _____ C:\WINDOWS\ZAM.krnl.trace
2018-03-26 14:43 - 2017-06-17 18:42 - 000120544 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-03-26 14:43 - 2017-05-18 14:21 - 000000000 ____D C:\WINDOWS\CryptoGuard
2018-03-26 14:36 - 2017-06-24 09:43 - 000000000 ___RD C:\Users\david\Documents\Home, office tech, other
2018-03-26 14:34 - 2017-07-01 15:47 - 000000000 ____D C:\Users\david\AppData\Local\ClassicShell
2018-03-26 14:30 - 2017-06-18 13:18 - 000000000 ____D C:\Users\david\Documents\Outlook Files
2018-03-26 14:26 - 2017-08-07 12:37 - 000000000 ____D C:\Users\david\AppData\Roaming\StyleGuard
2018-03-26 14:18 - 2017-09-30 07:16 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-26 14:18 - 2017-06-29 05:33 - 000000000 ____D C:\AdwCleaner
2018-03-26 14:10 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-03-26 13:45 - 2017-09-03 09:06 - 000000000 ____D C:\Users\david\AppData\Roaming\Opera Software
2018-03-26 13:45 - 2017-09-03 09:06 - 000000000 ____D C:\Users\david\AppData\Local\Opera Software
2018-03-26 13:45 - 2017-09-03 09:06 - 000000000 ____D C:\Program Files (x86)\Opera
2018-03-26 13:44 - 2017-05-18 14:54 - 000000000 ____D C:\Program Files\Sandboxie
2018-03-26 13:44 - 2017-05-18 11:10 - 000000000 ___RD C:\Users\david\OneDrive
2018-03-26 13:38 - 2018-01-24 09:38 - 001335196 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-26 13:35 - 2017-05-18 14:23 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-03-26 13:32 - 2017-07-02 08:53 - 000000000 ____D C:\Users\david\AppData\Roaming\IObit
2018-03-26 13:32 - 2017-07-01 17:43 - 000000000 ____D C:\ProgramData\ProductData
2018-03-26 13:30 - 2018-01-24 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-26 13:30 - 2018-01-24 09:38 - 000000000 ____D C:\Users\david
2018-03-26 13:30 - 2018-01-24 09:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-26 13:30 - 2017-06-23 21:56 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleFordavid.job
2018-03-26 12:01 - 2018-01-24 09:38 - 000000000 ____D C:\Users\david\AppData\Local\Packages
2018-03-26 11:25 - 2017-06-24 10:58 - 000000000 ___RD C:\Users\david\Documents\Taxes
2018-03-24 21:36 - 2018-01-24 09:45 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFordavid
2018-03-24 03:02 - 2017-05-18 14:21 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2018-03-24 03:01 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-24 03:01 - 2017-05-18 14:21 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-24 02:56 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-24 02:56 - 2017-05-18 14:19 - 000000000 ____D C:\Users\david\AppData\Roaming\hpqLog
2018-03-24 02:51 - 2017-09-16 08:27 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-03-24 02:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-23 18:22 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-23 18:15 - 2017-07-06 10:10 - 000000000 ____D C:\Users\david\AppData\Local\ElevatedDiagnostics
2018-03-23 18:11 - 2018-01-24 09:45 - 000002916 _____ C:\WINDOWS\System32\Tasks\HPJumpStartLaunch
2018-03-23 17:44 - 2017-12-12 07:27 - 000001225 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Drive.lnk
2018-03-23 17:44 - 2017-07-03 18:55 - 000000000 ____D C:\Users\david\AppData\Roaming\Amazon Cloud Drive
2018-03-23 16:33 - 2018-01-23 06:14 - 000000000 ___DC C:\WINDOWS\Panther
2018-03-23 13:24 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-23 13:24 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-23 13:22 - 2017-05-18 16:11 - 000000000 ____D C:\Program Files (x86)\Rainlendar2
2018-03-23 11:40 - 2018-01-24 09:38 - 000000000 ____D C:\Users\defaultuser0
2018-03-23 11:40 - 2018-01-24 09:38 - 000000000 ____D C:\Users\Administrator
2018-03-22 19:26 - 2017-05-18 11:15 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-22 10:25 - 2017-05-18 11:14 - 000000000 ____D C:\Users\david\AppData\Local\CrashDumps
2018-03-22 10:24 - 2018-01-24 09:45 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-03-22 09:45 - 2017-11-16 09:15 - 017493824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2018-03-22 09:45 - 2017-11-16 09:15 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb
2018-03-22 09:44 - 2017-11-16 09:15 - 004580832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-03-22 09:44 - 2017-11-16 09:14 - 000198080 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ibtusb.sys
2018-03-22 09:44 - 2017-10-05 23:38 - 008614888 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw04.sys
2018-03-22 09:44 - 2017-10-01 12:55 - 001026896 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2018-03-22 09:43 - 2018-01-24 09:37 - 000002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2018-03-22 09:43 - 2017-11-16 11:06 - 001682288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2018-03-22 09:43 - 2017-11-16 11:06 - 000226760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2018-03-22 09:43 - 2017-10-01 12:55 - 000059240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-03-22 09:42 - 2018-01-24 09:45 - 000003194 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-03-22 09:42 - 2017-11-16 09:14 - 005995944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2018-03-22 09:42 - 2017-11-16 09:14 - 003561920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2018-03-22 09:42 - 2017-11-16 09:14 - 003509192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-03-22 09:42 - 2017-11-16 09:14 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2018-03-22 09:42 - 2017-11-16 09:14 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2018-03-22 09:42 - 2017-09-30 07:16 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-03-22 09:42 - 2017-07-01 18:17 - 000018464 _____ (Alcorlink Corp.) C:\WINDOWS\system32\AmUStor2.dll
2018-03-21 20:30 - 2018-01-24 09:51 - 000000000 ___RD C:\Users\david\3D Objects
2018-03-21 20:30 - 2016-07-29 08:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-21 20:29 - 2017-05-18 14:21 - 000000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2018-03-21 20:28 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-21 20:28 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-21 20:28 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-21 20:28 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-21 19:11 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-21 17:43 - 2017-05-18 14:21 - 000297712 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2018-03-20 14:01 - 2018-02-04 19:07 - 000655360 _____ C:\Users\david\Desktop\MUST INVOICE CENTRIFY THSI WAY WITH PO FROM THEM AND COPYING AP AND MY CONTACT.msg
2018-03-20 13:53 - 2017-10-26 10:01 - 000055808 _____ C:\Users\david\Desktop\SHES FROM SHAKER HEIGHTS GRAD BEACHWOOD HS s.msg
2018-03-20 13:50 - 2017-09-17 15:05 - 000042496 _____ C:\Users\david\Desktop\New blog post ideas.msg
2018-03-20 13:14 - 2017-06-24 10:51 - 000000000 ___RD C:\Users\david\Documents\Markets, Queries
2018-03-20 12:57 - 2017-06-24 10:56 - 000000000 ___RD C:\Users\david\Documents\Personal
2018-03-20 11:15 - 2017-06-24 10:51 - 000000000 ___RD C:\Users\david\Documents\Marketing, Social Networking, Etc
2018-03-20 07:27 - 2017-05-18 14:54 - 000001864 _____ C:\WINDOWS\Sandboxie.ini
2018-03-18 04:28 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-18 04:26 - 2017-02-08 11:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-13 20:05 - 2018-01-05 05:03 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-03-13 20:04 - 2018-01-24 09:45 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-03-13 20:01 - 2017-11-16 06:43 - 000196648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-13 20:01 - 2017-06-18 15:26 - 000619984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2018-03-13 20:01 - 2017-05-18 11:48 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-13 20:01 - 2017-05-18 11:48 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-13 20:01 - 2017-05-18 11:48 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-13 20:01 - 2017-05-18 11:48 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-03-13 20:01 - 2017-05-18 11:48 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-03-13 20:01 - 2017-05-18 11:48 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-03-13 20:01 - 2017-05-18 11:48 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-03-13 20:01 - 2017-05-18 11:48 - 000146656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-13 20:01 - 2017-05-18 11:48 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-03-13 20:01 - 2017-05-18 11:48 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-13 20:01 - 2017-05-18 11:48 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-03-13 20:01 - 2017-05-18 11:48 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-13 15:41 - 2017-05-18 12:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-13 15:39 - 2017-10-10 23:37 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-13 15:38 - 2017-05-18 12:44 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 15:37 - 2017-09-29 09:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-13 15:37 - 2017-09-29 09:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-12 15:37 - 2017-08-02 14:41 - 000000000 ____D C:\Users\david\AppData\Roaming\audacity
2018-03-09 14:34 - 2017-07-01 17:50 - 000000600 _____ C:\Users\david\AppData\Roaming\winscp.rnd
2018-03-03 11:22 - 2018-01-24 09:45 - 000004284 _____ C:\WINDOWS\System32\Tasks\Avast TUNEUP Update
2018-03-02 17:09 - 2018-02-16 23:24 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 17:09 - 2018-02-16 23:24 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-02 13:57 - 2017-06-24 10:57 - 000000000 ___RD C:\Users\david\Documents\Songs
2018-03-01 22:00 - 2017-07-01 17:42 - 000000000 ____D C:\ProgramData\IObit
2018-03-01 21:33 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-03-01 21:33 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-03-01 15:21 - 2018-02-15 19:18 - 000049152 _____ C:\Users\david\Desktop\PITCHED TO RMM, ALSO PITCH THIS AND OTHER VER ELSEWHERE.msg
2018-02-26 21:02 - 2018-01-24 09:45 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-24 03:16 - 2017-05-18 16:12 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories =======
2017-06-18 13:27 - 2017-06-18 13:27 - 000022913 _____ () C:\Users\david\AppData\Roaming\Comma Separated Values (Windows).ADR
2017-06-22 17:55 - 2017-10-12 10:43 - 000037833 _____ () C:\Users\david\AppData\Roaming\Comma Separated Values.ADR
2017-07-01 17:50 - 2018-03-09 14:34 - 000000600 _____ () C:\Users\david\AppData\Roaming\winscp.rnd
2017-07-01 16:56 - 2017-07-01 16:56 - 000000017 _____ () C:\Users\david\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532829.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532985.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174533423.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174538083.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-03-25 19:02
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by david (26-03-2018 14:44:34)
Running from C:\Users\david\Desktop
Windows 10 Pro Version 1709 16299.309 (X64) (2018-01-24 13:47:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3840204244-4144708379-2675172571-500 - Administrator - Enabled) => C:\Users\Administrator
david (S-1-5-21-3840204244-4144708379-2675172571-1001 - Administrator - Enabled) => C:\Users\david
david_ufnzexa (S-1-5-21-3840204244-4144708379-2675172571-1003 - Limited - Disabled)
DefaultAccount (S-1-5-21-3840204244-4144708379-2675172571-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3840204244-4144708379-2675172571-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3840204244-4144708379-2675172571-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3840204244-4144708379-2675172571-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Amazon Drive (HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Amazon Drive) (Version: 5.2.3 - Amazon.com, Inc.)
Amazon Kindle (HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.46 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 17.3.4228 - AVAST Software)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
AxCrypt 2.1.1494.0 (HKLM\...\{876F52CC-40A6-C31F-B14E-9E47509F6BAD}) (Version: 2.1.1494.0 - AxCrypt AB) Hidden
AxCrypt 2.1.1494.0 (HKLM-x32\...\{699479f3-15fe-49aa-88cf-d76d0bbe1f71}) (Version: 2.1.1494.0 - AxCrypt AB)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version: - TGRMN Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.7103 - CyberLink Corp.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.82.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Eraser 6.2.0.2979 (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project)
f.lux (HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grammarly (HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\GrammarlyForWindows) (Version: 1.5.29 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{B443A4BE-E688-43BD-B152-6724A38437B1}) (Version: 6.6.129 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\{da7635e6-2ab8-496a-b5b5-8f82fb640c16}) (Version: 6.6.129 - Grammarly)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.7.6.738 - SurfRight B.V.)
HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.2 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8361.5688 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{30514137-FB26-4E1A-A3B4-5B48680F3ECE}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{D566DA31-9325-400E-B309-4BBA18B367E3}) (Version: 12.8.47.1 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{025C1573-2F1D-46AF-BAB8-594EBF56A889}) (Version: 1.4.11 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Ready Mode Technology (HKLM\...\{CC3C017C-876D-4A31-A128-593FF92A1FE7}) (Version: 1.1.70.528 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{F50984E6-5E69-4A75-B1A5-7F5B4D964EB0}) (Version: 19.11.1641.0703 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed4a5da7-ac62-4aa5-9502-7b4de55e8cb5}) (Version: 20.20.2 - Intel Corporation)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.11.0.3 - QFX Software Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
OMEN Control (HKLM-x32\...\{AFE5BCE5-46DD-4DFA-9DD9-00F42E15ABD9}) (Version: 1.1.1 - HP)
Paragon Backup & Recovery™ 16 (HKLM\...\{FA02F344-8F3D-4EDC-97DA-A7B4469EC72E}) (Version: 10.2.0.1235 - Paragon Software) Hidden
Paragon Backup & Recovery™ 16 (HKLM-x32\...\{e34dc417-19f0-4881-8438-130eeb95d85b}) (Version: 10.2.0.1235 - Paragon Software GmbH)
Paragon UIM (HKLM\...\{56EECD69-F428-41C4-ADF6-6CDEE14DDF3F}) (Version: 20.0.0.4 - Paragon Software) Hidden
PeaZip 6.4.1 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.4.1 - Giorgio Tani)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8264 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SteelSeries Engine 3.9.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.9.1 - SteelSeries ApS)
StyleGuard for Word 2013 (HKLM-x32\...\{E772411C-8FA7-4B12-9BF4-2C1E67A86604}) (Version: 3.16.0601 - StyleGuard)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
WinSCP 5.11.3 (HKLM-x32\...\winscp3_is1) (Version: 5.11.3 - Martin Prikryl)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\david\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.6.129\8E542C5E5C\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-13] (AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-08] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-13] (AVAST Software)
ContextMenuHandlers1: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\AxCrypt\AxCrypt\ShellExt.dll [2017-04-20] (AxCrypt AB)
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-13] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-06] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-08] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-13] (AVAST Software)
ContextMenuHandlers6: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\AxCrypt\AxCrypt\ShellExt.dll [2017-04-20] (AxCrypt AB)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02763B06-4489-4B43-B370-B6CBA830C0E5} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {08C76EA7-E305-4E43-A385-B38BD425B52E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {09FC7C8A-A433-4DE4-9DC1-F2772DBDA66D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-17] ()
Task: {117E1754-61A8-4DA7-80D1-7BC3FA3A35B3} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-10-04] (HP Inc.)
Task: {27287D1C-0136-4B0C-8E96-D27DC856E3C9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-18] (Microsoft Corporation)
Task: {2B4BFF20-5221-4BD7-BE04-F0F62967014F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2018-03-22] (Realtek Semiconductor)
Task: {2F72DB27-507E-4867-8D08-BB1EA3078EDE} - System32\Tasks\EPSON XP-310 Series Invitation {AD4B3D86-8A7B-44B2-B634-2FBACD597EA3} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {33899C33-8F67-4BBA-B563-BD59AF63E1CF} - System32\Tasks\EPSON XP-310 Series Update {B6F0F63F-1841-4E98-B1F8-736E49490B37} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {4FA45BB6-66AC-4E95-9669-B247E91A14F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {569EE456-83E5-4DC5-9C34-456CE2648240} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {59F8152E-173C-44E9-8045-0156988876E4} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\david\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {632227D3-6364-4188-9D48-0E45846B8A41} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {65C74806-196E-48E9-A947-16571F89AA9F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {68DEE128-477D-4BB5-9E15-A44603430DEE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-07] (AVAST Software)
Task: {6AA71443-6D56-4CE5-8FAF-9442FAD19D1D} - System32\Tasks\SafeZone scheduled Autoupdate 1495122600 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {75B2A1BA-3541-4B8D-9162-1C4985AF9D6E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {77C8EAE9-1A4F-4662-9504-5231A2E7F01D} - System32\Tasks\HPCeeScheduleFordavid => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {7808A0BF-E35E-42AA-822F-D331C9CD6799} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {7AF678D5-7AAD-4E6B-92AD-56553559864E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {7DCACBA5-CE33-4F91-8452-CA1DBED1B1B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {85A3292C-E5B2-4A3E-81E6-CEF89BDA8978} - System32\Tasks\EPSON XP-310 Series Update {AD4B3D86-8A7B-44B2-B634-2FBACD597EA3} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {8C4FD5F0-24A4-4538-A48D-5F6A8C9E5312} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {8C8ED49C-2C50-4A1A-84CD-300D7CBAF2DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-18] (Google Inc.)
Task: {9CD2F90E-4CDA-4559-B7BD-012852E4F2C3} - System32\Tasks\EPSON XP-310 Series Invitation {B6F0F63F-1841-4E98-B1F8-736E49490B37} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {9FAB5892-4E86-47DB-9792-BC336485D151} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [2017-07-28] ()
Task: {AFEBDAEC-4E73-476B-80CB-A380DAB94218} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-18] (Microsoft Corporation)
Task: {B3E8F6AE-2800-4431-8104-C57BE9C5A8AD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {C3A06987-199D-4C1D-B377-E4FF3A937076} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {C6EE379F-F1CD-40B4-B947-F1F1799C49BD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {E8184F46-C460-4D4C-9C8A-C00F12961D8C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-18] (Microsoft Corporation)
Task: {E9C52515-B093-4542-8F66-B6C846A97802} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-18] (Microsoft Corporation)
Task: {EAF409CC-6B7A-4288-8EA4-CC059B04BFCC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {EEA6156F-5C91-42F7-8CE1-E0BC49C2ECA4} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-03-09] (AVAST Software)
Task: {F18D3B78-ED7D-40E6-BEBD-21DF90FF8B3B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-13] (AVAST Software)
Task: {F5C60019-8070-43D5-9A6A-A4FDA6C3485D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-18] (Google Inc.)
Task: {F63297C9-F46F-48D6-BDD1-154D85A410D6} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation)
Task: {FF82D779-C88D-4E52-A92A-A206B84FD034} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FF9E9C96-2E7E-472A-A153-9F576E77F7C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {AD4B3D86-8A7B-44B2-B634-2FBACD597EA3}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {B6F0F63F-1841-4E98-B1F8-736E49490B37}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {AD4B3D86-8A7B-44B2-B634-2FBACD597EA3}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{AD4B3D86-8A7B-44B2-B634-2FBACD597EA3} /F:UpdateWORKGROUP\DESKTOP-7F1R3BQ$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {B6F0F63F-1841-4E98-B1F8-736E49490B37}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{B6F0F63F-1841-4E98-B1F8-736E49490B37} /F:UpdateWORKGROUP\DESKTOP-7F1R3BQ$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\HPCeeScheduleFordavid.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-04-25 14:22 - 2017-04-25 14:22 - 002250896 _____ () C:\Windows\System32\vimsdk.dll
2017-04-25 14:22 - 2017-04-25 14:22 - 000143504 _____ () C:\Windows\System32\vimbase.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-12 07:28 - 2018-03-01 10:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-12-12 07:28 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-08-17 19:27 - 2018-03-01 22:11 - 008933552 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-12-08 13:43 - 2017-12-08 13:43 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2018-03-13 15:36 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 15:36 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-23 13:24 - 2018-03-23 13:24 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-23 13:24 - 2018-03-23 13:24 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-23 13:24 - 2018-03-23 13:24 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-23 13:24 - 2018-03-23 13:24 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-23 13:24 - 2018-03-23 13:24 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-03-22 19:26 - 2018-03-20 02:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-22 19:26 - 2018-03-20 02:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-03-13 20:01 - 2018-03-13 20:01 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-18 14:55 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-05-18 14:55 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-05-18 14:55 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-05-18 14:55 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-05-18 14:55 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2018-03-13 20:01 - 2018-03-13 20:01 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-03-13 20:01 - 2018-03-13 20:01 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-13 20:01 - 2018-03-13 20:01 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\david\Documents\Amazon Drive:com.amazon.drive.sync [177]
AlternateDataStreams: C:\Users\david\Documents\Amazon Drive:com.amazon.drive.sync.root [42]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 07:47 - 2018-03-24 02:55 - 000453575 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15597 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\david\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{67f2a7bc-59ba-43c5-95ae-e37a14016eb3}.jpg
HKU\S-1-5-21-3840204244-4144708379-2675172571-500\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPMSGSVC"
HKU\S-1-5-21-3840204244-4144708379-2675172571-1000\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\StartupApproved\Run: => "Amazon Drive"
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-3840204244-4144708379-2675172571-500\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{616AAE34-66E6-4D3F-9671-E6BBBC901AA7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6163E124-9704-4345-8E66-B486DC6BADC9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{BC577CB6-D79E-479C-9429-7AFF2F9D9D8A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1C59079D-90CA-4A83-BF36-209D5A26F687}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7DDBF716-B86E-4569-924A-40CEB67B298D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{23C37057-22E9-42BA-9AE1-2A43143A9244}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{059B33D9-2345-4255-B60E-03648122A18F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8A41E128-5ABD-4BFB-9BB5-6A7012C2AA0C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0BD43C16-008A-4BAE-AC23-B77191F113AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D30D3921-F93E-4786-8E4C-86584FB31C0E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{F74EE6F2-AF91-43FC-B43A-5E21EDD75349}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{7F1F6D0D-CE29-4783-93B9-E0CEFD3F67DA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{4590D767-3B45-4EE0-B933-7A7BF5A196DE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{8C91E137-BDB9-4EE4-8EF8-0DA9BE0250D0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{4EB4978A-6186-42F1-A738-D36A5857040B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{D40E4E5A-7AAC-43FB-8ED8-77F955A4571B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{FF0B1C64-6A6C-45F6-A86A-B64B88CFA872}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{99F1C6F5-BE9F-472D-BA46-D45B579851B2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{461402B0-779E-454B-B702-3C075BC449C2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C396FB9C-B792-4F3F-AF6C-9526D4BF5F04}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{30170DAF-20E6-4162-B4A4-F4A6969CDEC2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{373D32D1-656A-4AFA-ADEA-0678E7CCE71C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{AD58AAAE-E1E5-4E19-AFB9-4A52040E4CBD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F437CFE9-49D0-4965-9343-F8D170E1406F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{DD2F27A1-16BA-4030-9352-96CB1263990A}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{DA33494D-575C-4D8A-AF3D-F8206169DD39}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{24D6F391-35CE-4115-BBE7-32B2B3ED7D95}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{93EC22F0-452E-41A5-8F9E-CCC1C18C94DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EE6EE4D7-8DAF-40D4-A595-364F61E183BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A8298A6E-5CAA-4239-930D-095DE75D32A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2D89F9EC-BAC6-4C1C-A780-AC0F06474150}] => (Block) LPort=445
FirewallRules: [{685DA9E5-CDA8-4D6B-B7C0-6E8AF36F93DC}] => (Block) LPort=445
FirewallRules: [{4F1BE023-43BF-4FAE-886A-30C5BC6BA4CA}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
FirewallRules: [{79E551F1-0ACE-4683-975D-804191D7DCBB}] => (Allow) LPort=13148
FirewallRules: [{E61E6FD2-B88B-4ADA-A638-E7942902985C}] => (Allow) LPort=81
FirewallRules: [{7084ECB8-6F0F-4EC3-B976-2F7312E35EEE}] => (Allow) LPort=81
FirewallRules: [{4142A306-789E-4A9E-A329-FC9F5FB6A954}] => (Allow) LPort=82
FirewallRules: [{9B96C534-5E8E-4E3F-8434-8D893B6AB7DC}] => (Allow) LPort=82
FirewallRules: [{22C64A09-9EB0-42BC-BBDA-807683E70B59}] => (Allow) LPort=9524
FirewallRules: [{41F66F48-1A78-4DF4-96E7-18C977766271}] => (Allow) LPort=9524
FirewallRules: [{BC712F90-4919-4B88-9D7D-5C93DA72EDC4}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{3FB8784B-A635-4741-92F5-16CEF17BB0C1}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{640730CB-4560-421C-A661-379016C8A9A2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{23229D88-D72F-4A51-8645-386168A7DB2A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A15A5DEA-D422-46D6-97DD-86D08937731F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
26-03-2018 13:33:27 Removed Dropbox 25 GB
==================== Faulty Device Manager Devices =============
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/26/2018 01:30:54 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (03/24/2018 03:02:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.
Error: (03/24/2018 03:02:22 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (6568,R,0) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\david\AppData\Local\Microsoft\Windows\WebCache\V0100667.log.
Error: (03/24/2018 02:59:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDScan.exe, version: 2.6.44.181, time stamp: 0x56efed8f
Faulting module name: KERNELBASE.dll, version: 10.0.16299.309, time stamp: 0xd3aa915c
Exception code: 0x0eedfade
Fault offset: 0x001008f2
Faulting process id: 0x2624
Faulting application start time: 0x01d3c33db776ba9e
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 728baf28-a5e6-4575-99a9-c5c569eb685d
Faulting package full name:
Faulting package-relative application ID:
Error: (03/24/2018 02:59:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDScan.exe, version: 2.6.44.181, time stamp: 0x56efed8f
Faulting module name: KERNELBASE.dll, version: 10.0.16299.309, time stamp: 0xd3aa915c
Exception code: 0x0eedfade
Fault offset: 0x001008f2
Faulting process id: 0xb74
Faulting application start time: 0x01d3c33db829c7e2
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 2b92bfa7-8624-4e17-95c2-cba1dd718c2f
Faulting package full name:
Faulting package-relative application ID:
Error: (03/24/2018 02:59:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDScan.exe, version: 2.6.44.181, time stamp: 0x56efed8f
Faulting module name: KERNELBASE.dll, version: 10.0.16299.309, time stamp: 0xd3aa915c
Exception code: 0x0eedfade
Fault offset: 0x001008f2
Faulting process id: 0xb8
Faulting application start time: 0x01d3c33db8d18b07
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 831df313-7732-4048-9952-899f44212c81
Faulting package full name:
Faulting package-relative application ID:
Error: (03/24/2018 02:55:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDScan.exe, version: 2.6.44.181, time stamp: 0x56efed8f
Faulting module name: KERNELBASE.dll, version: 10.0.16299.309, time stamp: 0xd3aa915c
Exception code: 0x0eedfade
Fault offset: 0x001008f2
Faulting process id: 0x2458
Faulting application start time: 0x01d3c33d14f3b4c6
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 6dab7d62-5d75-4dfa-8bcf-f90253859e07
Faulting package full name:
Faulting package-relative application ID:
Error: (03/24/2018 02:55:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDScan.exe, version: 2.6.44.181, time stamp: 0x56efed8f
Faulting module name: KERNELBASE.dll, version: 10.0.16299.309, time stamp: 0xd3aa915c
Exception code: 0x0eedfade
Fault offset: 0x001008f2
Faulting process id: 0x3150
Faulting application start time: 0x01d3c33d139aa0aa
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: bb23eb75-0ed1-4470-8f3c-117842d633be
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (03/26/2018 02:37:13 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7F1R3BQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-7F1R3BQ\david SID (S-1-5-21-3840204244-4144708379-2675172571-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/26/2018 02:37:03 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7F1R3BQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-7F1R3BQ\david SID (S-1-5-21-3840204244-4144708379-2675172571-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/26/2018 02:34:52 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7F1R3BQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-7F1R3BQ\david SID (S-1-5-21-3840204244-4144708379-2675172571-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/26/2018 02:19:24 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7F1R3BQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-7F1R3BQ\david SID (S-1-5-21-3840204244-4144708379-2675172571-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/26/2018 02:18:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (03/26/2018 02:18:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Cleanup Premium service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (03/26/2018 02:18:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (03/26/2018 02:16:14 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7F1R3BQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-7F1R3BQ\david SID (S-1-5-21-3840204244-4144708379-2675172571-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2018-03-26 14:44:18.320
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-03-26 14:44:18.318
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-03-26 14:44:18.306
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-03-26 14:44:18.304
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-03-26 14:14:18.539
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-03-26 14:14:18.536
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-03-26 14:13:45.799
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-03-26 14:13:45.797
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
Percentage of memory in use: 8%
Total physical RAM: 65471.72 MB
Available physical RAM: 59774.3 MB
Total Virtual: 135103.72 MB
Available Virtual: 129214.74 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:475.71 GB) (Free:296.3 GB) NTFS
Drive d: (DATA) (Fixed) (Total:2784.39 GB) (Free:2434.62 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:10.12 GB) (Free:1.03 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{333cf284-ea3c-4ac8-ac3f-87319045c9aa}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
\\?\Volume{6fcab8a2-07f2-4671-84ea-508f5c56ae80}\ () (Fixed) (Total:0 GB) (Free:0 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 318C0D81)
Partition: GPT.
========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 99C170A3)
Partition: GPT.
==================== End of Addition.txt ============================
The above error message might have occurred due to user-mode graphic drivers
when watching videos, it's just a thought
You also have Avast Cleanup Premium installed. The use of such registry cleaners, tuneup utilities, and system optimizers is NOTt recommended. Please see this link (https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2853053) and this link (https://forums.malwarebytes.com/topic/195172-how-to-permanently-and-completely-allow-wise-registry-cleaner/?do=findComment&comment=1096538) for more information.
~~~~~~~~~~~~~~~~~~~~~~`
If you have problems using the below fix, please disable your antivirus temporarily.
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
Start::
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {518b33ae-375d-712d-6742-d1fe0400268d} URL =
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532829.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532985.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174533423.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174538083.dll
Task: {FF82D779-C88D-4E52-A92A-A206B84FD034} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\david\Documents\Amazon Drive:com.amazon.drive.sync [177]
AlternateDataStreams: C:\Users\david\Documents\Amazon Drive:com.amazon.drive.sync.root [42]
Emptytemp:
End::
Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
******
http://i.imgur.com/RQKuhw1.pngRogueKiller
Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply
http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode
Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://i.imgur.com/V7SD4El.png
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
created by Aura
~~~~~~~~~~~
Your next reply(ies) should therefore contain:
Copy/pasted Fixlog.txt
Copy/pasted RogueKiller clean log
Copy/pasted AdwCleaner clean log
Am I to paste the text you mention in FRST somewhere before I press the FIX button? Where?
The above error message might have occurred due to user-mode graphic drivers
when watching videos, it's just a thought
You also have Avast Cleanup Premium installed. The use of such registry cleaners, tuneup utilities, and system optimizers is NOTt recommended. Please see this link (https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2853053) and this link (https://forums.malwarebytes.com/topic/195172-how-to-permanently-and-completely-allow-wise-registry-cleaner/?do=findComment&comment=1096538) for more information.
~~~~~~~~~~~~~~~~~~~~~~`
If you have problems using the below fix, please disable your antivirus temporarily.
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
Start::
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {518b33ae-375d-712d-6742-d1fe0400268d} URL =
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532829.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532985.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174533423.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174538083.dll
Task: {FF82D779-C88D-4E52-A92A-A206B84FD034} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\david\Documents\Amazon Drive:com.amazon.drive.sync [177]
AlternateDataStreams: C:\Users\david\Documents\Amazon Drive:com.amazon.drive.sync.root [42]
Emptytemp:
End::
Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
******
http://i.imgur.com/RQKuhw1.pngRogueKiller
Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply
http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode
Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://i.imgur.com/V7SD4El.png
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
created by Aura
~~~~~~~~~~~
Your next reply(ies) should therefore contain:
Copy/pasted Fixlog.txt
Copy/pasted RogueKiller clean log
Copy/pasted AdwCleaner clean log
Open Farbar Recovery Scan Tool (don't do anything with it I just want the tool open and ready to use)
below I have created a script, highlight and copy it from where it says Start::
Start::
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {518b33ae-375d-712d-6742-d1fe0400268d} URL =
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532829.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532985.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174533423.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174538083.dll
Task: {FF82D779-C88D-4E52-A92A-A206B84FD034} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\david\Documents\Amazon Drive:com.amazon.drive.sync [177]
AlternateDataStreams: C:\Users\david\Documents\Amazon Drive:com.amazon.drive.sync.root [42]
Emptytemp:
End::
Now, Look at the open Farbar Recovery Scan Tool, I think it's located at the bottom of the tool
Press the Fix button.
I have pasted two logs for the programs that were able to finish. AdwCleaner could not complete. It said *** Caught unhandled unknown exception; terminated
and then it froze up. I restarted in hopes it would then produce a log, but it did not. The items it did not or could not clean include Pup.Optional.AdvancedSystemCare, which showed up twice in the AdwCleaner results in C:\Users\david\AppData\roaming\IObit\AdvancedSystemCleaner
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by david (27-03-2018 15:38:47) Run:1
Running from C:\Users\david\Desktop
Loaded Profiles: defaultuser0 & david & Administrator (Available Profiles: defaultuser0 & david & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3840204244-4144708379-2675172571-1001 -> {518b33ae-375d-712d-6742-d1fe0400268d} URL =
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532829.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532985.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174533423.dll
2018-03-26 13:45 - 2018-03-26 13:45 - 002183680 _____ (Opera Software) C:\Users\david\AppData\Local\Temp\Opera_installer_180326174538083.dll
Task: {FF82D779-C88D-4E52-A92A-A206B84FD034} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\david\Documents\Amazon Drive:com.amazon.drive.sync [177]
AlternateDataStreams: C:\Users\david\Documents\Amazon Drive:com.amazon.drive.sync.root [42]
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-3840204244-4144708379-2675172571-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{518b33ae-375d-712d-6742-d1fe0400268d}" => removed successfully
HKLM\Software\Classes\CLSID\{518b33ae-375d-712d-6742-d1fe0400268d} => not found
C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532829.dll => moved successfully
C:\Users\david\AppData\Local\Temp\Opera_installer_180326174532985.dll => moved successfully
C:\Users\david\AppData\Local\Temp\Opera_installer_180326174533423.dll => moved successfully
C:\Users\david\AppData\Local\Temp\Opera_installer_180326174538083.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF82D779-C88D-4E52-A92A-A206B84FD034}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF82D779-C88D-4E52-A92A-A206B84FD034}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
C:\Users\david\Documents\Amazon Drive => ":com.amazon.drive.sync" ADS removed successfully
C:\Users\david\Documents\Amazon Drive => ":com.amazon.drive.sync.root" ADS removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11818447 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 14043788 B
Edge => 13593 B
Chrome => 590952315 B
Firefox => 6592100 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
defaultuser0 => 0 B
david => 121674660 B
Administrator => 11560 B
RecycleBin => 271051 B
EmptyTemp: => 720.9 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-03-2018 15:40:10)
Result of scheduled keys to remove after reboot:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
==== End of Fixlog 15:40:10 ====
RogueKiller V12.12.10.0 (x64) [Mar 26 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : david [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/27/2018 15:45:47 (Duration : 00:14:33)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 16 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\ProductSetup -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\ProductSetup -> Deleted
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3840204244-4144708379-2675172571-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 3 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Deleted
[PUM.SearchEngine][Firefox:Config] m3cozkdk.default : user_pref("browser.search.selectedEngine", "Yahoo! Powered Search"); -> Deleted
[PUM.SearchEngine][Firefox:Config] m3cozkdk.default : user_pref("browser.search.defaultenginename", "Yahoo! Powered Search"); -> Deleted
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SanDisk SD8SB8U-512G-1006 +++++
--- User ---
[MBR] a24c96a3ee524f545f08fd6986cb1f85
[BSP] a586ddf38dd5fab9f6cb403731de4bd6 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 487124 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 998197248 | Size: 980 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ST3000DM001-1ER166 +++++
--- User ---
[MBR] 2c42c07e10669fbd94e123a15557bd45
[BSP] e35de41c8d7b3af26b0f1574e64e059b : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 2851220 MB
1 - [SYSTEM] Basic data partition | Offset (sectors): 5839300608 | Size: 10367 MB
User = LL1 ... OK
User = LL2 ... OK
If those items above are not found by the following scans, we can attempt to go after them manually.
~~~~~~~~~~~~~~~~
Let's update and run a scan with Malwarebytes Anti-Malware
Open Malwarebytes Anti-Malware, let it update (if it doesn't automatically let me know)
Under SETTINGS.....APPLICATIONS leave everything at default
Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click the Apply Actions button.
You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detection's), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
~~~~~~~~~~~~~~~~~
http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;
created by Aura
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 3/27/18
Scan Time: 6:34 PM
Log File: f52bd386-320e-11e8-bf1c-dcfe07d6b952.json
Administrator: Yes
-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4514
License: Premium
-System Information-
OS: Windows 10 (Build 16299.309)
CPU: x64
File System: NTFS
User: DESKTOP-7F1R3BQ\david
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373914
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 18 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
(end)
Emsisoft Emergency Kit 2017.12.0.8334 stable [en-us]
OS: Windows 10 (Version 10.0, Build 16299, 64-bit Edition)
Forensics log
Date Component Action Details
3/27/2018 6:45:07 PM User DESKTOP-7F1R3BQ\DAVID Infection quarantined Malware "Application.AppInstall (A)" in "software informer".
3/27/2018 6:44:45 PM Scanner Scan finished Found 1 object , user to decide on further actions.
3/27/2018 6:44:25 PM Scanner Detection PUP "Application.AppInstall (A)" in "software informer"
3/27/2018 6:44:18 PM User DESKTOP-7F1R3BQ\david Scan started Malware Scan
3/27/2018 6:43:55 PM User DESKTOP-7F1R3BQ\david Setting modified "Detect PUPs" has been changed to "Enabled".
3/27/2018 6:41:21 PM User Update Downloaded and installed 125 files (22241 kb) (14 sec.).
3/27/2018 6:41:07 PM Core Notification "Recommended Reading:13 mistakes to avoid when choosing antivirus software in 2018".
3/27/2018 6:41:03 PM User Update Failed with error "Server returned error" (0 sec.).
IObit left some items on your computer we can remove.
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
Start::
CloseProcesses:
CreateRestorePoint:
C:\Users\david\AppData\roaming\IObit\AdvancedSystemCleaner
C:\Users\david\AppData\Roaming\IObit
C:\ProgramData\IObit
Emptytemp:
End::
Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Post this log when finished,
How is the computer now?
Here is the log; the PC seems fine now.
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by david (28-03-2018 11:48:07) Run:2
Running from C:\Users\david\Desktop
Loaded Profiles: david (Available Profiles: defaultuser0 & david & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Users\david\AppData\roaming\IObit\AdvancedSystemCleaner
C:\Users\david\AppData\Roaming\IObit
C:\ProgramData\IObit
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
"C:\Users\david\AppData\roaming\IObit\AdvancedSystemCleaner" => not found
C:\Users\david\AppData\Roaming\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6624606 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 335566 B
Edge => 0 B
Chrome => 811988784 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1642 B
NetworkService => 0 B
defaultuser0 => 0 B
david => 10503502 B
Administrator => 0 B
RecycleBin => 0 B
EmptyTemp: => 801.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 11:48:27 ====
the PC seems fine now
Music to my ears
Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.
http://i.imgur.com/BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
Download DelFix (https://toolslib.net/downloads/viewdownload/2-delfix/) and move the executable to your Desktop
Right-click on DelFix.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Check the following options :
Activate UAC
Remove disinfection tools
Once all the options mentionned above are checked, click on Run
After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply
created by Aura
Before I could follow your final instructions, I got the BSOD again. It says https://www.windows.com/stopcode stopcode: System Service Exception What failed: NETIO.SYS.
When I tried to uninstall the Avast SecureLine TAP adapter (for Avast's VPN service) it went immediately into the BSOD again with teh same stop code
My thoughts are, this isn't related to malware but related to a internal system function.
BSODs are networking related
try updating your wireless networking driver
If you can, give me the name and model number of your computer, I can go to the manufacturer web sites to see if there is an driver update for your wireless card.
HP OMEN 870 Ultra Performance VR Ready Desktop PC (Intel Core i7-7700K Liquid Cooled CPU, 8GB GDDR5X NVIDIA GTX 1080 Graphics, Windows 10 Professional, 512GB SSD + 3TB 7200RPM Storage, 64GB DDR4 RAM)
BTW, it may have wireless card but I only ever use Ethernet.
I went to look at the network adapters and there are so many it seems unusual. I am posting a screen shot of the network adapter instances in case the number or type of adapters also suggests an issue.
I went to the web site and entered what info I could, you found more then I did.
Since I know little about this area of a computer, I want to send you to another web help forum that has techs who know how to better deal with this,
If you will, register at the below forum (I'm a member there too)
https://forums.whatthetech.com/index.php?showforum=126
If you want you can include a link from this topic but, you will need to post
System Service Exception What failed: NETIO.SYS
This will be a guide where to send them to look up what needs to be done.....I got no clue which network adapter or driver is needed.
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.